From 531a630f9666c495c0a2588609a8f4912a4880b9 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Sat, 9 Mar 2024 00:26:07 +0100 Subject: tests: shell: Add missing json-nft dumps Given that a bunch of issues got fixed, add some more dumps. Also add tests/shell/testcases/owner/dumps/0002-persist.nft while at it, even though it's really small. Signed-off-by: Phil Sutter --- .../testcases/maps/dumps/vmap_timeout.json-nft | 229 +++++++++++++++++++++ 1 file changed, 229 insertions(+) create mode 100644 tests/shell/testcases/maps/dumps/vmap_timeout.json-nft (limited to 'tests/shell/testcases/maps/dumps/vmap_timeout.json-nft') diff --git a/tests/shell/testcases/maps/dumps/vmap_timeout.json-nft b/tests/shell/testcases/maps/dumps/vmap_timeout.json-nft new file mode 100644 index 00000000..1c3aa590 --- /dev/null +++ b/tests/shell/testcases/maps/dumps/vmap_timeout.json-nft @@ -0,0 +1,229 @@ +{ + "nftables": [ + { + "metainfo": { + "version": "VERSION", + "release_name": "RELEASE_NAME", + "json_schema_version": 1 + } + }, + { + "table": { + "family": "inet", + "name": "filter", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "ssh_input", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "log_and_drop", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "other_input", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "wan_input", + "handle": 0 + } + }, + { + "chain": { + "family": "inet", + "table": "filter", + "name": "prerouting", + "handle": 0, + "type": "filter", + "hook": "prerouting", + "prio": -300, + "policy": "accept" + } + }, + { + "map": { + "family": "inet", + "name": "portmap", + "table": "filter", + "type": "inet_service", + "handle": 0, + "map": "verdict", + "flags": [ + "timeout" + ], + "gc-interval": 10, + "elem": [ + [ + 22, + { + "jump": { + "target": "ssh_input" + } + } + ] + ] + } + }, + { + "map": { + "family": "inet", + "name": "portaddrmap", + "table": "filter", + "type": [ + "ipv4_addr", + "inet_service" + ], + "handle": 0, + "map": "verdict", + "flags": [ + "timeout" + ], + "gc-interval": 10, + "elem": [ + [ + { + "concat": [ + "1.2.3.4", + 22 + ] + }, + { + "jump": { + "target": "ssh_input" + } + } + ] + ] + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "log_and_drop", + "handle": 0, + "expr": [ + { + "drop": null + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "other_input", + "handle": 0, + "expr": [ + { + "goto": { + "target": "log_and_drop" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "wan_input", + "handle": 0, + "expr": [ + { + "vmap": { + "key": { + "concat": [ + { + "payload": { + "protocol": "ip", + "field": "daddr" + } + }, + { + "payload": { + "protocol": "tcp", + "field": "dport" + } + } + ] + }, + "data": "@portaddrmap" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "wan_input", + "handle": 0, + "expr": [ + { + "vmap": { + "key": { + "payload": { + "protocol": "tcp", + "field": "dport" + } + }, + "data": "@portmap" + } + } + ] + } + }, + { + "rule": { + "family": "inet", + "table": "filter", + "chain": "prerouting", + "handle": 0, + "expr": [ + { + "vmap": { + "key": { + "meta": { + "key": "iif" + } + }, + "data": { + "set": [ + [ + "lo", + { + "jump": { + "target": "wan_input" + } + } + ] + ] + } + } + } + ] + } + } + ] +} -- cgit v1.2.3