File: meta_time

package info (click to toggle)
nftables 1.1.6-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 15,384 kB
  • sloc: ansic: 50,901; sh: 20,277; yacc: 5,861; python: 1,746; lex: 1,367; makefile: 392
file content (79 lines) | stat: -rwxr-xr-x 2,444 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
 
#!/bin/bash

# NFT_TEST_REQUIRES(NFT_TEST_HAVE_meta_time)

. $NFT_TEST_LIBRARY_FILE

gen_in_range_minute()
{
	echo $(date -d "-5 minutes" +%H:%M)-$(date -d "+5 minutes" +%H:%M)
}

gen_out_of_range_minute()
{
	echo $(date -d "+2 minutes" +%H:%M)-$(date -d "+5 minutes" +%H:%M)
}

gen_in_range_hour()
{
	echo $(date -d "-2 hours" +%H:%M)-$(date -d "+2 hours" +%H:%M)
}

gen_out_of_range_hour()
{
	echo $(date -d "+1 hours" +%H:%M)-$(date -d "+2 hours" +%H:%M)
}
gen_in_range_day()
{
	#meta day "Sunday"-"Tuesday"
	echo \"$(date -d "-1 days" +%A)\"-\"$(date -d "+1 days" +%A)\"
}
gen_out_of_range_day()
{
	echo \"$(date -d "-2 days" +%A)\"-\"$(date -d "-1 days" +%A)\"
}

gen_in_range_time()
{
	echo \"$(date -d "-1 years +10 days" +%G-%m-%d" "%H:%M:%S)\"-\"$(date -d "+2 days" +%G-%m-%d" "%H:%M:%S)\"
}

gen_out_of_range_time()
{
	echo \"$(date -d "+10 seconds" +%G-%m-%d" "%H:%M:%S)\"-\"$(date -d "+20 seconds" +%G-%m-%d" "%H:%M:%S)\"
}

$NFT -f - <<-EOF
table ip time_test {
	counter matched {}
	counter unmatch {}
	chain input {
		type filter hook input priority filter; policy accept;
		iifname lo icmp type echo-request meta hour $(gen_in_range_hour)       counter name matched
		iifname lo icmp type echo-request meta hour $(gen_out_of_range_hour)   counter name unmatch
		iifname lo icmp type echo-request meta hour $(gen_in_range_minute)     counter name matched
		iifname lo icmp type echo-request meta hour $(gen_out_of_range_minute) counter name unmatch
		iifname lo icmp type echo-request meta day  $(gen_in_range_day)        counter name matched
		iifname lo icmp type echo-request meta day  $(gen_out_of_range_day)    counter name unmatch
		iifname lo icmp type echo-request meta time $(gen_in_range_time)       counter name matched
		iifname lo icmp type echo-request meta time $(gen_out_of_range_time)   counter name unmatch
	}
}
EOF
assert_pass "restore meta time ruleset"

nft add rule ip time_test input ip protocol icmp meta hour \"24:00\"-\"4:00\" 2>/dev/null
assert_fail "Wrong time format input"
nft add rule ip time_test input ip protocol icmp meta hour \"-2:00\"-\"4:00\" 2>/dev/null
assert_fail "Wrong time format input"

ip link set lo up
ping -W 1 127.0.0.1 -c 1
assert_pass "ping pass"

$NFT list counter ip time_test matched | grep 'packets 4'
assert_pass "matched check"
$NFT list counter ip time_test unmatch | grep 'packets 0'
assert_pass "unmatch check"
$NFT delete table ip time_test
assert_pass "delete table"