--- /dev/null
+#!/bin/sh
+
+# check for flowtable info in 'list hooks' output
+
+unshare -n bash -c " \
+$NFT \"table inet t { flowtable ft { hook ingress priority 0; devices = { lo }; }; }\"; \
+$NFT list hooks netdev device lo | grep -q flowtable\ inet\ t\ ft"
--- /dev/null
+{
+ "nftables": [
+ {
+ "metainfo": {
+ "version": "VERSION",
+ "release_name": "RELEASE_NAME",
+ "json_schema_version": 1
+ }
+ },
+ {
+ "table": {
+ "family": "netdev",
+ "name": "t",
+ "handle": 0
+ }
+ },
+ {
+ "chain": {
+ "family": "netdev",
+ "table": "t",
+ "name": "c",
+ "handle": 0,
+ "dev": [
+ "foo*",
+ "lo"
+ ],
+ "type": "filter",
+ "hook": "ingress",
+ "prio": 0,
+ "policy": "accept"
+ }
+ }
+ ]
+}
--- /dev/null
+table netdev t {
+ chain c {
+ type filter hook ingress devices = { "foo*", "lo" } priority filter; policy accept;
+ }
+}
--- /dev/null
+#!/bin/bash
+
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_ifname_based_hooks)
+
+cspec=' chain netdev t c '
+$NFT add table netdev t
+$NFT add $cspec '{ type filter hook ingress priority 0; devices = { lo, foo* }; }'
+$NFT list hooks netdev device lo | grep -q "$cspec" || {
+ echo "Existing device lo not hooked into chain as expected"
+ exit 1
+}
+
+[[ $($NFT list hooks | grep -c "$cspec") -eq 1 ]] || {
+ echo "Chain hooks into more than just lo"
+ exit 2
+}
+
+ip link add foo1 type dummy
+$NFT list hooks netdev device foo1 | grep -q "$cspec" || {
+ echo "Chain did not hook into new device foo1"
+ exit 3
+}
+[[ $($NFT list hooks | grep -c "$cspec") -eq 2 ]] || {
+ echo "Chain expected to hook into exactly two devices"
+ exit 4
+}
+
+ip link del foo1
+$NFT list hooks netdev device foo1 | grep -q "$cspec" && {
+ echo "Chain still hooks into removed device foo1"
+ exit 5
+}
+[[ $($NFT list hooks | grep -c "$cspec") -eq 1 ]] || {
+ echo "Chain expected to hook into just lo"
+ exit 6
+}
+
+for ((i = 0; i < 100; i++)); do
+ ip link add foo$i type dummy
+done
+[[ $($NFT list hooks | grep -c "$cspec") -eq 101 ]] || {
+ echo "Chain did not hook into all 100 new devices"
+ exit 7
+}
--- /dev/null
+#!/bin/bash
+
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_ifname_based_hooks)
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_list_hooks_flowtable_info)
+
+ftspec=' flowtable ip t ft '
+$NFT add table t
+$NFT add $ftspec '{ hook ingress priority 0; devices = { lo, foo* }; }'
+$NFT list hooks netdev device lo | grep -q "$ftspec" || {
+ echo "Existing device lo not hooked into flowtable as expected"
+ exit 1
+}
+
+[[ $($NFT list hooks | grep -c "$ftspec") -eq 1 ]] || {
+ echo "Flowtable hooks into more than just lo"
+ exit 2
+}
+
+ip link add foo1 type dummy
+$NFT list hooks netdev device foo1 | grep -q "$ftspec" || {
+ echo "Flowtable did not hook into new device foo1"
+ exit 3
+}
+[[ $($NFT list hooks | grep -c "$ftspec") -eq 2 ]] || {
+ echo "Flowtable expected to hook into exactly two devices"
+ exit 4
+}
+
+ip link del foo1
+$NFT list hooks netdev device foo1 | grep -q "$ftspec" && {
+ echo "Flowtable still hooks into removed device foo1"
+ exit 5
+}
+[[ $($NFT list hooks | grep -c "$ftspec") -eq 1 ]] || {
+ echo "Flowtable expected to hook into just lo"
+ exit 6
+}
+
+for ((i = 0; i < 100; i++)); do
+ ip link add foo$i type dummy
+done
+[[ $($NFT list hooks | grep -c "$ftspec") -eq 101 ]] || {
+ echo "Flowtable did not hook into all 100 new devices"
+ exit 7
+}
--- /dev/null
+{
+ "nftables": [
+ {
+ "metainfo": {
+ "version": "VERSION",
+ "release_name": "RELEASE_NAME",
+ "json_schema_version": 1
+ }
+ },
+ {
+ "table": {
+ "family": "ip",
+ "name": "t",
+ "handle": 0
+ }
+ },
+ {
+ "flowtable": {
+ "family": "ip",
+ "name": "ft",
+ "table": "t",
+ "handle": 0,
+ "hook": "ingress",
+ "prio": 0,
+ "dev": [
+ "foo*",
+ "lo"
+ ]
+ }
+ }
+ ]
+}
--- /dev/null
+table ip t {
+ flowtable ft {
+ hook ingress priority filter
+ devices = { "foo*", "lo" }
+ }
+}
projects / thirdparty / nftables.git / commitdiff
