Add two tests to make sure that set size checks work fine:
1) Check if set size is indeed working, this is a simple one.
2) Check if set size is correct after ENFILE error, there is bug that
adds a new spare slot everytime we hit this.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
--- /dev/null
+#!/bin/bash
+
+set -e
+$NFT add table x
+$NFT add set x s {type ipv4_addr\; size 2\;}
+$NFT add element x s {1.1.1.1}
+$NFT add element x s {1.1.1.2}
+$NFT add element x s {1.1.1.3}
--- /dev/null
+#!/bin/bash
+
+$NFT add table x
+$NFT add set x s {type ipv4_addr\; size 2\;}
+$NFT add element x s {1.1.1.1}
+$NFT add element x s {1.1.1.2}
+
+$NFT add element x s { 1.1.1.3 } 2>/dev/null
+if [ $? -eq 0 ]; then
+ echo "E: set is full, but element was added" >&2
+ exit 1
+fi
+#
+# Try again, this helps us catch incorrect set->nelems decrement from abort path
+#
+$NFT add element x s { 1.1.1.3 } 2>/dev/null
+if [ $? -eq 0 ]; then
+ echo "E: set is full, but element was added" >&2
+ exit 1
+fi
projects / thirdparty / nftables.git / commitdiff
