blob: 700f00ec5e5f1ab4a3dc860381e81e00174def61 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
#!/bin/bash
# NFT_TEST_REQUIRES(NFT_TEST_HAVE_table_flag_owner)
# NFT_TEST_REQUIRES(NFT_TEST_HAVE_table_flag_persist)
die() {
echo "$@"
exit 1
}
$NFT -f - <<EOF
table ip t {
flags owner, persist
}
EOF
[[ $? -eq 0 ]] || {
die "table add failed"
}
$NFT list ruleset | grep -q 'table ip t' || {
die "table does not persist"
}
$NFT list ruleset | grep -q 'flags persist$' || {
die "unexpected flags in orphaned table"
}
$NFT -f - <<EOF
table ip t {
flags owner, persist
}
EOF
[[ $? -eq 0 ]] || {
die "retake ownership failed"
}
EXPECT="table ip t {
flags persist
}"
diff -u <(echo "$EXPECT") <($NFT list ruleset) || {
die "unexpected ruleset before coproc setup"
}
coproc $NFT -i
sleep 1
cat >&"${COPROC[1]}" <<EOF
add table ip t { flags owner, persist; }
EOF
COMM=$(</proc/${COPROC_PID}/comm)
EXPECT="table ip t { # progname $COMM
flags owner,persist
}"
diff -u <(echo "$EXPECT") <($NFT list ruleset) || {
die "unexpected ruleset after coproc setup"
}
$NFT flush ruleset
$NFT list ruleset | grep -q 'table ip t' || {
die "flushed owned table"
}
$NFT add table 'ip t { flags owner, persist; }' && {
die "stole owned table"
}
cat >&"${COPROC[1]}" <<EOF
delete table ip t
EOF
[[ -z $($NFT list ruleset) ]] || {
die "owner should be able to delete the table"
}
eval "exec ${COPROC[1]}>&-"
wait $COPROC_PID
exit 0
|
