diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-22 09:43:04 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-22 10:14:10 +0100 |
| commit | 59d304f47a121afda867d792c709bc2c81946979 (patch) | |
| tree | e61d3f0fbd59b4b00664dc8dbb99794a3b978faf /tests | |
| parent | bab3ede002da778e18fa5f30ac7b05c4de5e1de8 (diff) | |
evaluate: bogus error when adding devices to flowtable
Bail out if flowtable declaration is missing and no devices are
specified.
Otherwise, this reports a bogus error when adding new devices to an
existing flowtable.
# nft -v
nftables v1.0.9 (Old Doc Yak #3)
# ip link add dummy1 type dummy
# ip link set dummy1 up
# nft 'create flowtable inet filter f1 { hook ingress priority 0; counter }'
# nft 'add flowtable inet filter f1 { devices = { dummy1 } ; }'
Error: missing hook and priority in flowtable declaration
add flowtable inet filter f1 { devices = { dummy1 } ; }
^^^^^^^^^^^^^^^^^^^^^^^^
Fixes: 5ad475fce5a1 ("evaluate: bail out if new flowtable does not specify hook and priority")
Reported-by: Martin Gignac <martin.gignac@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
| -rwxr-xr-x | tests/shell/testcases/flowtable/0015destroy_0 | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/tests/shell/testcases/flowtable/0015destroy_0 b/tests/shell/testcases/flowtable/0015destroy_0 index d2a87da0..cea33524 100755 --- a/tests/shell/testcases/flowtable/0015destroy_0 +++ b/tests/shell/testcases/flowtable/0015destroy_0 @@ -2,6 +2,11 @@ # NFT_TEST_REQUIRES(NFT_TEST_HAVE_destroy) +trap "ip link del dummy1" EXIT + +ip link add dummy1 type dummy +ip link set dummy1 up + $NFT add table t # pass for non-existent flowtable @@ -9,4 +14,7 @@ $NFT destroy flowtable t f # successfully delete existing flowtable $NFT add flowtable t f '{ hook ingress priority 10; devices = { lo }; }' + +$NFT 'add flowtable t f { devices = { dummy1 } ; }' + $NFT destroy flowtable t f |