diff options
| author | Florian Westphal <fw@strlen.de> | 2018-11-28 11:44:59 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2018-11-28 12:16:42 +0100 |
| commit | 431635b134a05963dd1e7cda252d16eec8a53787 (patch) | |
| tree | b9f9d3086e6c983eee79ef73f5526b1c1796011a /tests/shell/testcases/rule_management | |
| parent | 285bb67a11ad2a6cac29b9f0eff3cf6066e0d39f (diff) | |
tests: add test case for rule replacement expression deactivation
When a rule is replaced, all of the expressions that are in use need to
be deactivated.
Kernel missed to do this on replace. In this example, this would
result in a leak of the chain use counter ("jump" expression
deactivation is not called). This then either resulted in a BUG or
WARN, depending on kernel version.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell/testcases/rule_management')
| -rwxr-xr-x | tests/shell/testcases/rule_management/0010replace_0 | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/tests/shell/testcases/rule_management/0010replace_0 b/tests/shell/testcases/rule_management/0010replace_0 new file mode 100755 index 00000000..251cebb2 --- /dev/null +++ b/tests/shell/testcases/rule_management/0010replace_0 @@ -0,0 +1,12 @@ +#!/bin/sh + +# test for kernel commit ca08987885a147643817d02bf260bc4756ce8cd4 +# ("netfilter: nf_tables: deactivate expressions in rule replecement routine") + +set -e +$NFT add table t +$NFT add chain t c1 +$NFT add chain t c2 +$NFT add rule ip t c1 jump c2 +$NFT replace rule ip t c1 handle 3 accept +$NFT flush ruleset |