summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/conntrack/run-test.sh19
-rw-r--r--tests/conntrack/test-conntrack.c94
-rw-r--r--tests/conntrack/testsuite/00create20
-rw-r--r--tests/conntrack/testsuite/01delete6
-rw-r--r--tests/conntrack/testsuite/02filter23
-rw-r--r--tests/conntrack/testsuite/03nat40
-rw-r--r--tests/conntrack/testsuite/04zone24
-rw-r--r--tests/conntrack/testsuite/05mark27
-rw-r--r--tests/conntrack/testsuite/06update8
-rw-r--r--tests/nfct/run-test.sh20
-rw-r--r--tests/nfct/test-live.sh73
-rw-r--r--tests/nfct/test.c100
-rw-r--r--tests/nfct/timeout/00tcp16
-rw-r--r--tests/nfct/timeout/01udp16
-rw-r--r--tests/nfct/timeout/02generic16
-rw-r--r--tests/nfct/timeout/03udplite16
-rw-r--r--tests/nfct/timeout/04icmp16
-rw-r--r--tests/nfct/timeout/05icmpv616
-rw-r--r--tests/nfct/timeout/06sctp16
-rw-r--r--tests/nfct/timeout/07dccp16
-rw-r--r--tests/nfct/timeout/08gre16
21 files changed, 598 insertions, 0 deletions
diff --git a/tests/conntrack/run-test.sh b/tests/conntrack/run-test.sh
new file mode 100644
index 0000000..1403e2c
--- /dev/null
+++ b/tests/conntrack/run-test.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+if [ $UID -ne 0 ]
+then
+ echo "Run this test as root"
+ exit 1
+fi
+
+gcc test-conntrack.c -o test
+#
+# XXX: module auto-load not support by nfnetlink_cttimeout yet :-(
+#
+modprobe nf_conntrack_ipv4
+modprobe nf_conntrack_ipv6
+modprobe nf_conntrack_proto_udplite
+modprobe nf_conntrack_proto_sctp
+modprobe nf_conntrack_proto_dccp
+modprobe nf_conntrack_proto_gre
+./test testcases
diff --git a/tests/conntrack/test-conntrack.c b/tests/conntrack/test-conntrack.c
new file mode 100644
index 0000000..c9097b6
--- /dev/null
+++ b/tests/conntrack/test-conntrack.c
@@ -0,0 +1,94 @@
+/*
+ * Very simple test-tool for the command line tool `conntrack'.
+ * This code is released under GPLv2 or any later at your option.
+ *
+ * gcc test-conntrack.c -o test
+ *
+ * Do not forget that you need *root* or CAP_NET_ADMIN capabilities ;-)
+ *
+ * (c) 2008 Pablo Neira Ayuso <pablo@netfilter.org>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <dirent.h>
+
+#define CT_PROG "/usr/sbin/conntrack"
+
+int main()
+{
+ int ret, ok = 0, bad = 0, line;
+ FILE *fp;
+ DIR *d;
+ char buf[1024];
+ struct dirent *dent;
+ char file[1024];
+
+ d = opendir("testsuite");
+
+ while ((dent = readdir(d)) != NULL) {
+
+ sprintf(file, "testsuite/%s", dent->d_name);
+
+ line = 0;
+
+ fp = fopen(file, "r");
+ if (fp == NULL) {
+ perror("cannot find testsuite file");
+ exit(EXIT_FAILURE);
+ }
+
+ while (fgets(buf, sizeof(buf), fp)) {
+ char tmp[1024] = CT_PROG, *res;
+ tmp[strlen(CT_PROG)] = ' ';
+
+ line++;
+
+ if (buf[0] == '#' || buf[0] == ' ')
+ continue;
+
+ res = strchr(buf, ';');
+ if (!res) {
+ printf("malformed file %s at line %d\n",
+ dent->d_name, line);
+ exit(EXIT_FAILURE);
+ }
+ *res = '\0';
+ res+=2;
+
+ strcpy(tmp + strlen(CT_PROG) + 1, buf);
+ printf("(%d) Executing: %s\n", line, tmp);
+
+ ret = system(tmp);
+
+ if (WIFEXITED(ret) &&
+ WEXITSTATUS(ret) == EXIT_SUCCESS) {
+ if (res[0] == 'O' &&
+ res[1] == 'K')
+ ok++;
+ else {
+ bad++;
+ printf("^----- BAD\n");
+ }
+ } else {
+ if (res[0] == 'B' &&
+ res[1] == 'A' &&
+ res[2] == 'D')
+ ok++;
+ else {
+ bad++;
+ printf("^----- BAD\n");
+ }
+ }
+ printf("=====\n");
+ }
+ fclose(fp);
+ }
+ closedir(d);
+
+ fprintf(stdout, "OK: %d BAD: %d\n", ok, bad);
+}
diff --git a/tests/conntrack/testsuite/00create b/tests/conntrack/testsuite/00create
new file mode 100644
index 0000000..40e2c19
--- /dev/null
+++ b/tests/conntrack/testsuite/00create
@@ -0,0 +1,20 @@
+#missing destination
+-I -s 1.1.1.1 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD
+#missing source
+-I -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD
+#missing protocol
+-I -s 1.1.1.1 -d 2.2.2.2 --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD
+#missing source port
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD
+#missing timeout
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY ; BAD
+# create a conntrack
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# create again
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; BAD
+# delete
+-D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
+# create from reply
+-I -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# delete reverse
+-D -r 2.2.2.2 -q 1.1.1.1 -p tcp --reply-port-src 11 --reply-port-dst 21 ; OK
diff --git a/tests/conntrack/testsuite/01delete b/tests/conntrack/testsuite/01delete
new file mode 100644
index 0000000..3c38ac5
--- /dev/null
+++ b/tests/conntrack/testsuite/01delete
@@ -0,0 +1,6 @@
+# create dummy
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# delete bad source
+-D -s 2.2.2.2 -p tcp --sport 10 --dport 20 ; BAD
+# delete by source
+-D -s 1.1.1.1 ; OK
diff --git a/tests/conntrack/testsuite/02filter b/tests/conntrack/testsuite/02filter
new file mode 100644
index 0000000..204c4e8
--- /dev/null
+++ b/tests/conntrack/testsuite/02filter
@@ -0,0 +1,23 @@
+# create dummy
+conntrack -I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# filter by source
+conntrack -L -s 1.1.1.1 ; OK
+# filter by destination
+conntrack -L -d 2.2.2.2 ; OK
+# filter by protocol
+conntrack -L -p tcp ; OK
+# filter by status
+conntrack -L -u SEEN_REPLY ; OK
+# filter by TCP protocol state
+conntrack -L -p tcp --state LISTEN ; OK
+# update mark of dummy conntrack
+conntrack -U -s 1.1.1.1 -m 1 ; OK
+# filter by mark
+conntrack -L -m 1 ; OK
+# filter by layer 3 protocol
+conntrack -L -f ipv4 ; OK
+# filter by mark
+conntrack -L --mark 0 ; OK
+conntrack -L --mark 0/0xffffffff; OK
+# delete dummy
+conntrack -D -d 2.2.2.2 ; OK
diff --git a/tests/conntrack/testsuite/03nat b/tests/conntrack/testsuite/03nat
new file mode 100644
index 0000000..f94e8ff
--- /dev/null
+++ b/tests/conntrack/testsuite/03nat
@@ -0,0 +1,40 @@
+# create dummy
+-I -s 1.1.1.1 -d 2.2.2.2 --dst-nat 3.3.3.3 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# show
+-L --dst-nat ; OK
+# show
+-L --dst-nat 3.3.3.3 ; OK
+# show
+-L --src-nat ; OK
+# delete
+-D -s 1.1.1.1 ; OK
+# create dummy again
+-I -s 1.1.1.1 -d 2.2.2.2 --src-nat 3.3.3.3 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# show
+-L --src-nat ; OK
+# show
+-L --src-nat 3.3.3.3 ; OK
+# show
+-L --dst-nat ; OK
+# show any-nat
+-L --any-nat ; OK
+# delete
+-D -s 1.1.1.1 ; OK
+# bad combination
+-L --dst-nat --any-nat ; BAD
+# bad combination
+-L --src-nat --any-nat ; BAD
+# bad combination
+-L --src-nat --dst-nat --any-nat ; BAD
+# create
+-I -s 1.1.1.1 -d 2.2.2.2 --dst-nat 3.3.3.3:80 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 ; OK
+# show
+-L --dst-nat 3.3.3.3:80 ; OK
+# show
+-L --any-nat 3.3.3.3:80 ; OK
+# show
+-L --dst-nat 3.3.3.3:81 ; OK
+# show
+-L --dst-nat 1.1.1.1:80 ; OK
+# delete
+-D -s 1.1.1.1 ; OK
diff --git a/tests/conntrack/testsuite/04zone b/tests/conntrack/testsuite/04zone
new file mode 100644
index 0000000..dc8b691
--- /dev/null
+++ b/tests/conntrack/testsuite/04zone
@@ -0,0 +1,24 @@
+# 1) zone, create dummy
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --zone 1; OK
+# display dummy
+-L --zone 1; OK
+# display dummy
+-L --zone 0; OK
+# delete dummy
+-D --zone 1; OK
+# 2) orig-zone, create dummy
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --orig-zone 2; OK
+# display dummy
+-L --orig-zone 2; OK
+# display dummy
+-L --orig-zone 0; OK
+# delete dummy
+-D --orig-zone 2; OK
+# 3) reply-zone, create dummy
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --reply-zone 3; OK
+# display dummy
+-L --reply-zone 3; OK
+# display dummy
+-L --reply-zone 0; OK
+# delete dummy
+-D --reply-zone 3; OK
diff --git a/tests/conntrack/testsuite/05mark b/tests/conntrack/testsuite/05mark
new file mode 100644
index 0000000..4d99dea
--- /dev/null
+++ b/tests/conntrack/testsuite/05mark
@@ -0,0 +1,27 @@
+# create with a mark
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 42 ; OK
+# find it again using mark
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42 ; OK
+-L --mark 42; OK
+# ct already exists
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 42/0xffffffff ; BAD
+# delete by mark
+-D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/0xffffffff ; OK
+# try again after del
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 417889/0xffffffff ; OK
+# delete by mark
+-D --mark 417889 ; OK
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state LISTEN -u SEEN_REPLY -t 50 --mark 0xffffffff ; OK
+# zap top 16.
+-U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 0/0xffff0000 ; OK
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 0x0000ffff ; OK
+-U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/0xffff ; OK
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/0x0000ffff ; OK
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42/42 ; OK
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 2/2 ; OK
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 2/3 ; OK
+# OK, but no flow entries should be shown here:
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 2/0xf ; OK
+# BAD, because no updates done (mark is already 42).
+-U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42 ; BAD
+-D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --mark 42 ; OK
diff --git a/tests/conntrack/testsuite/06update b/tests/conntrack/testsuite/06update
new file mode 100644
index 0000000..0408303
--- /dev/null
+++ b/tests/conntrack/testsuite/06update
@@ -0,0 +1,8 @@
+# create dummy flow
+-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state SYN_RECV -u SEEN_REPLY,ASSURED -t 50 ; OK
+# find it again using mark
+-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 ; OK
+# set fixed timeout
+-U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 -u FIXED_TIMEOUT; OK
+# delete it
+-D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20; OK
diff --git a/tests/nfct/run-test.sh b/tests/nfct/run-test.sh
new file mode 100644
index 0000000..851ee75
--- /dev/null
+++ b/tests/nfct/run-test.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+_UID=`id -u`
+if [ $_UID -ne 0 ]
+then
+ echo "Run this test as root"
+ exit 1
+fi
+
+gcc test.c -o test
+#
+# XXX: module auto-load not support by nfnetlink_cttimeout yet :-(
+#
+modprobe nf_conntrack_ipv4
+modprobe nf_conntrack_ipv6
+modprobe nf_conntrack_proto_udplite
+modprobe nf_conntrack_proto_sctp
+modprobe nf_conntrack_proto_dccp
+modprobe nf_conntrack_proto_gre
+./test timeout
diff --git a/tests/nfct/test-live.sh b/tests/nfct/test-live.sh
new file mode 100644
index 0000000..2257087
--- /dev/null
+++ b/tests/nfct/test-live.sh
@@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# simple testing for cttimeout infrastructure using one single computer
+#
+
+WAIT_BETWEEN_TESTS=10
+
+# flush cttimeout table
+nfct flush timeout
+
+# flush the conntrack table
+conntrack -F
+
+#
+# No.1: test generic timeout policy
+#
+
+echo "---- test no. 1 ----"
+
+conntrack -E -p 13 &
+
+nfct add timeout test-generic inet generic timeout 100
+iptables -I OUTPUT -t raw -p all -j CT --timeout test-generic
+hping3 -c 1 -V -I eth0 -0 8.8.8.8 -H 13
+
+killall -15 conntrack
+
+echo "---- end test no. 1 ----"
+
+sleep $WAIT_BETWEEN_TESTS
+
+iptables -D OUTPUT -t raw -p all -j CT --timeout test-generic
+nfct del timeout test-generic
+
+#
+# No.2: test TCP timeout policy
+#
+
+echo "---- test no. 2 ----"
+
+conntrack -E -p tcp &
+
+nfct add timeout test-tcp inet tcp syn_sent 100
+iptables -I OUTPUT -t raw -p tcp -j CT --timeout test-tcp
+hping3 -V -S -p 80 -s 5050 8.8.8.8 -c 1
+
+sleep $WAIT_BETWEEN_TESTS
+
+iptables -D OUTPUT -t raw -p tcp -j CT --timeout test-tcp
+nfct del timeout test-tcp
+
+killall -15 conntrack
+
+echo "---- end test no. 2 ----"
+
+#
+# No. 3: test ICMP timeout policy
+#
+
+echo "---- test no. 3 ----"
+
+conntrack -E -p icmp &
+
+nfct add timeout test-icmp inet icmp timeout 50
+iptables -I OUTPUT -t raw -p icmp -j CT --timeout test-icmp
+hping3 -1 8.8.8.8 -c 2
+
+iptables -D OUTPUT -t raw -p icmp -j CT --timeout test-icmp
+nfct del timeout test-icmp
+
+killall -15 conntrack
+
+echo "---- end test no. 3 ----"
diff --git a/tests/nfct/test.c b/tests/nfct/test.c
new file mode 100644
index 0000000..a833dcc
--- /dev/null
+++ b/tests/nfct/test.c
@@ -0,0 +1,100 @@
+/*
+ * (c) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
+ *
+ * Extremely simple test utility for the command line tools.
+ *
+ * Based on test-conntrack.c
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <dirent.h>
+
+#define PATH "/usr/sbin"
+
+int main(int argc, char *argv[])
+{
+ int ret, ok = 0, bad = 0, line;
+ FILE *fp;
+ DIR *d;
+ char buf[1024];
+ struct dirent *dent;
+ char file[1024];
+
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s directory\n", argv[0]);
+ exit(EXIT_FAILURE);
+ }
+
+ d = opendir(argv[1]);
+ if (d == NULL) {
+ perror("opendir");
+ exit(EXIT_FAILURE);
+ }
+
+ setenv("PATH", PATH, 1);
+
+ while ((dent = readdir(d)) != NULL) {
+
+ sprintf(file, "%s/%s", argv[1], dent->d_name);
+
+ line = 0;
+
+ fp = fopen(file, "r");
+ if (fp == NULL) {
+ perror("cannot find testsuite file");
+ exit(EXIT_FAILURE);
+ }
+
+ while (fgets(buf, sizeof(buf), fp)) {
+ char *res;
+
+ line++;
+
+ if (buf[0] == '#' || buf[0] == ' ')
+ continue;
+
+ res = strchr(buf, ';');
+ if (!res) {
+ printf("malformed file %s at line %d\n",
+ dent->d_name, line);
+ exit(EXIT_FAILURE);
+ }
+ *res = '\0';
+ res+=2;
+
+ printf("(%d) Executing: %s\n", line, buf);
+
+ ret = system(buf);
+
+ if (WIFEXITED(ret) &&
+ WEXITSTATUS(ret) == EXIT_SUCCESS) {
+ if (res[0] == 'O' &&
+ res[1] == 'K')
+ ok++;
+ else {
+ bad++;
+ printf("^----- BAD\n");
+ }
+ } else {
+ if (res[0] == 'B' &&
+ res[1] == 'A' &&
+ res[2] == 'D')
+ ok++;
+ else {
+ bad++;
+ printf("^----- BAD\n");
+ }
+ }
+ printf("=====\n");
+ }
+ fclose(fp);
+ }
+ closedir(d);
+
+ fprintf(stdout, "OK: %d BAD: %d\n", ok, bad);
+}
diff --git a/tests/nfct/timeout/00tcp b/tests/nfct/timeout/00tcp
new file mode 100644
index 0000000..ab2e6fc
--- /dev/null
+++ b/tests/nfct/timeout/00tcp
@@ -0,0 +1,16 @@
+# add policy object `test'
+nfct add timeout test inet tcp established 100 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
+# get unexistent policy object `dummy'
+nfct get timeout test ; BAD
+# delete policy object `test', however, it does not exists anymore
+nfct delete timeout test ; BAD
+# add policy object `test'
+nfct add timeout test inet tcp syn_sent 1 syn_recv 2 established 3 fin_wait 4 close_wait 5 last_ack 6 time_wait 7 close 8 syn_sent2 9 retrans 10 unacknowledged 11 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
diff --git a/tests/nfct/timeout/01udp b/tests/nfct/timeout/01udp
new file mode 100644
index 0000000..f8097d6
--- /dev/null
+++ b/tests/nfct/timeout/01udp
@@ -0,0 +1,16 @@
+# add policy object `test'
+nfct add timeout test inet udp unreplied 10 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
+# get unexistent policy object `dummy'
+nfct get timeout test ; BAD
+# delete policy object `test', however, it does not exists anymore
+nfct delete timeout test ; BAD
+# add policy object `test'
+nfct add timeout test inet udp unreplied 1 replied 2 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
diff --git a/tests/nfct/timeout/02generic b/tests/nfct/timeout/02generic
new file mode 100644
index 0000000..ffba138
--- /dev/null
+++ b/tests/nfct/timeout/02generic
@@ -0,0 +1,16 @@
+# add policy object `test'
+nfct add timeout test inet generic timeout 10 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
+# get unexistent policy object `dummy'
+nfct get timeout test ; BAD
+# delete policy object `test', however, it does not exists anymore
+nfct delete timeout test ; BAD
+# add policy object `test'
+nfct add timeout test inet generic timeout 1 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
diff --git a/tests/nfct/timeout/03udplite b/tests/nfct/timeout/03udplite
new file mode 100644
index 0000000..8ed3459
--- /dev/null
+++ b/tests/nfct/timeout/03udplite
@@ -0,0 +1,16 @@
+# add policy object `test'
+nfct add timeout test inet udplite unreplied 10 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
+# get unexistent policy object `dummy'
+nfct get timeout test ; BAD
+# delete policy object `test', however, it does not exists anymore
+nfct delete timeout test ; BAD
+# add policy object `test'
+nfct add timeout test inet udplite unreplied 1 replied 2 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
diff --git a/tests/nfct/timeout/04icmp b/tests/nfct/timeout/04icmp
new file mode 100644
index 0000000..edb1c99
--- /dev/null
+++ b/tests/nfct/timeout/04icmp
@@ -0,0 +1,16 @@
+# add policy object `test'
+nfct add timeout test inet icmp timeout 10 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
+# get unexistent policy object `dummy'
+nfct get timeout test ; BAD
+# delete policy object `test', however, it does not exists anymore
+nfct delete timeout test ; BAD
+# add policy object `test'
+nfct add timeout test inet icmp timeout 1 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
diff --git a/tests/nfct/timeout/05icmpv6 b/tests/nfct/timeout/05icmpv6
new file mode 100644
index 0000000..40ccc49
--- /dev/null
+++ b/tests/nfct/timeout/05icmpv6
@@ -0,0 +1,16 @@
+# add policy object `test'
+nfct add timeout test inet6 icmpv6 timeout 10 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
+# get unexistent policy object `dummy'
+nfct get timeout test ; BAD
+# delete policy object `test', however, it does not exists anymore
+nfct delete timeout test ; BAD
+# add policy object `test'
+nfct add timeout test inet6 icmpv6 timeout 1 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
diff --git a/tests/nfct/timeout/06sctp b/tests/nfct/timeout/06sctp
new file mode 100644
index 0000000..62b44c6
--- /dev/null
+++ b/tests/nfct/timeout/06sctp
@@ -0,0 +1,16 @@
+# add policy object `test'
+nfct add timeout test inet sctp established 100 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
+# get unexistent policy object `dummy'
+nfct get timeout test ; BAD
+# delete policy object `test', however, it does not exists anymore
+nfct delete timeout test ; BAD
+# add policy object `test'
+nfct add timeout test inet sctp closed 1 cookie_wait 2 cookie_echoed 3 established 4 shutdown_sent 5 shutdown_recd 6 shutdown_ack_sent 7 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
diff --git a/tests/nfct/timeout/07dccp b/tests/nfct/timeout/07dccp
new file mode 100644
index 0000000..1d88585
--- /dev/null
+++ b/tests/nfct/timeout/07dccp
@@ -0,0 +1,16 @@
+# add policy object `test'
+nfct add timeout test inet dccp request 100 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
+# get unexistent policy object `dummy'
+nfct get timeout test ; BAD
+# delete policy object `test', however, it does not exists anymore
+nfct delete timeout test ; BAD
+# add policy object `test'
+nfct add timeout test inet dccp request 1 respond 2 partopen 3 open 4 closereq 5 closing 6 timewait 7 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
diff --git a/tests/nfct/timeout/08gre b/tests/nfct/timeout/08gre
new file mode 100644
index 0000000..709b943
--- /dev/null
+++ b/tests/nfct/timeout/08gre
@@ -0,0 +1,16 @@
+# add policy object `test'
+nfct add timeout test inet gre unreplied 10 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
+# get unexistent policy object `dummy'
+nfct get timeout test ; BAD
+# delete policy object `test', however, it does not exists anymore
+nfct delete timeout test ; BAD
+# add policy object `test'
+nfct add timeout test inet gre unreplied 1 replied 2 ; OK
+# get policy object `test'
+nfct get timeout test ; OK
+# delete policy object `test'
+nfct delete timeout test ; OK
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-12 23:09:07 +0000