summaryrefslogtreecommitdiffstats
path: root/tests/shell/features
Commit message (Collapse)AuthorAgeFilesLines
* tests: shell: add test case for timeout updatesFlorian Westphal12 days1-0/+22
| | | | | | | | | | | | Needs a feature check file, so add one: Add element with 1m timeout, then update expiry to 1ms. If element still exists after 1ms, update request was ignored. Test case checks timeouts can both be incremented and decremented, checks error recovery (update request but transaction fails) and that expiry is restored in addion to timeout. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: shell: skip NFTA_RULE_POSITION_ID tests if kernel does not support itPablo Neira Ayuso2024-06-131-0/+23
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: skip ipsec tests if kernel does not support itPablo Neira Ayuso2024-06-131-0/+7
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: skip ip option tests if kernel does not support itPablo Neira Ayuso2024-06-131-0/+8
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Add support for table's persist flagPhil Sutter2024-04-191-0/+3
| | | | | | | | | Bison parser lacked support for passing multiple flags, JSON parser did not support table flags at all. Document also 'owner' flag (and describe their relationship in nft.8. Signed-off-by: Phil Sutter <phil@nwl.cc>
* tests: shell: check for reset tcp options supportPablo Neira Ayuso2024-04-081-0/+5
| | | | | Fixes: 59a33d08ab3a ("parser: tcpopt: fix tcp option parsing with NUM + length field") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: skip if kernel does not allow to restore set element expirationPablo Neira Ayuso2023-11-221-0/+18
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: skip secmark tests if kernel does not support itPablo Neira Ayuso2023-11-221-0/+7
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: skip nat inet if kernel does not support itPablo Neira Ayuso2023-11-221-0/+7
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: skip synproxy test if kernel does not support itPablo Neira Ayuso2023-11-221-0/+9
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: skip stateful object updates if unsupportedPablo Neira Ayuso2023-11-221-0/+21
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: skip meta time test meta expression lacks supportFlorian Westphal2023-11-211-0/+7
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: shell: skip maps delete test if dynset lacks delete opFlorian Westphal2023-11-211-0/+12
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: shell: skip if kernel does not support flowtable with no devicesPablo Neira Ayuso2023-11-151-0/+8
| | | | | | | | Originally, flowtables required devices in place to work, this was later relaxed to allow flowtable with no initial devices, see 05abe4456fa3 ("netfilter: nf_tables: allow to register flowtable with no devices"). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: skip if kernel does not support flowtable counterPablo Neira Ayuso2023-11-151-0/+16
| | | | | | | Check if kernel provides flowtable counter supports which is available since 53c2b2899af7 ("netfilter: flowtable: add counter support"). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: skip multidevice chain tests if kernel lacks supportPablo Neira Ayuso2023-11-111-0/+17
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: skip comment tests if kernel lacks supportPablo Neira Ayuso2023-11-111-0/+14
| | | | | | Skip tests that require comment support Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: skip NAT netmap tests if kernel lacks supportPablo Neira Ayuso2023-11-111-0/+8
| | | | | | Skip tests that require NAT netmap support Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: skip stateful expression in sets tests if kernel lacks supportPablo Neira Ayuso2023-11-111-0/+19
| | | | | | Skip tests that require stateful expressions in sets. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: skip prerouting reject tests if kernel lacks supportPablo Neira Ayuso2023-11-111-0/+8
| | | | | | Skip tests that require reject at prerouting hook. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: skip pipapo tests if kernel lacks supportPablo Neira Ayuso2023-11-111-0/+9
| | | | | | Skip tests that require net/netfilter/nft_set_pipapo support. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: shell: features: Fix table owner flag checkPhil Sutter2023-09-261-1/+1
| | | | | | | | | | | The keyword is "flags", not "flag". Resulted in a false-negative: features/table_flag_owner.nft:4:2-5: Error: syntax error, unexpected string flag owner; ^^^^ Fixes: 10373f0936cd3 ("tests: shell: skip flowtable-uaf if we lack table owner support") Signed-off-by: Phil Sutter <phil@nwl.cc>
* tests: shell: skip flowtable-uaf if we lack table owner supportFlorian Westphal2023-09-221-0/+5
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: shell: add feature probe for sctp chunk matchingFlorian Westphal2023-09-211-0/+7
| | | | | | Skip the relavant parts of the test if nft_exthdr lacks sctp support. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests: shell: add feature probe for sets with more than one elementFlorian Westphal2023-09-211-0/+9
| | | | | | | | | | Kernels < 5.11 can handle only one expression per element, e.g. its possible to attach a counter per key, or a rate limiter, or a quota, but not two at the same time. Add a probe file and skip the relevant tests if the feature is absent. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests/shell: implement NFT_TEST_HAVE_json feature detection as scriptThomas Haller2023-09-181-0/+6
| | | | | | | | No more need to special case the "run a script" approach for detecting the json feature. Use the new mechanism instead. Signed-off-by: Thomas Haller <thaller@redhat.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* tests/shell: skip reset tests if kernel lacks supportFlorian Westphal2023-09-182-0/+18
| | | | | | | | | | | | reset is implemented via flush + extra attribute, so older kernels perform a flush. This means .nft doesn't work, we need to check if the individual set contents/sets are still in place post-reset. Make this generic and permit use of feat.sh in addition to the simpler foo.nft feature files. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Thomas Haller <thaller@redhat.com>
* tests/shell: skip test cases if ct expectation and/or timeout lacks supportFlorian Westphal2023-09-182-0/+18
| | | | | Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Thomas Haller <thaller@redhat.com>
* tests/shell: skip test cases involving osf match if kernel lacks supportFlorian Westphal2023-09-181-0/+7
| | | | | Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Thomas Haller <thaller@redhat.com>
* tests/shell: skip catchall tests if kernel lacks supportFlorian Westphal2023-09-181-0/+8
| | | | | Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Thomas Haller <thaller@redhat.com>
* tests/shell: skip destroy tests if kernel lacks supportFlorian Westphal2023-09-181-0/+3
| | | | | | | | Destroy support was added for table/flowtable/chain etc. in a single commit, so no need to add capability tests for each destroy subtype. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Thomas Haller <thaller@redhat.com>
* tests/shell: skip inet ingress tests if kernel lacks supportFlorian Westphal2023-09-181-0/+7
| | | | | | | Split the bridge autoremove test to a new file. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Thomas Haller <thaller@redhat.com>
* tests/shell: skip some tests if kernel lacks netdev egress supportFlorian Westphal2023-09-181-0/+7
| | | | | Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Thomas Haller <thaller@redhat.com>
* tests/shell: skip bitshift tests if kernel lacks supportFlorian Westphal2023-09-181-0/+7
| | | | | Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Thomas Haller <thaller@redhat.com>
* tests/shell: skip inner matching tests if unsupportedFlorian Westphal2023-09-181-0/+7
| | | | | Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Thomas Haller <thaller@redhat.com>
* tests/shell: skip map query if kernel lacks supportFlorian Westphal2023-09-181-0/+11
| | | | | | | | | | | | | | On recent kernels one can perform a lookup in a map without a destination register (i.e., treat the map like a set -- pure existence check). Add a feature probe and work around the missing feature in typeof_maps_add_delete: do the test with a simplified ruleset, Indicate skipped even though a reduced test was run (earlier errors cause a failure) to not trigger dump validation error. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Thomas Haller <thaller@redhat.com>
* tests/shell: skip netdev_chain_0 if kernel requires netdev deviceFlorian Westphal2023-09-181-0/+7
| | | | | | | | | | | | | | This test case only works on kernel 6.4+. Add feature probe for this and tag the test accordingly using the scheme added by Thomas Haller in "tests/shell: skip tests if nft does not support JSON mode" so that run-test.sh skips it if kernel requires a device. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Thomas Haller <thaller@redhat.com>
* tests/shell: add and use chain binding feature probeFlorian Westphal2023-09-181-0/+7
Alter 30s-stress to suppress anon chains when its unuspported. Note that 30s-stress is optionally be run standalone, so also update the test script. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Thomas Haller <thaller@redhat.com>
generated by cgit v1.2.3 (git 2.25.0) at 2024-09-22 12:07:27 +0000