nftables/tests/shell/testcases/chains/netdev_chain_dev_addremove

#!/bin/bash

# NFT_TEST_REQUIRES(NFT_TEST_HAVE_inet_ingress)

set -e

read taint < /proc/sys/kernel/tainted
if [ "$taint" -ne 0 ]; then
	echo "Kernel already tainted up front."
	exit 77
fi

iface_cleanup() {
        ip link del d0 &>/dev/null || :
}
trap 'iface_cleanup' EXIT

load_rules()
{
	if [ "$NFT_TEST_HAVE_netdev_egress" != n ]; then
		EGRESS="add chain netdev nm-mlag-dummy0 tx-snoop-source-mac { type filter hook egress devices = { dummy0 } priority filter; policy accept; }
add rule netdev nm-mlag-dummy0 tx-snoop-source-mac update @macset-tagged { ether saddr . vlan id timeout 5s } return
add rule netdev nm-mlag-dummy0 tx-snoop-source-mac update @macset-untagged { ether saddr timeout 5s }"
	fi

RULESET="add table netdev nm-mlag-dummy0
add set netdev nm-mlag-dummy0 macset-tagged { typeof ether saddr . vlan id; size 65535; flags dynamic,timeout; }
add set netdev nm-mlag-dummy0 macset-untagged { typeof ether saddr; size 65535; flags dynamic,timeout; }
$EGRESS
add chain netdev nm-mlag-dummy0 rx-drop-looped-packets { type filter hook ingress devices = { dummy0 } priority filter; policy accept; }
add rule netdev nm-mlag-dummy0 rx-drop-looped-packets ether saddr . vlan id @macset-tagged drop
add rule netdev nm-mlag-dummy0 rx-drop-looped-packets ether type 8021q return
add rule netdev nm-mlag-dummy0 rx-drop-looped-packets ether saddr @macset-untagged drop"

	$NFT -f - <<< $RULESET
}

for i in $(seq 1 500);do
	ip link add dummy0 type dummy
	load_rules

	# zap ruleset and down device at same time
	$NFT flush ruleset &
	ip link del dummy0 &
	wait

	read taint < /proc/sys/kernel/tainted
	if [ "$taint" -ne 0 ]; then
		exit 1
	fi
done

exit 0