Hi Pablo,
Not sure I will have time to work on it before August. Anyway, I will
take the latest version and see, because I ran the test again in my
environment, and I don't get the same error. The only error related to
objects.t is:
ip/objects.t: ERROR: line 3: Table ip test-ip4 already exists
(I have this same error on a lot of other tests, so I think it is not
related to expectations). In /tmp/nftables-test.log, I have:
ct expectation ctexpect1 {
protocol tcp
dport 1234
timeout 2m
size 12
l3proto ip
}
ct expectation ctexpect2 {
protocol udp
dport 0
timeout
size 0
l3proto ip
}
…
chain output {
type filter hook output priority filter; policy accept;
ct expectation set "ctexpect1"
}
which seems rather correct…
Le mar. 16 juil. 2019 à 21:29, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> a écrit :
>
> On Tue, Jul 16, 2019 at 09:19:35PM +0200, Pablo Neira Ayuso wrote:
> > On Tue, Jul 09, 2019 at 03:02:09PM +0200, Stéphane Veyret wrote:
> > > This modification allow to directly add/list/delete expectations.
> >
> > Applied, thanks Stephane.
>
> Small problem still, if you don't mind to follow up with an
> incremental fix:
>
> ip/objects.t: ERROR: line 52: Failed to add JSON equivalent rule
>
> Looking at /tmp/nftables-test.log, it says:
>
> command: {"nftables": [{"add": {"rule": {"table": "test-ip4", "chain": "output", "family": "ip", "expr": [{"ct expect": "ctexpect1"}]}}}]}
> internal:0:0-0: Error: Unknown statement object 'ct expect'.
>
> Thanks.
--
Bien cordialement, / Plej kore,
Stéphane Veyret
