From: Phil Sutter <phil@nwl.cc>
Date: Tue, 6 May 2025 22:06:20 +0000 (+0200)
Subject: tests: shell: Adjust to ifname-based hooks
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f27e5abd81f29d6429e2749a6adf02a25185e206;p=thirdparty%2Fnftables.git

tests: shell: Adjust to ifname-based hooks

Interface specs won't disappear anymore upon device removal. Drop them
manually if kernel has ifname-based hooks.

Skip transactions/0050rule_1 if kernel has name-based hooks: The test
relies upon the ruleset being rejected for non-existent interfaces,
which obviously won't happen then.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/tests/shell/features/ifname_based_hooks.sh b/tests/shell/features/ifname_based_hooks.sh
new file mode 100755
index 00000000..cada6956
--- /dev/null
+++ b/tests/shell/features/ifname_based_hooks.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# check if netdev chains survive without a single device
+
+unshare -n bash -c "ip link add d0 type dummy; \
+	$NFT \"table netdev t { \
+		chain c { \
+			type filter hook ingress priority 0; devices = { d0 }; \
+		}; \
+	}\"; \
+	ip link del d0; \
+	$NFT list chain netdev t c"
diff --git a/tests/shell/testcases/chains/netdev_chain_dormant_autoremove b/tests/shell/testcases/chains/netdev_chain_dormant_autoremove
index 3093ce25..8455f310 100755
--- a/tests/shell/testcases/chains/netdev_chain_dormant_autoremove
+++ b/tests/shell/testcases/chains/netdev_chain_dormant_autoremove
@@ -9,3 +9,6 @@ ip link add dummy1 type dummy
 $NFT add table netdev test { flags dormant\; }
 $NFT add chain netdev test ingress { type filter hook ingress devices = { "dummy0", "dummy1" } priority 0\; policy drop\; }
 ip link del dummy0
+if [ "$NFT_TEST_HAVE_ifname_based_hooks" = y ]; then
+	$NFT 'delete chain netdev test ingress { devices = { "dummy0" }; }'
+fi
diff --git a/tests/shell/testcases/flowtable/0012flowtable_variable_0 b/tests/shell/testcases/flowtable/0012flowtable_variable_0
index 9c03820f..ff35548e 100755
--- a/tests/shell/testcases/flowtable/0012flowtable_variable_0
+++ b/tests/shell/testcases/flowtable/0012flowtable_variable_0
@@ -4,11 +4,18 @@
 
 set -e
 
+ft_deldev() {
+	$NFT "delete flowtable $1 $2 { devices = { $3 }; }"
+}
+
 iface_cleanup() {
 	ip link del dummy1 &>/dev/null || :
+	if [ "$NFT_TEST_HAVE_ifname_based_hooks" = y ]; then
+		ft_deldev filter1 Main_ft1 dummy1
+		ft_deldev filter2 Main_ft2 dummy1
+	fi
 }
 trap 'iface_cleanup' EXIT
-iface_cleanup
 
 ip link add name dummy1 type dummy
 
diff --git a/tests/shell/testcases/listing/0020flowtable_0 b/tests/shell/testcases/listing/0020flowtable_0
index 0e89f5dd..14b0c909 100755
--- a/tests/shell/testcases/listing/0020flowtable_0
+++ b/tests/shell/testcases/listing/0020flowtable_0
@@ -48,7 +48,13 @@ EXPECTED3="table ip filter {
 iface_cleanup() {
 	ip link del d0 &>/dev/null || :
 }
-trap 'iface_cleanup' EXIT
+ft_cleanup() {
+	if [ "$NFT_TEST_HAVE_ifname_based_hooks" = y ]; then
+		$NFT 'delete flowtable ip filter f2 { devices = { d0 }; }'
+		$NFT 'delete flowtable inet filter f2 { devices = { d0 }; }'
+	fi
+}
+trap 'iface_cleanup; ft_cleanup' EXIT
 iface_cleanup
 
 ip link add d0 type dummy
diff --git a/tests/shell/testcases/transactions/0050rule_1 b/tests/shell/testcases/transactions/0050rule_1
index 89e5f42f..cbf96892 100755
--- a/tests/shell/testcases/transactions/0050rule_1
+++ b/tests/shell/testcases/transactions/0050rule_1
@@ -2,6 +2,10 @@
 
 set -e
 
+# The ruleset is supposed to fail due to non-existing interfaces,
+# hence depends on non-name-based interface hooks.
+[ "$NFT_TEST_HAVE_ifname_based_hooks" = y ] && exit 77
+
 RULESET="table inet filter {
 	flowtable ftable {
 		hook ingress priority 0; devices = { eno1, eno0, x };