ahill/nftables
1
0
Fork 0
mirror of https://git.netfilter.org/nftables synced 2026-01-26 10:34:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

tests: shell: add packetpath test for meta time expression.

Browse Source 
v2:
 - Switched to range syntax instead of two matches as suggested by Phil.

Signed-off-by: Yi Chen <yiche@redhat.com>
Reviewed-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
This commit is contained in:
Yi Chen 2025-11-13 15:28:51 +08:00 committed by Florian Westphal
parent 8b7a533f8f
commit b5145809b1
2 changed files with 79 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
tests/shell/testcases/packetpath/dumps/meta_time.nodump Normal file
View File

79
tests/shell/testcases/packetpath/meta_time Executable file
View File

@ -0,0 +1,79 @@
#!/bin/bash
# NFT_TEST_REQUIRES(NFT_TEST_HAVE_meta_time)
. $NFT_TEST_LIBRARY_FILE
gen_in_range_minute()
{
echo $(date -d "-5 minutes" +%H:%M)-$(date -d "+5 minutes" +%H:%M)
}
gen_out_of_range_minute()
{
echo $(date -d "+2 minutes" +%H:%M)-$(date -d "+5 minutes" +%H:%M)
}
gen_in_range_hour()
{
echo $(date -d "-2 hours" +%H:%M)-$(date -d "+2 hours" +%H:%M)
}
gen_out_of_range_hour()
{
echo $(date -d "+1 hours" +%H:%M)-$(date -d "+2 hours" +%H:%M)
}
gen_in_range_day()
{
#meta day "Sunday"-"Tuesday"
echo \"$(date -d "-1 days" +%A)\"-\"$(date -d "+1 days" +%A)\"
}
gen_out_of_range_day()
{
echo \"$(date -d "-2 days" +%A)\"-\"$(date -d "-1 days" +%A)\"
}
gen_in_range_time()
{
echo \"$(date -d "-1 years +10 days" +%G-%m-%d" "%H:%M:%S)\"-\"$(date -d "+2 days" +%G-%m-%d" "%H:%M:%S)\"
}
gen_out_of_range_time()
{
echo \"$(date -d "+10 seconds" +%G-%m-%d" "%H:%M:%S)\"-\"$(date -d "+20 seconds" +%G-%m-%d" "%H:%M:%S)\"
}
$NFT -f - <<-EOF
table ip time_test {
counter matched {}
counter unmatch {}
chain input {
type filter hook input priority filter; policy accept;
iifname lo icmp type echo-request meta hour $(gen_in_range_hour) counter name matched
iifname lo icmp type echo-request meta hour $(gen_out_of_range_hour) counter name unmatch
iifname lo icmp type echo-request meta hour $(gen_in_range_minute) counter name matched
iifname lo icmp type echo-request meta hour $(gen_out_of_range_minute) counter name unmatch
iifname lo icmp type echo-request meta day $(gen_in_range_day) counter name matched
iifname lo icmp type echo-request meta day $(gen_out_of_range_day) counter name unmatch
iifname lo icmp type echo-request meta time $(gen_in_range_time) counter name matched
iifname lo icmp type echo-request meta time $(gen_out_of_range_time) counter name unmatch
}
}
EOF
assert_pass "restore meta time ruleset"
nft add rule ip time_test input ip protocol icmp meta hour \"24:00\"-\"4:00\" 2>/dev/null
assert_fail "Wrong time format input"
nft add rule ip time_test input ip protocol icmp meta hour \"-2:00\"-\"4:00\" 2>/dev/null
assert_fail "Wrong time format input"
ip link set lo up
ping -W 1 127.0.0.1 -c 1
assert_pass "ping pass"
$NFT list counter ip time_test matched | grep 'packets 4'
assert_pass "matched check"
$NFT list counter ip time_test unmatch | grep 'packets 0'
assert_pass "unmatch check"
$NFT delete table ip time_test
assert_pass "delete table"