From e632eea21f4b3d03b629a5c1ac7e776d65785873 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Tue, 19 Oct 2021 14:07:25 +0200
Subject: tests: shell: auto-removal of chain hook on netns removal

This is the nft equivalent of the syzbot report that lead to
kernel commit 68a3765c659f8
("netfilter: nf_tables: skip netdev events generated on netns removal").

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 tests/shell/testcases/chains/0043chain_ingress_0 | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'tests/shell')

diff --git a/tests/shell/testcases/chains/0043chain_ingress_0 b/tests/shell/testcases/chains/0043chain_ingress_0
index 86dc075d..bff46468 100755
--- a/tests/shell/testcases/chains/0043chain_ingress_0
+++ b/tests/shell/testcases/chains/0043chain_ingress_0
@@ -14,5 +14,11 @@ RULESET="table inet filter {
 	}
 }"
 
+# Test auto-removal of chain hook on netns removal
+unshare -n bash -c "ip link add br0 type bridge; \
+ $NFT add table netdev test; \
+ $NFT add chain netdev test ingress { type filter hook ingress device \"br0\" priority 0\; policy drop\; } ; \
+" || exit 1
+
 $NFT -f - <<< "$RULESET" && exit 0
 exit 1
-- 
cgit v1.2.3