Extend existing test to add a ct count expression in the set definition.
This test cover the upstream kernel fix ad9f151e560b ("netfilter:
nf_tables: initialize set before expression setup").
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
tests/shell/testcases/sets/0062set_connlimit_0 | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/tests/shell/testcases/sets/0062set_connlimit_0 b/tests/shell/testcases/sets/0062set_connlimit_0
index 4f95f3835f83..48d589fe68cc 100755
--- a/tests/shell/testcases/sets/0062set_connlimit_0
+++ b/tests/shell/testcases/sets/0062set_connlimit_0
@@ -12,3 +12,15 @@ RULESET="table ip x {
}"
$NFT -f - <<< $RULESET
+
+RULESET="table ip x {
+ set new-connlimit {
+ type ipv4_addr
+ size 65535
+ flags dynamic
+ ct count over 20
+ elements = { 84.245.120.167 }
+ }
+}"
+
+$NFT -f - <<< $RULESET
--
2.30.2
