diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-21 20:59:06 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-22 10:14:10 +0100 |
commit | 72753990520d51c18f91db0412c05ca46a92e45e (patch) | |
tree | 22103066ea1af5c35a7ed1eaefe69dae9de271c2 /tests | |
parent | 8ecf78c181ad7afa727f84460042fba7378d9c0e (diff) |
tests: shell: detach synproxy test
Old kernels do not support synproxy, split existing tests with stateful objects.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/shell/testcases/sets/0024named_objects_0 | 15 | ||||
-rwxr-xr-x | tests/shell/testcases/sets/0024synproxy_0 | 29 | ||||
-rw-r--r-- | tests/shell/testcases/sets/dumps/0024named_objects_0.nft | 18 | ||||
-rw-r--r-- | tests/shell/testcases/sets/dumps/0024synproxy_0.nft | 23 |
4 files changed, 52 insertions, 33 deletions
diff --git a/tests/shell/testcases/sets/0024named_objects_0 b/tests/shell/testcases/sets/0024named_objects_0 index 6d21e388..21200c3c 100755 --- a/tests/shell/testcases/sets/0024named_objects_0 +++ b/tests/shell/testcases/sets/0024named_objects_0 @@ -18,15 +18,6 @@ table inet x { quota user124 { over 2000 bytes } - synproxy https-synproxy { - mss 1460 - wscale 7 - timestamp sack-perm - } - synproxy other-synproxy { - mss 1460 - wscale 5 - } set y { type ipv4_addr } @@ -34,15 +25,9 @@ table inet x { type ipv4_addr : quota elements = { 192.168.2.2 : "user124", 192.168.2.3 : "user124"} } - map test2 { - type ipv4_addr : synproxy - flags interval - elements = { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" } - } chain y { type filter hook input priority 0; policy accept; counter name ip saddr map { 192.168.2.2 : "user123", 1.1.1.1 : "user123", 2.2.2.2 : "user123"} - synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" } quota name ip saddr map @test drop } }" diff --git a/tests/shell/testcases/sets/0024synproxy_0 b/tests/shell/testcases/sets/0024synproxy_0 new file mode 100755 index 00000000..ccaed032 --- /dev/null +++ b/tests/shell/testcases/sets/0024synproxy_0 @@ -0,0 +1,29 @@ +#!/bin/bash + +# * creating valid named objects +# * referencing them from a valid rule + +RULESET=" +table inet x { + synproxy https-synproxy { + mss 1460 + wscale 7 + timestamp sack-perm + } + synproxy other-synproxy { + mss 1460 + wscale 5 + } + map test2 { + type ipv4_addr : synproxy + flags interval + elements = { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" } + } + chain y { + type filter hook input priority 0; policy accept; + synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" } + } +}" + +set -e +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/sets/dumps/0024named_objects_0.nft b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft index 52d1bf64..2ffa4f2f 100644 --- a/tests/shell/testcases/sets/dumps/0024named_objects_0.nft +++ b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft @@ -15,17 +15,6 @@ table inet x { over 2000 bytes } - synproxy https-synproxy { - mss 1460 - wscale 7 - timestamp sack-perm - } - - synproxy other-synproxy { - mss 1460 - wscale 5 - } - set y { type ipv4_addr } @@ -35,16 +24,9 @@ table inet x { elements = { 192.168.2.2 : "user124", 192.168.2.3 : "user124" } } - map test2 { - type ipv4_addr : synproxy - flags interval - elements = { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" } - } - chain y { type filter hook input priority filter; policy accept; counter name ip saddr map { 1.1.1.1 : "user123", 2.2.2.2 : "user123", 192.168.2.2 : "user123" } - synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" } quota name ip saddr map @test drop } } diff --git a/tests/shell/testcases/sets/dumps/0024synproxy_0.nft b/tests/shell/testcases/sets/dumps/0024synproxy_0.nft new file mode 100644 index 00000000..e0ee86db --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0024synproxy_0.nft @@ -0,0 +1,23 @@ +table inet x { + synproxy https-synproxy { + mss 1460 + wscale 7 + timestamp sack-perm + } + + synproxy other-synproxy { + mss 1460 + wscale 5 + } + + map test2 { + type ipv4_addr : synproxy + flags interval + elements = { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" } + } + + chain y { + type filter hook input priority filter; policy accept; + synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" } + } +} |