diff options
Diffstat (limited to 'tests/shell/features')
-rw-r--r-- | tests/shell/features/ip_options.nft | 8 | ||||
-rw-r--r-- | tests/shell/features/ipsec.nft | 7 | ||||
-rwxr-xr-x | tests/shell/features/position_id.sh | 23 |
3 files changed, 38 insertions, 0 deletions
diff --git a/tests/shell/features/ip_options.nft b/tests/shell/features/ip_options.nft new file mode 100644 index 00000000..0b8cb09c --- /dev/null +++ b/tests/shell/features/ip_options.nft @@ -0,0 +1,8 @@ +# dbb5281a1f84 ("netfilter: nf_tables: add support for matching IPv4 options") +# v5.3-rc1~140^2~153^2~1 + +table ip x { + chain y { + ip option ra value 255 + } +} diff --git a/tests/shell/features/ipsec.nft b/tests/shell/features/ipsec.nft new file mode 100644 index 00000000..e7252271 --- /dev/null +++ b/tests/shell/features/ipsec.nft @@ -0,0 +1,7 @@ +# 6c47260250fc ("netfilter: nf_tables: add xfrm expression") +# v4.20-rc1~14^2~125^2~25 +table ip x { + chain y { + ipsec in reqid 23 + } +} diff --git a/tests/shell/features/position_id.sh b/tests/shell/features/position_id.sh new file mode 100755 index 00000000..43ac97ac --- /dev/null +++ b/tests/shell/features/position_id.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# 75dd48e2e420 ("netfilter: nf_tables: Support RULE_ID reference in new rule") +# v5.1-rc1~178^2~405^2~27 + +EXPECTED="table inet t { + chain c { + tcp dport 1234 accept + udp dport 4321 accept + accept + } +}" + +RULESET="add table inet t +add chain inet t c +add rule inet t c tcp dport 1234 accept +add rule inet t c accept +insert rule inet t c index 1 udp dport 4321 accept +" + +$NFT -f - <<< $RULESET + +diff -u <($NFT list ruleset) - <<<"$EXPECTED" |