diff options
| author | Florian Westphal <fw@strlen.de> | 2024-02-29 11:41:25 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2024-03-01 00:38:40 +0100 |
| commit | 8d2f36763d23201100a11161b179e29dbec5be3a (patch) | |
| tree | edd68c3959bc4ff03cb81264e065739952b2d2cb /tests/shell/testcases/maps/dumps/named_limits.nft | |
| parent | 070ec7ce350f8139f9b97dbcb78ad1d7b7bf1196 (diff) | |
tests: maps: add a test case for "limit" objref map
check add, delete and removal operations for objref maps.
Also check type vs. typeof declarations and use both
interval and interval+concatenation (rbtree, pipapo).
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell/testcases/maps/dumps/named_limits.nft')
| -rw-r--r-- | tests/shell/testcases/maps/dumps/named_limits.nft | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/tests/shell/testcases/maps/dumps/named_limits.nft b/tests/shell/testcases/maps/dumps/named_limits.nft new file mode 100644 index 00000000..214df204 --- /dev/null +++ b/tests/shell/testcases/maps/dumps/named_limits.nft @@ -0,0 +1,55 @@ +table inet filter { + limit tarpit-pps { + rate 1/second + } + + limit tarpit-bps { + rate 1 kbytes/second + } + + limit http-bulk-rl-1m { + rate 1 mbytes/second + } + + limit http-bulk-rl-10m { + rate 10 mbytes/second + } + + set tarpit4 { + typeof ip saddr + size 10000 + flags dynamic,timeout + timeout 1m + } + + set tarpit6 { + typeof ip6 saddr + size 10000 + flags dynamic,timeout + timeout 1m + } + + map addr4limit { + typeof meta l4proto . ip saddr . tcp sport : limit + flags interval + elements = { tcp . 192.168.0.0/16 . 1-65535 : "tarpit-bps", + udp . 192.168.0.0/16 . 1-65535 : "tarpit-pps", + tcp . 127.0.0.1-127.1.2.3 . 1-1024 : "tarpit-pps", + tcp . 10.0.0.1-10.0.0.255 . 80 : "http-bulk-rl-1m", + tcp . 10.0.0.1-10.0.0.255 . 443 : "http-bulk-rl-1m", + tcp . 10.0.1.0/24 . 1024-65535 : "http-bulk-rl-10m", + tcp . 10.0.2.1 . 22 : "http-bulk-rl-10m" } + } + + map saddr6limit { + typeof ip6 saddr : limit + flags interval + elements = { dead::beef-dead::1:aced : "tarpit-pps" } + } + + chain input { + type filter hook input priority filter; policy accept; + limit name meta l4proto . ip saddr . th sport map @addr4limit + limit name ip6 saddr map @saddr6limit + } +} |