* [PATCH nft 1/2] monitor: print "dormant" flag in monitor mode
@ 2020-07-14 16:55 Florian Westphal
2020-07-14 16:55 ` [PATCH nft 2/2] tests: extend existing dormat test case to catch a kernel bug Florian Westphal
0 siblings, 1 reply; 2+ messages in thread
From: Florian Westphal @ 2020-07-14 16:55 UTC (permalink / raw)
To: netfilter-devel; +Cc: Florian Westphal
This distinction is important: a table with this flag is inert -- all
base chains are unregistered and see no traffic.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/monitor.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/monitor.c b/src/monitor.c
index bb269c02950c..3872ebcfbdaf 100644
--- a/src/monitor.c
+++ b/src/monitor.c
@@ -214,6 +214,10 @@ static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type,
nft_mon_print(monh, "%s %s", family2str(t->handle.family),
t->handle.table.name);
+
+ if (t->flags & TABLE_F_DORMANT)
+ nft_mon_print(monh, " { flags dormant; }");
+
if (nft_output_handle(&monh->ctx->nft->output))
nft_mon_print(monh, " # handle %" PRIu64 "",
t->handle.handle.id);
--
2.26.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH nft 2/2] tests: extend existing dormat test case to catch a kernel bug
2020-07-14 16:55 [PATCH nft 1/2] monitor: print "dormant" flag in monitor mode Florian Westphal
@ 2020-07-14 16:55 ` Florian Westphal
0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2020-07-14 16:55 UTC (permalink / raw)
To: netfilter-devel; +Cc: Florian Westphal
This is a test case for the kernel bug fixed by:
netfilter: nf_tables: fix nat hook table deletion
Signed-off-by: Florian Westphal <fw@strlen.de>
---
tests/shell/testcases/transactions/0002table_0 | 1 +
tests/shell/testcases/transactions/dumps/0002table_0.nft | 4 ++++
2 files changed, 5 insertions(+)
diff --git a/tests/shell/testcases/transactions/0002table_0 b/tests/shell/testcases/transactions/0002table_0
index 246b10924d19..c5f31a6fb401 100755
--- a/tests/shell/testcases/transactions/0002table_0
+++ b/tests/shell/testcases/transactions/0002table_0
@@ -5,6 +5,7 @@ set -e
RULESET="add table x
delete table x
add table x
+add chain x y { type nat hook prerouting priority 0; policy accept; }
add table x { flags dormant; }"
$NFT -f - <<< "$RULESET"
diff --git a/tests/shell/testcases/transactions/dumps/0002table_0.nft b/tests/shell/testcases/transactions/dumps/0002table_0.nft
index 6eb70726385f..429cbc348781 100644
--- a/tests/shell/testcases/transactions/dumps/0002table_0.nft
+++ b/tests/shell/testcases/transactions/dumps/0002table_0.nft
@@ -1,3 +1,7 @@
table ip x {
flags dormant
+
+ chain y {
+ type nat hook prerouting priority filter; policy accept;
+ }
}
--
2.26.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-07-14 16:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-14 16:55 [PATCH nft 1/2] monitor: print "dormant" flag in monitor mode Florian Westphal
2020-07-14 16:55 ` [PATCH nft 2/2] tests: extend existing dormat test case to catch a kernel bug Florian Westphal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).