[PATCH nft 3/8] tests: shell: detach synproxy test

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Wed, 22 Nov 2023 11:32:16 +0100

Old kernels do not support synproxy, split existing tests with stateful objects.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 .../shell/testcases/sets/0024named_objects_0  | 15 ----------
 tests/shell/testcases/sets/0024synproxy_0     | 29 +++++++++++++++++++
 .../sets/dumps/0024named_objects_0.nft        | 18 ------------
 .../testcases/sets/dumps/0024synproxy_0.nft   | 23 +++++++++++++++
 4 files changed, 52 insertions(+), 33 deletions(-)
 create mode 100755 tests/shell/testcases/sets/0024synproxy_0
 create mode 100644 tests/shell/testcases/sets/dumps/0024synproxy_0.nft

diff --git a/tests/shell/testcases/sets/0024named_objects_0 b/tests/shell/testcases/sets/0024named_objects_0
index 6d21e3884da9..21200c3cca3c 100755
--- a/tests/shell/testcases/sets/0024named_objects_0
+++ b/tests/shell/testcases/sets/0024named_objects_0
@@ -18,15 +18,6 @@ table inet x {
 	quota user124 {
 		over 2000 bytes
 	}
-	synproxy https-synproxy {
-		mss 1460
-		wscale 7
-		timestamp sack-perm
-	}
-	synproxy other-synproxy {
-		mss 1460
-		wscale 5
-	}
 	set y {
 		type ipv4_addr
 	}
@@ -34,15 +25,9 @@ table inet x {
 		type ipv4_addr : quota
 		elements = { 192.168.2.2 : "user124", 192.168.2.3 : "user124"}
 	}
-	map test2 {
-		type ipv4_addr : synproxy
-		flags interval
-		elements = { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
-	}
 	chain y {
 		type filter hook input priority 0; policy accept;
 		counter name ip saddr map { 192.168.2.2 : "user123", 1.1.1.1 : "user123", 2.2.2.2 : "user123"}
-		synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
 		quota name ip saddr map @test drop
 	}
 }"
diff --git a/tests/shell/testcases/sets/0024synproxy_0 b/tests/shell/testcases/sets/0024synproxy_0
new file mode 100755
index 000000000000..ccaed0325d44
--- /dev/null
+++ b/tests/shell/testcases/sets/0024synproxy_0
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# * creating valid named objects
+# * referencing them from a valid rule
+
+RULESET="
+table inet x {
+	synproxy https-synproxy {
+		mss 1460
+		wscale 7
+		timestamp sack-perm
+	}
+	synproxy other-synproxy {
+		mss 1460
+		wscale 5
+	}
+	map test2 {
+		type ipv4_addr : synproxy
+		flags interval
+		elements = { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
+	}
+	chain y {
+		type filter hook input priority 0; policy accept;
+		synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
+	}
+}"
+
+set -e
+$NFT -f - <<< "$RULESET"
diff --git a/tests/shell/testcases/sets/dumps/0024named_objects_0.nft b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft
index 52d1bf64b686..2ffa4f2ff757 100644
--- a/tests/shell/testcases/sets/dumps/0024named_objects_0.nft
+++ b/tests/shell/testcases/sets/dumps/0024named_objects_0.nft
@@ -15,17 +15,6 @@ table inet x {
 		over 2000 bytes
 	}
 
-	synproxy https-synproxy {
-		mss 1460
-		wscale 7
-		timestamp sack-perm
-	}
-
-	synproxy other-synproxy {
-		mss 1460
-		wscale 5
-	}
-
 	set y {
 		type ipv4_addr
 	}
@@ -35,16 +24,9 @@ table inet x {
 		elements = { 192.168.2.2 : "user124", 192.168.2.3 : "user124" }
 	}
 
-	map test2 {
-		type ipv4_addr : synproxy
-		flags interval
-		elements = { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
-	}
-
 	chain y {
 		type filter hook input priority filter; policy accept;
 		counter name ip saddr map { 1.1.1.1 : "user123", 2.2.2.2 : "user123", 192.168.2.2 : "user123" }
-		synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
 		quota name ip saddr map @test drop
 	}
 }
diff --git a/tests/shell/testcases/sets/dumps/0024synproxy_0.nft b/tests/shell/testcases/sets/dumps/0024synproxy_0.nft
new file mode 100644
index 000000000000..e0ee86db2217
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0024synproxy_0.nft
@@ -0,0 +1,23 @@
+table inet x {
+	synproxy https-synproxy {
+		mss 1460
+		wscale 7
+		timestamp sack-perm
+	}
+
+	synproxy other-synproxy {
+		mss 1460
+		wscale 5
+	}
+
+	map test2 {
+		type ipv4_addr : synproxy
+		flags interval
+		elements = { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
+	}
+
+	chain y {
+		type filter hook input priority filter; policy accept;
+		synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
+	}
+}
-- 
2.30.2







