diff options
| author | Florian Westphal <fw@strlen.de> | 2023-09-15 15:20:05 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2023-10-07 20:16:43 +0200 |
| commit | bcca2d67656f9bd1ef4159268cb49dbdcf2d811a (patch) | |
| tree | 7ac389be74818b544e15d3bf01b43830231bb9e6 /tests/shell/testcases/transactions | |
| parent | 2e86f45d0260a0dab8fed974853d84d9923bbc55 (diff) | |
tests: add test for dormant on/off/on bug
Disallow enabling/disabling a table in a single transaction.
Make sure we still allow one update, either to dormant, or
from active to dormant.
Reported-by: "Lee, Cherie-Anne" <cherie.lee@starlabs.sg>
Cc: Bing-Jhong Billy Jheng <billy@starlabs.sg>
Cc: info@starlabs.sg
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell/testcases/transactions')
| -rw-r--r-- | tests/shell/testcases/transactions/dumps/table_onoff.nft | 8 | ||||
| -rwxr-xr-x | tests/shell/testcases/transactions/table_onoff | 44 |
2 files changed, 52 insertions, 0 deletions
diff --git a/tests/shell/testcases/transactions/dumps/table_onoff.nft b/tests/shell/testcases/transactions/dumps/table_onoff.nft new file mode 100644 index 00000000..038be1c0 --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/table_onoff.nft @@ -0,0 +1,8 @@ +table ip t { + flags dormant + + chain c { + type filter hook input priority filter; policy accept; + ip daddr 127.0.0.42 counter packets 0 bytes 0 + } +} diff --git a/tests/shell/testcases/transactions/table_onoff b/tests/shell/testcases/transactions/table_onoff new file mode 100755 index 00000000..831d4614 --- /dev/null +++ b/tests/shell/testcases/transactions/table_onoff @@ -0,0 +1,44 @@ +#!/bin/bash + +# attempt to re-awaken a table that is flagged dormant within +# same transaction +$NFT -f - <<EOF +add table ip t +add table ip t { flags dormant; } +add chain ip t c { type filter hook input priority 0; } +add table ip t +delete table ip t +EOF + +if [ $? -eq 0 ]; then + exit 1 +fi + +set -e + +ip link set lo up + +# add a dormant table, then wake it up in same +# transaction. +$NFT -f - <<EOF +add table ip t { flags dormant; } +add chain ip t c { type filter hook input priority 0; } +add rule ip t c ip daddr 127.0.0.42 counter +add table ip t +EOF + +# check table is indeed active. +ping -c 1 127.0.0.42 +$NFT list chain ip t c | grep "counter packets 1" +$NFT delete table ip t + +# allow to flag table dormant. +$NFT -f - <<EOF +add table ip t +add chain ip t c { type filter hook input priority 0; } +add rule ip t c ip daddr 127.0.0.42 counter +add table ip t { flags dormant; } +EOF + +ping -c 1 127.0.0.42 +# expect run-tests.sh to complain if counter isn't 0. |