tests: shell: extend connlimit test

Extend existing test to add a ct count expression in the set definition. This test cover the upstream kernel fix ad9f151e560b ("netfilter: nf_tables: initialize set before expression setup"). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2021-06-04 03:10:06 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2021-06-14 19:24:44 +0200
commit: 95d348d55a9e0c8f77bf34578258c79cc4f5b96c (patch)
tree: fc0930df9690f9fb5c1d398f2280c08c64a0b14b /tests/shell/testcases/sets
parent: cdde55e438fe6dad739c6e81f317779cc37479fa (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/tests/shell/testcases/sets/0062set_connlimit_0 b/tests/shell/testcases/sets/0062set_connlimit_0
index 4f95f383..48d589fe 100755
--- a/tests/shell/testcases/sets/0062set_connlimit_0
+++ b/tests/shell/testcases/sets/0062set_connlimit_0
@@ -12,3 +12,15 @@ RULESET="table ip x {
 }"
 
 $NFT -f - <<< $RULESET
+
+RULESET="table ip x {
+	set new-connlimit {
+		type ipv4_addr
+		size 65535
+		flags dynamic
+		ct count over 20
+		elements = { 84.245.120.167 }
+	}
+}"
+
+$NFT -f - <<< $RULESET
author	Pablo Neira Ayuso <pablo@netfilter.org>	2021-06-04 03:10:06 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2021-06-14 19:24:44 +0200
commit	95d348d55a9e0c8f77bf34578258c79cc4f5b96c (patch)
tree	fc0930df9690f9fb5c1d398f2280c08c64a0b14b /tests/shell/testcases/sets
parent	cdde55e438fe6dad739c6e81f317779cc37479fa (diff)