diff options
Diffstat (limited to 'netfilter/ipt-idletimer.sh')
-rw-r--r-- | netfilter/ipt-idletimer.sh | 144 |
1 files changed, 144 insertions, 0 deletions
diff --git a/netfilter/ipt-idletimer.sh b/netfilter/ipt-idletimer.sh new file mode 100644 index 0000000..fdc70bb --- /dev/null +++ b/netfilter/ipt-idletimer.sh @@ -0,0 +1,144 @@ +#!/system/bin/sh + +mount -o rw,remount / +mkdir -p /tmp + +IFACE=lo +T=5 +LABEL=sample +NLLOG=/tmp/nl.$$.log +NLEXE=/system/bin/nl-listener + +function init_modules() { + PWD=`pwd` + cd /system/modules + insmod x_tables.ko + insmod ip_tables.ko + insmod iptable_filter.ko + insmod iptable_raw.ko + insmod xt_IDLETIMER.ko + cd $PWD +} + +function init_iptables() { + iptables -F + iptables -t raw -F idletimer_PREROUTING + iptables -t raw -N idletimer_PREROUTING + iptables -t raw -D PREROUTING -j idletimer_PREROUTING + iptables -t raw -I PREROUTING -j idletimer_PREROUTING +} + +function fail() { + rc=$1 + shift + echo "FAIL: $*" + return $rc +} + +function pass() { + echo "PASS: $*" + return 0 +} + +function note() { + echo "NOTE: $*" + return 0 +} + +function iptables_set() { + iptables -t raw -F + iptables -t raw -N idletimer_PREROUTING + iptables -t raw -A idletimer_PREROUTING -i $1 -j IDLETIMER --timeout $2 --label $3 $4 + rc=$? + note "iptables_set: exit code $rc" + return $rc +} + +function test_5() { + + A="Xyz -1 17" # each value is incorrect + + for a in $A; do + iptables_set $IFACE $T $LABEL "--send_nl_msg $a" + rc=$? + if [ $rc -eq 0 ]; then + fail $rc "iptables should fail on --send_nl_msg $a" + return $? + fi + done + pass $1 +} + +function test_1_2() { + # + # The idea of test is: + # 1. flush iptables rules + # 2. set rule to fire IDLETIMER after T seconds (with additional parameter, probably) + # 3. start listener with timeout of T+2 seconds + # 3a. do nothing for T seconds... DONE! + # 4. verify that: + # a. listener caught the event + # b. listener printed it with "OK" -- event was correct + # c. time between end and start of listener is no greater than T + # 5. print the log, just for reference + # + + iptables_set $IFACE $T $LABEL "$2" + rc=$? + if [ $rc -ne 0 ]; then + fail $rc "iptables failed" + return $? + fi + + note "Waiting for event..." + + T1=`date +%s` + $NLEXE "$3" --timeout $(($T+2)) > $NLLOG + rc=$? + T2=`date +%s` + if [ $rc -ne 0 ]; then + # + # for example, timeout + # + fail $rc "nl-listener failed" + return $? + fi + if [ `grep "^OK" $NLLOG | wc -l` -ne "1" ]; then + # + # No OK in the log? Fail! + # + fail -1 "No 'OK' in nl-listener output" + return $? + fi + if [ $(($T2-$T1)) -lt $(($T-1)) ]; then + # + # nl-listener garantees us that it will wait no longer than T+2 + # now, check that delay was no shorter than T-1 + # + fail -1 "Too short delay! $(($T2-$T1)) instead of $T" + return $rc + fi + note "nl-listener log is below" + echo "---===== listener log =====---" + cat $NLLOG + echo "---=====++++++++++++++=====---" + pass "$1" + return 0 +} + +note "Starting tests" + +init_modules +init_iptables + +echo -e "\nTest 1: verify sysfs events" +test_1_2 "Test 1" "" "--sysfs=$LABEL" +echo -e "\nTest 2: verify netlink events" +test_1_2 "Test 2" "--send_nl_msg 1" "--netlink" +echo -e "\nTest 3: verify sysfs events even in case of --send-nl-msg 1" +test_1_2 "Test 3" "--send_nl_msg 1" "--sysfs=$LABEL" +echo -e "\nTest 4: verify sysfs events in case of --send_nl_msg 0" +test_1_2 "Test 4" "--send_nl_msg 0" "--sysfs=$LABEL" +echo -e "\nTest 5: verify parameters of send-nl-msg" +test_5 "Test 5" +exit 0 |