From 6847a7ce0fc99a63a812de6cdbbf568ad9ca6f69 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 18 Jan 2024 22:58:02 +0100 Subject: tests: shell: cover netns removal for netdev and inet/ingress basechains Add two tests to exercise netns removal with netdev and inet/ingress basechains. Signed-off-by: Pablo Neira Ayuso --- .../chains/dumps/netdev_multidev_netns_gone.nodump | 0 .../chains/dumps/netdev_netns_gone.nodump | 0 .../testcases/chains/netdev_multidev_netns_gone | 43 ++++++++++++++++++++++ tests/shell/testcases/chains/netdev_netns_gone | 35 ++++++++++++++++++ 4 files changed, 78 insertions(+) create mode 100644 tests/shell/testcases/chains/dumps/netdev_multidev_netns_gone.nodump create mode 100644 tests/shell/testcases/chains/dumps/netdev_netns_gone.nodump create mode 100755 tests/shell/testcases/chains/netdev_multidev_netns_gone create mode 100755 tests/shell/testcases/chains/netdev_netns_gone diff --git a/tests/shell/testcases/chains/dumps/netdev_multidev_netns_gone.nodump b/tests/shell/testcases/chains/dumps/netdev_multidev_netns_gone.nodump new file mode 100644 index 00000000..e69de29b diff --git a/tests/shell/testcases/chains/dumps/netdev_netns_gone.nodump b/tests/shell/testcases/chains/dumps/netdev_netns_gone.nodump new file mode 100644 index 00000000..e69de29b diff --git a/tests/shell/testcases/chains/netdev_multidev_netns_gone b/tests/shell/testcases/chains/netdev_multidev_netns_gone new file mode 100755 index 00000000..31ab29bd --- /dev/null +++ b/tests/shell/testcases/chains/netdev_multidev_netns_gone @@ -0,0 +1,43 @@ +#!/bin/bash + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_chain_binding) +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_netdev_chain_multidevice) + +set -e + +rnd=$(mktemp -u XXXXXXXX) +ns1="nft1ns-$rnd" + +iface_cleanup() { + ip netns del $ns1 &>/dev/null || : +} +trap 'iface_cleanup' EXIT + +load_ruleset() { + family=$1 + + ip netns add $ns1 + ip -net $ns1 link add d0 type dummy + ip -net $ns1 link add d1 type dummy + ip -net $ns1 link add d2 type dummy + + # Test auto-removal of chain hook on device removal + RULESET="table $family x { + chain x {} + chain w { + ip daddr 8.7.6.0/24 jump { + ip daddr vmap { 8.7.6.3 : jump x, 8.7.6.4 : jump x } + } + } + chain y { + type filter hook ingress devices = { d0, d1, d2 } priority 0; + ip saddr { 1.2.3.4, 2.3.4.5 } counter + ip daddr vmap { 5.4.3.0/24 : jump w, 8.9.0.0/24 : jump x } + } +}" + ip netns exec $ns1 $NFT -f - <<< $RULESET + ip netns del $ns1 +} + +load_ruleset "inet" +load_ruleset "netdev" diff --git a/tests/shell/testcases/chains/netdev_netns_gone b/tests/shell/testcases/chains/netdev_netns_gone new file mode 100755 index 00000000..e6b65996 --- /dev/null +++ b/tests/shell/testcases/chains/netdev_netns_gone @@ -0,0 +1,35 @@ +#!/bin/bash + +set -e + +rnd=$(mktemp -u XXXXXXXX) +ns1="nft1ns-$rnd" + +iface_cleanup() { + ip netns del $ns1 &>/dev/null || : +} +trap 'iface_cleanup' EXIT + +load_ruleset() { + family=$1 + + ip netns add $ns1 + ip -net $ns1 link add d0 type dummy + + RULESET="table $family x { + chain x {} + chain w { + ip daddr 8.7.6.0/24 jump x + } + chain y { + type filter hook ingress device \"d0\" priority 0; + ip saddr { 1.2.3.4, 2.3.4.5 } counter + ip daddr vmap { 5.4.3.0/24 : jump w, 8.9.0.0/24 : jump x } + } +}" + ip netns exec $ns1 $NFT -f - <<< $RULESET + ip netns del $ns1 +} + +load_ruleset "inet" +load_ruleset "netdev" -- cgit v1.2.3