Interface specs won't disappear anymore upon device removal. Drop them
manually if kernel has ifname-based hooks.
Also drop transactions/0050rule_1 test entirely: It won't fail anymore
as the flowtable is accepted despite the non-existent interfaces and
thus the test as a whole does not work anymore.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
tests/shell/features/ifname_based_hooks.sh | 12 ++++++++++++
.../chains/netdev_chain_dormant_autoremove | 3 +++
.../flowtable/0012flowtable_variable_0 | 9 ++++++++-
tests/shell/testcases/listing/0020flowtable_0 | 8 +++++++-
tests/shell/testcases/transactions/0050rule_1 | 19 -------------------
.../transactions/dumps/0050rule_1.json-nft | 11 -----------
.../transactions/dumps/0050rule_1.nft | 0
7 files changed, 30 insertions(+), 32 deletions(-)
create mode 100755 tests/shell/features/ifname_based_hooks.sh
delete mode 100755 tests/shell/testcases/transactions/0050rule_1
delete mode 100644 tests/shell/testcases/transactions/dumps/0050rule_1.json-nft
delete mode 100644 tests/shell/testcases/transactions/dumps/0050rule_1.nft
diff --git a/tests/shell/features/ifname_based_hooks.sh b/tests/shell/features/ifname_based_hooks.sh
new file mode 100755
index 0000000000000..cada6956f165b
--- /dev/null
+++ b/tests/shell/features/ifname_based_hooks.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# check if netdev chains survive without a single device
+
+unshare -n bash -c "ip link add d0 type dummy; \
+ $NFT \"table netdev t { \
+ chain c { \
+ type filter hook ingress priority 0; devices = { d0 }; \
+ }; \
+ }\"; \
+ ip link del d0; \
+ $NFT list chain netdev t c"
diff --git a/tests/shell/testcases/chains/netdev_chain_dormant_autoremove b/tests/shell/testcases/chains/netdev_chain_dormant_autoremove
index 3093ce25319cf..8455f310445e9 100755
--- a/tests/shell/testcases/chains/netdev_chain_dormant_autoremove
+++ b/tests/shell/testcases/chains/netdev_chain_dormant_autoremove
@@ -9,3 +9,6 @@ ip link add dummy1 type dummy
$NFT add table netdev test { flags dormant\; }
$NFT add chain netdev test ingress { type filter hook ingress devices = { "dummy0", "dummy1" } priority 0\; policy drop\; }
ip link del dummy0
+if [ "$NFT_TEST_HAVE_ifname_based_hooks" = y ]; then
+ $NFT 'delete chain netdev test ingress { devices = { "dummy0" }; }'
+fi
diff --git a/tests/shell/testcases/flowtable/0012flowtable_variable_0 b/tests/shell/testcases/flowtable/0012flowtable_variable_0
index 9c03820f128e3..ff35548ed8543 100755
--- a/tests/shell/testcases/flowtable/0012flowtable_variable_0
+++ b/tests/shell/testcases/flowtable/0012flowtable_variable_0
@@ -4,11 +4,18 @@
set -e
+ft_deldev() {
+ $NFT "delete flowtable $1 $2 { devices = { $3 }; }"
+}
+
iface_cleanup() {
ip link del dummy1 &>/dev/null || :
+ if [ "$NFT_TEST_HAVE_ifname_based_hooks" = y ]; then
+ ft_deldev filter1 Main_ft1 dummy1
+ ft_deldev filter2 Main_ft2 dummy1
+ fi
}
trap 'iface_cleanup' EXIT
-iface_cleanup
ip link add name dummy1 type dummy
diff --git a/tests/shell/testcases/listing/0020flowtable_0 b/tests/shell/testcases/listing/0020flowtable_0
index 0e89f5dd01393..14b0c909a7eba 100755
--- a/tests/shell/testcases/listing/0020flowtable_0
+++ b/tests/shell/testcases/listing/0020flowtable_0
@@ -48,7 +48,13 @@ EXPECTED3="table ip filter {
iface_cleanup() {
ip link del d0 &>/dev/null || :
}
-trap 'iface_cleanup' EXIT
+ft_cleanup() {
+ if [ "$NFT_TEST_HAVE_ifname_based_hooks" = y ]; then
+ $NFT 'delete flowtable ip filter f2 { devices = { d0 }; }'
+ $NFT 'delete flowtable inet filter f2 { devices = { d0 }; }'
+ fi
+}
+trap 'iface_cleanup; ft_cleanup' EXIT
iface_cleanup
ip link add d0 type dummy
diff --git a/tests/shell/testcases/transactions/0050rule_1 b/tests/shell/testcases/transactions/0050rule_1
deleted file mode 100755
index 89e5f42fc9f4d..0000000000000
--- a/tests/shell/testcases/transactions/0050rule_1
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-set -e
-
-RULESET="table inet filter {
- flowtable ftable {
- hook ingress priority 0; devices = { eno1, eno0, x };
- }
-
-chain forward {
- type filter hook forward priority 0; policy drop;
-
- ip protocol { tcp, udp } ct mark and 1 == 1 counter flow add @ftable
- ip6 nexthdr { tcp, udp } ct mark and 2 == 2 counter flow add @ftable
- ct mark and 30 == 30 ct state established,related log prefix \"nftables accept: \" level info accept
- }
-}"
-
-$NFT -f - <<< "$RULESET" >/dev/null || exit 0
diff --git a/tests/shell/testcases/transactions/dumps/0050rule_1.json-nft b/tests/shell/testcases/transactions/dumps/0050rule_1.json-nft
deleted file mode 100644
index 546cc5977db61..0000000000000
--- a/tests/shell/testcases/transactions/dumps/0050rule_1.json-nft
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- "nftables": [
- {
- "metainfo": {
- "version": "VERSION",
- "release_name": "RELEASE_NAME",
- "json_schema_version": 1
- }
- }
- ]
-}
diff --git a/tests/shell/testcases/transactions/dumps/0050rule_1.nft b/tests/shell/testcases/transactions/dumps/0050rule_1.nft
deleted file mode 100644
index e69de29bb2d1d..0000000000000
--
2.49.0
