1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
#!/bin/bash
# NFT_TEST_REQUIRES(NFT_TEST_HAVE_comment)
set -e
COMMENT128="12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678"
# test for pass with comment that is 128 bytes long.
rc=0
$NFT add table ip filter \{ quota foo1 \{ comment "\"${COMMENT128}\"" \}\; \}\; || rc="$?"
test "$rc" = 0
# test for failure with comment that is 128+1 bytes long.
rc=0
$NFT add table ip filter \{ quota foo2 \{ comment "\"${COMMENT128}x\"" \}\; \}\; || rc="$?"
test "$rc" = 1
RULESET='table ip filter {
quota q {
over 1200 bytes
comment "'"$COMMENT128"'"
}
counter c {
packets 0 bytes 0
comment "test2"
}
ct helper h {
type "sip" protocol tcp
l3proto ip
comment "test3"
}
ct expectation e {
protocol tcp
dport 666
timeout 100ms
size 96
l3proto ip
comment "test4"
}
limit l {
rate 400/hour
comment "test5"
}
synproxy s {
mss 1460
wscale 2
comment "test6"
}
}
'
$NFT -f - <<< "$RULESET"
|
