1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
#!/bin/bash
# NFT_TEST_REQUIRES(NFT_TEST_HAVE_netdev_chain_multidevice)
set -e
ip link add name d23456789012345 type dummy
EXPECTED="define if_main = \"lo\"
table netdev filter1 {
chain Main_Ingress1 {
type filter hook ingress device \$if_main priority -500; policy accept;
}
}"
$NFT -f - <<< $EXPECTED
EXPECTED="define if_main = \"lo\"
table netdev filter2 {
chain Main_Ingress2 {
type filter hook ingress devices = { \$if_main, d23456789012345x } priority -500; policy accept;
}
}"
rc=0
$NFT -f - <<< $EXPECTED || rc=$?
test "$rc" = 1
cat <<EOF | $DIFF -u <($NFT list ruleset) -
table netdev filter1 {
chain Main_Ingress1 {
type filter hook ingress device "lo" priority -500; policy accept;
}
}
EOF
EXPECTED="define if_main = \"lo\"
table netdev filter2 {
chain Main_Ingress2 {
type filter hook ingress devices = { \$if_main, d23456789012345 } priority -500; policy accept;
}
}"
$NFT -f - <<< $EXPECTED
if [ "$NFT_TEST_HAVE_netdev_egress" = n ] ; then
echo "Skip parts of the test due to NFT_TEST_HAVE_netdev_egress=n"
exit 77
fi
EXPECTED="define if_main = { lo, d23456789012345 }
define lan_interfaces = { lo }
table netdev filter3 {
chain Main_Ingress3 {
type filter hook ingress devices = \$if_main priority -500; policy accept;
}
chain Main_Egress3 {
type filter hook egress devices = \$lan_interfaces priority -500; policy accept;
}
}"
$NFT -f - <<< $EXPECTED
|
