diff options
Diffstat (limited to 'package/network/utils/nftables/patches/204-tests-shell-add-flowtable-tests.patch')
| -rw-r--r-- | package/network/utils/nftables/patches/204-tests-shell-add-flowtable-tests.patch | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/package/network/utils/nftables/patches/204-tests-shell-add-flowtable-tests.patch b/package/network/utils/nftables/patches/204-tests-shell-add-flowtable-tests.patch new file mode 100644 index 0000000000..e6dbf8fbec --- /dev/null +++ b/package/network/utils/nftables/patches/204-tests-shell-add-flowtable-tests.patch @@ -0,0 +1,110 @@ +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Mon, 22 Jan 2018 19:54:36 +0100 +Subject: [PATCH] tests: shell: add flowtable tests + +Add basic flowtable tests. + +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + create mode 100755 tests/shell/testcases/flowtable/0001flowtable_0 + create mode 100755 tests/shell/testcases/flowtable/0002create_flowtable_0 + create mode 100755 tests/shell/testcases/flowtable/0003add_after_flush_0 + create mode 100755 tests/shell/testcases/flowtable/0004delete_after_add0 + create mode 100755 tests/shell/testcases/flowtable/0005delete_in_use_1 + +--- a/tests/shell/run-tests.sh ++++ b/tests/shell/run-tests.sh +@@ -68,7 +68,9 @@ kernel_cleanup() { + nft_set_hash nft_set_rbtree nft_set_bitmap \ + nft_chain_nat_ipv4 nft_chain_nat_ipv6 \ + nf_tables_inet nf_tables_bridge nf_tables_arp \ +- nf_tables_ipv4 nf_tables_ipv6 nf_tables ++ nf_tables_ipv4 nf_tables_ipv6 nf_tables \ ++ nf_flow_table nf_flow_table_ipv4 nf_flow_tables_ipv6 \ ++ nf_flow_table_inet nft_flow_offload + } + + find_tests() { +--- /dev/null ++++ b/tests/shell/testcases/flowtable/0001flowtable_0 +@@ -0,0 +1,33 @@ ++#!/bin/bash ++ ++tmpfile=$(mktemp) ++if [ ! -w $tmpfile ] ; then ++ echo "Failed to create tmp file" >&2 ++ exit 0 ++fi ++ ++trap "rm -rf $tmpfile" EXIT # cleanup if aborted ++ ++ ++EXPECTED='table inet t { ++ flowtable f { ++ hook ingress priority 10 ++ devices = { eth0, wlan0 } ++ } ++ ++ chain c { ++ flow offload @f ++ } ++}' ++ ++echo "$EXPECTED" > $tmpfile ++set -e ++$NFT -f $tmpfile ++ ++GET="$($NFT list ruleset)" ++ ++if [ "$EXPECTED" != "$GET" ] ; then ++ DIFF="$(which diff)" ++ [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") ++ exit 1 ++fi +--- /dev/null ++++ b/tests/shell/testcases/flowtable/0002create_flowtable_0 +@@ -0,0 +1,12 @@ ++#!/bin/bash ++ ++set -e ++$NFT add table t ++$NFT add flowtable t f { hook ingress priority 10 \; devices = { eth0, wlan0 }\; } ++if $NFT create flowtable t f { hook ingress priority 10 \; devices = { eth0, wlan0 }\; } 2>/dev/null ; then ++ echo "E: flowtable creation not failing on existing set" >&2 ++ exit 1 ++fi ++$NFT add flowtable t f { hook ingress priority 10 \; devices = { eth0, wlan0 }\; } ++ ++exit 0 +--- /dev/null ++++ b/tests/shell/testcases/flowtable/0003add_after_flush_0 +@@ -0,0 +1,8 @@ ++#!/bin/bash ++ ++set -e ++$NFT add table x ++$NFT add flowtable x y { hook ingress priority 0\; devices = { eth0, wlan0 }\;} ++$NFT flush ruleset ++$NFT add table x ++$NFT add flowtable x y { hook ingress priority 0\; devices = { eth0, wlan0 }\;} +--- /dev/null ++++ b/tests/shell/testcases/flowtable/0004delete_after_add0 +@@ -0,0 +1,6 @@ ++#!/bin/bash ++ ++set -e ++$NFT add table x ++$NFT add flowtable x y { hook ingress priority 0\; devices = { eth0, wlan0 }\;} ++$NFT delete flowtable x y +--- /dev/null ++++ b/tests/shell/testcases/flowtable/0005delete_in_use_1 +@@ -0,0 +1,9 @@ ++#!/bin/bash ++ ++set -e ++$NFT add table x ++$NFT add chain x x ++$NFT add flowtable x y { hook ingress priority 0\; devices = { eth0, wlan0 }\;} ++$NFT add rule x x flow offload @y ++$NFT delete flowtable x y ++echo "E: delete flowtable in use" |