summaryrefslogtreecommitdiffstats
path: root/tests/shell/features
diff options
context:
space:
mode:
Diffstat (limited to 'tests/shell/features')
-rw-r--r--tests/shell/features/ip_options.nft8
-rw-r--r--tests/shell/features/ipsec.nft7
-rwxr-xr-xtests/shell/features/position_id.sh23
3 files changed, 38 insertions, 0 deletions
diff --git a/tests/shell/features/ip_options.nft b/tests/shell/features/ip_options.nft
new file mode 100644
index 00000000..0b8cb09c
--- /dev/null
+++ b/tests/shell/features/ip_options.nft
@@ -0,0 +1,8 @@
+# dbb5281a1f84 ("netfilter: nf_tables: add support for matching IPv4 options")
+# v5.3-rc1~140^2~153^2~1
+
+table ip x {
+ chain y {
+ ip option ra value 255
+ }
+}
diff --git a/tests/shell/features/ipsec.nft b/tests/shell/features/ipsec.nft
new file mode 100644
index 00000000..e7252271
--- /dev/null
+++ b/tests/shell/features/ipsec.nft
@@ -0,0 +1,7 @@
+# 6c47260250fc ("netfilter: nf_tables: add xfrm expression")
+# v4.20-rc1~14^2~125^2~25
+table ip x {
+ chain y {
+ ipsec in reqid 23
+ }
+}
diff --git a/tests/shell/features/position_id.sh b/tests/shell/features/position_id.sh
new file mode 100755
index 00000000..43ac97ac
--- /dev/null
+++ b/tests/shell/features/position_id.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# 75dd48e2e420 ("netfilter: nf_tables: Support RULE_ID reference in new rule")
+# v5.1-rc1~178^2~405^2~27
+
+EXPECTED="table inet t {
+ chain c {
+ tcp dport 1234 accept
+ udp dport 4321 accept
+ accept
+ }
+}"
+
+RULESET="add table inet t
+add chain inet t c
+add rule inet t c tcp dport 1234 accept
+add rule inet t c accept
+insert rule inet t c index 1 udp dport 4321 accept
+"
+
+$NFT -f - <<< $RULESET
+
+diff -u <($NFT list ruleset) - <<<"$EXPECTED"