In "tests/shell/testcases/chains/netdev_chain_0", calling "trap ...
EXIT" multiple times does not work. Fix it, by calling one cleanup
function.
Note that we run in separate namespaces, so the cleanup is usually not
necessary. Still do it, we might want to run without unshare (via
NFT_TEST_UNSHARE_CMD=""). Without unshare, it's important that the
cleanup always works. In practice it might not, for example, "trap ...
EXIT" does not run for SIGTERM. A leaked interface might break the
follow up test and tests interfere with each other.
Try to workaround that by first trying to delete the interface.
Also failures to create the interfaces are not considered fatal. I don't
understand under what circumstances this might fail, note that there are
other tests that create dummy interface and don't "exit 77" on failure.
We want to know when something odd is going on.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
table netdev x {
- chain y {
- type filter hook ingress devices = { d0, d1 } priority filter; policy accept;
- }
}
#!/bin/bash
-ip link add d0 type dummy || {
- echo "Skipping, no dummy interface available"
- exit 77
-}
-trap "ip link del d0" EXIT
-
-ip link add d1 type dummy || {
- echo "Skipping, no dummy interface available"
- exit 77
-}
-trap "ip link del d1" EXIT
+set -e
-ip link add d2 type dummy || {
- echo "Skipping, no dummy interface available"
- exit 77
+iface_cleanup() {
+ ip link del d0 &>/dev/null || :
+ ip link del d1 &>/dev/null || :
+ ip link del d2 &>/dev/null || :
}
-trap "ip link del d2" EXIT
+trap 'iface_cleanup' EXIT
+iface_cleanup
-set -e
+ip link add d0 type dummy
+ip link add d1 type dummy
+ip link add d2 type dummy
RULESET="table netdev x {
chain y {
set -e
+iface_cleanup() {
+ ip link del dummy1 &>/dev/null || :
+}
+trap 'iface_cleanup' EXIT
+iface_cleanup
+
ip link add name dummy1 type dummy
EXPECTED="define if_main = { lo, dummy1 }
table ip filter1 {
flowtable Main_ft1 {
hook ingress priority filter
- devices = { dummy1, lo }
+ devices = { lo }
counter
}
}
table ip filter2 {
flowtable Main_ft2 {
hook ingress priority filter
- devices = { dummy1, lo }
+ devices = { lo }
counter
}
}
#!/bin/bash
-ip link add d0 type dummy || {
- echo "Skipping, no dummy interface available"
- exit 77
+set -e
+
+iface_cleanup() {
+ ip link del d0 &>/dev/null || :
}
-trap "ip link del d0" EXIT
+trap 'iface_cleanup' EXIT
+iface_cleanup
-set -e
+ip link add d0 type dummy
$NFT flush ruleset
$NFT add table inet test
# list only the flowtable asked for with table
+set -e
+
FLOWTABLES="flowtable f {
hook ingress priority filter
devices = { lo }
}
}"
-ip link add d0 type dummy || {
- echo "Skipping, no dummy interface available"
- exit 77
+iface_cleanup() {
+ ip link del d0 &>/dev/null || :
}
-trap "ip link del d0" EXIT
+trap 'iface_cleanup' EXIT
+iface_cleanup
-set -e
+ip link add d0 type dummy
$NFT -f - <<< "$RULESET"
projects / thirdparty / nftables.git / commitdiff
