diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-03-01 11:12:20 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-03-01 11:32:24 +0100 |
commit | 9cb501168a623b54668672bb1355dde4050a6093 (patch) | |
tree | b04a67eac72191dd9f4f3f3bbeb6f5c4d96ca786 /tests | |
parent | 2b41e3c411f5367ee4da5153147c2586e71dfa9d (diff) |
parser_bison: allow to use quota in sets
src: support for restoring element quota
This patch allows you to restore quota in dynamic sets.
table ip x {
set y {
type ipv4_addr
size 65535
flags dynamic,timeout
counter quota 500 bytes
timeout 1h
elements = { 8.8.8.8 counter packets 9 bytes 756 quota 500 bytes used 500 bytes timeout 1h expires 56m57s47ms }
}
chain z {
type filter hook output priority filter; policy accept;
update @y { ip daddr } counter packets 6 bytes 507
}
}
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/shell/testcases/sets/0060set_multistmt_1 | 38 | ||||
-rw-r--r-- | tests/shell/testcases/sets/dumps/0060set_multistmt_1.nft | 15 |
2 files changed, 53 insertions, 0 deletions
diff --git a/tests/shell/testcases/sets/0060set_multistmt_1 b/tests/shell/testcases/sets/0060set_multistmt_1 new file mode 100755 index 00000000..1652668a --- /dev/null +++ b/tests/shell/testcases/sets/0060set_multistmt_1 @@ -0,0 +1,38 @@ +#!/bin/bash + +RULESET="table x { + set y { + type ipv4_addr + size 65535 + flags dynamic + counter quota 500 bytes + elements = { 1.2.3.4 counter packets 9 bytes 756 quota 500 bytes used 500 bytes } + } + chain y { + type filter hook output priority filter; policy accept; + update @y { ip daddr } + } +}" + +$NFT -f - <<< $RULESET +# should work +if [ $? -ne 0 ] +then + exit 1 +fi + +# should work +$NFT add element x y { 1.1.1.1 } +if [ $? -ne 0 ] +then + exit 1 +fi + +# should work +$NFT add element x y { 2.2.2.2 counter quota 1000 bytes } +if [ $? -ne 0 ] +then + exit 1 +fi + +exit 0 diff --git a/tests/shell/testcases/sets/dumps/0060set_multistmt_1.nft b/tests/shell/testcases/sets/dumps/0060set_multistmt_1.nft new file mode 100644 index 00000000..ac1bd26b --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0060set_multistmt_1.nft @@ -0,0 +1,15 @@ +table ip x { + set y { + type ipv4_addr + size 65535 + flags dynamic + counter quota 500 bytes + elements = { 1.1.1.1 counter packets 0 bytes 0 quota 500 bytes, 1.2.3.4 counter packets 9 bytes 756 quota 500 bytes used 500 bytes, + 2.2.2.2 counter packets 0 bytes 0 quota 1000 bytes } + } + + chain y { + type filter hook output priority filter; policy accept; + update @y { ip daddr } + } +} |