From 431635b134a05963dd1e7cda252d16eec8a53787 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Wed, 28 Nov 2018 11:44:59 +0100
Subject: tests: add test case for rule replacement expression deactivation

When a rule is replaced, all of the expressions that are in use need to
be deactivated.

Kernel missed to do this on replace.  In this example, this would
result in a leak of the chain use counter ("jump" expression
deactivation is not called).  This then either resulted in a BUG or
WARN, depending on kernel version.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 tests/shell/testcases/rule_management/0010replace_0 | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100755 tests/shell/testcases/rule_management/0010replace_0

(limited to 'tests')

diff --git a/tests/shell/testcases/rule_management/0010replace_0 b/tests/shell/testcases/rule_management/0010replace_0
new file mode 100755
index 00000000..251cebb2
--- /dev/null
+++ b/tests/shell/testcases/rule_management/0010replace_0
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# test for kernel commit ca08987885a147643817d02bf260bc4756ce8cd4
+# ("netfilter: nf_tables: deactivate expressions in rule replecement routine")
+
+set -e
+$NFT add table t
+$NFT add chain t c1
+$NFT add chain t c2
+$NFT add rule ip t c1 jump c2
+$NFT replace rule ip t c1 handle 3 accept
+$NFT flush ruleset
-- 
cgit v1.2.3