tests: shell: cover netns removal for netdev and inet/ingress basechains

Add two tests to exercise netns removal with netdev and inet/ingress basechains. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-01-18 22:58:02 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2024-02-07 13:37:00 +0100
commit: 6847a7ce0fc99a63a812de6cdbbf568ad9ca6f69 (patch)
tree: da3123aad1a6f2ad37269064b3bdbad5c083153c /tests/shell
parent: 2e403e429233bee65655d712be5b33c90611c722 (diff)
4 files changed, 78 insertions, 0 deletions
diff --git a/tests/shell/testcases/chains/dumps/netdev_multidev_netns_gone.nodump b/tests/shell/testcases/chains/dumps/netdev_multidev_netns_gone.nodump
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/netdev_multidev_netns_gone.nodump
diff --git a/tests/shell/testcases/chains/dumps/netdev_netns_gone.nodump b/tests/shell/testcases/chains/dumps/netdev_netns_gone.nodump
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/netdev_netns_gone.nodump
diff --git a/tests/shell/testcases/chains/netdev_multidev_netns_gone b/tests/shell/testcases/chains/netdev_multidev_netns_gone
new file mode 100755
index 00000000..31ab29bd
--- /dev/null
+++ b/tests/shell/testcases/chains/netdev_multidev_netns_gone
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_chain_binding)
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_netdev_chain_multidevice)
+
+set -e
+
+rnd=$(mktemp -u XXXXXXXX)
+ns1="nft1ns-$rnd"
+
+iface_cleanup() {
+	ip netns del $ns1 &>/dev/null || :
+}
+trap 'iface_cleanup' EXIT
+
+load_ruleset() {
+	family=$1
+
+	ip netns add $ns1
+	ip -net $ns1 link add d0 type dummy
+	ip -net $ns1 link add d1 type dummy
+	ip -net $ns1 link add d2 type dummy
+
+	# Test auto-removal of chain hook on device removal
+	RULESET="table $family x {
+	chain x {}
+	chain w {
+		ip daddr 8.7.6.0/24 jump {
+			ip daddr vmap { 8.7.6.3 : jump x, 8.7.6.4 : jump x }
+		}
+	}
+	chain y {
+		type filter hook ingress devices = { d0, d1, d2 } priority 0;
+		ip saddr { 1.2.3.4, 2.3.4.5 } counter
+		ip daddr vmap { 5.4.3.0/24 : jump w, 8.9.0.0/24 : jump x }
+	}
+}"
+	ip netns exec $ns1 $NFT -f - <<< $RULESET
+	ip netns del $ns1
+}
+
+load_ruleset "inet"
+load_ruleset "netdev"
diff --git a/tests/shell/testcases/chains/netdev_netns_gone b/tests/shell/testcases/chains/netdev_netns_gone
new file mode 100755
index 00000000..e6b65996
--- /dev/null
+++ b/tests/shell/testcases/chains/netdev_netns_gone
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+set -e
+
+rnd=$(mktemp -u XXXXXXXX)
+ns1="nft1ns-$rnd"
+
+iface_cleanup() {
+	ip netns del $ns1 &>/dev/null || :
+}
+trap 'iface_cleanup' EXIT
+
+load_ruleset() {
+	family=$1
+
+	ip netns add $ns1
+	ip -net $ns1 link add d0 type dummy
+
+	RULESET="table $family x {
+	chain x {}
+	chain w {
+		ip daddr 8.7.6.0/24 jump x
+	}
+	chain y {
+		type filter hook ingress device \"d0\" priority 0;
+		ip saddr { 1.2.3.4, 2.3.4.5 } counter
+		ip daddr vmap { 5.4.3.0/24 : jump w, 8.9.0.0/24 : jump x }
+	}
+}"
+	ip netns exec $ns1 $NFT -f - <<< $RULESET
+	ip netns del $ns1
+}
+
+load_ruleset "inet"
+load_ruleset "netdev"
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-01-18 22:58:02 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2024-02-07 13:37:00 +0100
commit	6847a7ce0fc99a63a812de6cdbbf568ad9ca6f69 (patch)
tree	da3123aad1a6f2ad37269064b3bdbad5c083153c /tests/shell
parent	2e403e429233bee65655d712be5b33c90611c722 (diff)