From 1dd08fcfa07a4e5bacc14b4e4a27ed64581f2e41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Veyret?= Date: Tue, 9 Jul 2019 15:02:09 +0200 Subject: src: add ct expectations support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This modification allow to directly add/list/delete expectations. Signed-off-by: Stéphane Veyret Signed-off-by: Pablo Neira Ayuso --- tests/shell/testcases/listing/0013objects_0 | 10 +++++++++- tests/shell/testcases/nft-f/0018ct_expectation_obj_0 | 18 ++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100755 tests/shell/testcases/nft-f/0018ct_expectation_obj_0 (limited to 'tests/shell') diff --git a/tests/shell/testcases/listing/0013objects_0 b/tests/shell/testcases/listing/0013objects_0 index da782a68..f6915796 100755 --- a/tests/shell/testcases/listing/0013objects_0 +++ b/tests/shell/testcases/listing/0013objects_0 @@ -18,6 +18,14 @@ EXPECTED="table ip test { policy = { unreplied : 15, replied : 12 } } + ct expectation ctexpect { + protocol tcp + dport 5432 + timeout 1h + size 12 + l3proto ip + } + chain input { } }" @@ -29,6 +37,7 @@ $NFT add chain test input $NFT add quota test https-quota 25 mbytes $NFT add ct helper test cthelp { type \"sip\" protocol tcp \; } $NFT add ct timeout test cttime { protocol udp \; policy = {replied : 12, unreplied : 15 } \; } +$NFT add ct expectation test ctexpect { protocol tcp \; dport 5432 \; timeout 1h \; size 12 \; } $NFT add table test-ip GET="$($NFT list table test)" @@ -37,4 +46,3 @@ if [ "$EXPECTED" != "$GET" ] ; then [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") exit 1 fi - diff --git a/tests/shell/testcases/nft-f/0018ct_expectation_obj_0 b/tests/shell/testcases/nft-f/0018ct_expectation_obj_0 new file mode 100755 index 00000000..eb9df3ce --- /dev/null +++ b/tests/shell/testcases/nft-f/0018ct_expectation_obj_0 @@ -0,0 +1,18 @@ +#!/bin/bash + +EXPECTED='table ip filter { + ct expectation ctexpect{ + protocol tcp + dport 9876 + timeout 1m + size 12 + l3proto ip + } + + chain c { + ct expectation set "ctexpect" + } +}' + +set -e +$NFT -f - <<< $EXPECTED -- cgit v1.2.3