From patchwork Fri Sep 15 13:20:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Westphal X-Patchwork-Id: 1834912 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4RnFDX0rsPz1yhZ for ; Fri, 15 Sep 2023 23:20:28 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235229AbjIONUa (ORCPT ); Fri, 15 Sep 2023 09:20:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46958 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235214AbjIONUa (ORCPT ); Fri, 15 Sep 2023 09:20:30 -0400 Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [IPv6:2a0a:51c0:0:237:300::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 691571713 for ; Fri, 15 Sep 2023 06:20:25 -0700 (PDT) Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1qh8kC-0003bn-1k; Fri, 15 Sep 2023 15:20:24 +0200 From: Florian Westphal To: netfilter-devel@vger.kernel.org Cc: Florian Westphal , "Lee, Cherie-Anne" , Bing-Jhong Billy Jheng , info@starlabs.sg Subject: [PATCH nft] tests: add test for dormant on/off/on bug Date: Fri, 15 Sep 2023 15:20:05 +0200 Message-ID: <20230915132014.37025-1-fw@strlen.de> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Disallow enabling/disabling a table in a single transaction. Make sure we still allow one update, either to dormant, or from active to dormant. Reported-by: "Lee, Cherie-Anne" Cc: Bing-Jhong Billy Jheng Cc: info@starlabs.sg Signed-off-by: Florian Westphal --- .../transactions/dumps/table_onoff.nft | 8 ++++ .../shell/testcases/transactions/table_onoff | 44 +++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 tests/shell/testcases/transactions/dumps/table_onoff.nft create mode 100755 tests/shell/testcases/transactions/table_onoff diff --git a/tests/shell/testcases/transactions/dumps/table_onoff.nft b/tests/shell/testcases/transactions/dumps/table_onoff.nft new file mode 100644 index 000000000000..038be1c071ad --- /dev/null +++ b/tests/shell/testcases/transactions/dumps/table_onoff.nft @@ -0,0 +1,8 @@ +table ip t { + flags dormant + + chain c { + type filter hook input priority filter; policy accept; + ip daddr 127.0.0.42 counter packets 0 bytes 0 + } +} diff --git a/tests/shell/testcases/transactions/table_onoff b/tests/shell/testcases/transactions/table_onoff new file mode 100755 index 000000000000..831d4614c1f2 --- /dev/null +++ b/tests/shell/testcases/transactions/table_onoff @@ -0,0 +1,44 @@ +#!/bin/bash + +# attempt to re-awaken a table that is flagged dormant within +# same transaction +$NFT -f - <