tests/shell: skip reset tests if kernel lacks support

reset is implemented via flush + extra attribute, so older kernels
perform a flush.  This means .nft doesn't work, we need to check
if the individual set contents/sets are still in place post-reset.

Make this generic and permit use of feat.sh in addition to the simpler
foo.nft feature files.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Thomas Haller <thaller@redhat.com>

5 files changed, 43 insertions, 4 deletions

diff --git a/tests/shell/features/reset_rule.sh b/tests/shell/features/reset_rule.sh
new file mode 100755
index 00000000..567ee2f1
--- /dev/null
+++ b/tests/shell/features/reset_rule.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# 8daa8fde3fc3 ("netfilter: nf_tables: Introduce NFT_MSG_GETRULE_RESET")
+# v6.2-rc1~99^2~210^2~2
+
+unshare -n bash -c "$NFT \"add table t; add chain t c ; add rule t c counter packets 1 bytes 42\"; \
+$NFT reset rules chain t c ; \
+$NFT reset rules chain t c |grep counter\ packets\ 0\ bytes\ 0"
diff --git a/tests/shell/features/reset_set.sh b/tests/shell/features/reset_set.sh
new file mode 100755
index 00000000..3d034175
--- /dev/null
+++ b/tests/shell/features/reset_set.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# 079cd633219d ("netfilter: nf_tables: Introduce NFT_MSG_GETSETELEM_RESET")
+# v6.5-rc1~163^2~9^2~1
+
+unshare -n bash -c "$NFT add table t; \
+ $NFT add set t s { type ipv4_addr\; counter\; elements = { 127.0.0.1 counter packets 1 bytes 2 } } ; \
+ $NFT reset set t s ; \
+ $NFT reset set t s | grep counter\ packets\ 0\ bytes\ 0
+"
diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh
index d11b4a63..9c7e280e 100755
--- a/tests/shell/run-tests.sh
+++ b/tests/shell/run-tests.sh
@@ -224,13 +224,13 @@ export NFT_TEST_BASEDIR
 _HAVE_OPTS=( json )
 _HAVE_OPTS_NFT=()
 shopt -s nullglob
-F=( "$NFT_TEST_BASEDIR/features/"*.nft )
+F=( "$NFT_TEST_BASEDIR/features/"*.nft "$NFT_TEST_BASEDIR/features/"*.sh )
 shopt -u nullglob
 for file in "${F[@]}"; do
 	feat="${file##*/}"
-	feat="${feat%.nft}"
+	feat="${feat%.*}"
 	re="^[a-z_0-9]+$"
-	if [[ "$feat" =~ $re ]] && ! array_contains "$feat" "${_HAVE_OPTS[@]}" ; then
+	if [[ "$feat" =~ $re ]] && ! array_contains "$feat" "${_HAVE_OPTS[@]}" "${_HAVE_OPTS_NFT[@]}" && [[ "$file" != *.sh || -x "$file" ]] ; then
 		_HAVE_OPTS_NFT+=( "$feat" )
 	else
 		msg_warn "Ignore feature file \"$file\""
@@ -494,11 +494,28 @@ else
 fi
 export NFT_TEST_HAVE_json
 
+feature_probe()
+{
+	local with_path="$NFT_TEST_BASEDIR/features/$1"
+
+	if [ -r "$with_path.nft" ] ; then
+		$NFT_TEST_UNSHARE_CMD "$NFT_REAL" --check -f "$with_path.nft" &>/dev/null
+		return $?
+	fi
+
+	if [ -x "$with_path.sh" ] ; then
+		NFT="$NFT_REAL" $NFT_TEST_UNSHARE_CMD "$with_path.sh" &>/dev/null
+		return $?
+	fi
+
+	return 1
+}
+
 for feat in "${_HAVE_OPTS_NFT[@]}" ; do
 	var="NFT_TEST_HAVE_$feat"
 	if [ -z "${!var+x}" ] ; then
 		val='y'
-		$NFT_TEST_UNSHARE_CMD "$NFT_REAL" --check -f "$NFT_TEST_BASEDIR/features/$feat.nft" &>/dev/null || val='n'
+		feature_probe "$feat" || val='n'
 	else
 		val="$(bool_n "${!var}")"
 	fi
diff --git a/tests/shell/testcases/rule_management/0011reset_0 b/tests/shell/testcases/rule_management/0011reset_0
index 8d230796..33eadd9e 100755
--- a/tests/shell/testcases/rule_management/0011reset_0
+++ b/tests/shell/testcases/rule_management/0011reset_0
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_reset_rule)
+
 set -e
 
 echo "loading ruleset"
diff --git a/tests/shell/testcases/sets/reset_command_0 b/tests/shell/testcases/sets/reset_command_0
index ad2e16a7..5e769fe6 100755
--- a/tests/shell/testcases/sets/reset_command_0
+++ b/tests/shell/testcases/sets/reset_command_0
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_reset_set)
+
 set -e
 
 trap '[[ $? -eq 0 ]] || echo FAIL' EXIT