tests: shell: skip prerouting reject tests if kernel lacks support

Skip tests that require reject at prerouting hook.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/tests/shell/features/prerouting_reject.nft b/tests/shell/features/prerouting_reject.nft
new file mode 100644 (file)
index 0000000..3dcfb40
--- /dev/null
+++ b/tests/shell/features/prerouting_reject.nft
@@ -0,0 +1,8 @@
+# f53b9b0bdc59 netfilter: introduce support for reject at prerouting stage
+# v5.9-rc1~133^2~302^2~11
+table inet t {
+       chain nat_filter {
+               type filter hook prerouting priority 0; policy accept;
+               reject with icmpx type host-unreachable
+       }
+}

diff --git a/tests/shell/testcases/optimizations/ruleset b/tests/shell/testcases/optimizations/ruleset
index ef2652dbeae8e3f6f6daee942f48a3a494f26000..2b2d80ffc009d07aff7b9de60ebc653efe9520e6 100755 (executable)
--- a/tests/shell/testcases/optimizations/ruleset
+++ b/tests/shell/testcases/optimizations/ruleset
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_prerouting_reject)
+
 RULESET="table inet uni {
        chain gtfo {
                reject with icmpx type host-unreachable