tests: shell: extend connlimit test

Extend existing test to add a ct count expression in the set definition.

This test cover the upstream kernel fix ad9f151e560b ("netfilter:
nf_tables: initialize set before expression setup").

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/tests/shell/testcases/sets/0062set_connlimit_0 b/tests/shell/testcases/sets/0062set_connlimit_0
index 4f95f3835f83b28c9d2bc7a2ec587d82f191a1cf..48d589fe68cc3b90b46e331200ffb06a669382bf 100755 (executable)
--- a/tests/shell/testcases/sets/0062set_connlimit_0
+++ b/tests/shell/testcases/sets/0062set_connlimit_0
@@ -12,3 +12,15 @@ RULESET="table ip x {
 }"
 
 $NFT -f - <<< $RULESET
+
+RULESET="table ip x {
+       set new-connlimit {
+               type ipv4_addr
+               size 65535
+               flags dynamic
+               ct count over 20
+               elements = { 84.245.120.167 }
+       }
+}"
+
+$NFT -f - <<< $RULESET