diff options
| author | Phil Sutter <phil@nwl.cc> | 2025-06-25 18:53:36 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2025-06-26 14:06:51 +0200 |
| commit | 646acfaceb1f550c982c31ba6e60996b0bb012d7 (patch) | |
| tree | 1c5ff7c58caa7b8c96f133a52a2e9eee23f7985c /tests/shell/features/empty_netdev_chains.sh | |
| parent | c9d6f089f0eb2cb615cbca3e4c99b07c5639960f (diff) | |
tests: shell: Fix ifname_based_hooks feature check
The test was technically incorrect: Instead of detecting whether
interface hooks are name-based or not, it actually tested whether
netdev-family chains are removed along with their last hook.
Since the latter behaviour is established in kernel commit fc0133428e7a
("netfilter: nf_tables: Tolerate chains with no remaining hooks") and
thus independent from the name-based hooks change, treating both as the
same kernel feature is not acceptable.
Fix this by detecting whether a netdev-family chain may be added despite
specifying a non-existent interface to hook into. Keep the old check
around with a better name, although unused for now.
Reported-by: Florian Westphal <fw@strlen.de>
Fixes: f27e5abd81f29 ("tests: shell: Adjust to ifname-based hooks")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell/features/empty_netdev_chains.sh')
| -rwxr-xr-x | tests/shell/features/empty_netdev_chains.sh | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/tests/shell/features/empty_netdev_chains.sh b/tests/shell/features/empty_netdev_chains.sh new file mode 100755 index 00000000..cada6956 --- /dev/null +++ b/tests/shell/features/empty_netdev_chains.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +# check if netdev chains survive without a single device + +unshare -n bash -c "ip link add d0 type dummy; \ + $NFT \"table netdev t { \ + chain c { \ + type filter hook ingress priority 0; devices = { d0 }; \ + }; \ + }\"; \ + ip link del d0; \ + $NFT list chain netdev t c" |