diff options
| author | Florian Westphal <fw@strlen.de> | 2023-09-21 01:05:26 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2023-09-21 15:41:52 +0200 |
| commit | b6bfbc2ecf0b7fd9192479e3873632d65fc4fea1 (patch) | |
| tree | f97029f99cbaa09a41b4f66589a11989f8b82ca7 | |
| parent | 424b1c3a0487e3cea19ec40439ab16816ced8370 (diff) | |
tests: shell: add feature probe for sets with more than one element
Kernels < 5.11 can handle only one expression per element, e.g.
its possible to attach a counter per key, or a rate limiter,
or a quota, but not two at the same time.
Add a probe file and skip the relevant tests if the feature is absent.
Signed-off-by: Florian Westphal <fw@strlen.de>
5 files changed, 23 insertions, 0 deletions
diff --git a/tests/shell/features/set_with_two_expressions.nft b/tests/shell/features/set_with_two_expressions.nft new file mode 100644 index 00000000..97632a7a --- /dev/null +++ b/tests/shell/features/set_with_two_expressions.nft @@ -0,0 +1,9 @@ +# 48b0ae046ee9 ("netfilter: nftables: netlink support for several set element expressions") +# v5.11-rc1~169^2~25^2 +table x { + set y { + type ipv4_addr + size 65535 + counter quota 500 bytes + } +} diff --git a/tests/shell/testcases/nft-f/0025empty_dynset_0 b/tests/shell/testcases/nft-f/0025empty_dynset_0 index b66c802f..fbdb5793 100755 --- a/tests/shell/testcases/nft-f/0025empty_dynset_0 +++ b/tests/shell/testcases/nft-f/0025empty_dynset_0 @@ -1,5 +1,7 @@ #!/bin/bash +set -e + RULESET="table ip foo { set inflows { type ipv4_addr . inet_service . ifname . ipv4_addr . inet_service @@ -20,3 +22,9 @@ RULESET="table ip foo { }" $NFT -f - <<< "$RULESET" + +# inflows_ratelimit will be dumped without 'limit rate .. counter' on old kernels. +if [ "$NFT_TEST_HAVE_set_with_two_expressions" = n ]; then + echo "Partial test due to NFT_TEST_HAVE_set_with_two_expressions=n." + exit 77 +fi diff --git a/tests/shell/testcases/sets/0059set_update_multistmt_0 b/tests/shell/testcases/sets/0059set_update_multistmt_0 index 107bfb87..2aeba2c5 100755 --- a/tests/shell/testcases/sets/0059set_update_multistmt_0 +++ b/tests/shell/testcases/sets/0059set_update_multistmt_0 @@ -1,5 +1,7 @@ #!/bin/bash +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_set_with_two_expressions) + RULESET="table x { set y { type ipv4_addr diff --git a/tests/shell/testcases/sets/0060set_multistmt_0 b/tests/shell/testcases/sets/0060set_multistmt_0 index 6bd147c3..8e17444e 100755 --- a/tests/shell/testcases/sets/0060set_multistmt_0 +++ b/tests/shell/testcases/sets/0060set_multistmt_0 @@ -1,5 +1,7 @@ #!/bin/bash +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_set_with_two_expressions) + RULESET="table x { set y { type ipv4_addr diff --git a/tests/shell/testcases/sets/0060set_multistmt_1 b/tests/shell/testcases/sets/0060set_multistmt_1 index 1652668a..04ef047c 100755 --- a/tests/shell/testcases/sets/0060set_multistmt_1 +++ b/tests/shell/testcases/sets/0060set_multistmt_1 @@ -1,5 +1,7 @@ #!/bin/bash +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_set_with_two_expressions) + RULESET="table x { set y { type ipv4_addr |