From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 4 Jun 2021 01:10:06 +0000 (+0200)
Subject: tests: shell: extend connlimit test
X-Git-Tag: v1.0.0~62
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=95d348d55a9e0c8f77bf34578258c79cc4f5b96c;p=thirdparty%2Fnftables.git

tests: shell: extend connlimit test

Extend existing test to add a ct count expression in the set definition.

This test cover the upstream kernel fix ad9f151e560b ("netfilter:
nf_tables: initialize set before expression setup").

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/tests/shell/testcases/sets/0062set_connlimit_0 b/tests/shell/testcases/sets/0062set_connlimit_0
index 4f95f383..48d589fe 100755
--- a/tests/shell/testcases/sets/0062set_connlimit_0
+++ b/tests/shell/testcases/sets/0062set_connlimit_0
@@ -12,3 +12,15 @@ RULESET="table ip x {
 }"
 
 $NFT -f - <<< $RULESET
+
+RULESET="table ip x {
+	set new-connlimit {
+		type ipv4_addr
+		size 65535
+		flags dynamic
+		ct count over 20
+		elements = { 84.245.120.167 }
+	}
+}"
+
+$NFT -f - <<< $RULESET