tests: shell: double chain update with same device

For Linux kernel patch:

  cf5fb87fcdaa ("netfilter: nf_tables: reject duplicate device on updates")

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/tests/shell/testcases/transactions/chain_update_dup b/tests/shell/testcases/transactions/chain_update_dup
new file mode 100755 (executable)
index 0000000..5d529dd
--- /dev/null
+++ b/tests/shell/testcases/transactions/chain_update_dup
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+ip link add dummy0 type dummy
+
+$NFT -f /dev/stdin <<EOF
+table netdev t {
+       chain c {
+               type filter hook ingress priority 0;
+       }
+}
+EOF
+
+$NFT -f /dev/stdin <<EOF
+add chain netdev t c { devices = { dummy0 }; }
+add chain netdev t c { devices = { dummy0 }; }
+EOF
+
+ip link del dummy0
+
+sleep 4
+
+$NFT flush ruleset

diff --git a/tests/shell/testcases/transactions/dumps/chain_update_dup.nodump b/tests/shell/testcases/transactions/dumps/chain_update_dup.nodump
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/tests/shell/testcases/transactions/dumps/flowtable_update_dup.nodump b/tests/shell/testcases/transactions/dumps/flowtable_update_dup.nodump
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/tests/shell/testcases/transactions/flowtable_update_dup b/tests/shell/testcases/transactions/flowtable_update_dup
new file mode 100755 (executable)
index 0000000..434d8de
--- /dev/null
+++ b/tests/shell/testcases/transactions/flowtable_update_dup
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+ip link add dummy0 type dummy
+
+$NFT -f /dev/stdin <<EOF
+table inet t {
+       flowtable f {
+               hook ingress priority 0;
+       }
+}
+EOF
+
+$NFT -f /dev/stdin <<EOF
+add flowtable inet t f { devices = { dummy0 }; }
+add flowtable inet t f { devices = { dummy0 }; }
+EOF
+
+ip link del dummy0
+
+sleep 4
+
+$NFT flush ruleset