tests: shell: detach synproxy test

author Pablo Neira Ayuso <pablo@netfilter.org>

Tue, 21 Nov 2023 19:59:06 +0000 (20:59 +0100)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Wed, 22 Nov 2023 09:14:10 +0000 (10:14 +0100)
author Pablo Neira Ayuso <pablo@netfilter.org>
Tue, 21 Nov 2023 19:59:06 +0000 (20:59 +0100)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Wed, 22 Nov 2023 09:14:10 +0000 (10:14 +0100)
diff --git a/tests/shell/testcases/sets/0024named_objects_0 b/tests/shell/testcases/sets/0024named_objects_0

index 6d21e3884da995ecbf5c7beee945fb6ed6164b6a..21200c3cca3cd45bdb85580253e4a6d2dedcdfa0 100755 (executable)
--- a/tests/shell/testcases/sets/0024named_objects_0
+++ b/tests/shell/testcases/sets/0024named_objects_0
@@ -18,15 +18,6 @@ table inet x {
         quota user124 {
                 over 2000 bytes
         }
-       synproxy https-synproxy {
-               mss 1460
-               wscale 7
-               timestamp sack-perm
-       }
-       synproxy other-synproxy {
-               mss 1460
-               wscale 5
-       }
         set y {
                 type ipv4_addr
         }
@@ -34,15 +25,9 @@ table inet x {
                 type ipv4_addr : quota
                 elements = { 192.168.2.2 : "user124", 192.168.2.3 : "user124"}
         }
-       map test2 {
-               type ipv4_addr : synproxy
-               flags interval
-               elements = { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
-       }
         chain y {
                 type filter hook input priority 0; policy accept;
                 counter name ip saddr map { 192.168.2.2 : "user123", 1.1.1.1 : "user123", 2.2.2.2 : "user123"}
-               synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
                 quota name ip saddr map @test drop
         }
  }"
diff --git a/tests/shell/testcases/sets/0024synproxy_0 b/tests/shell/testcases/sets/0024synproxy_0

new file mode 100755 (executable)

index 0000000..ccaed03
--- /dev/null
+++ b/tests/shell/testcases/sets/0024synproxy_0
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# * creating valid named objects
+# * referencing them from a valid rule
+
+RULESET="
+table inet x {
+       synproxy https-synproxy {
+               mss 1460
+               wscale 7
+               timestamp sack-perm
+       }
+       synproxy other-synproxy {
+               mss 1460
+               wscale 5
+       }
+       map test2 {
+               type ipv4_addr : synproxy
+               flags interval
+               elements = { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
+       }
+       chain y {
+               type filter hook input priority 0; policy accept;
+               synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
+       }
+}"
+
+set -e
+$NFT -f - <<< "$RULESET"
diff --git a/tests/shell/testcases/sets/dumps/0024named_objects_0.nft b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft

index 52d1bf64b686638d69ee858e9c3ba81ea3471a53..2ffa4f2ff757354bbd5c197eb8bbb3032ac8e15f 100644 (file)
--- a/tests/shell/testcases/sets/dumps/0024named_objects_0.nft
+++ b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft
@@ -15,17 +15,6 @@ table inet x {
                 over 2000 bytes
         }
  
-       synproxy https-synproxy {
-               mss 1460
-               wscale 7
-               timestamp sack-perm
-       }
-
-       synproxy other-synproxy {
-               mss 1460
-               wscale 5
-       }
-
         set y {
                 type ipv4_addr
         }
@@ -35,16 +24,9 @@ table inet x {
                 elements = { 192.168.2.2 : "user124", 192.168.2.3 : "user124" }
         }
  
-       map test2 {
-               type ipv4_addr : synproxy
-               flags interval
-               elements = { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
-       }
-
         chain y {
                 type filter hook input priority filter; policy accept;
                 counter name ip saddr map { 1.1.1.1 : "user123", 2.2.2.2 : "user123", 192.168.2.2 : "user123" }
-               synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
                 quota name ip saddr map @test drop
         }
  }
diff --git a/tests/shell/testcases/sets/dumps/0024synproxy_0.nft b/tests/shell/testcases/sets/dumps/0024synproxy_0.nft

new file mode 100644 (file)

index 0000000..e0ee86d
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0024synproxy_0.nft
@@ -0,0 +1,23 @@
+table inet x {
+       synproxy https-synproxy {
+               mss 1460
+               wscale 7
+               timestamp sack-perm
+       }
+
+       synproxy other-synproxy {
+               mss 1460
+               wscale 5
+       }
+
+       map test2 {
+               type ipv4_addr : synproxy
+               flags interval
+               elements = { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
+       }
+
+       chain y {
+               type filter hook input priority filter; policy accept;
+               synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
+       }
+}
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 21 Nov 2023 19:59:06 +0000 (20:59 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 22 Nov 2023 09:14:10 +0000 (10:14 +0100)
tests/shell/testcases/sets/0024named_objects_0		patch \| blob \| blame \| history
tests/shell/testcases/sets/0024synproxy_0	[new file with mode: 0755]	patch \| blob
tests/shell/testcases/sets/dumps/0024named_objects_0.nft		patch \| blob \| blame \| history
tests/shell/testcases/sets/dumps/0024synproxy_0.nft	[new file with mode: 0644]	patch \| blob