currently kernel may pick a set implementation that doesn't provide
a ->update() function. This causes an error when user attempts to
add the nftables rule that is supposed to add entries to the set.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
Pablo, unless you have objections I would push this now.
diff --git a/tests/shell/testcases/sets/0028autoselect_0 b/tests/shell/testcases/sets/0028autoselect_0
new file mode 100755
index 000000000000..2225e7aee247
--- /dev/null
+++ b/tests/shell/testcases/sets/0028autoselect_0
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# This testscase checks kernel picks a suitable set backends.
+# Ruleset attempts to update from packet path, so set backend
+# needs an ->update() implementation.
+
+set -e
+
+$NFT add table t
+$NFT add set t s1 { type inet_proto \; }
+$NFT add set t s2 { type ipv4_addr \; }
+$NFT add set t s3 { type ipv4_addr \; size 1024\; }
+$NFT add chain t c {type filter hook input priority 0 \; }
+
+# chosen set type must support updates from packet path
+$NFT add rule t c meta iifname foobar set add ip protocol @s1
+$NFT add rule t c meta iifname foobar set add ip daddr @s2
+$NFT add rule t c meta iifname foobar set add ip daddr @s3
--
2.13.6
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
