From: Stefano Brivio <sbrivio@redhat.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [PATCH nft] tests: shell: Avoid breaking basic connectivity when run
Date: Sun, 24 May 2020 14:59:57 +0200 [thread overview]
Message-ID: <9742365b595a791d4bd47abee6ad6271abe0950b.1590323912.git.sbrivio@redhat.com> (raw)
It might be convenient to run tests from a development branch that
resides on another host, and if we break connectivity on the test
host as tests are executed, we con't run them this way.
To preserve connectivity, for shell tests, we can simply use the
'forward' hook instead of 'input' in chains/0036_policy_variable_0
and transactions/0011_chain_0, without affecting test coverage.
For py tests, this is more complicated as some test cases install
chains for all the available hooks, and we would probably need a
more refined approach to avoid dropping relevant traffic, so I'm
not covering that right now.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
tests/shell/testcases/chains/0036policy_variable_0 | 2 +-
tests/shell/testcases/transactions/0011chain_0 | 2 +-
tests/shell/testcases/transactions/dumps/0011chain_0.nft | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/tests/shell/testcases/chains/0036policy_variable_0 b/tests/shell/testcases/chains/0036policy_variable_0
index d4d98ede0d8d..e9246dd9e974 100755
--- a/tests/shell/testcases/chains/0036policy_variable_0
+++ b/tests/shell/testcases/chains/0036policy_variable_0
@@ -9,7 +9,7 @@ define default_policy = \"drop\"
table inet global {
chain prerouting {
- type filter hook prerouting priority filter
+ type filter hook forward priority filter
policy \$default_policy
}
}"
diff --git a/tests/shell/testcases/transactions/0011chain_0 b/tests/shell/testcases/transactions/0011chain_0
index 3bed16dddf40..bdfa14975180 100755
--- a/tests/shell/testcases/transactions/0011chain_0
+++ b/tests/shell/testcases/transactions/0011chain_0
@@ -5,7 +5,7 @@ set -e
RULESET="add table x
add chain x y
delete chain x y
-add chain x y { type filter hook input priority 0; }
+add chain x y { type filter hook forward priority 0; }
add chain x y { policy drop; }"
$NFT -f - <<< "$RULESET"
diff --git a/tests/shell/testcases/transactions/dumps/0011chain_0.nft b/tests/shell/testcases/transactions/dumps/0011chain_0.nft
index df88ad47c5d9..a12726069efc 100644
--- a/tests/shell/testcases/transactions/dumps/0011chain_0.nft
+++ b/tests/shell/testcases/transactions/dumps/0011chain_0.nft
@@ -1,5 +1,5 @@
table ip x {
chain y {
- type filter hook input priority filter; policy drop;
+ type filter hook forward priority filter; policy drop;
}
}
--
2.26.2
next reply other threads:[~2020-05-24 13:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-24 12:59 Stefano Brivio [this message]
2020-05-25 15:59 ` [PATCH nft] tests: shell: Avoid breaking basic connectivity when run Phil Sutter
2020-05-25 23:12 ` Stefano Brivio
2020-05-26 13:52 ` Phil Sutter
2020-06-14 21:43 ` Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9742365b595a791d4bd47abee6ad6271abe0950b.1590323912.git.sbrivio@redhat.com \
--to=sbrivio@redhat.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).