From 59d304f47a121afda867d792c709bc2c81946979 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 22 Nov 2023 09:43:04 +0100 Subject: evaluate: bogus error when adding devices to flowtable Bail out if flowtable declaration is missing and no devices are specified. Otherwise, this reports a bogus error when adding new devices to an existing flowtable. # nft -v nftables v1.0.9 (Old Doc Yak #3) # ip link add dummy1 type dummy # ip link set dummy1 up # nft 'create flowtable inet filter f1 { hook ingress priority 0; counter }' # nft 'add flowtable inet filter f1 { devices = { dummy1 } ; }' Error: missing hook and priority in flowtable declaration add flowtable inet filter f1 { devices = { dummy1 } ; } ^^^^^^^^^^^^^^^^^^^^^^^^ Fixes: 5ad475fce5a1 ("evaluate: bail out if new flowtable does not specify hook and priority") Reported-by: Martin Gignac Signed-off-by: Pablo Neira Ayuso --- tests/shell/testcases/flowtable/0015destroy_0 | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'tests/shell/testcases') diff --git a/tests/shell/testcases/flowtable/0015destroy_0 b/tests/shell/testcases/flowtable/0015destroy_0 index d2a87da0..cea33524 100755 --- a/tests/shell/testcases/flowtable/0015destroy_0 +++ b/tests/shell/testcases/flowtable/0015destroy_0 @@ -2,6 +2,11 @@ # NFT_TEST_REQUIRES(NFT_TEST_HAVE_destroy) +trap "ip link del dummy1" EXIT + +ip link add dummy1 type dummy +ip link set dummy1 up + $NFT add table t # pass for non-existent flowtable @@ -9,4 +14,7 @@ $NFT destroy flowtable t f # successfully delete existing flowtable $NFT add flowtable t f '{ hook ingress priority 10; devices = { lo }; }' + +$NFT 'add flowtable t f { devices = { dummy1 } ; }' + $NFT destroy flowtable t f -- cgit v1.2.3