diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-07-16 14:36:28 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-07-21 14:20:18 +0200 |
| commit | d100e2d811749bf34bb6aeac322052c56661c124 (patch) | |
| tree | 4644bbd66ca3056917de47c012c87e9fa1a5c2b0 /tests/shell/testcases/flowtable | |
| parent | bde991a2e8fe012c65895a5bac8bd9ccb22ffbc4 (diff) | |
src: allow to use variables in flowtable and chain devices
This patch adds support for using variables for devices in the chain and
flowtable definitions, eg.
define if_main = lo
table netdev filter1 {
chain Main_Ingress1 {
type filter hook ingress device $if_main priority -500; policy accept;
}
}
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases/flowtable')
| -rwxr-xr-x | tests/shell/testcases/flowtable/0012flowtable_variable_0 | 29 | ||||
| -rw-r--r-- | tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft | 14 |
2 files changed, 43 insertions, 0 deletions
diff --git a/tests/shell/testcases/flowtable/0012flowtable_variable_0 b/tests/shell/testcases/flowtable/0012flowtable_variable_0 new file mode 100755 index 00000000..8e334224 --- /dev/null +++ b/tests/shell/testcases/flowtable/0012flowtable_variable_0 @@ -0,0 +1,29 @@ +#!/bin/bash + +set -e + +ip link add name dummy1 type dummy + +EXPECTED="define if_main = { lo, dummy1 } + +table filter1 { + flowtable Main_ft1 { + hook ingress priority filter + counter + devices = \$if_main + } +}" + +$NFT -f - <<< $EXPECTED + +EXPECTED="define if_main = \"lo\" + +table filter2 { + flowtable Main_ft2 { + hook ingress priority filter + counter + devices = { \$if_main, dummy1 } + } +}" + +$NFT -f - <<< $EXPECTED diff --git a/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft b/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft new file mode 100644 index 00000000..1cbb2f11 --- /dev/null +++ b/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft @@ -0,0 +1,14 @@ +table ip filter1 { + flowtable Main_ft1 { + hook ingress priority filter + devices = { dummy1, lo } + counter + } +} +table ip filter2 { + flowtable Main_ft2 { + hook ingress priority filter + devices = { dummy1, lo } + counter + } +} |