[PATCH nft 1/2] tests: shell: move chain priority and policy to chain folder

[PATCH nft 1/2] tests: shell: move chain priority and policy to chain folder

[Pablo Neira Ayuso]

Move new chain tests for variable priority and policy to chain folder.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 .../{nft-f/0021priority_variable_0 => chains/0031priority_variable_0}     | 0
 .../{nft-f/0022priority_variable_0 => chains/0032priority_variable_0}     | 0
 .../{nft-f/0023priority_variable_1 => chains/0033priority_variable_1}     | 0
 .../{nft-f/0024priority_variable_1 => chains/0034priority_variable_1}     | 0
 .../{nft-f/0025policy_variable_0 => chains/0035policy_variable_0}         | 0
 .../{nft-f/0026policy_variable_0 => chains/0036policy_variable_0}         | 0
 .../{nft-f/0027policy_variable_1 => chains/0037policy_variable_1}         | 0
 .../{nft-f/0028policy_variable_1 => chains/0038policy_variable_1}         | 0
 8 files changed, 0 insertions(+), 0 deletions(-)
 rename tests/shell/testcases/{nft-f/0021priority_variable_0 => chains/0031priority_variable_0} (100%)
 rename tests/shell/testcases/{nft-f/0022priority_variable_0 => chains/0032priority_variable_0} (100%)
 rename tests/shell/testcases/{nft-f/0023priority_variable_1 => chains/0033priority_variable_1} (100%)
 rename tests/shell/testcases/{nft-f/0024priority_variable_1 => chains/0034priority_variable_1} (100%)
 rename tests/shell/testcases/{nft-f/0025policy_variable_0 => chains/0035policy_variable_0} (100%)
 mode change 100644 => 100755
 rename tests/shell/testcases/{nft-f/0026policy_variable_0 => chains/0036policy_variable_0} (100%)
 mode change 100644 => 100755
 rename tests/shell/testcases/{nft-f/0027policy_variable_1 => chains/0037policy_variable_1} (100%)
 mode change 100644 => 100755
 rename tests/shell/testcases/{nft-f/0028policy_variable_1 => chains/0038policy_variable_1} (100%)
 mode change 100644 => 100755

diff --git a/tests/shell/testcases/nft-f/0021priority_variable_0 b/tests/shell/testcases/chains/0031priority_variable_0
similarity index 100%
rename from tests/shell/testcases/nft-f/0021priority_variable_0
rename to tests/shell/testcases/chains/0031priority_variable_0
diff --git a/tests/shell/testcases/nft-f/0022priority_variable_0 b/tests/shell/testcases/chains/0032priority_variable_0
similarity index 100%
rename from tests/shell/testcases/nft-f/0022priority_variable_0
rename to tests/shell/testcases/chains/0032priority_variable_0
diff --git a/tests/shell/testcases/nft-f/0023priority_variable_1 b/tests/shell/testcases/chains/0033priority_variable_1
similarity index 100%
rename from tests/shell/testcases/nft-f/0023priority_variable_1
rename to tests/shell/testcases/chains/0033priority_variable_1
diff --git a/tests/shell/testcases/nft-f/0024priority_variable_1 b/tests/shell/testcases/chains/0034priority_variable_1
similarity index 100%
rename from tests/shell/testcases/nft-f/0024priority_variable_1
rename to tests/shell/testcases/chains/0034priority_variable_1
diff --git a/tests/shell/testcases/nft-f/0025policy_variable_0 b/tests/shell/testcases/chains/0035policy_variable_0
old mode 100644
new mode 100755
similarity index 100%
rename from tests/shell/testcases/nft-f/0025policy_variable_0
rename to tests/shell/testcases/chains/0035policy_variable_0
diff --git a/tests/shell/testcases/nft-f/0026policy_variable_0 b/tests/shell/testcases/chains/0036policy_variable_0
old mode 100644
new mode 100755
similarity index 100%
rename from tests/shell/testcases/nft-f/0026policy_variable_0
rename to tests/shell/testcases/chains/0036policy_variable_0
diff --git a/tests/shell/testcases/nft-f/0027policy_variable_1 b/tests/shell/testcases/chains/0037policy_variable_1
old mode 100644
new mode 100755
similarity index 100%
rename from tests/shell/testcases/nft-f/0027policy_variable_1
rename to tests/shell/testcases/chains/0037policy_variable_1
diff --git a/tests/shell/testcases/nft-f/0028policy_variable_1 b/tests/shell/testcases/chains/0038policy_variable_1
old mode 100644
new mode 100755
similarity index 100%
rename from tests/shell/testcases/nft-f/0028policy_variable_1
rename to tests/shell/testcases/chains/0038policy_variable_1
-- 
2.11.0

[PATCH nft 2/2] tests: shell: use-after-free from abort path

[Pablo Neira Ayuso]

Rule that fails to be added while holding a bound set triggers
user-after-free from the abort path.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/shell/testcases/transactions/0050rule_1 | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100755 tests/shell/testcases/transactions/0050rule_1

diff --git a/tests/shell/testcases/transactions/0050rule_1 b/tests/shell/testcases/transactions/0050rule_1
new file mode 100755
index 000000000000..7c487e2e4710
--- /dev/null
+++ b/tests/shell/testcases/transactions/0050rule_1
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+RULESET="table inet filter {
+	flowtable ft {
+		hook ingress priority 0; devices = { x, y, z };
+	}
+
+chain forward {
+	type filter hook forward priority 0; policy drop;
+
+	ip protocol { tcp, udp } counter flow add @ft
+	ip6 nexthdr { tcp, udp } counter flow add @ft
+	counter
+	}
+}"
+
+$NFT -f - <<< "$RULESET" >/dev/null
-- 
2.11.0