From: Florian Westphal <fw@xxxxxxxxx>
Make sure segtree processing doesn't drop associated stateful elements.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
v2: add map tests.
tests/shell/testcases/sets/reset_command_0 | 70 ++++++++++++++++++----
1 file changed, 60 insertions(+), 10 deletions(-)
diff --git a/tests/shell/testcases/sets/reset_command_0 b/tests/shell/testcases/sets/reset_command_0
index d38ddb3ffeeb..c59cc56d20b8 100755
--- a/tests/shell/testcases/sets/reset_command_0
+++ b/tests/shell/testcases/sets/reset_command_0
@@ -17,6 +17,19 @@ RULESET="table t {
2.0.0.2 . tcp . 22 counter packets 10 bytes 100 timeout 15m expires 10m
}
}
+
+ set s2 {
+ type ipv4_addr
+ flags interval, timeout
+ counter
+ timeout 30m
+ elements = {
+ 1.0.0.1 counter packets 5 bytes 30 expires 20m,
+ 1.0.1.1-1.0.1.10 counter packets 5 bytes 30 expires 20m,
+ 2.0.0.2 counter packets 10 bytes 100 timeout 15m expires 10m
+ }
+ }
+
map m {
type ipv4_addr : ipv4_addr
quota 50 bytes
@@ -25,6 +38,27 @@ RULESET="table t {
5.6.7.8 quota 100 bytes used 50 bytes : 50.6.7.8
}
}
+
+ map m1 {
+ type ipv4_addr : ipv4_addr
+ counter
+ timeout 30m
+ elements = {
+ 1.2.3.4 counter packets 5 bytes 30 expires 20m : 10.2.3.4,
+ 5.6.7.8 counter packets 10 bytes 100 timeout 15m expires 10m : 50.6.7.8
+ }
+ }
+
+ map m2 {
+ type ipv4_addr : ipv4_addr
+ flags interval, timeout
+ counter
+ timeout 30m
+ elements = {
+ 1.2.3.4-1.2.3.10 counter packets 5 bytes 30 expires 20m : 10.2.3.4,
+ 5.6.7.8-5.6.7.10 counter packets 10 bytes 100 timeout 15m expires 10m : 50.6.7.8
+ }
+ }
}"
echo -n "applying test ruleset: "
@@ -38,17 +72,33 @@ expires_minutes() {
sed -n 's/.*expires \([0-9]*\)m.*/\1/p'
}
-echo -n "get set elem matches reset set elem: "
-elem='element t s { 1.0.0.1 . udp . 53 }'
-[[ $($NFT "get $elem ; reset $elem" | \
- grep 'elements = ' | drop_seconds | uniq | wc -l) == 1 ]]
-echo OK
+get_and_reset()
+{
+ local setname="$1"
+ local key="$2"
-echo -n "counters are reset, expiry left alone: "
-NEW=$($NFT "get $elem")
-grep -q 'counter packets 0 bytes 0' <<< "$NEW"
-[[ $(expires_minutes <<< "$NEW") -lt 20 ]]
-echo OK
+ echo -n "get set elem matches reset set elem in set $setname: "
+
+ elem="element t $setname { $key }"
+ echo $NFT get $elem
+ $NFT get $elem
+ [[ $($NFT "get $elem ; reset $elem" | \
+ grep 'elements = ' | drop_seconds | uniq | wc -l) == 1 ]]
+ echo OK
+
+ echo -n "counters are reset, expiry left alone in set $setname: "
+ NEW=$($NFT "get $elem")
+ echo NEW $NEW
+ grep -q 'counter packets 0 bytes 0' <<< "$NEW"
+ [[ $(expires_minutes <<< "$NEW") -lt 20 ]]
+ echo OK
+}
+
+get_and_reset "s" "1.0.0.1 . udp . 53"
+get_and_reset "s2" "1.0.0.1"
+get_and_reset "s2" "1.0.1.1-1.0.1.10"
+get_and_reset "m1" "1.2.3.4"
+get_and_reset "m2" "1.2.3.4-1.2.3.10"
echo -n "get map elem matches reset map elem: "
elem='element t m { 1.2.3.4 }'
--
2.30.2
