tests: shell: extend coverage for netdevice removal

Add two extra tests to exercise netdevice removal path.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/tests/shell/testcases/chains/dumps/netdev_chain_dev_gone.nodump b/tests/shell/testcases/chains/dumps/netdev_chain_dev_gone.nodump
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/tests/shell/testcases/chains/dumps/netdev_chain_multidev_gone.nodump b/tests/shell/testcases/chains/dumps/netdev_chain_multidev_gone.nodump
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/tests/shell/testcases/chains/netdev_chain_dev_gone b/tests/shell/testcases/chains/netdev_chain_dev_gone
new file mode 100755 (executable)
index 0000000..02dacff
--- /dev/null
+++ b/tests/shell/testcases/chains/netdev_chain_dev_gone
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -e
+
+iface_cleanup() {
+        ip link del d0 &>/dev/null || :
+}
+trap 'iface_cleanup' EXIT
+
+ip link add d0 type dummy
+
+# Test auto-removal of chain hook on device removal
+RULESET="table netdev x {
+       chain x {}
+       chain w {
+               ip daddr 8.7.6.0/24 jump x
+       }
+       chain y {
+               type filter hook ingress device \"d0\" priority 0;
+               ip saddr { 1.2.3.4, 2.3.4.5 } counter
+               ip daddr vmap { 5.4.3.0/24 : jump w, 8.9.0.0/24 : jump x }
+       }
+}"
+
+$NFT -f - <<< $RULESET

diff --git a/tests/shell/testcases/chains/netdev_chain_multidev_gone b/tests/shell/testcases/chains/netdev_chain_multidev_gone
new file mode 100755 (executable)
index 0000000..bc5ca7d
--- /dev/null
+++ b/tests/shell/testcases/chains/netdev_chain_multidev_gone
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_chain_binding)
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_netdev_chain_multidevice)
+
+set -e
+
+iface_cleanup() {
+        ip link del d0 &>/dev/null || :
+        ip link del d1 &>/dev/null || :
+        ip link del d2 &>/dev/null || :
+}
+trap 'iface_cleanup' EXIT
+
+ip link add d0 type dummy
+ip link add d1 type dummy
+ip link add d2 type dummy
+
+# Test auto-removal of chain hook on device removal
+RULESET="table netdev x {
+       chain x {}
+       chain w {
+               ip daddr 8.7.6.0/24 jump {
+                       ip daddr vmap { 8.7.6.3 : jump x, 8.7.6.4 : jump x }
+               }
+       }
+       chain y {
+               type filter hook ingress devices = { d0, d1, d2 } priority 0;
+               ip saddr { 1.2.3.4, 2.3.4.5 } counter
+               ip daddr vmap { 5.4.3.0/24 : jump w, 8.9.0.0/24 : jump x }
+       }
+}"
+
+$NFT -f - <<< $RULESET