blob: c338e63f061f1f22a91c41347c2b1d1c5edb62c9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
#!/bin/sh
#
# simple testing for cttimeout infrastructure using one single computer
#
WAIT_BETWEEN_TESTS=10
# flush cttimeout table
nfct timeout flush
# flush the conntrack table
conntrack -F
#
# No.1: test generic timeout policy
#
echo "---- test no. 1 ----"
conntrack -E -p 13 &
nfct timeout add test-generic inet generic timeout 100
iptables -I OUTPUT -t raw -p all -j CT --timeout test-generic
hping3 -c 1 -V -I eth0 -0 8.8.8.8 -H 13
killall -15 conntrack
echo "---- end test no. 1 ----"
sleep $WAIT_BETWEEN_TESTS
iptables -D OUTPUT -t raw -p all -j CT --timeout test-generic
nfct timeout del test-generic
#
# No.2: test TCP timeout policy
#
echo "---- test no. 2 ----"
conntrack -E -p tcp &
nfct timeout add test-tcp inet tcp syn_sent 100
iptables -I OUTPUT -t raw -p tcp -j CT --timeout test-tcp
hping3 -V -S -p 80 -s 5050 8.8.8.8 -c 1
sleep $WAIT_BETWEEN_TESTS
iptables -D OUTPUT -t raw -p tcp -j CT --timeout test-tcp
nfct timeout del test-tcp
killall -15 conntrack
echo "---- end test no. 2 ----"
#
# No. 3: test ICMP timeout policy
#
echo "---- test no. 3 ----"
conntrack -E -p icmp &
nfct timeout add test-icmp inet icmp timeout 50
iptables -I OUTPUT -t raw -p icmp -j CT --timeout test-icmp
hping3 -1 8.8.8.8 -c 2
iptables -D OUTPUT -t raw -p icmp -j CT --timeout test-icmp
nfct timeout del test-icmp
killall -15 conntrack
echo "---- end test no. 3 ----"
|