[INFO] fetching crate nftables 0.6.2...
[INFO] testing nftables-0.6.2 against try#8de4c7234dd9b97c9d76b58671343fdbbc9a433e+target=x86_64-unknown-linux-musl for musl_upgrade_1_2_5_with_libc_patch_0
[INFO] extracting crate nftables 0.6.2 into /workspace/builds/worker-0-tc1/source
[INFO] started tweaking crates.io crate nftables 0.6.2
[INFO] removed 0 missing tests
[INFO] finished tweaking crates.io crate nftables 0.6.2
[INFO] tweaked toml for crates.io crate nftables 0.6.2 written to /workspace/builds/worker-0-tc1/source/Cargo.toml
[INFO] validating manifest of crates.io crate nftables 0.6.2 on toolchain 8de4c7234dd9b97c9d76b58671343fdbbc9a433e
[INFO] running `Command { std: CARGO_HOME="/workspace/cargo-home" RUSTUP_HOME="/workspace/rustup-home" "/workspace/cargo-home/bin/cargo" "+8de4c7234dd9b97c9d76b58671343fdbbc9a433e" "metadata" "--manifest-path" "Cargo.toml" "--no-deps", kill_on_drop: false }`
[INFO] crate crates.io crate nftables 0.6.2 already has a lockfile, it will not be regenerated
[INFO] running `Command { std: CARGO_HOME="/workspace/cargo-home" RUSTUP_HOME="/workspace/rustup-home" "/workspace/cargo-home/bin/cargo" "+8de4c7234dd9b97c9d76b58671343fdbbc9a433e" "fetch" "--manifest-path" "Cargo.toml", kill_on_drop: false }`
[INFO] [stderr]     Updating crates.io index
[INFO] [stderr]  Downloading crates ...
[INFO] [stderr]   Downloaded escape8259 v0.5.3
[INFO] [stderr]   Downloaded clap v4.5.37
[INFO] [stderr]   Downloaded datatest-stable v0.3.2
[INFO] [stderr]   Downloaded libtest-mimic v0.8.1
[INFO] [stderr]   Downloaded sdd v3.0.8
[INFO] [stderr]   Downloaded clap_builder v4.5.37
[INFO] [stderr]   Downloaded scc v2.3.4
[INFO] running `Command { std: "docker" "create" "-v" "/var/lib/crater-agent-workspace/builds/worker-0-tc1/target:/opt/rustwide/target:rw,Z" "-v" "/var/lib/crater-agent-workspace/builds/worker-0-tc1/source:/opt/rustwide/workdir:ro,Z" "-v" "/var/lib/crater-agent-workspace/cargo-home:/opt/rustwide/cargo-home:ro,Z" "-v" "/var/lib/crater-agent-workspace/rustup-home:/opt/rustwide/rustup-home:ro,Z" "-e" "SOURCE_DIR=/opt/rustwide/workdir" "-e" "CARGO_TARGET_DIR=/opt/rustwide/target" "-e" "CARGO_HOME=/opt/rustwide/cargo-home" "-e" "RUSTUP_HOME=/opt/rustwide/rustup-home" "-w" "/opt/rustwide/workdir" "-m" "1610612736" "--user" "0:0" "--network" "none" "ghcr.io/rust-lang/crates-build-env/linux@sha256:90999bfc7ae267e83380e433d8e61a7c072ca6729e92edbae886d3423b3a6f4c" "/opt/rustwide/cargo-home/bin/cargo" "+8de4c7234dd9b97c9d76b58671343fdbbc9a433e" "metadata" "--no-deps" "--format-version=1", kill_on_drop: false }`
[INFO] [stdout] 42eec3c0f3631c7a78af0f850dc1ebbf483b0678074efdd095eac934506270b6
[INFO] running `Command { std: "docker" "start" "-a" "42eec3c0f3631c7a78af0f850dc1ebbf483b0678074efdd095eac934506270b6", kill_on_drop: false }`
[INFO] running `Command { std: "docker" "inspect" "42eec3c0f3631c7a78af0f850dc1ebbf483b0678074efdd095eac934506270b6", kill_on_drop: false }`
[INFO] running `Command { std: "docker" "rm" "-f" "42eec3c0f3631c7a78af0f850dc1ebbf483b0678074efdd095eac934506270b6", kill_on_drop: false }`
[INFO] [stdout] 42eec3c0f3631c7a78af0f850dc1ebbf483b0678074efdd095eac934506270b6
[INFO] running `Command { std: "docker" "create" "-v" "/var/lib/crater-agent-workspace/builds/worker-0-tc1/target:/opt/rustwide/target:rw,Z" "-v" "/var/lib/crater-agent-workspace/builds/worker-0-tc1/source:/opt/rustwide/workdir:ro,Z" "-v" "/var/lib/crater-agent-workspace/cargo-home:/opt/rustwide/cargo-home:ro,Z" "-v" "/var/lib/crater-agent-workspace/rustup-home:/opt/rustwide/rustup-home:ro,Z" "-e" "SOURCE_DIR=/opt/rustwide/workdir" "-e" "CARGO_TARGET_DIR=/opt/rustwide/target" "-e" "CARGO_INCREMENTAL=0" "-e" "RUST_BACKTRACE=full" "-e" "RUSTFLAGS=--cap-lints=forbid" "-e" "RUSTDOCFLAGS=--cap-lints=forbid" "-e" "CARGO_HOME=/opt/rustwide/cargo-home" "-e" "RUSTUP_HOME=/opt/rustwide/rustup-home" "-w" "/opt/rustwide/workdir" "-m" "1610612736" "--user" "0:0" "--network" "none" "ghcr.io/rust-lang/crates-build-env/linux@sha256:90999bfc7ae267e83380e433d8e61a7c072ca6729e92edbae886d3423b3a6f4c" "/opt/rustwide/cargo-home/bin/cargo" "+8de4c7234dd9b97c9d76b58671343fdbbc9a433e" "build" "--frozen" "--message-format=json" "--target" "x86_64-unknown-linux-musl", kill_on_drop: false }`
[INFO] [stdout] 071b07013545951ed3f2946e8f37c35969f6e51a47d79329c5f2199d65875595
[INFO] running `Command { std: "docker" "start" "-a" "071b07013545951ed3f2946e8f37c35969f6e51a47d79329c5f2199d65875595", kill_on_drop: false }`
[INFO] [stderr]    Compiling rustversion v1.0.20
[INFO] [stderr]    Compiling schemars v0.8.22
[INFO] [stderr]    Compiling memchr v2.7.4
[INFO] [stderr]    Compiling dyn-clone v1.0.19
[INFO] [stderr]    Compiling strum v0.27.1
[INFO] [stderr]    Compiling syn v2.0.101
[INFO] [stderr]    Compiling serde_derive_internals v0.29.1
[INFO] [stderr]    Compiling serde_derive v1.0.219
[INFO] [stderr]    Compiling thiserror-impl v2.0.12
[INFO] [stderr]    Compiling strum_macros v0.27.1
[INFO] [stderr]    Compiling schemars_derive v0.8.22
[INFO] [stderr]    Compiling thiserror v2.0.12
[INFO] [stderr]    Compiling serde v1.0.219
[INFO] [stderr]    Compiling serde_json v1.0.140
[INFO] [stderr]    Compiling serde_path_to_error v0.1.17
[INFO] [stderr]    Compiling nftables v0.6.2 (/opt/rustwide/workdir)
[INFO] [stderr]     Finished `dev` profile [unoptimized + debuginfo] target(s) in 26.35s
[INFO] running `Command { std: "docker" "inspect" "071b07013545951ed3f2946e8f37c35969f6e51a47d79329c5f2199d65875595", kill_on_drop: false }`
[INFO] running `Command { std: "docker" "rm" "-f" "071b07013545951ed3f2946e8f37c35969f6e51a47d79329c5f2199d65875595", kill_on_drop: false }`
[INFO] [stdout] 071b07013545951ed3f2946e8f37c35969f6e51a47d79329c5f2199d65875595
[INFO] running `Command { std: "docker" "create" "-v" "/var/lib/crater-agent-workspace/builds/worker-0-tc1/target:/opt/rustwide/target:rw,Z" "-v" "/var/lib/crater-agent-workspace/builds/worker-0-tc1/source:/opt/rustwide/workdir:ro,Z" "-v" "/var/lib/crater-agent-workspace/cargo-home:/opt/rustwide/cargo-home:ro,Z" "-v" "/var/lib/crater-agent-workspace/rustup-home:/opt/rustwide/rustup-home:ro,Z" "-e" "SOURCE_DIR=/opt/rustwide/workdir" "-e" "CARGO_TARGET_DIR=/opt/rustwide/target" "-e" "CARGO_INCREMENTAL=0" "-e" "RUST_BACKTRACE=full" "-e" "RUSTFLAGS=--cap-lints=forbid" "-e" "RUSTDOCFLAGS=--cap-lints=forbid" "-e" "CARGO_HOME=/opt/rustwide/cargo-home" "-e" "RUSTUP_HOME=/opt/rustwide/rustup-home" "-w" "/opt/rustwide/workdir" "-m" "1610612736" "--user" "0:0" "--network" "none" "ghcr.io/rust-lang/crates-build-env/linux@sha256:90999bfc7ae267e83380e433d8e61a7c072ca6729e92edbae886d3423b3a6f4c" "/opt/rustwide/cargo-home/bin/cargo" "+8de4c7234dd9b97c9d76b58671343fdbbc9a433e" "test" "--frozen" "--no-run" "--message-format=json" "--target" "x86_64-unknown-linux-musl", kill_on_drop: false }`
[INFO] [stdout] 2fe23e0b198ee640fba221b34d03d34227232fc794cccff603fd5c735f1a06c3
[INFO] running `Command { std: "docker" "start" "-a" "2fe23e0b198ee640fba221b34d03d34227232fc794cccff603fd5c735f1a06c3", kill_on_drop: false }`
[INFO] [stderr]    Compiling libc v0.2.172
[INFO] [stderr]    Compiling camino v1.1.9
[INFO] [stderr]    Compiling regex-syntax v0.8.5
[INFO] [stderr]    Compiling syn v2.0.101
[INFO] [stderr]    Compiling clap_builder v4.5.37
[INFO] [stderr]    Compiling bit-vec v0.8.0
[INFO] [stderr]    Compiling smallvec v1.15.0
[INFO] [stderr]    Compiling getrandom v0.3.2
[INFO] [stderr]    Compiling rustix v1.0.7
[INFO] [stderr]    Compiling bitflags v2.9.0
[INFO] [stderr]    Compiling futures-util v0.3.31
[INFO] [stderr]    Compiling sdd v3.0.8
[INFO] [stderr]    Compiling once_cell v1.21.3
[INFO] [stderr]    Compiling linux-raw-sys v0.9.4
[INFO] [stderr]    Compiling escape8259 v0.5.3
[INFO] [stderr]    Compiling fastrand v2.3.0
[INFO] [stderr]    Compiling bit-set v0.8.0
[INFO] [stderr]    Compiling scc v2.3.4
[INFO] [stderr]    Compiling parking_lot_core v0.9.10
[INFO] [stderr]    Compiling parking_lot v0.12.3
[INFO] [stderr]    Compiling regex-automata v0.4.9
[INFO] [stderr]    Compiling tempfile v3.19.1
[INFO] [stderr]    Compiling futures-executor v0.3.31
[INFO] [stderr]    Compiling futures v0.3.31
[INFO] [stderr]    Compiling serde_derive_internals v0.29.1
[INFO] [stderr]    Compiling serde_derive v1.0.219
[INFO] [stderr]    Compiling schemars_derive v0.8.22
[INFO] [stderr]    Compiling clap_derive v4.5.32
[INFO] [stderr]    Compiling thiserror-impl v2.0.12
[INFO] [stderr]    Compiling strum_macros v0.27.1
[INFO] [stderr]    Compiling serial_test_derive v3.2.0
[INFO] [stderr]    Compiling fancy-regex v0.14.0
[INFO] [stderr]    Compiling serial_test v3.2.0
[INFO] [stderr]    Compiling thiserror v2.0.12
[INFO] [stderr]    Compiling clap v4.5.37
[INFO] [stderr]    Compiling libtest-mimic v0.8.1
[INFO] [stderr]    Compiling datatest-stable v0.3.2
[INFO] [stderr]    Compiling serde v1.0.219
[INFO] [stderr]    Compiling serde_json v1.0.140
[INFO] [stderr]    Compiling serde_path_to_error v0.1.17
[INFO] [stderr]    Compiling schemars v0.8.22
[INFO] [stderr]    Compiling nftables v0.6.2 (/opt/rustwide/workdir)
[INFO] [stderr]     Finished `test` profile [unoptimized + debuginfo] target(s) in 34.37s
[INFO] running `Command { std: "docker" "inspect" "2fe23e0b198ee640fba221b34d03d34227232fc794cccff603fd5c735f1a06c3", kill_on_drop: false }`
[INFO] running `Command { std: "docker" "rm" "-f" "2fe23e0b198ee640fba221b34d03d34227232fc794cccff603fd5c735f1a06c3", kill_on_drop: false }`
[INFO] [stdout] 2fe23e0b198ee640fba221b34d03d34227232fc794cccff603fd5c735f1a06c3
[INFO] running `Command { std: "docker" "create" "-v" "/var/lib/crater-agent-workspace/builds/worker-0-tc1/target:/opt/rustwide/target:rw,Z" "-v" "/var/lib/crater-agent-workspace/builds/worker-0-tc1/source:/opt/rustwide/workdir:ro,Z" "-v" "/var/lib/crater-agent-workspace/cargo-home:/opt/rustwide/cargo-home:ro,Z" "-v" "/var/lib/crater-agent-workspace/rustup-home:/opt/rustwide/rustup-home:ro,Z" "-e" "SOURCE_DIR=/opt/rustwide/workdir" "-e" "CARGO_TARGET_DIR=/opt/rustwide/target" "-e" "CARGO_INCREMENTAL=0" "-e" "RUST_BACKTRACE=full" "-e" "RUSTFLAGS=--cap-lints=forbid" "-e" "RUSTDOCFLAGS=--cap-lints=forbid" "-e" "CARGO_HOME=/opt/rustwide/cargo-home" "-e" "RUSTUP_HOME=/opt/rustwide/rustup-home" "-w" "/opt/rustwide/workdir" "-m" "1610612736" "--user" "0:0" "--network" "none" "ghcr.io/rust-lang/crates-build-env/linux@sha256:90999bfc7ae267e83380e433d8e61a7c072ca6729e92edbae886d3423b3a6f4c" "/opt/rustwide/cargo-home/bin/cargo" "+8de4c7234dd9b97c9d76b58671343fdbbc9a433e" "test" "--frozen" "--target" "x86_64-unknown-linux-musl", kill_on_drop: false }`
[INFO] [stdout] dfc9f550a8f9fffdc669dc8bda896d4f9f27b02a095ed519cabc6c9b8d9ef0e6
[INFO] running `Command { std: "docker" "start" "-a" "dfc9f550a8f9fffdc669dc8bda896d4f9f27b02a095ed519cabc6c9b8d9ef0e6", kill_on_drop: false }`
[INFO] [stderr]     Finished `test` profile [unoptimized + debuginfo] target(s) in 0.25s
[INFO] [stderr]      Running unittests src/lib.rs (/opt/rustwide/target/x86_64-unknown-linux-musl/debug/deps/nftables-2c5f8ec2c453a711)
[INFO] [stdout] 
[INFO] [stdout] running 3 tests
[INFO] [stdout] test cli::tests::test_handle_args_schema_default_path ... ok
[INFO] [stdout] test cli::tests::test_handle_args_schema_custom_path ... ok
[INFO] [stdout] test cli::tests::test_generate_json_schema ... ok
[INFO] [stderr]      Running unittests src/main.rs (/opt/rustwide/target/x86_64-unknown-linux-musl/debug/deps/nftables-79b2eb262603f2ab)
[INFO] [stdout] 
[INFO] [stdout] test result: ok. 3 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.06s
[INFO] [stdout] 
[INFO] [stdout] 
[INFO] [stdout] running 0 tests
[INFO] [stdout] 
[INFO] [stdout] test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
[INFO] [stdout] 
[INFO] [stderr]      Running tests/deserialize.rs (/opt/rustwide/target/x86_64-unknown-linux-musl/debug/deps/deserialize-520f38236f66fb39)
[INFO] [stdout] 
[INFO] [stdout] running 11 tests
[INFO] [stdout] Deserializing file: resources/test/json/basic.json
[INFO] [stdout] Deserializing file: resources/test/json/counter.json
[INFO] [stdout] Deserializing file: resources/test/json/nat.json
[INFO] [stdout] Deserializing file: resources/test/json/flow.json
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: INet, name: "named_counter_demo", handle: Some(1) })), ListObject(Counter(Counter { family: INet, table: "named_counter_demo", name: "cnt_http", handle: Some(2), packets: Some(0), bytes: Some(0) })), ListObject(Counter(Counter { family: INet, table: "named_counter_demo", name: "cnt_smtp", handle: Some(3), packets: Some(0), bytes: Some(0) })), ListObject(Chain(Chain { family: INet, table: "named_counter_demo", name: "IN", newname: None, handle: Some(1), _type: None, hook: None, prio: None, dev: None, policy: None })), ListObject(Rule(Rule { family: INet, table: "named_counter_demo", chain: "IN", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(21), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(4), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "named_counter_demo", chain: "IN", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(25), op: EQ }), Counter(Named("cnt_smtp"))], handle: Some(5), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "named_counter_demo", chain: "IN", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(80), op: EQ }), Counter(Named("cnt_http"))], handle: Some(6), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "named_counter_demo", chain: "IN", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(443), op: EQ }), Counter(Named("cnt_http"))], handle: Some(7), index: None, comment: None }))] }
[INFO] [stdout] Deserializing file: resources/test/json/nftables-init.json
[INFO] [stdout] Deserializing file: resources/test/json/setmap.json
[INFO] [stdout] Deserializing file: resources/test/json/space-keys.json
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: IP, name: "filter", handle: Some(1) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "output", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Output), prio: Some(100), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "input", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Input), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "forward", newname: None, handle: Some(3), _type: Some(Filter), hook: Some(Forward), prio: Some(0), dev: None, policy: Some(Drop) })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iifname })), right: String("lan0"), op: EQ }), Accept(None)], handle: Some(4), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iifname })), right: String("wan0"), op: EQ }), Drop(None)], handle: Some(5), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "forward", expr: [Match(Match { left: Named(Meta(Meta { key: Iifname })), right: String("lan0"), op: EQ }), Match(Match { left: Named(Meta(Meta { key: Oifname })), right: String("wan0"), op: EQ }), Accept(None)], handle: Some(6), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "forward", expr: [Match(Match { left: Named(Meta(Meta { key: Iifname })), right: String("wan0"), op: EQ }), Match(Match { left: Named(Meta(Meta { key: Oifname })), right: String("lan0"), op: EQ }), Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: List([String("established"), String("related")]), op: IN }), Accept(None)], handle: Some(7), index: None, comment: None }))] }
[INFO] [stdout] Deserializing file: resources/test/json/synproxy.json
[INFO] [stdout] Deserializing file: resources/test/json/tproxy.json
[INFO] [stdout] Deserializing file: resources/test/json/workstation.json
[INFO] [stdout] Deserializing file: resources/test/json/workstation_combined.json
[INFO] [stdout] test test_deserialize_json_files::counter.json              ... ok
[INFO] [stdout] test test_deserialize_json_files::basic.json                ... ok
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: IP, name: "nat", handle: Some(1) })), ListObject(Chain(Chain { family: IP, table: "nat", name: "prerouting", newname: None, handle: Some(1), _type: Some(NAT), hook: Some(Prerouting), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "nat", name: "postrouting", newname: None, handle: Some(2), _type: Some(NAT), hook: Some(Postrouting), prio: Some(100), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: IP, table: "nat", chain: "postrouting", expr: [Match(Match { left: Named(Meta(Meta { key: L4proto })), right: String("tcp"), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "daddr" }))), right: Named(Prefix(Prefix { addr: String("192.168.122.0"), len: 24 })), op: NEQ }), Masquerade(Some(NAT { addr: None, family: None, port: Some(Range(Range { range: [Number(1024), Number(65535)] })), flags: None }))], handle: Some(3), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "nat", chain: "postrouting", expr: [Match(Match { left: Named(Meta(Meta { key: Oifname })), right: String("wan0"), op: EQ }), Masquerade(None)], handle: Some(4), index: None, comment: None }))] }
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: IP, name: "nat", handle: Some(9) })), ListObject(Map(Map { family: IP, table: "nat", name: "porttoip", handle: Some(3), set_type: Single(InetService), map: Single(Ipv4Addr), policy: None, flags: None, elem: Some([List([Number(80), String("192.168.1.100")]), List([Number(8888), String("192.168.1.101")])]), timeout: None, gc_interval: None, size: None, comment: None })), ListObject(Chain(Chain { family: IP, table: "nat", name: "prerouting", newname: None, handle: Some(1), _type: None, hook: None, prio: None, dev: None, policy: None })), ListObject(Chain(Chain { family: IP, table: "nat", name: "postrouting", newname: None, handle: Some(2), _type: None, hook: None, prio: None, dev: None, policy: None })), ListObject(Rule(Rule { family: IP, table: "nat", chain: "prerouting", expr: [DNAT(Some(NAT { addr: Some(Named(Map(Map { key: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), data: Named(Set([Element(List([Number(80), String("192.168.1.100")])), Element(List([Number(8888), String("192.168.1.101")]))])) }))), family: None, port: None, flags: None }))], handle: Some(5), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "nat", chain: "postrouting", expr: [SNAT(Some(NAT { addr: Some(Named(Map(Map { key: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), data: String("@porttoip") }))), family: None, port: None, flags: None }))], handle: Some(6), index: None, comment: None }))] }
[INFO] [stdout] test test_deserialize_json_files::nat.json                  ... ok
[INFO] [stdout] test test_deserialize_json_files::setmap.json               ... ok
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: INet, name: "filter", handle: Some(1) })), ListObject(Chain(Chain { family: INet, table: "filter", name: "input", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Input), prio: Some(0), dev: None, policy: Some(Drop) })), ListObject(Chain(Chain { family: INet, table: "filter", name: "forward", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Forward), prio: Some(0), dev: None, policy: Some(Drop) })), ListObject(Chain(Chain { family: INet, table: "filter", name: "output", newname: None, handle: Some(3), _type: Some(Filter), hook: Some(Output), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("invalid"), op: IN }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(4), index: None, comment: Some("early drop of invalid packets") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: Named(Set([Element(String("established")), Element(String("related"))])), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(6), index: None, comment: Some("accept all connections related to connections made by us") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: EQ }), Accept(None)], handle: Some(7), index: None, comment: Some("accept loopback") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: NEQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "daddr" }))), right: Named(Prefix(Prefix { addr: String("127.0.0.0"), len: 8 })), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(8), index: None, comment: Some("drop connections to loopback not coming from loopback") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: NEQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip6", field: "daddr" }))), right: String("::1"), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(9), index: None, comment: Some("drop connections to loopback not coming from loopback") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "protocol" }))), right: String("icmp"), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(10), index: None, comment: Some("accept all ICMP types") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip6", field: "nexthdr" }))), right: String("ipv6-icmp"), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(11), index: None, comment: Some("accept all ICMP types") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(22), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(12), index: None, comment: Some("accept SSH") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(13), index: None, comment: Some("count dropped packets") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "forward", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(14), index: None, comment: Some("count dropped packets") })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(15), index: None, comment: Some("count accepted packets") }))] }
[INFO] [stdout] test test_deserialize_json_files::workstation_combined.json ... ok
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: IP, name: "nat", handle: Some(1) })), ListObject(Chain(Chain { family: IP, table: "nat", name: "prerouting", newname: None, handle: Some(1), _type: Some(NAT), hook: Some(Prerouting), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "nat", name: "postrouting", newname: None, handle: Some(2), _type: Some(NAT), hook: Some(Postrouting), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: IP, table: "nat", chain: "prerouting", expr: [Redirect(None)], handle: Some(3), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "nat", chain: "prerouting", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(21), op: EQ }), Redirect(Some(NAT { addr: None, family: None, port: Some(Number(21212)), flags: None }))], handle: Some(4), index: None, comment: None })), ListObject(Table(Table { family: INet, name: "filter", handle: Some(2) })), ListObject(Set(Set { family: INet, table: "filter", name: "blackhole", handle: Some(4), set_type: Single(Ipv4Addr), policy: None, flags: Some({Timeout}), elem: None, timeout: Some(86400), gc_interval: None, size: None, comment: None })), ListObject(Chain(Chain { family: INet, table: "filter", name: "input", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Input), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: INet, table: "filter", name: "output", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Output), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: INet, table: "filter", name: "admin", newname: None, handle: Some(3), _type: None, hook: None, prio: None, dev: None, policy: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "saddr" }))), right: String("@blackhole"), op: EQ }), Drop(None)], handle: Some(5), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: List([String("established"), String("related")]), op: IN }), Accept(None)], handle: Some(6), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: EQ }), Accept(None)], handle: Some(7), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), right: String("syn"), op: NEQ }), Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("new"), op: IN }), Log(Some(Log { prefix: Some("FIRST PACKET IS NOT SYN"), group: None, snaplen: None, queue_threshold: None, level: None, flags: None })), Drop(None)], handle: Some(8), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: BinaryOperation(AND(Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), List([String("fin"), String("syn")]))), right: List([String("fin"), String("syn")]), op: EQ }), Log(Some(Log { prefix: Some("SCANNER1"), group: None, snaplen: None, queue_threshold: None, level: None, flags: None })), Drop(None)], handle: Some(9), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: BinaryOperation(AND(Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), List([String("syn"), String("rst")]))), right: List([String("syn"), String("rst")]), op: EQ }), Log(Some(Log { prefix: Some("SCANNER2"), group: None, snaplen: None, queue_threshold: None, level: None, flags: None })), Drop(None)], handle: Some(10), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: BinaryOperation(AND(Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), BinaryOperation(OR(BinaryOperation(OR(BinaryOperation(OR(BinaryOperation(OR(BinaryOperation(OR(String("fin"), String("syn"))), String("rst"))), String("psh"))), String("ack"))), String("urg"))))), right: String("fin"), op: GT }), Log(Some(Log { prefix: Some("SCANNER3"), group: None, snaplen: None, queue_threshold: None, level: None, flags: None })), Drop(None)], handle: Some(11), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: BinaryOperation(AND(Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), List([String("fin"), String("syn"), String("rst"), String("psh"), String("ack"), String("urg")]))), right: List([String("fin"), String("psh"), String("urg")]), op: EQ }), Log(Some(Log { prefix: Some("SCANNER4"), group: None, snaplen: None, queue_threshold: None, level: None, flags: None })), Drop(None)], handle: Some(12), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("invalid"), op: IN }), Log(Some(Log { prefix: Some("Invalid conntrack state: "), group: None, snaplen: None, queue_threshold: None, level: None, flags: Some({All}) })), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(13), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Named(Set([Element(Number(22)), Element(Number(80)), Element(Number(443))])), op: EQ }), Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("new"), op: IN }), Accept(None)], handle: Some(15), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "saddr" }))), right: Named(Set([Element(Named(Prefix(Prefix { addr: String("10.0.0.0"), len: 8 }))), Element(Named(Prefix(Prefix { addr: String("12.34.56.72"), len: 29 }))), Element(Named(Prefix(Prefix { addr: String("172.16.0.0"), len: 16 })))])), op: EQ }), Jump(JumpTarget { target: "admin" })], handle: Some(17), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip6", field: "nexthdr" }))), right: String("ipv6-icmp"), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "icmpv6", field: "type" }))), right: Named(Set([Element(String("destination-unreachable")), Element(String("packet-too-big")), Element(String("time-exceeded")), Element(String("parameter-problem")), Element(String("nd-router-advert")), Element(String("nd-neighbor-solicit")), Element(String("nd-neighbor-advert"))])), op: EQ }), Limit(Limit { rate: 100, rate_unit: None, per: Some("second"), burst: Some(5), burst_unit: None, inv: None }), Accept(None)], handle: Some(19), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "protocol" }))), right: String("icmp"), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "icmp", field: "type" }))), right: Named(Set([Element(String("destination-unreachable")), Element(String("router-advertisement")), Element(String("time-exceeded")), Element(String("parameter-problem"))])), op: EQ }), Limit(Limit { rate: 100, rate_unit: None, per: Some("second"), burst: Some(5), burst_unit: None, inv: None }), Accept(None)], handle: Some(21), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: List([String("established"), String("related")]), op: IN }), Accept(None)], handle: Some(22), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Meta(Meta { key: Oif })), right: String("lo"), op: EQ }), Accept(None)], handle: Some(23), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "udp", field: "dport" }))), right: Number(53), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "daddr" }))), right: Named(Set([Element(String("8.8.4.4")), Element(String("8.8.8.8"))])), op: EQ }), Accept(None)], handle: Some(25), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(53), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "daddr" }))), right: Named(Set([Element(String("8.8.4.4")), Element(String("8.8.8.8"))])), op: EQ }), Accept(None)], handle: Some(27), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "udp", field: "dport" }))), right: Number(67), op: EQ }), Accept(None)], handle: Some(28), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "udp", field: "dport" }))), right: Number(443), op: EQ }), Accept(None)], handle: Some(29), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Named(Set([Element(Number(25)), Element(Number(465)), Element(Number(587))])), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "daddr" }))), right: String("127.0.0.1"), op: NEQ }), Log(Some(Log { prefix: Some("SPAMALERT!"), group: None, snaplen: None, queue_threshold: None, level: None, flags: None })), Drop(None)], handle: Some(31), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Named(Set([Element(Number(80)), Element(Number(443))])), op: EQ }), Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("new"), op: IN }), Accept(None)], handle: Some(33), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "protocol" }))), right: String("icmp"), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "icmp", field: "type" }))), right: String("echo-request"), op: EQ }), Limit(Limit { rate: 1, rate_unit: None, per: Some("second"), burst: Some(5), burst_unit: None, inv: None }), Log(None), Accept(None)], handle: Some(34), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "output", expr: [Log(Some(Log { prefix: Some("Outgoing packet dropped: "), group: None, snaplen: None, queue_threshold: None, level: None, flags: Some({All}) }))], handle: Some(35), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "admin", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(22), op: EQ }), Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("new"), op: IN }), Log(Some(Log { prefix: Some("Admin connection:"), group: None, snaplen: None, queue_threshold: None, level: None, flags: None })), Accept(None)], handle: Some(36), index: None, comment: None }))] }
[INFO] [stdout] test test_deserialize_json_files::nftables-init.json        ... ok
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: IP, name: "filter", handle: Some(1) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "input", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Input), prio: Some(0), dev: None, policy: Some(Drop) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "forward", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Forward), prio: Some(0), dev: None, policy: Some(Drop) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "output", newname: None, handle: Some(3), _type: Some(Filter), hook: Some(Output), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("invalid"), op: IN }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(4), index: None, comment: Some("early drop of invalid packets") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: Named(Set([Element(String("established")), Element(String("related"))])), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(6), index: None, comment: Some("accept all connections related to connections made by us") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: EQ }), Accept(None)], handle: Some(7), index: None, comment: Some("accept loopback") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: NEQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "daddr" }))), right: Named(Prefix(Prefix { addr: String("127.0.0.0"), len: 8 })), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(8), index: None, comment: Some("drop connections to loopback not coming from loopback") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip", field: "protocol" }))), right: String("icmp"), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(9), index: None, comment: Some("accept all ICMP types") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(22), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(10), index: None, comment: Some("accept SSH") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "input", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(11), index: None, comment: Some("count dropped packets") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "forward", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(12), index: None, comment: Some("count dropped packets") })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "output", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(13), index: None, comment: Some("count accepted packets") })), ListObject(Table(Table { family: IP6, name: "filter", handle: Some(2) })), ListObject(Chain(Chain { family: IP6, table: "filter", name: "input", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Input), prio: Some(0), dev: None, policy: Some(Drop) })), ListObject(Chain(Chain { family: IP6, table: "filter", name: "forward", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Forward), prio: Some(0), dev: None, policy: Some(Drop) })), ListObject(Chain(Chain { family: IP6, table: "filter", name: "output", newname: None, handle: Some(3), _type: Some(Filter), hook: Some(Output), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("invalid"), op: IN }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(4), index: None, comment: Some("early drop of invalid packets") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "input", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: Named(Set([Element(String("established")), Element(String("related"))])), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(6), index: None, comment: Some("accept all connections related to connections made by us") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: EQ }), Accept(None)], handle: Some(7), index: None, comment: Some("accept loopback") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "input", expr: [Match(Match { left: Named(Meta(Meta { key: Iif })), right: String("lo"), op: NEQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip6", field: "daddr" }))), right: String("::1"), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Drop(None)], handle: Some(8), index: None, comment: Some("drop connections to loopback not coming from loopback") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "ip6", field: "nexthdr" }))), right: String("ipv6-icmp"), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(9), index: None, comment: Some("accept all ICMP types") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "input", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(22), op: EQ }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(10), index: None, comment: Some("accept SSH") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "input", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(11), index: None, comment: Some("count dropped packets") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "forward", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(12), index: None, comment: Some("count dropped packets") })), ListObject(Rule(Rule { family: IP6, table: "filter", chain: "output", expr: [Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) })))], handle: Some(13), index: None, comment: Some("count accepted packets") }))] }
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: INet, name: "filter", handle: Some(1) })), ListObject(Chain(Chain { family: INet, table: "filter", name: "tproxy_ipv4", newname: None, handle: Some(1), _type: None, hook: None, prio: None, dev: None, policy: None })), ListObject(Chain(Chain { family: INet, table: "filter", name: "tproxy_ipv6", newname: None, handle: Some(2), _type: None, hook: None, prio: None, dev: None, policy: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "tproxy_ipv4", expr: [Match(Match { left: Named(Meta(Meta { key: L4proto })), right: String("tcp"), op: EQ }), TProxy(TProxy { family: Some("ip"), port: 12345, addr: Some("127.0.0.1") })], handle: Some(3), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "tproxy_ipv4", expr: [Match(Match { left: Named(Meta(Meta { key: L4proto })), right: String("tcp"), op: EQ }), TProxy(TProxy { family: Some("ip"), port: 12345, addr: None })], handle: Some(4), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "tproxy_ipv6", expr: [Match(Match { left: Named(Meta(Meta { key: L4proto })), right: String("tcp"), op: EQ }), TProxy(TProxy { family: Some("ip6"), port: 12345, addr: Some("::1") })], handle: Some(5), index: None, comment: None })), ListObject(Rule(Rule { family: INet, table: "filter", chain: "tproxy_ipv6", expr: [Match(Match { left: Named(Meta(Meta { key: L4proto })), right: String("tcp"), op: EQ }), TProxy(TProxy { family: Some("ip6"), port: 12345, addr: None })], handle: Some(6), index: None, comment: None }))] }
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: INet, name: "named_counter_demo", handle: Some(3) })), ListObject(FlowTable(FlowTable { family: INet, table: "named_counter_demo", name: "flowed", handle: Some(2), hook: Some(Ingress), prio: Some(0), dev: Some(["lo"]) })), ListObject(Chain(Chain { family: INet, table: "named_counter_demo", name: "forward", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Forward), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: INet, table: "named_counter_demo", chain: "forward", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("established"), op: IN }), Flow(Flow { op: Add, flowtable: "@flowed" })], handle: Some(3), index: None, comment: None }))] }
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.9"), release_name: Some("Old Doc Yak #3"), json_schema_version: Some(1) })), ListObject(Table(Table { family: IP, name: "filter", handle: Some(1) })), ListObject(CTExpectation(CTExpectation { family: IP, table: "filter", name: "e_pgsql", handle: Some(4), l3proto: Some("ip"), protocol: Some(TCP), dport: Some(5432), timeout: Some(3600000), size: Some(12) })), ListObject(CTHelper(CTHelper { family: IP, table: "filter", name: "ftp-standard", handle: Some(5), _type: "ftp", protocol: Some("tcp"), l3proto: Some("ip") })), ListObject(Chain(Chain { family: IP, table: "filter", name: "INPUT", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Input), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "FORWARD", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Forward), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "filter", name: "OUTPUT", newname: None, handle: Some(3), _type: Some(Filter), hook: Some(Output), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "INPUT", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(22), op: EQ }), CTCount(CTCount { val: Number(10), inv: None }), Accept(None)], handle: Some(6), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "INPUT", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("new"), op: IN }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(8888), op: EQ }), CTExpectation(String("e_pgsql"))], handle: Some(7), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "INPUT", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: List([String("established"), String("related")]), op: IN }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Accept(None)], handle: Some(8), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "FORWARD", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), right: String("syn"), op: IN }), Counter(Anonymous(Some(AnonymousCounter { packets: Some(0), bytes: Some(0) }))), Mangle(Mangle { key: Named(TcpOption(TcpOption { name: "maxseg", field: Some("size") })), value: Named(RT(RT { key: MTU, family: None })) })], handle: Some(9), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "FORWARD", expr: [Match(Match { left: Named(SctpChunk(SctpChunk { name: "data", field: "flags" })), right: Number(2), op: EQ })], handle: Some(10), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "filter", chain: "FORWARD", expr: [Match(Match { left: Named(CT(CT { key: "helper", family: None, dir: None })), right: String("ftp-standard"), op: EQ }), Accept(None)], handle: Some(11), index: None, comment: None }))] }
[INFO] [stdout] Deserialized document: Nftables { objects: [ListObject(MetainfoObject(MetainfoObject { version: Some("1.0.6"), release_name: Some("Lester Gooch #5"), json_schema_version: Some(1) })), ListObject(Table(Table { family: IP, name: "synproxy_anonymous", handle: Some(1) })), ListObject(Chain(Chain { family: IP, table: "synproxy_anonymous", name: "PREROUTING", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Prerouting), prio: Some(-300), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "synproxy_anonymous", name: "INPUT", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Input), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: IP, table: "synproxy_anonymous", chain: "PREROUTING", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(8080), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), right: String("syn"), op: IN }), Notrack], handle: Some(3), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "synproxy_anonymous", chain: "INPUT", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(8080), op: EQ }), Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: List([String("invalid"), String("untracked")]), op: IN }), SynProxy(SynProxy { mss: Some(1460), wscale: Some(7), flags: Some({Timestamp, SackPerm}) })], handle: Some(4), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "synproxy_anonymous", chain: "INPUT", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: String("invalid"), op: IN }), Drop(None)], handle: Some(5), index: None, comment: None })), ListObject(Table(Table { family: IP, name: "synproxy_named", handle: Some(2) })), ListObject(SynProxy(SynProxy { family: IP, table: "synproxy_named", name: "synproxy_named_1", handle: Some(3), mss: Some(1460), wscale: Some(7), flags: Some({Timestamp, SackPerm}) })), ListObject(SynProxy(SynProxy { family: IP, table: "synproxy_named", name: "synproxy_named_2", handle: Some(4), mss: Some(1460), wscale: Some(5), flags: None })), ListObject(Chain(Chain { family: IP, table: "synproxy_named", name: "PREROUTING", newname: None, handle: Some(1), _type: Some(Filter), hook: Some(Prerouting), prio: Some(-300), dev: None, policy: Some(Accept) })), ListObject(Chain(Chain { family: IP, table: "synproxy_named", name: "FORWARD", newname: None, handle: Some(2), _type: Some(Filter), hook: Some(Forward), prio: Some(0), dev: None, policy: Some(Accept) })), ListObject(Rule(Rule { family: IP, table: "synproxy_named", chain: "PREROUTING", expr: [Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "dport" }))), right: Number(8080), op: EQ }), Match(Match { left: Named(Payload(PayloadField(PayloadField { protocol: "tcp", field: "flags" }))), right: String("syn"), op: IN }), Notrack], handle: Some(5), index: None, comment: None })), ListObject(Rule(Rule { family: IP, table: "synproxy_named", chain: "FORWARD", expr: [Match(Match { left: Named(CT(CT { key: "state", family: None, dir: None })), right: List([String("invalid"), String("untracked")]), op: IN }), SynProxy(SynProxy { mss: None, wscale: None, flags: None })], handle: Some(7), index: None, comment: None }))] }
[INFO] [stdout] test test_deserialize_json_files::workstation.json          ... ok
[INFO] [stdout] test test_deserialize_json_files::tproxy.json               ... ok
[INFO] [stdout] test test_deserialize_json_files::flow.json                 ... ok
[INFO] [stderr]      Running tests/helper_tests.rs (/opt/rustwide/target/x86_64-unknown-linux-musl/debug/deps/helper_tests-ac226b4badae399f)
[INFO] [stdout] test test_deserialize_json_files::synproxy.json             ... ok
[INFO] [stdout] test test_deserialize_json_files::space-keys.json           ... ok
[INFO] [stdout] 
[INFO] [stdout] test result: ok. 11 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.03s
[INFO] [stdout] 
[INFO] [stdout] 
[INFO] [stdout] running 5 tests
[INFO] [stdout] test test_apply_ruleset ... ignored
[INFO] [stdout] test test_list_ruleset ... ignored
[INFO] [stdout] test test_list_ruleset_invalid_program ... ignored
[INFO] [stdout] test test_nft_args_list_map_set ... ignored
[INFO] [stdout] test test_remove_unknown_table ... ignored
[INFO] [stdout] 
[INFO] [stdout] test result: ok. 0 passed; 0 failed; 5 ignored; 0 measured; 0 filtered out; finished in 0.00s
[INFO] [stdout] 
[INFO] [stderr]      Running tests/json_tests.rs (/opt/rustwide/target/x86_64-unknown-linux-musl/debug/deps/json_tests-6610e779f317a4ea)
[INFO] [stdout] 
[INFO] [stdout] running 6 tests
[INFO] [stdout] test test_queue_json_serialisation ... ok
[INFO] [stdout] test test_insert ... ok
[INFO] [stdout] test test_parsing_of_queue_without_flags ... ok
[INFO] [stdout] test test_flowtable ... ok
[INFO] [stdout] test test_parse_payload ... ok
[INFO] [stdout] test test_chain_table_rule_inet ... ok
[INFO] [stdout] 
[INFO] [stdout] test result: ok. 6 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.02s
[INFO] [stdout] 
[INFO] [stderr]      Running tests/serialize.rs (/opt/rustwide/target/x86_64-unknown-linux-musl/debug/deps/serialize-8207c185cb5f96cc)
[INFO] [stdout] 
[INFO] [stdout] running 1 test
[INFO] [stdout] test test_serialize ... ok
[INFO] [stdout] 
[INFO] [stdout] test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
[INFO] [stdout] 
[INFO] running `Command { std: "docker" "inspect" "dfc9f550a8f9fffdc669dc8bda896d4f9f27b02a095ed519cabc6c9b8d9ef0e6", kill_on_drop: false }`
[INFO] running `Command { std: "docker" "rm" "-f" "dfc9f550a8f9fffdc669dc8bda896d4f9f27b02a095ed519cabc6c9b8d9ef0e6", kill_on_drop: false }`
[INFO] [stdout] dfc9f550a8f9fffdc669dc8bda896d4f9f27b02a095ed519cabc6c9b8d9ef0e6