@@ -32,3 +32,12 @@ ct helper set tcp dport map {21 : "cthelp1", 2121 : "cthelp1" };ok
ip saddr 192.168.1.3 limit name "lim1";ok
ip saddr 192.168.1.3 limit name "lim3";fail
limit name tcp dport map {443 : "lim1", 80 : "lim2", 22 : "lim1"};ok
+
+# ct timeout
+%cttime1 type ct timeout { protocol tcp; policy = { established:122 } ;};ok
+%cttime2 type ct timeout { protocol udp; policy = { syn_sent:122 } ;};fail
+%cttime3 type ct timeout { protocol tcp; policy = { established:132, close:16, close_wait:16 } ;};ok
+%cttime4 type ct timeout { protocol udp; policy = { replied:14, unreplied:19 } ;};ok
+%cttime5 type ct timeout {protocol tcp; policy = { estalbished:100 } ;};fail
+
+ct timeout set "cttime1";ok
@@ -59,3 +59,7 @@ ip test-ip4 output
[ cmp eq reg 1 0x00000006 ]
[ payload load 2b @ transport header + 2 => reg 1 ]
[ objref sreg 1 set __objmap%d ]
+
+# ct timeout set "cttime1"
+ip test-ip4 output
+ [ objref type 7 name cttime1 ]
@@ -1082,6 +1082,10 @@ def obj_process(obj_line, filename, lineno):
obj_type = "ct helper"
tokens[3] = ""
+ if obj_type == "ct" and tokens[3] == "timeout":
+ obj_type = "ct timeout"
+ tokens[3] = ""
+
if len(tokens) > 3:
obj_spcf = " ".join(tokens[3:])
Add test for adding ct timeout objects and assigning it via rule. Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com> --- Changes in v4: - update tests with syntax Changes in v3: - Add more tests for multiple timeout policies Changes in v2: - No change tests/py/ip/objects.t | 9 +++++++++ tests/py/ip/objects.t.payload | 4 ++++ tests/py/nft-test.py | 4 ++++ 3 files changed, 17 insertions(+)