diff options
Diffstat (limited to 'tests/shell/testcases/nft-f')
29 files changed, 29 insertions, 0 deletions
diff --git a/tests/shell/testcases/nft-f/dumps/0001define_slash_0.json-nft b/tests/shell/testcases/nft-f/dumps/0001define_slash_0.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0001define_slash_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.json-nft b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.json-nft new file mode 100644 index 00000000..342540ec --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0002rollback_rule_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 1}}, {"set": {"family": "ip", "name": "t", "table": "t", "type": "ipv4_addr", "handle": 3, "elem": ["1.1.1.1"]}}, {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 1}}, {"chain": {"family": "ip", "table": "t", "name": "other", "handle": 2}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 4, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": "new"}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 6, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [22222, 33333]}}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 7, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@t"}}, {"drop": null}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 8, "expr": [{"jump": {"target": "other"}}]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.json-nft b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.json-nft new file mode 100644 index 00000000..342540ec --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0003rollback_jump_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 1}}, {"set": {"family": "ip", "name": "t", "table": "t", "type": "ipv4_addr", "handle": 3, "elem": ["1.1.1.1"]}}, {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 1}}, {"chain": {"family": "ip", "table": "t", "name": "other", "handle": 2}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 4, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": "new"}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 6, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [22222, 33333]}}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 7, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@t"}}, {"drop": null}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 8, "expr": [{"jump": {"target": "other"}}]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.json-nft b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.json-nft new file mode 100644 index 00000000..342540ec --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0004rollback_set_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 1}}, {"set": {"family": "ip", "name": "t", "table": "t", "type": "ipv4_addr", "handle": 3, "elem": ["1.1.1.1"]}}, {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 1}}, {"chain": {"family": "ip", "table": "t", "name": "other", "handle": 2}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 4, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": "new"}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 6, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [22222, 33333]}}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 7, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@t"}}, {"drop": null}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 8, "expr": [{"jump": {"target": "other"}}]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.json-nft b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.json-nft new file mode 100644 index 00000000..342540ec --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0005rollback_map_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "t", "handle": 1}}, {"set": {"family": "ip", "name": "t", "table": "t", "type": "ipv4_addr", "handle": 3, "elem": ["1.1.1.1"]}}, {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 1}}, {"chain": {"family": "ip", "table": "t", "name": "other", "handle": 2}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 4, "expr": [{"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": "new"}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 6, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [22222, 33333]}}}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 7, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@t"}}, {"drop": null}]}}, {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 8, "expr": [{"jump": {"target": "other"}}]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0006action_object_0.json-nft b/tests/shell/testcases/nft-f/dumps/0006action_object_0.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0006action_object_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0007action_object_set_segfault_1.json-nft b/tests/shell/testcases/nft-f/dumps/0007action_object_set_segfault_1.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0007action_object_set_segfault_1.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0008split_tables_0.json-nft b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.json-nft new file mode 100644 index 00000000..1deaa84f --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0008split_tables_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 1}}, {"chain": {"family": "inet", "table": "filter", "name": "ssh", "handle": 1, "type": "filter", "hook": "input", "prio": 0, "policy": "accept"}}, {"chain": {"family": "inet", "table": "filter", "name": "input", "handle": 3, "type": "filter", "hook": "input", "prio": 1, "policy": "accept"}}, {"rule": {"family": "inet", "table": "filter", "chain": "ssh", "handle": 2, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"accept": null}]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0009variable_0.json-nft b/tests/shell/testcases/nft-f/dumps/0009variable_0.json-nft new file mode 100644 index 00000000..62df542c --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0009variable_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "forward", "handle": 1}}, {"set": {"family": "inet", "name": "concat-set-variable", "table": "forward", "type": ["ipv4_addr", "inet_service"], "handle": 1, "elem": [{"concat": ["10.10.10.10", 25]}, {"concat": ["10.10.10.10", 143]}]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0010variable_0.json-nft b/tests/shell/testcases/nft-f/dumps/0010variable_0.json-nft new file mode 100644 index 00000000..2d55cc0a --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0010variable_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 1}}, {"set": {"family": "inet", "name": "whitelist_v4", "table": "filter", "type": "ipv4_addr", "handle": 1, "elem": ["1.1.1.1"]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0013defines_1.json-nft b/tests/shell/testcases/nft-f/dumps/0013defines_1.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0013defines_1.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0014defines_1.json-nft b/tests/shell/testcases/nft-f/dumps/0014defines_1.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0014defines_1.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0015defines_1.json-nft b/tests/shell/testcases/nft-f/dumps/0015defines_1.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0015defines_1.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0016redefines_1.json-nft b/tests/shell/testcases/nft-f/dumps/0016redefines_1.json-nft new file mode 100644 index 00000000..183bd82e --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0016redefines_1.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"chain": {"family": "ip", "table": "x", "name": "y", "handle": 1}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 3, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": {"set": ["1.1.1.1", "2.2.2.2"]}}}]}}, {"rule": {"family": "ip", "table": "x", "chain": "y", "handle": 5, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": {"set": ["3.3.3.3", "4.4.4.4"]}}}]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0018ct_expectation_obj_0.json-nft b/tests/shell/testcases/nft-f/dumps/0018ct_expectation_obj_0.json-nft new file mode 100644 index 00000000..2847559c --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0018ct_expectation_obj_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "filter", "handle": 1}}, {"ct expectation": {"family": "ip", "name": "ctexpect", "table": "filter", "handle": 2, "protocol": "tcp", "dport": 9876, "timeout": 60000, "size": 12, "l3proto": "ip"}}, {"chain": {"family": "ip", "table": "filter", "name": "c", "handle": 1}}, {"rule": {"family": "ip", "table": "filter", "chain": "c", "handle": 3, "expr": [{"ct expectation": "ctexpect"}]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0018jump_variable_0.json-nft b/tests/shell/testcases/nft-f/dumps/0018jump_variable_0.json-nft new file mode 100644 index 00000000..3734b578 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0018jump_variable_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "foo", "handle": 1}}, {"chain": {"family": "ip", "table": "foo", "name": "bar", "handle": 1}}, {"chain": {"family": "ip", "table": "foo", "name": "ber", "handle": 2}}, {"rule": {"family": "ip", "table": "foo", "chain": "bar", "handle": 3, "expr": [{"jump": {"target": "ber"}}]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0019jump_variable_1.json-nft b/tests/shell/testcases/nft-f/dumps/0019jump_variable_1.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0019jump_variable_1.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0020jump_variable_1.json-nft b/tests/shell/testcases/nft-f/dumps/0020jump_variable_1.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0020jump_variable_1.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0021list_ruleset_0.json-nft b/tests/shell/testcases/nft-f/dumps/0021list_ruleset_0.json-nft new file mode 100644 index 00000000..131267cb --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0021list_ruleset_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "filter", "handle": 1}}, {"chain": {"family": "ip", "table": "filter", "name": "prerouting", "handle": 1, "type": "filter", "hook": "prerouting", "prio": -50, "policy": "accept"}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0022variables_0.json-nft b/tests/shell/testcases/nft-f/dumps/0022variables_0.json-nft new file mode 100644 index 00000000..934b2020 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0022variables_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 2, "size": 65535, "flags": ["timeout", "dynamic"]}}, {"chain": {"family": "ip", "table": "x", "name": "z", "handle": 1, "type": "filter", "hook": "input", "prio": 0, "policy": "accept"}}, {"rule": {"family": "ip", "table": "x", "chain": "z", "handle": 3, "expr": [{"set": {"op": "add", "elem": {"payload": {"protocol": "ip", "field": "saddr"}}, "set": "@y"}}]}}, {"rule": {"family": "ip", "table": "x", "chain": "z", "handle": 4, "expr": [{"set": {"op": "update", "elem": {"elem": {"val": {"payload": {"protocol": "ip", "field": "saddr"}}, "timeout": 30}}, "set": "@y"}}]}}, {"rule": {"family": "ip", "table": "x", "chain": "z", "handle": 5, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@y"}}]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0023check_1.json-nft b/tests/shell/testcases/nft-f/dumps/0023check_1.json-nft new file mode 100644 index 00000000..5b12cb37 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0023check_1.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "foo", "handle": 1}}, {"chain": {"family": "ip", "table": "foo", "name": "bar", "handle": 1, "type": "filter", "hook": "prerouting", "prio": 0, "policy": "accept"}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.json-nft b/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.json-nft new file mode 100644 index 00000000..0384ac72 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "foo", "handle": 1}}, {"set": {"family": "ip", "name": "inflows", "table": "foo", "type": ["ipv4_addr", "inet_service", "ifname", "ipv4_addr", "inet_service"], "handle": 1, "flags": ["dynamic"], "elem": [{"elem": {"val": {"concat": ["10.1.0.3", 39466, "veth1", "10.3.0.99", 5201]}, "counter": {"packets": 0, "bytes": 0}}}]}}, {"set": {"family": "ip", "name": "inflows6", "table": "foo", "type": ["ipv6_addr", "inet_service", "ifname", "ipv6_addr", "inet_service"], "handle": 2, "flags": ["dynamic"]}}, {"set": {"family": "ip", "name": "inflows_ratelimit", "table": "foo", "type": ["ipv4_addr", "inet_service", "ifname", "ipv4_addr", "inet_service"], "handle": 3, "flags": ["dynamic"], "elem": [{"elem": {"val": {"concat": ["10.1.0.3", 39466, "veth1", "10.3.0.99", 5201]}, "limit": {"rate": 1, "burst": 5, "per": "second"}}}]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0026listing_0.json-nft b/tests/shell/testcases/nft-f/dumps/0026listing_0.json-nft new file mode 100644 index 00000000..4359534c --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0026listing_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "A", "handle": 2}}, {"chain": {"family": "ip", "table": "A", "name": "B", "handle": 1}}, {"rule": {"family": "ip", "table": "A", "chain": "B", "handle": 3, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [1, 2]}}}, {"accept": null}]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0027split_chains_0.json-nft b/tests/shell/testcases/nft-f/dumps/0027split_chains_0.json-nft new file mode 100644 index 00000000..35a8b8c9 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0027split_chains_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 1}}, {"chain": {"family": "inet", "table": "filter", "name": "x", "handle": 1}}, {"chain": {"family": "inet", "table": "filter", "name": "input", "handle": 2, "type": "filter", "hook": "input", "prio": 0, "policy": "accept"}}, {"rule": {"family": "inet", "table": "filter", "chain": "input", "handle": 3, "expr": [{"jump": {"target": "x"}}]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0028variable_cmdline_0.json-nft b/tests/shell/testcases/nft-f/dumps/0028variable_cmdline_0.json-nft new file mode 100644 index 00000000..17131df7 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0028variable_cmdline_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 1}}, {"set": {"family": "inet", "name": "whitelist_v4", "table": "filter", "type": "ipv4_addr", "handle": 1, "elem": ["1.1.1.1", "2.2.2.2", "3.3.3.3", "4.4.4.4", "5.5.5.5"]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0029split_file_0.json-nft b/tests/shell/testcases/nft-f/dumps/0029split_file_0.json-nft new file mode 100644 index 00000000..8487ca9e --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0029split_file_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "filter", "handle": 1}}, {"set": {"family": "inet", "name": "whitelist_v4", "table": "filter", "type": "ipv4_addr", "handle": 2}}, {"chain": {"family": "inet", "table": "filter", "name": "prerouting", "handle": 1, "type": "filter", "hook": "prerouting", "prio": 0, "policy": "accept"}}, {"rule": {"family": "inet", "table": "filter", "chain": "prerouting", "handle": 3, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "daddr"}}, "right": "@whitelist_v4"}}]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0030variable_reuse_0.json-nft b/tests/shell/testcases/nft-f/dumps/0030variable_reuse_0.json-nft new file mode 100644 index 00000000..a9c6e28d --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0030variable_reuse_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "ip", "name": "x", "handle": 1}}, {"set": {"family": "ip", "name": "y", "table": "x", "type": "ipv4_addr", "handle": 1, "elem": ["1.1.1.1", "2.2.2.2"]}}, {"set": {"family": "ip", "name": "z", "table": "x", "type": "ipv4_addr", "handle": 2, "elem": ["1.1.1.1", "3.3.3.3"]}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0031vmap_string_0.json-nft b/tests/shell/testcases/nft-f/dumps/0031vmap_string_0.json-nft new file mode 100644 index 00000000..0048e6b1 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0031vmap_string_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}]} diff --git a/tests/shell/testcases/nft-f/dumps/0032pknock_0.json-nft b/tests/shell/testcases/nft-f/dumps/0032pknock_0.json-nft new file mode 100644 index 00000000..7c0867ad --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0032pknock_0.json-nft @@ -0,0 +1 @@ +{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "portknock", "handle": 1}}, {"set": {"family": "inet", "name": "clients_ipv4", "table": "portknock", "type": "ipv4_addr", "handle": 2, "size": 65535, "flags": ["timeout", "dynamic"]}}, {"set": {"family": "inet", "name": "candidates_ipv4", "table": "portknock", "type": ["ipv4_addr", "inet_service"], "handle": 3, "size": 65535, "flags": ["timeout", "dynamic"]}}, {"chain": {"family": "inet", "table": "portknock", "name": "input", "handle": 1, "type": "filter", "hook": "input", "prio": -10, "policy": "accept"}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 4, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10001}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10002]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 5, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10002}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10003]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 6, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10003}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10004]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 7, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10004}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10005]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 8, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10005}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"payload": {"protocol": "ip", "field": "saddr"}}, "timeout": 600}}, "set": "@clients_ipv4"}}, {"log": {"prefix": "Successful portknock: "}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 9, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@clients_ipv4"}}, {"counter": {"packets": 0, "bytes": 0}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 10, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": ["established", "related"]}}, {"counter": {"packets": 0, "bytes": 0}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 11, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"reject": {"type": "tcp reset"}}]}}]} |