* [PATCH nft] tests: add test case for sets updated from packet path
@ 2018-02-14 16:40 Florian Westphal
2018-02-14 17:53 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Florian Westphal @ 2018-02-14 16:40 UTC (permalink / raw)
To: netfilter-devel; +Cc: Florian Westphal
currently kernel may pick a set implementation that doesn't provide
a ->update() function. This causes an error when user attempts to
add the nftables rule that is supposed to add entries to the set.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
Pablo, unless you have objections I would push this now.
diff --git a/tests/shell/testcases/sets/0028autoselect_0 b/tests/shell/testcases/sets/0028autoselect_0
new file mode 100755
index 000000000000..2225e7aee247
--- /dev/null
+++ b/tests/shell/testcases/sets/0028autoselect_0
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# This testscase checks kernel picks a suitable set backends.
+# Ruleset attempts to update from packet path, so set backend
+# needs an ->update() implementation.
+
+set -e
+
+$NFT add table t
+$NFT add set t s1 { type inet_proto \; }
+$NFT add set t s2 { type ipv4_addr \; }
+$NFT add set t s3 { type ipv4_addr \; size 1024\; }
+$NFT add chain t c {type filter hook input priority 0 \; }
+
+# chosen set type must support updates from packet path
+$NFT add rule t c meta iifname foobar set add ip protocol @s1
+$NFT add rule t c meta iifname foobar set add ip daddr @s2
+$NFT add rule t c meta iifname foobar set add ip daddr @s3
--
2.13.6
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH nft] tests: add test case for sets updated from packet path
2018-02-14 16:40 [PATCH nft] tests: add test case for sets updated from packet path Florian Westphal
@ 2018-02-14 17:53 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2018-02-14 17:53 UTC (permalink / raw)
To: Florian Westphal; +Cc: netfilter-devel
On Wed, Feb 14, 2018 at 05:40:17PM +0100, Florian Westphal wrote:
> currently kernel may pick a set implementation that doesn't provide
> a ->update() function. This causes an error when user attempts to
> add the nftables rule that is supposed to add entries to the set.
>
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
> Pablo, unless you have objections I would push this now.
Go ahead. Thanks!
> diff --git a/tests/shell/testcases/sets/0028autoselect_0 b/tests/shell/testcases/sets/0028autoselect_0
> new file mode 100755
> index 000000000000..2225e7aee247
> --- /dev/null
> +++ b/tests/shell/testcases/sets/0028autoselect_0
> @@ -0,0 +1,18 @@
> +#!/bin/bash
> +
> +# This testscase checks kernel picks a suitable set backends.
> +# Ruleset attempts to update from packet path, so set backend
> +# needs an ->update() implementation.
> +
> +set -e
> +
> +$NFT add table t
> +$NFT add set t s1 { type inet_proto \; }
> +$NFT add set t s2 { type ipv4_addr \; }
> +$NFT add set t s3 { type ipv4_addr \; size 1024\; }
> +$NFT add chain t c {type filter hook input priority 0 \; }
> +
> +# chosen set type must support updates from packet path
> +$NFT add rule t c meta iifname foobar set add ip protocol @s1
> +$NFT add rule t c meta iifname foobar set add ip daddr @s2
> +$NFT add rule t c meta iifname foobar set add ip daddr @s3
> --
> 2.13.6
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-02-14 17:53 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-02-14 16:40 [PATCH nft] tests: add test case for sets updated from packet path Florian Westphal
2018-02-14 17:53 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.