From: Florian Westphal <fw@xxxxxxxxx> Make sure segtree processing doesn't drop associated stateful elements. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- v2: add map tests. tests/shell/testcases/sets/reset_command_0 | 70 ++++++++++++++++++---- 1 file changed, 60 insertions(+), 10 deletions(-) diff --git a/tests/shell/testcases/sets/reset_command_0 b/tests/shell/testcases/sets/reset_command_0 index d38ddb3ffeeb..c59cc56d20b8 100755 --- a/tests/shell/testcases/sets/reset_command_0 +++ b/tests/shell/testcases/sets/reset_command_0 @@ -17,6 +17,19 @@ RULESET="table t { 2.0.0.2 . tcp . 22 counter packets 10 bytes 100 timeout 15m expires 10m } } + + set s2 { + type ipv4_addr + flags interval, timeout + counter + timeout 30m + elements = { + 1.0.0.1 counter packets 5 bytes 30 expires 20m, + 1.0.1.1-1.0.1.10 counter packets 5 bytes 30 expires 20m, + 2.0.0.2 counter packets 10 bytes 100 timeout 15m expires 10m + } + } + map m { type ipv4_addr : ipv4_addr quota 50 bytes @@ -25,6 +38,27 @@ RULESET="table t { 5.6.7.8 quota 100 bytes used 50 bytes : 50.6.7.8 } } + + map m1 { + type ipv4_addr : ipv4_addr + counter + timeout 30m + elements = { + 1.2.3.4 counter packets 5 bytes 30 expires 20m : 10.2.3.4, + 5.6.7.8 counter packets 10 bytes 100 timeout 15m expires 10m : 50.6.7.8 + } + } + + map m2 { + type ipv4_addr : ipv4_addr + flags interval, timeout + counter + timeout 30m + elements = { + 1.2.3.4-1.2.3.10 counter packets 5 bytes 30 expires 20m : 10.2.3.4, + 5.6.7.8-5.6.7.10 counter packets 10 bytes 100 timeout 15m expires 10m : 50.6.7.8 + } + } }" echo -n "applying test ruleset: " @@ -38,17 +72,33 @@ expires_minutes() { sed -n 's/.*expires \([0-9]*\)m.*/\1/p' } -echo -n "get set elem matches reset set elem: " -elem='element t s { 1.0.0.1 . udp . 53 }' -[[ $($NFT "get $elem ; reset $elem" | \ - grep 'elements = ' | drop_seconds | uniq | wc -l) == 1 ]] -echo OK +get_and_reset() +{ + local setname="$1" + local key="$2" -echo -n "counters are reset, expiry left alone: " -NEW=$($NFT "get $elem") -grep -q 'counter packets 0 bytes 0' <<< "$NEW" -[[ $(expires_minutes <<< "$NEW") -lt 20 ]] -echo OK + echo -n "get set elem matches reset set elem in set $setname: " + + elem="element t $setname { $key }" + echo $NFT get $elem + $NFT get $elem + [[ $($NFT "get $elem ; reset $elem" | \ + grep 'elements = ' | drop_seconds | uniq | wc -l) == 1 ]] + echo OK + + echo -n "counters are reset, expiry left alone in set $setname: " + NEW=$($NFT "get $elem") + echo NEW $NEW + grep -q 'counter packets 0 bytes 0' <<< "$NEW" + [[ $(expires_minutes <<< "$NEW") -lt 20 ]] + echo OK +} + +get_and_reset "s" "1.0.0.1 . udp . 53" +get_and_reset "s2" "1.0.0.1" +get_and_reset "s2" "1.0.1.1-1.0.1.10" +get_and_reset "m1" "1.2.3.4" +get_and_reset "m2" "1.2.3.4-1.2.3.10" echo -n "get map elem matches reset map elem: " elem='element t m { 1.2.3.4 }' -- 2.30.2