tests/shell/testcases/sets/reset_command_0


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137

#!/bin/bash

# NFT_TEST_REQUIRES(NFT_TEST_HAVE_reset_set)

set -e

trap '[[ $? -eq 0 ]] || echo FAIL' EXIT

RULESET="table t {
	set s {
		type ipv4_addr . inet_proto . inet_service
		flags interval, timeout
		counter
		timeout 30m
		elements = {
			1.0.0.1 . udp . 53 counter packets 5 bytes 30 expires 20m,
			2.0.0.2 . tcp . 22 counter packets 10 bytes 100 timeout 15m expires 10m
		}
	}

	set s2 {
		type ipv4_addr
		flags interval, timeout
		counter
		timeout 30m
		elements = {
			1.0.0.1 counter packets 5 bytes 30 expires 20m,
			1.0.1.1-1.0.1.10 counter packets 5 bytes 30 expires 20m,
			2.0.0.2 counter packets 10 bytes 100 timeout 15m expires 10m
		}
	}

	map m {
		type ipv4_addr : ipv4_addr
		quota 50 bytes
		elements = {
			1.2.3.4 quota 50 bytes used 10 bytes : 10.2.3.4,
			5.6.7.8 quota 100 bytes used 50 bytes : 50.6.7.8
		}
	}

	map m1 {
		type ipv4_addr : ipv4_addr
		counter
		timeout 30m
		elements = {
			1.2.3.4 counter packets 5 bytes 30 expires 20m : 10.2.3.4,
			5.6.7.8 counter packets 10 bytes 100 timeout 15m expires 10m : 50.6.7.8
		}
	}

	map m2 {
		type ipv4_addr : ipv4_addr
		flags interval, timeout
		counter
		timeout 30m
		elements = {
			1.2.3.4-1.2.3.10 counter packets 5 bytes 30 expires 20m : 10.2.3.4,
			5.6.7.8-5.6.7.10 counter packets 10 bytes 100 timeout 15m expires 10m : 50.6.7.8
		}
	}
}"

echo -n "applying test ruleset: "
$NFT -f - <<< "$RULESET"
echo OK

drop_seconds() {
	sed 's/[0-9]\+m\?s//g'
}
expires_minutes() {
	sed -n 's/.*expires \([0-9]*\)m.*/\1/p'
}

get_and_reset()
{
	local setname="$1"
	local key="$2"

	echo -n "get set elem matches reset set elem in set $setname: "

	elem="element t $setname { $key }"
	echo $NFT get $elem
	$NFT get $elem
	[[ $($NFT "get $elem ; reset $elem" | \
		grep 'elements = ' | drop_seconds | uniq | wc -l) == 1 ]]
	echo OK

	echo -n "counters are reset, expiry left alone in set $setname: "
	NEW=$($NFT "get $elem")
	echo NEW $NEW
	grep -q 'counter packets 0 bytes 0' <<< "$NEW"
	[[ $(expires_minutes <<< "$NEW") -lt 20 ]]
	echo OK
}

get_and_reset "s" "1.0.0.1 . udp . 53"
get_and_reset "s2" "1.0.0.1"
get_and_reset "s2" "1.0.1.1-1.0.1.10"
get_and_reset "m1" "1.2.3.4"
get_and_reset "m2" "1.2.3.4-1.2.3.10"

echo -n "get map elem matches reset map elem: "
elem='element t m { 1.2.3.4 }'
[[ $($NFT "get $elem ; reset $elem" | \
	grep 'elements = ' | uniq | wc -l) == 1 ]]
echo OK

echo -n "quota value is reset: "
$NFT get element t m '{ 1.2.3.4 }' | grep -q 'quota 50 bytes : 10.2.3.4'
echo OK

echo -n "other elements remain the same: "
OUT=$($NFT get element t s '{ 2.0.0.2 . tcp . 22 }')
grep -q 'counter packets 10 bytes 100 timeout 15m' <<< "$OUT"
VAL=$(expires_minutes <<< "$OUT")
[[ $val -lt 10 ]]
$NFT get element t m '{ 5.6.7.8 }' | grep -q 'quota 100 bytes used 50 bytes'
echo OK

echo -n "list set matches reset set: "
EXP=$($NFT list set t s | drop_seconds)
OUT=$($NFT reset set t s | drop_seconds)
$DIFF -u <(echo "$EXP") <(echo "$OUT")
echo OK

echo -n "list map matches reset map: "
EXP=$($NFT list map t m)
OUT=$($NFT reset map t m)
$DIFF -u <(echo "$EXP") <(echo "$OUT")
echo OK

echo -n "remaining elements are reset: "
OUT=$($NFT list ruleset)
grep -q '2.0.0.2 . tcp . 22 counter packets 0 bytes 0' <<< "$OUT"
grep -q '5.6.7.8 quota 100 bytes : 50.6.7.8' <<< "$OUT"
echo OK