diff options
author | Florian Westphal <fw@strlen.de> | 2024-02-29 11:41:25 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2024-03-01 00:38:40 +0100 |
commit | 8d2f36763d23201100a11161b179e29dbec5be3a (patch) | |
tree | edd68c3959bc4ff03cb81264e065739952b2d2cb /tests/shell/testcases/maps/dumps/named_limits.json-nft | |
parent | 070ec7ce350f8139f9b97dbcb78ad1d7b7bf1196 (diff) |
tests: maps: add a test case for "limit" objref map
check add, delete and removal operations for objref maps.
Also check type vs. typeof declarations and use both
interval and interval+concatenation (rbtree, pipapo).
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell/testcases/maps/dumps/named_limits.json-nft')
-rw-r--r-- | tests/shell/testcases/maps/dumps/named_limits.json-nft | 328 |
1 files changed, 328 insertions, 0 deletions
diff --git a/tests/shell/testcases/maps/dumps/named_limits.json-nft b/tests/shell/testcases/maps/dumps/named_limits.json-nft new file mode 100644 index 00000000..28a92529 --- /dev/null +++ b/tests/shell/testcases/maps/dumps/named_limits.json-nft @@ -0,0 +1,328 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "limit": { + "family": "inet", + "name": "tarpit-pps", + "table": "filter", + "handle": 0, + "rate": 1, + "per": "second", + "burst": 5 + } + }, + { + "limit": { + "family": "inet", + "name": "tarpit-bps", + "table": "filter", + "handle": 0, + "rate": 1, + "per": "second", + "rate_unit": "kbytes" + } + }, + { + "limit": { + "family": "inet", + "name": "http-bulk-rl-1m", + "table": "filter", + "handle": 0, + "rate": 1, + "per": "second", + "rate_unit": "mbytes" + } + }, + { + "limit": { + "family": "inet", + "name": "http-bulk-rl-10m", + "table": "filter", + "handle": 0, + "rate": 10, + "per": "second", + "rate_unit": "mbytes" + } + }, + { + "set": { + "family": "inet", + "name": "tarpit4", + "table": "filter", + "type": "ipv4_addr", + "handle": 0, + "size": 10000, + "flags": [ + "timeout", + "dynamic" + ], + "timeout": 60 + } + }, + { + "set": { + "family": "inet", + "name": "tarpit6", + "table": "filter", + "type": "ipv6_addr", + "handle": 0, + "size": 10000, + "flags": [ + "timeout", + "dynamic" + ], + "timeout": 60 + } + }, + { + "map": { + "family": "inet", + "name": "addr4limit", + "table": "filter", + "type": [ + "inet_proto", + "ipv4_addr", + "inet_service" + ], + "handle": 0, + "map": "limit", + "flags": [ + "interval" + ], + "elem": [ + [ + { + "concat": [ + "tcp", + { + "prefix": { + "addr": "192.168.0.0", + "len": 16 + } + }, + { + "range": [ + 1, + 65535 + ] + } + ] + }, + "tarpit-bps" + ], + [ + { + "concat": [ + "udp", + { + "prefix": { + "addr": "192.168.0.0", + "len": 16 + } + }, + { + "range": [ + 1, + 65535 + ] + } + ] + }, + "tarpit-pps" + ], + [ + { + "concat": [ + "tcp", + { + "range": [ + "127.0.0.1", + "127.1.2.3" + ] + }, + { + "range": [ + 1, + 1024 + ] + } + ] + }, + "tarpit-pps" + ], + [ + { + "concat": [ + "tcp", + { + "range": [ + "10.0.0.1", + "10.0.0.255" + ] + }, + 80 + ] + }, + "http-bulk-rl-1m" + ], + [ + { + "concat": [ + "tcp", + { + "range": [ + "10.0.0.1", + "10.0.0.255" + ] + }, + 443 + ] + }, + "http-bulk-rl-1m" + ], + [ + { + "concat": [ + "tcp", + { + "prefix": { + "addr": "10.0.1.0", + "len": 24 + } + }, + { + "range": [ + 1024, + 65535 + ] + } + ] + }, + "http-bulk-rl-10m" + ], + [ + { + "concat": [ + "tcp", + "10.0.2.1", + 22 + ] + }, + "http-bulk-rl-10m" + ] + ] + } + }, + { + "map": { + "family": "inet", + "name": "saddr6limit", + "table": "filter", + "type": "ipv6_addr", + "handle": 0, + "map": "limit", + "flags": [ + "interval" + ], + "elem": [ + [ + { + "range": [ + "dead::beef", + "dead::1:aced" + ] + }, + "tarpit-pps" + ] + ] + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "input", + "handle": 0, + "type": "filter", + "hook": "input", + "prio": 0, + "policy": "accept" + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "input", + "handle": 0, + "expr": [ + { + "limit": { + "map": { + "key": { + "concat": [ + { + "meta": { + "key": "l4proto" + } + }, + { + "payload": { + "protocol": "ip", + "field": "saddr" + } + }, + { + "payload": { + "protocol": "th", + "field": "sport" + } + } + ] + }, + "data": "@addr4limit" + } + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "input", + "handle": 0, + "expr": [ + { + "limit": { + "map": { + "key": { + "payload": { + "protocol": "ip6", + "field": "saddr" + } + }, + "data": "@saddr6limit" + } + } + } + ] + } + } + ] +} |