mirror of
https://git.netfilter.org/nftables
synced 2026-01-29 11:54:10 +00:00
646acfaceb
The test was technically incorrect: Instead of detecting whether
interface hooks are name-based or not, it actually tested whether
netdev-family chains are removed along with their last hook.
Since the latter behaviour is established in kernel commit fc0133428e7a
("netfilter: nf_tables: Tolerate chains with no remaining hooks") and
thus independent from the name-based hooks change, treating both as the
same kernel feature is not acceptable.
Fix this by detecting whether a netdev-family chain may be added despite
specifying a non-existent interface to hook into. Keep the old check
around with a better name, although unused for now.
Reported-by: Florian Westphal <fw@strlen.de>
Fixes: f27e5abd81f29 ("tests: shell: Adjust to ifname-based hooks")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
13 lines
284 B
Bash
Executable File
13 lines
284 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# check if netdev chains survive without a single device
|
|
|
|
unshare -n bash -c "ip link add d0 type dummy; \
|
|
$NFT \"table netdev t { \
|
|
chain c { \
|
|
type filter hook ingress priority 0; devices = { d0 }; \
|
|
}; \
|
|
}\"; \
|
|
ip link del d0; \
|
|
$NFT list chain netdev t c"
|