From 485efcd3df69999d713031433d862147eba15cde Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 21 Nov 2023 14:22:54 +0100
Subject: tests/shell: sanitize "handle" in JSON output

The "handle" in JSON output is not stable. Sanitize/normalize to zero.

Adjust the sanitize code, and regenerate the .json-nft files.

Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/shell/testcases/nft-f/dumps/0032pknock_0.json-nft | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tests/shell/testcases/nft-f/dumps/0032pknock_0.json-nft')

diff --git a/tests/shell/testcases/nft-f/dumps/0032pknock_0.json-nft b/tests/shell/testcases/nft-f/dumps/0032pknock_0.json-nft
index 7c0867ad..46cc7cd7 100644
--- a/tests/shell/testcases/nft-f/dumps/0032pknock_0.json-nft
+++ b/tests/shell/testcases/nft-f/dumps/0032pknock_0.json-nft
@@ -1 +1 @@
-{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "portknock", "handle": 1}}, {"set": {"family": "inet", "name": "clients_ipv4", "table": "portknock", "type": "ipv4_addr", "handle": 2, "size": 65535, "flags": ["timeout", "dynamic"]}}, {"set": {"family": "inet", "name": "candidates_ipv4", "table": "portknock", "type": ["ipv4_addr", "inet_service"], "handle": 3, "size": 65535, "flags": ["timeout", "dynamic"]}}, {"chain": {"family": "inet", "table": "portknock", "name": "input", "handle": 1, "type": "filter", "hook": "input", "prio": -10, "policy": "accept"}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 4, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10001}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10002]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 5, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10002}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10003]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 6, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10003}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10004]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 7, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10004}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10005]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 8, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10005}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"payload": {"protocol": "ip", "field": "saddr"}}, "timeout": 600}}, "set": "@clients_ipv4"}}, {"log": {"prefix": "Successful portknock: "}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 9, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@clients_ipv4"}}, {"counter": {"packets": 0, "bytes": 0}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 10, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": ["established", "related"]}}, {"counter": {"packets": 0, "bytes": 0}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 11, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"reject": {"type": "tcp reset"}}]}}]}
+{"nftables": [{"metainfo": {"version": "VERSION", "release_name": "RELEASE_NAME", "json_schema_version": 1}}, {"table": {"family": "inet", "name": "portknock", "handle": 0}}, {"set": {"family": "inet", "name": "clients_ipv4", "table": "portknock", "type": "ipv4_addr", "handle": 0, "size": 65535, "flags": ["timeout", "dynamic"]}}, {"set": {"family": "inet", "name": "candidates_ipv4", "table": "portknock", "type": ["ipv4_addr", "inet_service"], "handle": 0, "size": 65535, "flags": ["timeout", "dynamic"]}}, {"chain": {"family": "inet", "table": "portknock", "name": "input", "handle": 0, "type": "filter", "hook": "input", "prio": -10, "policy": "accept"}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10001}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10002]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10002}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10003]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10003}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10004]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10004}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, 10005]}, "timeout": 1}}, "set": "@candidates_ipv4"}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 10005}}, {"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ip", "field": "saddr"}}, {"payload": {"protocol": "tcp", "field": "dport"}}]}, "right": "@candidates_ipv4"}}, {"set": {"op": "add", "elem": {"elem": {"val": {"payload": {"protocol": "ip", "field": "saddr"}}, "timeout": 600}}, "set": "@clients_ipv4"}}, {"log": {"prefix": "Successful portknock: "}}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"match": {"op": "==", "left": {"payload": {"protocol": "ip", "field": "saddr"}}, "right": "@clients_ipv4"}}, {"counter": {"packets": 0, "bytes": 0}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"match": {"op": "in", "left": {"ct": {"key": "state"}}, "right": ["established", "related"]}}, {"counter": {"packets": 0, "bytes": 0}}, {"accept": null}]}}, {"rule": {"family": "inet", "table": "portknock", "chain": "input", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": 22}}, {"reject": {"type": "tcp reset"}}]}}]}
-- 
cgit v1.2.3