[INFO] fetching crate nftables 0.6.3...
[INFO] testing nftables-0.6.3 against 1.91.0 for beta-1.92-2
[INFO] extracting crate nftables 0.6.3 into /workspace/builds/worker-7-tc1/source
[INFO] started tweaking crates.io crate nftables 0.6.3
[INFO] removed 0 missing tests
[INFO] finished tweaking crates.io crate nftables 0.6.3
[INFO] tweaked toml for crates.io crate nftables 0.6.3 written to /workspace/builds/worker-7-tc1/source/Cargo.toml
[INFO] validating manifest of crates.io crate nftables 0.6.3 on toolchain 1.91.0
[INFO] running `Command { std: CARGO_HOME="/workspace/cargo-home" RUSTUP_HOME="/workspace/rustup-home" "/workspace/cargo-home/bin/cargo" "+1.91.0" "metadata" "--manifest-path" "Cargo.toml" "--no-deps", kill_on_drop: false }`
[INFO] crate crates.io crate nftables 0.6.3 already has a lockfile, it will not be regenerated
[INFO] running `Command { std: CARGO_HOME="/workspace/cargo-home" RUSTUP_HOME="/workspace/rustup-home" "/workspace/cargo-home/bin/cargo" "+1.91.0" "fetch" "--manifest-path" "Cargo.toml", kill_on_drop: false }`
[INFO] [stderr]     Updating crates.io index
[INFO] [stderr]  Downloading crates ...
[INFO] [stderr]   Downloaded clap v4.5.45
[INFO] [stderr]   Downloaded escape8259 v0.5.3
[INFO] [stderr]   Downloaded schemars_derive v1.0.4
[INFO] [stderr]   Downloaded async-signal v0.2.12
[INFO] [stderr]   Downloaded async-process v2.4.0
[INFO] [stderr]   Downloaded async-io v2.5.0
[INFO] [stderr]   Downloaded camino v1.1.11
[INFO] [stderr]   Downloaded fancy-regex v0.14.0
[INFO] [stderr]   Downloaded schemars v1.0.4
[INFO] [stderr]   Downloaded clap_derive v4.5.45
[INFO] [stderr]   Downloaded libtest-mimic v0.8.1
[INFO] [stderr]   Downloaded clap_builder v4.5.44
[INFO] [stderr]   Downloaded datatest-stable v0.3.2
[INFO] [stderr]   Downloaded anstream v0.6.20
[INFO] [stderr]   Downloaded serde_path_to_error v0.1.17
[INFO] [stderr]   Downloaded syn v2.0.105
[INFO] running `Command { std: "docker" "create" "-v" "/var/lib/crater-agent-workspace/builds/worker-7-tc1/target:/opt/rustwide/target:rw,Z" "-v" "/var/lib/crater-agent-workspace/builds/worker-7-tc1/source:/opt/rustwide/workdir:ro,Z" "-v" "/var/lib/crater-agent-workspace/cargo-home:/opt/rustwide/cargo-home:ro,Z" "-v" "/var/lib/crater-agent-workspace/rustup-home:/opt/rustwide/rustup-home:ro,Z" "-e" "SOURCE_DIR=/opt/rustwide/workdir" "-e" "CARGO_TARGET_DIR=/opt/rustwide/target" "-e" "CARGO_HOME=/opt/rustwide/cargo-home" "-e" "RUSTUP_HOME=/opt/rustwide/rustup-home" "-w" "/opt/rustwide/workdir" "-m" "1610612736" "--user" "0:0" "--network" "none" "ghcr.io/rust-lang/crates-build-env/linux@sha256:4848fb76d95f26979359cc7e45710b1dbc8f3acb7aeedee7c460d7702230f228" "/opt/rustwide/cargo-home/bin/cargo" "+1.91.0" "metadata" "--no-deps" "--format-version=1", kill_on_drop: false }`
[INFO] [stdout] ac290a6ed874326c52e57298ae3d5e3af12024ef37af4b1dc90a03f2e4f0b42d
[INFO] running `Command { std: "docker" "start" "-a" "ac290a6ed874326c52e57298ae3d5e3af12024ef37af4b1dc90a03f2e4f0b42d", kill_on_drop: false }`
[INFO] running `Command { std: "docker" "inspect" "ac290a6ed874326c52e57298ae3d5e3af12024ef37af4b1dc90a03f2e4f0b42d", kill_on_drop: false }`
[INFO] running `Command { std: "docker" "rm" "-f" "ac290a6ed874326c52e57298ae3d5e3af12024ef37af4b1dc90a03f2e4f0b42d", kill_on_drop: false }`
[INFO] [stdout] ac290a6ed874326c52e57298ae3d5e3af12024ef37af4b1dc90a03f2e4f0b42d
[INFO] running `Command { std: "docker" "create" "-v" "/var/lib/crater-agent-workspace/builds/worker-7-tc1/target:/opt/rustwide/target:rw,Z" "-v" "/var/lib/crater-agent-workspace/builds/worker-7-tc1/source:/opt/rustwide/workdir:ro,Z" "-v" "/var/lib/crater-agent-workspace/cargo-home:/opt/rustwide/cargo-home:ro,Z" "-v" "/var/lib/crater-agent-workspace/rustup-home:/opt/rustwide/rustup-home:ro,Z" "-e" "SOURCE_DIR=/opt/rustwide/workdir" "-e" "CARGO_TARGET_DIR=/opt/rustwide/target" "-e" "CARGO_INCREMENTAL=0" "-e" "RUST_BACKTRACE=full" "-e" "RUSTFLAGS=--cap-lints=warn" "-e" "RUSTDOCFLAGS=--cap-lints=warn" "-e" "CARGO_HOME=/opt/rustwide/cargo-home" "-e" "RUSTUP_HOME=/opt/rustwide/rustup-home" "-w" "/opt/rustwide/workdir" "-m" "1610612736" "--user" "0:0" "--network" "none" "ghcr.io/rust-lang/crates-build-env/linux@sha256:4848fb76d95f26979359cc7e45710b1dbc8f3acb7aeedee7c460d7702230f228" "/opt/rustwide/cargo-home/bin/cargo" "+1.91.0" "build" "--frozen" "--message-format=json", kill_on_drop: false }`
[INFO] [stdout] 54e6e2db6e63cde556e75517386cc09181610d29ec8ffb60b03ac5780e5c689b
[INFO] running `Command { std: "docker" "start" "-a" "54e6e2db6e63cde556e75517386cc09181610d29ec8ffb60b03ac5780e5c689b", kill_on_drop: false }`
[INFO] [stderr]    Compiling proc-macro2 v1.0.97
[INFO] [stderr]    Compiling serde v1.0.219
[INFO] [stderr]    Compiling serde_json v1.0.142
[INFO] [stderr]    Compiling ref-cast v1.0.24
[INFO] [stderr]    Compiling memchr v2.7.5
[INFO] [stderr]    Compiling thiserror v2.0.14
[INFO] [stderr]    Compiling dyn-clone v1.0.20
[INFO] [stderr]    Compiling strum v0.27.2
[INFO] [stderr]    Compiling quote v1.0.40
[INFO] [stderr]    Compiling syn v2.0.105
[INFO] [stderr]    Compiling serde_derive_internals v0.29.1
[INFO] [stderr]    Compiling serde_derive v1.0.219
[INFO] [stderr]    Compiling ref-cast-impl v1.0.24
[INFO] [stderr]    Compiling thiserror-impl v2.0.14
[INFO] [stderr]    Compiling strum_macros v0.27.2
[INFO] [stderr]    Compiling schemars_derive v1.0.4
[INFO] [stderr]    Compiling serde_path_to_error v0.1.17
[INFO] [stderr]    Compiling schemars v1.0.4
[INFO] [stderr]    Compiling nftables v0.6.3 (/opt/rustwide/workdir)
[INFO] [stderr]     Finished `dev` profile [unoptimized + debuginfo] target(s) in 24.20s
[INFO] running `Command { std: "docker" "inspect" "54e6e2db6e63cde556e75517386cc09181610d29ec8ffb60b03ac5780e5c689b", kill_on_drop: false }`
[INFO] running `Command { std: "docker" "rm" "-f" "54e6e2db6e63cde556e75517386cc09181610d29ec8ffb60b03ac5780e5c689b", kill_on_drop: false }`
[INFO] [stdout] 54e6e2db6e63cde556e75517386cc09181610d29ec8ffb60b03ac5780e5c689b
[INFO] running `Command { std: "docker" "create" "-v" "/var/lib/crater-agent-workspace/builds/worker-7-tc1/target:/opt/rustwide/target:rw,Z" "-v" "/var/lib/crater-agent-workspace/builds/worker-7-tc1/source:/opt/rustwide/workdir:ro,Z" "-v" "/var/lib/crater-agent-workspace/cargo-home:/opt/rustwide/cargo-home:ro,Z" "-v" "/var/lib/crater-agent-workspace/rustup-home:/opt/rustwide/rustup-home:ro,Z" "-e" "SOURCE_DIR=/opt/rustwide/workdir" "-e" "CARGO_TARGET_DIR=/opt/rustwide/target" "-e" "CARGO_INCREMENTAL=0" "-e" "RUST_BACKTRACE=full" "-e" "RUSTFLAGS=--cap-lints=warn" "-e" "RUSTDOCFLAGS=--cap-lints=warn" "-e" "CARGO_HOME=/opt/rustwide/cargo-home" "-e" "RUSTUP_HOME=/opt/rustwide/rustup-home" "-w" "/opt/rustwide/workdir" "-m" "1610612736" "--user" "0:0" "--network" "none" "ghcr.io/rust-lang/crates-build-env/linux@sha256:4848fb76d95f26979359cc7e45710b1dbc8f3acb7aeedee7c460d7702230f228" "/opt/rustwide/cargo-home/bin/cargo" "+1.91.0" "test" "--frozen" "--no-run" "--message-format=json", kill_on_drop: false }`
[INFO] [stdout] 9ac5b0a9fe2c7d84044081b90ad41c48b1df7cae7815163a60608a1bae2bbada
[INFO] running `Command { std: "docker" "start" "-a" "9ac5b0a9fe2c7d84044081b90ad41c48b1df7cae7815163a60608a1bae2bbada", kill_on_drop: false }`
[INFO] [stderr]    Compiling libc v0.2.175
[INFO] [stderr]    Compiling utf8parse v0.2.2
[INFO] [stderr]    Compiling anstyle v1.0.11
[INFO] [stderr]    Compiling anstyle-query v1.1.4
[INFO] [stderr]    Compiling colorchoice v1.0.4
[INFO] [stderr]    Compiling is_terminal_polyfill v1.70.1
[INFO] [stderr]    Compiling strsim v0.11.1
[INFO] [stderr]    Compiling clap_lex v0.7.5
[INFO] [stderr]    Compiling syn v2.0.105
[INFO] [stderr]    Compiling futures-util v0.3.31
[INFO] [stderr]    Compiling aho-corasick v1.1.3
[INFO] [stderr]    Compiling bit-vec v0.8.0
[INFO] [stderr]    Compiling rustix v1.0.8
[INFO] [stderr]    Compiling regex-syntax v0.8.5
[INFO] [stderr]    Compiling getrandom v0.3.3
[INFO] [stderr]    Compiling camino v1.1.11
[INFO] [stderr]    Compiling anstyle-parse v0.2.7
[INFO] [stderr]    Compiling escape8259 v0.5.3
[INFO] [stderr]    Compiling sdd v3.0.10
[INFO] [stderr]    Compiling once_cell v1.21.3
[INFO] [stderr]    Compiling bit-set v0.8.0
[INFO] [stderr]    Compiling same-file v1.0.6
[INFO] [stderr]    Compiling bitflags v2.9.1
[INFO] [stderr]    Compiling linux-raw-sys v0.9.4
[INFO] [stderr]    Compiling walkdir v2.5.0
[INFO] [stderr]    Compiling fastrand v2.3.0
[INFO] [stderr]    Compiling anstream v0.6.20
[INFO] [stderr]    Compiling scc v2.3.4
[INFO] [stderr]    Compiling clap_builder v4.5.44
[INFO] [stderr]    Compiling parking_lot_core v0.9.11
[INFO] [stderr]    Compiling parking_lot v0.12.4
[INFO] [stderr]    Compiling regex-automata v0.4.9
[INFO] [stderr]    Compiling tempfile v3.20.0
[INFO] [stderr]    Compiling serde_derive_internals v0.29.1
[INFO] [stderr]    Compiling futures-executor v0.3.31
[INFO] [stderr]    Compiling serde_derive v1.0.219
[INFO] [stderr]    Compiling ref-cast-impl v1.0.24
[INFO] [stderr]    Compiling clap_derive v4.5.45
[INFO] [stderr]    Compiling thiserror-impl v2.0.14
[INFO] [stderr]    Compiling strum_macros v0.27.2
[INFO] [stderr]    Compiling serial_test_derive v3.2.0
[INFO] [stderr]    Compiling futures v0.3.31
[INFO] [stderr]    Compiling serial_test v3.2.0
[INFO] [stderr]    Compiling schemars_derive v1.0.4
[INFO] [stderr]    Compiling ref-cast v1.0.24
[INFO] [stderr]    Compiling thiserror v2.0.14
[INFO] [stderr]    Compiling fancy-regex v0.14.0
[INFO] [stderr]    Compiling clap v4.5.45
[INFO] [stderr]    Compiling libtest-mimic v0.8.1
[INFO] [stderr]    Compiling datatest-stable v0.3.2
[INFO] [stderr]    Compiling serde v1.0.219
[INFO] [stderr]    Compiling serde_json v1.0.142
[INFO] [stderr]    Compiling serde_path_to_error v0.1.17
[INFO] [stderr]    Compiling schemars v1.0.4
[INFO] [stderr]    Compiling nftables v0.6.3 (/opt/rustwide/workdir)
[INFO] [stderr]     Finished `test` profile [unoptimized + debuginfo] target(s) in 35.02s
[INFO] running `Command { std: "docker" "inspect" "9ac5b0a9fe2c7d84044081b90ad41c48b1df7cae7815163a60608a1bae2bbada", kill_on_drop: false }`
[INFO] running `Command { std: "docker" "rm" "-f" "9ac5b0a9fe2c7d84044081b90ad41c48b1df7cae7815163a60608a1bae2bbada", kill_on_drop: false }`
[INFO] [stdout] 9ac5b0a9fe2c7d84044081b90ad41c48b1df7cae7815163a60608a1bae2bbada
[INFO] running `Command { std: "docker" "create" "-v" "/var/lib/crater-agent-workspace/builds/worker-7-tc1/target:/opt/rustwide/target:rw,Z" "-v" "/var/lib/crater-agent-workspace/builds/worker-7-tc1/source:/opt/rustwide/workdir:ro,Z" "-v" "/var/lib/crater-agent-workspace/cargo-home:/opt/rustwide/cargo-home:ro,Z" "-v" "/var/lib/crater-agent-workspace/rustup-home:/opt/rustwide/rustup-home:ro,Z" "-e" "SOURCE_DIR=/opt/rustwide/workdir" "-e" "CARGO_TARGET_DIR=/opt/rustwide/target" "-e" "CARGO_INCREMENTAL=0" "-e" "RUST_BACKTRACE=full" "-e" "RUSTFLAGS=--cap-lints=warn" "-e" "RUSTDOCFLAGS=--cap-lints=warn" "-e" "CARGO_HOME=/opt/rustwide/cargo-home" "-e" "RUSTUP_HOME=/opt/rustwide/rustup-home" "-w" "/opt/rustwide/workdir" "-m" "1610612736" "--user" "0:0" "--network" "none" "ghcr.io/rust-lang/crates-build-env/linux@sha256:4848fb76d95f26979359cc7e45710b1dbc8f3acb7aeedee7c460d7702230f228" "/opt/rustwide/cargo-home/bin/cargo" "+1.91.0" "test" "--frozen", kill_on_drop: false }`
[INFO] [stdout] b4be3b53da845cce43fda23bc468548b229b86ec4ee643e05dbe55f677322e4f
[INFO] running `Command { std: "docker" "start" "-a" "b4be3b53da845cce43fda23bc468548b229b86ec4ee643e05dbe55f677322e4f", kill_on_drop: false }`
[INFO] [stderr]     Finished `test` profile [unoptimized + debuginfo] target(s) in 0.13s
[INFO] [stderr]      Running unittests src/lib.rs (/opt/rustwide/target/debug/deps/nftables-9ad3c4f16cdeea89)
[INFO] [stdout] 
[INFO] [stdout] running 3 tests
[INFO] [stdout] test cli::tests::test_handle_args_schema_custom_path ... ok
[INFO] [stdout] test cli::tests::test_handle_args_schema_default_path ... ok
[INFO] [stdout] test cli::tests::test_generate_json_schema ... ok
[INFO] [stdout] 
[INFO] [stdout] test result: ok. 3 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.08s
[INFO] [stdout] 
[INFO] [stderr]      Running unittests src/main.rs (/opt/rustwide/target/debug/deps/nftables-88faae81e3a7b225)
[INFO] [stderr]      Running tests/deserialize.rs (/opt/rustwide/target/debug/deps/deserialize-72a2a66c4d15d3db)
[INFO] [stdout] 
[INFO] [stdout] running 0 tests
[INFO] [stdout] 
[INFO] [stdout] test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
[INFO] [stdout] 
[INFO] [stdout] 
[INFO] [stdout] running 12 tests
[INFO] [stdout] Deserializing file: resources/test/json/basic.json
[INFO] [stdout] Deserializing file: resources/test/json/bitflags.json
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: INet, name: "filter", handle: Some(1) })), ListObject(Chain(Chain { family: INet, table: "filter", name: "input", newname: None, handle: Some(1), _type: None, hook: None, prio: None, dev: None, policy: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: BinaryOperation(AND(Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), String("syn"))), right: List([String("syn"), String("ack")]), op: EQ }), Drop(None)], handle: Some(2), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: BinaryOperation(AND(Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), List([String("fin"), String("syn"), String("rst"), String("ack")]))), right: String("syn"), op: EQ }), Drop(None)], handle: Some(3), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: BinaryOperation(AND(Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), List([String("fin"), String("syn"), String("rst"), String("ack")]))), right: List([String("syn"), String("ack")]), op: EQ }), Drop(None)], handle: Some(4), index: None, comment: None }))] }
[INFO] [stdout] Deserializing file: resources/test/json/counter.json
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: IP, name: "filter", handle: Some(1) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "output", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Output), prio: Some(100), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "input", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Input), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "forward", newname: None, handle: Some(3), _type: Some(Filter), hook: Some(Forward), prio: Some(0), dev: None, policy: Some(Drop) })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iifname })), right: String("lan0"), op: EQ }), Accept(None)], handle: Some(4), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iifname })), right: String("wan0"), op: EQ }), Drop(None)], handle: Some(5), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "forward", expr: [Match(Match { left: Named(Meta(Meta { key: Iifname })), right: String("lan0"), op: EQ }), Match(Match { left: Named(Meta(Meta { key: Oifname })), right: String("wan0"), op: EQ }), Accept(None)], handle: Some(6), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "forward", expr: [Match(Match { left: Named(Meta(Meta { key: Iifname })), right: String("wan0"), op: EQ }), Match(Match { left: Named(Meta(Meta { key: Oifname })), right: String("lan0"), op: EQ }), Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: List([String("established"), String("related")]), op: IN }), Accept(None)], handle: Some(7), index: None, comment: None }))] }
[INFO] [stdout] Deserializing file: resources/test/json/flow.json
[INFO] [stdout] Deserializing file: resources/test/json/nat.json
[INFO] [stdout] Deserializing file: resources/test/json/nftables-init.json
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: INet, name: "named_counter_demo", handle: Some(3) })), ListObject(FlowTable(FlowTable { family: INet, table: "named_counter_demo", name: "flowed", handle: Some(2), hook: Some(Ingress), prio: Some(0), dev: Some(["lo"]) })), ListObject(Chain(Chain { family: INet, table: "named_counter_demo", name: "forward", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Forward), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: INet, table: "named_counter_demo", chain: "forward", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("established"), op: IN }), Flow(Flow { op: Add, flowtable: "@flowed" })], handle: Some(3), index: None, comment: None }))] }
[INFO] [stdout] Deserializing file: resources/test/json/setmap.json
[INFO] [stdout] Deserializing file: resources/test/json/space-keys.json
[INFO] [stdout] Deserializing file: resources/test/json/synproxy.json
[INFO] [stdout] Deserializing file: resources/test/json/tproxy.json
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: IP, name: "nat", handle: Some(9) })), ListObject(Map(Map { family: IP, table: "nat", name: "porttoip", handle: Some(3), set_type: Single(InetService), map: Single(Ipv4Addr), policy: None, flags: None, elem: Some([List([Number(80), String("192.168.1.100")]), List([Number(8888), String("192.168.1.101")])]), timeout: None, gc_interval: None, size: None, comment: None })), ListObject(Chain(Chain { family: IP, table: "nat", name: "prerouting", newname: None, handle: Some(1), _type: None, hook: None, prio: None, dev: None, policy: None })), ListObject(Chain(Chain { family: IP, table: "nat", name: "postrouting", newname: None, handle: Some(2), _type: None, hook: None, prio: None, dev: None, policy: None })), ListObject(Rule(Rule { family: IP, table: "nat", chain: "prerouting", expr: [DNAT(Some(NAT { addr: Some(Named(Map(Map { key: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), data: Named(Set([Element(List([Number(80), String("192.168.1.100")])), Element(List([Number(8888), String("192.168.1.101")]))])) }))), family: None, port: None, flags: None }))], handle: Some(5), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "nat", chain: "postrouting", expr: [SNAT(Some(NAT { addr: Some(Named(Map(Map { key: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), data: String("@porttoip") }))), family: None, port: None, flags: None }))], handle: Some(6), index: None, comment: None }))] }
[INFO] [stdout] Deserializing file: resources/test/json/workstation.json
[INFO] [stdout] Deserializing file: resources/test/json/workstation_combined.json
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: IP, name: "nat", handle: Some(1) })), ListObject(Chain(Chain { family: IP, table: "nat", name: "prerouting", newname: None, handle: Some(1), _type: Some(NAT), hook: Some(Prerouting), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "nat", name: "postrouting", newname: None, handle: Some(2), _type: Some(NAT), hook: Some(Postrouting), prio: Some(100), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: IP, table: "nat", chain: "postrouting", expr: [Match(Match { left: Named(Meta(Meta { key: L4proto })), right: String("tcp"), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "daddr" }))), right: Named(Prefix(Prefix { addr: String("192.168.122.0"), len: 24 })), op: NEQ }), Masquerade(Some(NAT { addr: None, family: None, port: Some(Range(Range { range: [Number(1024), Number(65535)] })), flags: None }))], handle: Some(3), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "nat", chain: "postrouting", expr: [Match(Match { left: Named(Meta(Meta { key: Oifname })), right: String("wan0"), op: EQ }), Masquerade(None)], handle: Some(4), index: None, comment: None }))] }
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: IP, name: "filter", handle: Some(1) })), ListObject(CTExpectation(CTExpectation { family: IP, table: "filter", name: "e_pgsql", handle: Some(4), l3proto: Some("ip"), protocol: Some(TCP), dport: Some(5432), timeout: Some(3600000), size: Some(12) })), ListObject(CTHelper(CTHelper { family: IP, table: "filter", name: "ftp-standard", handle: Some(5), _type: "ftp", protocol: Some("tcp"), l3proto: Some("ip") })), ListObject(Chain(Chain { family: IP, table: "filter", name: "INPUT", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Input), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "FORWARD", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Forward), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "OUTPUT", newname: None, handle: Some(3), _type: Some(Filter), hook: Some(Output), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "INPUT", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(22), op: EQ }), CTCount(CTCount { val: Number(10), inv: None }), Accept(None)], handle: Some(6), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "INPUT", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("new"), op: IN }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(8888), op: EQ }), CTExpectation(String("e_pgsql"))], handle: Some(7), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "INPUT", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: List([String("established"), String("related")]), op: IN }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(8), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "FORWARD", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), right: String("syn"), op: IN }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Mangle(Mangle { key: Named(TcpOption(TcpOption { name: "maxseg", field: Some("size") })), value: Named(RT(RT { key: MTU, family: None })) })], handle: Some(9), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "FORWARD", expr: [Match(Match { left: Named(SctpChunk(SctpChunk { name: "data", field: "flags" })), right: Number(2), op: EQ })], handle: Some(10), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "FORWARD", expr: [Match(Match { left: Named(CT(CT { key: "helper", family: None, dir: None })), right: String("ftp-standard"), op: EQ }), Accept(None)], handle: Some(11), index: None, comment: None }))] }
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: INet, name: "filter", handle: Some(1) })), ListObject(Chain(Chain { family: INet, table: "filter", name: "tproxy_ipv4", newname: None, handle: Some(1), _type: None, hook: None, prio: None, dev: None, policy: None })), ListObject(Chain(Chain { family: INet, table: "filter", name: "tproxy_ipv6", newname: None, handle: Some(2), _type: None, hook: None, prio: None, dev: None, policy: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "tproxy_ipv4", expr: [Match(Match { left: Named(Meta(Meta { key: L4proto })), right: String("tcp"), op: EQ }), TProxy(TProxy { family: Some("ip"), port: 12345, addr: Some("127.0.0.1") })], handle: Some(3), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "tproxy_ipv4", expr: [Match(Match { left: Named(Meta(Meta { key: L4proto })), right: String("tcp"), op: EQ }), TProxy(TProxy { family: Some("ip"), port: 12345, addr: None })], handle: Some(4), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "tproxy_ipv6", expr: [Match(Match { left: Named(Meta(Meta { key: L4proto })), right: String("tcp"), op: EQ }), TProxy(TProxy { family: Some("ip6"), port: 12345, addr: Some("::1") })], handle: Some(5), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "tproxy_ipv6", expr: [Match(Match { left: Named(Meta(Meta { key: L4proto })), right: String("tcp"), op: EQ }), TProxy(TProxy { family: Some("ip6"), port: 12345, addr: None })], handle: Some(6), index: None, comment: None }))] }
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.6"), release_name: Some("Lester Gooch #5"), json_schema_version: Some(1) })), ListObject(Table(Table { family: IP, name: "synproxy_anonymous", handle: Some(1) })), ListObject(Chain(Chain { family: IP, table: "synproxy_anonymous", name: "PREROUTING", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Prerouting), prio: Some(-300), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "synproxy_anonymous", name: "INPUT", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Input), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: IP, table: "synproxy_anonymous", chain: "PREROUTING", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(8080), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), right: String("syn"), op: IN }), Notrack], handle: Some(3), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "synproxy_anonymous", chain: "INPUT", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(8080), op: EQ }), Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: List([String("invalid"), String("untracked")]), op: IN }), SynProxy(SynProxy { mss: Some(1460), wscale: Some(7), flags: Some({Timestamp, SackPerm}) })], handle: Some(4), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "synproxy_anonymous", chain: "INPUT", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("invalid"), op: IN }), Drop(None)], handle: Some(5), index: None, comment: None })), ListObject(Table(Table { family: IP, name: "synproxy_named", handle: Some(2) })), ListObject(SynProxy(SynProxy { family: IP, table: "synproxy_named", name: "synproxy_named_1", handle: Some(3), mss: Some(1460), wscale: Some(7), flags: Some({SackPerm, Timestamp}) })), ListObject(SynProxy(SynProxy { family: IP, table: "synproxy_named", name: "synproxy_named_2", handle: Some(4), mss: Some(1460), wscale: Some(5), flags: None })), ListObject(Chain(Chain { family: IP, table: "synproxy_named", name: "PREROUTING", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Prerouting), prio: Some(-300), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "synproxy_named", name: "FORWARD", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Forward), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: IP, table: "synproxy_named", chain: "PREROUTING", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(8080), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), right: String("syn"), op: IN }), Notrack], handle: Some(5), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "synproxy_named", chain: "FORWARD", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: List([String("invalid"), String("untracked")]), op: IN }), SynProxy(SynProxy { mss: None, wscale: None, flags: None })], handle: Some(7), index: None, comment: None }))] }
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: IP, name: "filter", handle: Some(1) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "input", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Input), prio: Some(0), dev: None, policy: Some(Drop) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "forward", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Forward), prio: Some(0), dev: None, policy: Some(Drop) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "output", newname: None, handle: Some(3), _type: Some(Filter), hook: Some(Output), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("invalid"), op: IN }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(4), index: None, comment: Some("early drop of invalid packets") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: Named(Set([Element(String("established")), Element(String("related"))])), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(6), index: None, comment: Some("accept all connections related to connections made by us") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: EQ }), Accept(None)], handle: Some(7), index: None, comment: Some("accept loopback") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: NEQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "daddr" }))), right: Named(Prefix(Prefix { addr: String("127.0.0.0"), len: 8 })), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(8), index: None, comment: Some("drop connections to loopback not coming from loopback") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "protocol" }))), right: String("icmp"), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(9), index: None, comment: Some("accept all ICMP types") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(22), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(10), index: None, comment: Some("accept SSH") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(11), index: None, comment: Some("count dropped packets") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "forward", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(12), index: None, comment: Some("count dropped packets") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "output", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(13), index: None, comment: Some("count accepted packets") })), ListObject(Table(Table { family: IP6, name: "filter", handle: Some(2) })), ListObject(Chain(Chain { family: IP6, table: "filter", name: "input", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Input), prio: Some(0), dev: None, policy: Some(Drop) })), ListObject(Chain(Chain { family: IP6, table: "filter", name: "forward", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Forward), prio: Some(0), dev: None, policy: Some(Drop) })), ListObject(Chain(Chain { family: IP6, table: "filter", name: "output", newname: None, handle: Some(3), _type: Some(Filter), hook: Some(Output), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("invalid"), op: IN }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(4), index: None, comment: Some("early drop of invalid packets") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: Named(Set([Element(String("established")), Element(String("related"))])), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(6), index: None, comment: Some("accept all connections related to connections made by us") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: EQ }), Accept(None)], handle: Some(7), index: None, comment: Some("accept loopback") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: NEQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip6", field: "daddr" }))), right: String("::1"), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(8), index: None, comment: Some("drop connections to loopback not coming from loopback") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip6", field: "nexthdr" }))), right: String("ipv6-icmp"), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(9), index: None, comment: Some("accept all ICMP types") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(22), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(10), index: None, comment: Some("accept SSH") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "input", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(11), index: None, comment: Some("count dropped packets") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "forward", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(12), index: None, comment: Some("count dropped packets") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "output", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(13), index: None, comment: Some("count accepted packets") }))] }
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: INet, name: "named_counter_demo", handle: Some(1) })), ListObject(Counter(Counter { family: INet, table: "named_counter_demo", name: "cnt_http", handle: Some(2), packets: Some(0), bytes: Some(0) })), ListObject(Counter(Counter { family: INet, table: "named_counter_demo", name: "cnt_smtp", handle: Some(3), packets: Some(0), bytes: Some(0) })), ListObject(Chain(Chain { family: INet, table: "named_counter_demo", name: "IN", newname: None, handle: Some(1), _type: None, hook: None, prio: None, dev: None, policy: None })), ListObject(Rule(Rule { family: INet, table: "named_counter_demo", chain: "IN", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(21), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(4), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "named_counter_demo", chain: "IN", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(25), op: EQ }), Counter(Named("cnt_smtp"))], handle: Some(5), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "named_counter_demo", chain: "IN", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(80), op: EQ }), Counter(Named("cnt_http"))], handle: Some(6), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "named_counter_demo", chain: "IN", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(443), op: EQ }), Counter(Named("cnt_http"))], handle: Some(7), index: None, comment: None }))] }
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: IP, name: "nat", handle: Some(1) })), ListObject(Chain(Chain { family: IP, table: "nat", name: "prerouting", newname: None, handle: Some(1), _type: Some(NAT), hook: Some(Prerouting), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "nat", name: "postrouting", newname: None, handle: Some(2), _type: Some(NAT), hook: Some(Postrouting), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: IP, table: "nat", chain: "prerouting", expr: [Redirect(None)], handle: Some(3), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "nat", chain: "prerouting", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(21), op: EQ }), Redirect(Some(NAT { addr: None, family: None, port: Some(Number(21212)), flags: None }))], handle: Some(4), index: None, comment: None })), ListObject(Table(Table { family: INet, name: "filter", handle: Some(2) })), ListObject(Set(Set { family: INet, table: "filter", name: "blackhole", handle: Some(4), set_type: Single(Ipv4Addr), policy: None, flags: Some({Timeout}), elem: None, timeout: Some(86400), gc_interval: None, size: None, comment: None })), ListObject(Chain(Chain { family: INet, table: "filter", name: "input", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Input), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: INet, table: "filter", name: "output", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Output), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: INet, table: "filter", name: "admin", newname: None, handle: Some(3), _type: None, hook: None, prio: None, dev: None, policy: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "saddr" }))), right: String("@blackhole"), op: EQ }), Drop(None)], handle: Some(5), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: List([String("established"), String("related")]), op: IN }), Accept(None)], handle: Some(6), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: EQ }), Accept(None)], handle: Some(7), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), right: String("syn"), op: NEQ }), Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("new"), op: IN }), Log(Some(Log { prefix: Some("FIRST PACKET IS NOT SYN"), group: None, snaplen: None, queue_threshold: None, level: None, flags: None })), Drop(None)], handle: Some(8), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: BinaryOperation(AND(Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), List([String("fin"), String("syn")]))), right: List([String("fin"), String("syn")]), op: EQ }), Log(Some(Log { prefix: Some("SCANNER1"), group: None, snaplen: None, queue_threshold: None, level: None, flags: None })), Drop(None)], handle: Some(9), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: BinaryOperation(AND(Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), List([String("syn"), String("rst")]))), right: List([String("syn"), String("rst")]), op: EQ }), Log(Some(Log { prefix: Some("SCANNER2"), group: None, snaplen: None, queue_threshold: None, level: None, flags: None })), Drop(None)], handle: Some(10), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: BinaryOperation(AND(Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), BinaryOperation(OR([BinaryOperation(OR([BinaryOperation(OR([BinaryOperation(OR([BinaryOperation(OR([String("fin"), String("syn")])), String("rst")])), String("psh")])), String("ack")])), String("urg")])))), right: String("fin"), op: GT }), Log(Some(Log { prefix: Some("SCANNER3"), group: None, snaplen: None, queue_threshold: None, level: None, flags: None })), Drop(None)], handle: Some(11), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: BinaryOperation(AND(Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), List([String("fin"), String("syn"), String("rst"), String("psh"), String("ack"), String("urg")]))), right: List([String("fin"), String("psh"), String("urg")]), op: EQ }), Log(Some(Log { prefix: Some("SCANNER4"), group: None, snaplen: None, queue_threshold: None, level: None, flags: None })), Drop(None)], handle: Some(12), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("invalid"), op: IN }), Log(Some(Log { prefix: Some("Invalid conntrack state: "), group: None, snaplen: None, queue_threshold: None, level: None, flags: Some({Skuid, Ether}) })), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(13), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Named(Set([Element(Number(22)), Element(Number(80)), Element(Number(443))])), op: EQ }), Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("new"), op: IN }), Accept(None)], handle: Some(15), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "saddr" }))), right: Named(Set([Element(Named(Prefix(Prefix { addr: String("10.0.0.0"), len: 8 }))), Element(Named(Prefix(Prefix { addr: String("12.34.56.72"), len: 29 }))), Element(Named(Prefix(Prefix { addr: String("172.16.0.0"), len: 16 })))])), op: EQ }), Jump(JumpTarget { target: "admin" })], handle: Some(17), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip6", field: "nexthdr" }))), right: String("ipv6-icmp"), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "icmpv6", field: "type" }))), right: Named(Set([Element(String("destination-unreachable")), Element(String("packet-too-big")), Element(String("time-exceeded")), Element(String("parameter-problem")), Element(String("nd-router-advert")), Element(String("nd-neighbor-solicit")), Element(String("nd-neighbor-advert"))])), op: EQ }), Limit(Limit { rate: 100, rate_unit: None, per: Some("second"), burst: Some(5), burst_unit: None, inv: None }), Accept(None)], handle: Some(19), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "protocol" }))), right: String("icmp"), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "icmp", field: "type" }))), right: Named(Set([Element(String("destination-unreachable")), Element(String("router-advertisement")), Element(String("time-exceeded")), Element(String("parameter-problem"))])), op: EQ }), Limit(Limit { rate: 100, rate_unit: None, per: Some("second"), burst: Some(5), burst_unit: None, inv: None }), Accept(None)], handle: Some(21), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: List([String("established"), String("related")]), op: IN }), Accept(None)], handle: Some(22), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Meta(Meta { key: Oif })), right: String("lo"), op: EQ }), Accept(None)], handle: Some(23), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "udp", field: "dport" }))), right: Number(53), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "daddr" }))), right: Named(Set([Element(String("8.8.4.4")), Element(String("8.8.8.8"))])), op: EQ }), Accept(None)], handle: Some(25), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(53), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "daddr" }))), right: Named(Set([Element(String("8.8.4.4")), Element(String("8.8.8.8"))])), op: EQ }), Accept(None)], handle: Some(27), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "udp", field: "dport" }))), right: Number(67), op: EQ }), Accept(None)], handle: Some(28), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "udp", field: "dport" }))), right: Number(443), op: EQ }), Accept(None)], handle: Some(29), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Named(Set([Element(Number(25)), Element(Number(465)), Element(Number(587))])), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "daddr" }))), right: String("127.0.0.1"), op: NEQ }), Log(Some(Log { prefix: Some("SPAMALERT!"), group: None, snaplen: None, queue_threshold: None, level: None, flags: None })), Drop(None)], handle: Some(31), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Named(Set([Element(Number(80)), Element(Number(443))])), op: EQ }), Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("new"), op: IN }), Accept(None)], handle: Some(33), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "protocol" }))), right: String("icmp"), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "icmp", field: "type" }))), right: String("echo-request"), op: EQ }), Limit(Limit { rate: 1, rate_unit: None, per: Some("second"), burst: Some(5), burst_unit: None, inv: None }), Log(None), Accept(None)], handle: Some(34), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Log(Some(Log { prefix: Some("Outgoing packet dropped: "), group: None, snaplen: None, queue_threshold: None, level: None, flags: Some({All}) }))], handle: Some(35), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "admin", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(22), op: EQ }), Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("new"), op: IN }), Log(Some(Log { prefix: Some("Admin connection:"), group: None, snaplen: None, queue_threshold: None, level: None, flags: None })), Accept(None)], handle: Some(36), index: None, comment: None }))] }
[INFO] [stdout] test test_deserialize_json_files::bitflags.json             ... Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: INet, name: "filter", handle: Some(1) })), ListObject(Chain(Chain { family: INet, table: "filter", name: "input", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Input), prio: Some(0), dev: None, policy: Some(Drop) })), ListObject(Chain(Chain { family: INet, table: "filter", name: "forward", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Forward), prio: Some(0), dev: None, policy: Some(Drop) })), ListObject(Chain(Chain { family: INet, table: "filter", name: "output", newname: None, handle: Some(3), _type: Some(Filter), hook: Some(Output), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("invalid"), op: IN }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(4), index: None, comment: Some("early drop of invalid packets") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: Named(Set([Element(String("established")), Element(String("related"))])), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(6), index: None, comment: Some("accept all connections related to connections made by us") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: EQ }), Accept(None)], handle: Some(7), index: None, comment: Some("accept loopback") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: NEQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "daddr" }))), right: Named(Prefix(Prefix { addr: String("127.0.0.0"), len: 8 })), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(8), index: None, comment: Some("drop connections to loopback not coming from loopback") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: NEQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip6", field: "daddr" }))), right: String("::1"), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(9), index: None, comment: Some("drop connections to loopback not coming from loopback") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "protocol" }))), right: String("icmp"), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(10), index: None, comment: Some("accept all ICMP types") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip6", field: "nexthdr" }))), right: String("ipv6-icmp"), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(11), index: None, comment: Some("accept all ICMP types") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(22), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(12), index: None, comment: Some("accept SSH") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(13), index: None, comment: Some("count dropped packets") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "forward", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(14), index: None, comment: Some("count dropped packets") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(15), index: None, comment: Some("count accepted packets") }))] }
[INFO] [stdout] ok
[INFO] [stdout] test test_deserialize_json_files::flow.json                 ... ok
[INFO] [stdout] test test_deserialize_json_files::basic.json                ... ok
[INFO] [stdout] test test_deserialize_json_files::setmap.json               ... ok
[INFO] [stdout] test test_deserialize_json_files::nat.json                  ... ok
[INFO] [stdout] test test_deserialize_json_files::space-keys.json           ... ok
[INFO] [stdout] test test_deserialize_json_files::tproxy.json               ... ok
[INFO] [stdout] test test_deserialize_json_files::synproxy.json             ... ok
[INFO] [stdout] test test_deserialize_json_files::workstation.json          ... ok
[INFO] [stdout] test test_deserialize_json_files::counter.json              ... ok
[INFO] [stdout] test test_deserialize_json_files::nftables-init.json        ... ok
[INFO] [stdout] test test_deserialize_json_files::workstation_combined.json ... ok
[INFO] [stdout] 
[INFO] [stdout] test result: ok. 12 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.02s
[INFO] [stdout] 
[INFO] [stderr]      Running tests/fixtures.rs (/opt/rustwide/target/debug/deps/fixtures-7467d5942583bc93)
[INFO] [stdout] 
[INFO] [stdout] running 3 tests
[INFO] [stdout] test test_parse_fib_flags ... ok
[INFO] [stdout] test test_parse_synproxy_flags ... ok
[INFO] [stdout] test test_parse_set_map_flags ... ok
[INFO] [stdout] 
[INFO] [stdout] test result: ok. 3 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.01s
[INFO] [stdout] 
[INFO] [stderr]      Running tests/helper_tests.rs (/opt/rustwide/target/debug/deps/helper_tests-c2de19f0afb926d2)
[INFO] [stdout] 
[INFO] [stdout] running 6 tests
[INFO] [stdout] test test_apply_ruleset ... ignored
[INFO] [stdout] test test_list_ruleset ... ignored
[INFO] [stdout] test test_list_ruleset_invalid_program ... ignored
[INFO] [stdout] test test_nft_args_list_map_set ... ignored
[INFO] [stdout] test test_regr_anoncounter_none ... ignored
[INFO] [stdout] test test_remove_unknown_table ... ignored
[INFO] [stdout] 
[INFO] [stdout] test result: ok. 0 passed; 0 failed; 6 ignored; 0 measured; 0 filtered out; finished in 0.00s
[INFO] [stdout] 
[INFO] [stderr]      Running tests/json_tests.rs (/opt/rustwide/target/debug/deps/json_tests-61e9eead17797a01)
[INFO] [stdout] 
[INFO] [stdout] running 7 tests
[INFO] [stdout] test test_bit_flags ... ok
[INFO] [stdout] test test_insert ... ok
[INFO] [stdout] test test_parse_payload ... ok
[INFO] [stdout] test test_chain_table_rule_inet ... ok
[INFO] [stdout] test test_queue_json_serialisation ... ok
[INFO] [stdout] test test_parsing_of_queue_without_flags ... ok
[INFO] [stderr]      Running tests/serialize.rs (/opt/rustwide/target/debug/deps/serialize-82da894866529631)
[INFO] [stdout] test test_flowtable ... ok
[INFO] [stderr]    Doc-tests nftables
[INFO] [stdout] 
[INFO] [stdout] test result: ok. 7 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.01s
[INFO] [stdout] 
[INFO] [stdout] 
[INFO] [stdout] running 1 test
[INFO] [stdout] test test_serialize ... ok
[INFO] [stdout] 
[INFO] [stdout] test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
[INFO] [stdout] 
[INFO] [stdout] 
[INFO] [stdout] running 0 tests
[INFO] [stdout] 
[INFO] [stdout] test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
[INFO] [stdout] 
[INFO] running `Command { std: "docker" "inspect" "b4be3b53da845cce43fda23bc468548b229b86ec4ee643e05dbe55f677322e4f", kill_on_drop: false }`
[INFO] running `Command { std: "docker" "rm" "-f" "b4be3b53da845cce43fda23bc468548b229b86ec4ee643e05dbe55f677322e4f", kill_on_drop: false }`
[INFO] [stdout] b4be3b53da845cce43fda23bc468548b229b86ec4ee643e05dbe55f677322e4f
