nftables: update to 0.8.2, backport flowtable support
[openwrt/openwrt.git] / package / network / utils / nftables / patches / 204-tests-shell-add-flowtable-tests.patch
1 From: Pablo Neira Ayuso <pablo@netfilter.org>
2 Date: Mon, 22 Jan 2018 19:54:36 +0100
3 Subject: [PATCH] tests: shell: add flowtable tests
4
5 Add basic flowtable tests.
6
7 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8 ---
9 create mode 100755 tests/shell/testcases/flowtable/0001flowtable_0
10 create mode 100755 tests/shell/testcases/flowtable/0002create_flowtable_0
11 create mode 100755 tests/shell/testcases/flowtable/0003add_after_flush_0
12 create mode 100755 tests/shell/testcases/flowtable/0004delete_after_add0
13 create mode 100755 tests/shell/testcases/flowtable/0005delete_in_use_1
14
15 --- a/tests/shell/run-tests.sh
16 +++ b/tests/shell/run-tests.sh
17 @@ -68,7 +68,9 @@ kernel_cleanup() {
18 nft_set_hash nft_set_rbtree nft_set_bitmap \
19 nft_chain_nat_ipv4 nft_chain_nat_ipv6 \
20 nf_tables_inet nf_tables_bridge nf_tables_arp \
21 - nf_tables_ipv4 nf_tables_ipv6 nf_tables
22 + nf_tables_ipv4 nf_tables_ipv6 nf_tables \
23 + nf_flow_table nf_flow_table_ipv4 nf_flow_tables_ipv6 \
24 + nf_flow_table_inet nft_flow_offload
25 }
26
27 find_tests() {
28 --- /dev/null
29 +++ b/tests/shell/testcases/flowtable/0001flowtable_0
30 @@ -0,0 +1,33 @@
31 +#!/bin/bash
32 +
33 +tmpfile=$(mktemp)
34 +if [ ! -w $tmpfile ] ; then
35 + echo "Failed to create tmp file" >&2
36 + exit 0
37 +fi
38 +
39 +trap "rm -rf $tmpfile" EXIT # cleanup if aborted
40 +
41 +
42 +EXPECTED='table inet t {
43 + flowtable f {
44 + hook ingress priority 10
45 + devices = { eth0, wlan0 }
46 + }
47 +
48 + chain c {
49 + flow offload @f
50 + }
51 +}'
52 +
53 +echo "$EXPECTED" > $tmpfile
54 +set -e
55 +$NFT -f $tmpfile
56 +
57 +GET="$($NFT list ruleset)"
58 +
59 +if [ "$EXPECTED" != "$GET" ] ; then
60 + DIFF="$(which diff)"
61 + [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
62 + exit 1
63 +fi
64 --- /dev/null
65 +++ b/tests/shell/testcases/flowtable/0002create_flowtable_0
66 @@ -0,0 +1,12 @@
67 +#!/bin/bash
68 +
69 +set -e
70 +$NFT add table t
71 +$NFT add flowtable t f { hook ingress priority 10 \; devices = { eth0, wlan0 }\; }
72 +if $NFT create flowtable t f { hook ingress priority 10 \; devices = { eth0, wlan0 }\; } 2>/dev/null ; then
73 + echo "E: flowtable creation not failing on existing set" >&2
74 + exit 1
75 +fi
76 +$NFT add flowtable t f { hook ingress priority 10 \; devices = { eth0, wlan0 }\; }
77 +
78 +exit 0
79 --- /dev/null
80 +++ b/tests/shell/testcases/flowtable/0003add_after_flush_0
81 @@ -0,0 +1,8 @@
82 +#!/bin/bash
83 +
84 +set -e
85 +$NFT add table x
86 +$NFT add flowtable x y { hook ingress priority 0\; devices = { eth0, wlan0 }\;}
87 +$NFT flush ruleset
88 +$NFT add table x
89 +$NFT add flowtable x y { hook ingress priority 0\; devices = { eth0, wlan0 }\;}
90 --- /dev/null
91 +++ b/tests/shell/testcases/flowtable/0004delete_after_add0
92 @@ -0,0 +1,6 @@
93 +#!/bin/bash
94 +
95 +set -e
96 +$NFT add table x
97 +$NFT add flowtable x y { hook ingress priority 0\; devices = { eth0, wlan0 }\;}
98 +$NFT delete flowtable x y
99 --- /dev/null
100 +++ b/tests/shell/testcases/flowtable/0005delete_in_use_1
101 @@ -0,0 +1,9 @@
102 +#!/bin/bash
103 +
104 +set -e
105 +$NFT add table x
106 +$NFT add chain x x
107 +$NFT add flowtable x y { hook ingress priority 0\; devices = { eth0, wlan0 }\;}
108 +$NFT add rule x x flow offload @y
109 +$NFT delete flowtable x y
110 +echo "E: delete flowtable in use"