On Fri, Sep 23, 2022 at 02:17:25PM +0200, Florian Westphal wrote:
[...]
> diff --git a/iptables/tests/shell/testcases/nft-only/0010-native-delinearize_0 b/iptables/tests/shell/testcases/nft-only/0010-native-delinearize_0
> index cca36fd88d6c..7859e76c9dd5 100755
> --- a/iptables/tests/shell/testcases/nft-only/0010-native-delinearize_0
> +++ b/iptables/tests/shell/testcases/nft-only/0010-native-delinearize_0
> @@ -5,22 +5,5 @@ nft -v >/dev/null || exit 0
>
> set -e
>
> -nft -f - <<EOF
> -table ip filter {
> - chain FORWARD {
> - type filter hook forward priority filter;
> - limit rate 10/day counter
> - udp dport 42 counter
> - }
> -}
> -EOF
> -
> -EXPECT="*filter
> -:INPUT ACCEPT [0:0]
> -:FORWARD ACCEPT [0:0]
> -:OUTPUT ACCEPT [0:0]
> --A FORWARD -m limit --limit 10/day
> --A FORWARD -p udp -m udp --dport 42
> -COMMIT"
> -
> -diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI iptables-save | grep -v '^#')
> +unshare -n bash -c "nft -f $(dirname $0)/0010-nft-native.txt;
> + diff -u -Z $(dirname $0)/0010-iptables-nft-save.txt <($XT_MULTI iptables-save | grep -v '^#')"
run-test.sh calls unshare already. Apart from that:
Acked-by: Phil Sutter <phil@xxxxxx>
