diff mbox series

[nft] tests: shell: extend connlimit test

Message ID 20210610184136.1420-1-pablo@netfilter.org
State Accepted
Delegated to: Pablo Neira
Headers show
Series [nft] tests: shell: extend connlimit test | expand

Commit Message

Pablo Neira Ayuso June 10, 2021, 6:41 p.m. UTC
Extend existing test to add a ct count expression in the set definition.

This test cover the upstream kernel fix ad9f151e560b ("netfilter:
nf_tables: initialize set before expression setup").

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/shell/testcases/sets/0062set_connlimit_0 | 12 ++++++++++++
 1 file changed, 12 insertions(+)
diff mbox series

Patch

diff --git a/tests/shell/testcases/sets/0062set_connlimit_0 b/tests/shell/testcases/sets/0062set_connlimit_0
index 4f95f3835f83..48d589fe68cc 100755
--- a/tests/shell/testcases/sets/0062set_connlimit_0
+++ b/tests/shell/testcases/sets/0062set_connlimit_0
@@ -12,3 +12,15 @@  RULESET="table ip x {
 }"
 
 $NFT -f - <<< $RULESET
+
+RULESET="table ip x {
+	set new-connlimit {
+		type ipv4_addr
+		size 65535
+		flags dynamic
+		ct count over 20
+		elements = { 84.245.120.167 }
+	}
+}"
+
+$NFT -f - <<< $RULESET