From 0d4399979436388b16b8a4c94967b25e6b0d6250 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Wed, 17 Apr 2019 17:06:11 -0400
Subject: [PATCH 31/73] test: add test to check for nftables helper objects

Coverage for gh #453.

(cherry picked from commit a8930f0b694c871d9f0f7cdef0696afd81327817)
(cherry picked from commit 34c16a09e0678c1b79dbe897b1c4dfe75a27c308)
---
 src/tests/regression.at       |  1 +
 src/tests/regression/gh453.at | 52 +++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 src/tests/regression/gh453.at

diff --git a/src/tests/regression.at b/src/tests/regression.at
index ab11a013897c..8bcb576238e6 100644
--- a/src/tests/regression.at
+++ b/src/tests/regression.at
@@ -18,3 +18,4 @@ m4_include([regression/gh303.at])
 m4_include([regression/gh335.at])
 m4_include([regression/gh482.at])
 m4_include([regression/gh478.at])
+m4_include([regression/gh453.at])
diff --git a/src/tests/regression/gh453.at b/src/tests/regression/gh453.at
new file mode 100644
index 000000000000..44bf98cbda96
--- /dev/null
+++ b/src/tests/regression/gh453.at
@@ -0,0 +1,52 @@
+m4_if(nftables, FIREWALL_BACKEND, [
+FWD_START_TEST([nftables helper objects])
+AT_KEYWORDS(helper gh453)
+
+FWD_CHECK([-q --add-service=ftp])
+NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-ftp-tcp"], 0, [m4_strip([dnl
+	ct helper helper-ftp-tcp {
+	type "ftp" protocol tcp
+	l3proto inet
+	}
+])])
+NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
+	table inet firewalld {
+	chain filter_IN_public_allow {
+	tcp dport 22 ct state new,untracked accept
+	ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
+	tcp dport 21 ct helper set "helper-ftp-tcp"
+	tcp dport 21 ct state new,untracked accept
+	}
+	}
+])
+
+FWD_CHECK([-q --add-service=sip])
+NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-sip-tcp"], 0, [m4_strip([dnl
+	ct helper helper-sip-tcp {
+	type "sip" protocol tcp
+	l3proto inet
+	}
+])])
+NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-sip-udp"], 0, [m4_strip([dnl
+	ct helper helper-sip-udp {
+	type "sip" protocol udp
+	l3proto inet
+	}
+])])
+NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
+	table inet firewalld {
+	chain filter_IN_public_allow {
+	tcp dport 22 ct state new,untracked accept
+	ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
+	tcp dport 21 ct helper set "helper-ftp-tcp"
+	tcp dport 21 ct state new,untracked accept
+	tcp dport 5060 ct helper set "helper-sip-tcp"
+	udp dport 5060 ct helper set "helper-sip-udp"
+	tcp dport 5060 ct state new,untracked accept
+	udp dport 5060 ct state new,untracked accept
+	}
+	}
+])
+
+FWD_END_TEST
+])
-- 
2.20.1