* [PATCH nft 1/4] tests: shell: add dependencies to skip unsupported tests in older kernels
@ 2024-06-13 0:22 Pablo Neira Ayuso
2024-06-13 0:22 ` [PATCH nft 2/4] tests: shell: skip ip option tests if kernel does not support it Pablo Neira Ayuso
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2024-06-13 0:22 UTC (permalink / raw)
To: netfilter-devel
Skip tests which contain unsupported feature in older kernels.
Fixes: f09171e077f8 ("tests: shell: combine dormant flag with netdevice removal")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tests/shell/testcases/chains/netdev_chain_dormant_autoremove | 2 ++
tests/shell/testcases/maps/named_ct_objects | 1 +
tests/shell/testcases/maps/nat_addr_port | 5 +++++
tests/shell/testcases/optimizations/ruleset | 1 +
tests/shell/testcases/transactions/0049huge_0 | 5 +++++
5 files changed, 14 insertions(+)
diff --git a/tests/shell/testcases/chains/netdev_chain_dormant_autoremove b/tests/shell/testcases/chains/netdev_chain_dormant_autoremove
index 0a684e565bdf..3093ce25319c 100755
--- a/tests/shell/testcases/chains/netdev_chain_dormant_autoremove
+++ b/tests/shell/testcases/chains/netdev_chain_dormant_autoremove
@@ -1,5 +1,7 @@
#!/bin/bash
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_netdev_chain_multidevice)
+
set -e
ip link add dummy0 type dummy
diff --git a/tests/shell/testcases/maps/named_ct_objects b/tests/shell/testcases/maps/named_ct_objects
index 61b87c1ab14a..518140b0693d 100755
--- a/tests/shell/testcases/maps/named_ct_objects
+++ b/tests/shell/testcases/maps/named_ct_objects
@@ -1,6 +1,7 @@
#!/bin/bash
# NFT_TEST_REQUIRES(NFT_TEST_HAVE_cttimeout)
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_ctexpect)
$NFT -f /dev/stdin <<EOF || exit 1
table inet t {
diff --git a/tests/shell/testcases/maps/nat_addr_port b/tests/shell/testcases/maps/nat_addr_port
index 2804d48ca406..703a2ad9d431 100755
--- a/tests/shell/testcases/maps/nat_addr_port
+++ b/tests/shell/testcases/maps/nat_addr_port
@@ -84,6 +84,11 @@ $NFT add rule 'ip6 ip6foo c ip6 saddr f0:0b::a3 dnat to [1c::3]:42' && exit 1
# should fail: rule has no test for l4 protocol, but map has inet_service
$NFT add rule 'ip6 ip6foo c dnat to ip daddr map @y' && exit 1
+if [ "$NFT_TEST_HAVE_inet_nat" = n ]; then
+ echo "Test partially skipped due to NFT_TEST_HAVE_inet_nat=n"
+ exit 77
+fi
+
# skeleton inet
$NFT -f /dev/stdin <<EOF || exit 1
table inet inetfoo {
diff --git a/tests/shell/testcases/optimizations/ruleset b/tests/shell/testcases/optimizations/ruleset
index 2b2d80ffc009..f7c3b74702ba 100755
--- a/tests/shell/testcases/optimizations/ruleset
+++ b/tests/shell/testcases/optimizations/ruleset
@@ -1,6 +1,7 @@
#!/bin/bash
# NFT_TEST_REQUIRES(NFT_TEST_HAVE_prerouting_reject)
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_inet_nat)
RULESET="table inet uni {
chain gtfo {
diff --git a/tests/shell/testcases/transactions/0049huge_0 b/tests/shell/testcases/transactions/0049huge_0
index f66953c2ab70..698716b2b156 100755
--- a/tests/shell/testcases/transactions/0049huge_0
+++ b/tests/shell/testcases/transactions/0049huge_0
@@ -42,6 +42,11 @@ if [ "$NFT_TEST_HAVE_json" != n ]; then
test $($NFT -j -e -a -f - <<< "$RULESET" |sed 's/\({"add":\)/\n\1/g' |grep '"handle"' |wc -l) -eq ${RULE_COUNT} || exit 1
fi
+if [ "$NFT_TEST_HAVE_inet_nat" = n ]; then
+ echo "Test partially skipped due to missing inet nat support."
+ exit 77
+fi
+
# Now an example from firewalld's testsuite
#
$NFT flush ruleset
--
2.30.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH nft 2/4] tests: shell: skip ip option tests if kernel does not support it
2024-06-13 0:22 [PATCH nft 1/4] tests: shell: add dependencies to skip unsupported tests in older kernels Pablo Neira Ayuso
@ 2024-06-13 0:22 ` Pablo Neira Ayuso
2024-06-13 0:22 ` [PATCH nft 3/4] tests: shell: skip ipsec " Pablo Neira Ayuso
2024-06-13 0:22 ` [PATCH nft 4/4] tests: shell: skip NFTA_RULE_POSITION_ID " Pablo Neira Ayuso
2 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2024-06-13 0:22 UTC (permalink / raw)
To: netfilter-devel
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tests/shell/features/ip_options.nft | 8 ++++++++
tests/shell/testcases/sets/typeof_sets_0 | 2 ++
2 files changed, 10 insertions(+)
create mode 100644 tests/shell/features/ip_options.nft
diff --git a/tests/shell/features/ip_options.nft b/tests/shell/features/ip_options.nft
new file mode 100644
index 000000000000..0b8cb09ce11c
--- /dev/null
+++ b/tests/shell/features/ip_options.nft
@@ -0,0 +1,8 @@
+# dbb5281a1f84 ("netfilter: nf_tables: add support for matching IPv4 options")
+# v5.3-rc1~140^2~153^2~1
+
+table ip x {
+ chain y {
+ ip option ra value 255
+ }
+}
diff --git a/tests/shell/testcases/sets/typeof_sets_0 b/tests/shell/testcases/sets/typeof_sets_0
index 016227da6242..a105acffde48 100755
--- a/tests/shell/testcases/sets/typeof_sets_0
+++ b/tests/shell/testcases/sets/typeof_sets_0
@@ -4,6 +4,8 @@
# s1 and s2 are identical, they just use different
# ways for declaration.
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_ip_options)
+
set -e
die() {
--
2.30.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH nft 3/4] tests: shell: skip ipsec tests if kernel does not support it
2024-06-13 0:22 [PATCH nft 1/4] tests: shell: add dependencies to skip unsupported tests in older kernels Pablo Neira Ayuso
2024-06-13 0:22 ` [PATCH nft 2/4] tests: shell: skip ip option tests if kernel does not support it Pablo Neira Ayuso
@ 2024-06-13 0:22 ` Pablo Neira Ayuso
2024-06-13 0:22 ` [PATCH nft 4/4] tests: shell: skip NFTA_RULE_POSITION_ID " Pablo Neira Ayuso
2 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2024-06-13 0:22 UTC (permalink / raw)
To: netfilter-devel
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tests/shell/features/ipsec.nft | 7 +++++++
tests/shell/testcases/maps/typeof_maps_0 | 2 ++
2 files changed, 9 insertions(+)
create mode 100644 tests/shell/features/ipsec.nft
diff --git a/tests/shell/features/ipsec.nft b/tests/shell/features/ipsec.nft
new file mode 100644
index 000000000000..e7252271b6cf
--- /dev/null
+++ b/tests/shell/features/ipsec.nft
@@ -0,0 +1,7 @@
+# 6c47260250fc ("netfilter: nf_tables: add xfrm expression")
+# v4.20-rc1~14^2~125^2~25
+table ip x {
+ chain y {
+ ipsec in reqid 23
+ }
+}
diff --git a/tests/shell/testcases/maps/typeof_maps_0 b/tests/shell/testcases/maps/typeof_maps_0
index 98517fd52506..764206d26dc1 100755
--- a/tests/shell/testcases/maps/typeof_maps_0
+++ b/tests/shell/testcases/maps/typeof_maps_0
@@ -4,6 +4,8 @@
# without typeof, this is 'type string' and 'type integer',
# but neither could be used because it lacks size information.
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_ipsec)
+
set -e
die() {
--
2.30.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH nft 4/4] tests: shell: skip NFTA_RULE_POSITION_ID tests if kernel does not support it
2024-06-13 0:22 [PATCH nft 1/4] tests: shell: add dependencies to skip unsupported tests in older kernels Pablo Neira Ayuso
2024-06-13 0:22 ` [PATCH nft 2/4] tests: shell: skip ip option tests if kernel does not support it Pablo Neira Ayuso
2024-06-13 0:22 ` [PATCH nft 3/4] tests: shell: skip ipsec " Pablo Neira Ayuso
@ 2024-06-13 0:22 ` Pablo Neira Ayuso
2 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2024-06-13 0:22 UTC (permalink / raw)
To: netfilter-devel
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tests/shell/features/position_id.sh | 23 +++++++++++++++++++
tests/shell/testcases/cache/0011_index_0 | 2 ++
tests/shell/testcases/transactions/0024rule_0 | 2 ++
3 files changed, 27 insertions(+)
create mode 100755 tests/shell/features/position_id.sh
diff --git a/tests/shell/features/position_id.sh b/tests/shell/features/position_id.sh
new file mode 100755
index 000000000000..43ac97aca216
--- /dev/null
+++ b/tests/shell/features/position_id.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# 75dd48e2e420 ("netfilter: nf_tables: Support RULE_ID reference in new rule")
+# v5.1-rc1~178^2~405^2~27
+
+EXPECTED="table inet t {
+ chain c {
+ tcp dport 1234 accept
+ udp dport 4321 accept
+ accept
+ }
+}"
+
+RULESET="add table inet t
+add chain inet t c
+add rule inet t c tcp dport 1234 accept
+add rule inet t c accept
+insert rule inet t c index 1 udp dport 4321 accept
+"
+
+$NFT -f - <<< $RULESET
+
+diff -u <($NFT list ruleset) - <<<"$EXPECTED"
diff --git a/tests/shell/testcases/cache/0011_index_0 b/tests/shell/testcases/cache/0011_index_0
index c9eb86830c8d..76f2615d471c 100755
--- a/tests/shell/testcases/cache/0011_index_0
+++ b/tests/shell/testcases/cache/0011_index_0
@@ -1,5 +1,7 @@
#!/bin/bash
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_position_id)
+
set -e
RULESET="flush ruleset
diff --git a/tests/shell/testcases/transactions/0024rule_0 b/tests/shell/testcases/transactions/0024rule_0
index 4c1ac41db3b4..645319e27194 100755
--- a/tests/shell/testcases/transactions/0024rule_0
+++ b/tests/shell/testcases/transactions/0024rule_0
@@ -1,5 +1,7 @@
#!/bin/bash
+# NFT_TEST_REQUIRES(NFT_TEST_HAVE_position_id)
+
RULESET="flush ruleset
add table x
add chain x y
--
2.30.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-06-13 0:23 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-06-13 0:22 [PATCH nft 1/4] tests: shell: add dependencies to skip unsupported tests in older kernels Pablo Neira Ayuso
2024-06-13 0:22 ` [PATCH nft 2/4] tests: shell: skip ip option tests if kernel does not support it Pablo Neira Ayuso
2024-06-13 0:22 ` [PATCH nft 3/4] tests: shell: skip ipsec " Pablo Neira Ayuso
2024-06-13 0:22 ` [PATCH nft 4/4] tests: shell: skip NFTA_RULE_POSITION_ID " Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).