parser_bison: allow to restore limit from dynamic set

Update parser to allow to restore limit per set element in dynamic set. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1477 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2020-12-02 18:31:00 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2020-12-04 12:53:00 +0100
commit: a8dc9e2a2b40d5d29b12920873bbe1f2cfeda8f6 (patch)
tree: cc8d6aa145ec6e6ad253cdadba50b489c9844910 /tests/shell/testcases
parent: 299ec575faa6b070940b483dc517ecd883b9f1a4 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/tests/shell/testcases/sets/0056dynamic_limit_0 b/tests/shell/testcases/sets/0056dynamic_limit_0
new file mode 100755
index 00000000..21fa0bff
--- /dev/null
+++ b/tests/shell/testcases/sets/0056dynamic_limit_0
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+RULESET="table inet filter {
+        set ssh_meter {
+                type ipv4_addr
+                size 65535
+                flags dynamic,timeout
+                timeout 1m
+                elements = { 127.0.0.1 expires 52s44ms limit rate over 1/minute }
+        }
+
+        chain output {
+                type filter hook output priority filter; policy accept;
+                ip protocol icmp add @ssh_meter { ip saddr timeout 1m limit rate over 1/minute }
+        }
+}"
+
+set -e
+$NFT -f - <<< $EXPECTED
author	Pablo Neira Ayuso <pablo@netfilter.org>	2020-12-02 18:31:00 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2020-12-04 12:53:00 +0100
commit	a8dc9e2a2b40d5d29b12920873bbe1f2cfeda8f6 (patch)
tree	cc8d6aa145ec6e6ad253cdadba50b489c9844910 /tests/shell/testcases
parent	299ec575faa6b070940b483dc517ecd883b9f1a4 (diff)