From: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: Thomas Haller <thaller@xxxxxxxxxx> --- tests/shell/features/ctexpect.nft | 10 ++++ tests/shell/features/cttimeout.nft | 8 +++ tests/shell/testcases/listing/0013objects_0 | 50 +++++-------------- .../testcases/listing/dumps/0013objects_0.nft | 2 - .../testcases/nft-f/0017ct_timeout_obj_0 | 2 + 5 files changed, 33 insertions(+), 39 deletions(-) create mode 100644 tests/shell/features/ctexpect.nft create mode 100644 tests/shell/features/cttimeout.nft diff --git a/tests/shell/features/ctexpect.nft b/tests/shell/features/ctexpect.nft new file mode 100644 index 000000000000..02c3dfd74bd4 --- /dev/null +++ b/tests/shell/features/ctexpect.nft @@ -0,0 +1,10 @@ +# 857b46027d6f ("netfilter: nft_ct: add ct expectations support") +# v5.3-rc1~140^2~153^2~19 +table t { + ct expectation ctexpect { + protocol tcp + dport 5432 + timeout 1h + size 12; + } +} diff --git a/tests/shell/features/cttimeout.nft b/tests/shell/features/cttimeout.nft new file mode 100644 index 000000000000..4be58cd3c26b --- /dev/null +++ b/tests/shell/features/cttimeout.nft @@ -0,0 +1,8 @@ +# 7e0b2b57f01d ("netfilter: nft_ct: add ct timeout support") +# v4.19-rc1~140^2~64^2~3 +table t { + ct timeout cttime { + protocol tcp; + policy = {established: 120 } + } +} diff --git a/tests/shell/testcases/listing/0013objects_0 b/tests/shell/testcases/listing/0013objects_0 index c81b94e20f65..c78ada947a94 100755 --- a/tests/shell/testcases/listing/0013objects_0 +++ b/tests/shell/testcases/listing/0013objects_0 @@ -1,47 +1,23 @@ #!/bin/bash -# list table with all objects and chains - -EXPECTED="table ip test { - quota https-quota { - 25 mbytes - } - - ct helper cthelp { - type \"sip\" protocol tcp - l3proto ip - } - - ct timeout cttime { - protocol udp - l3proto ip - policy = { unreplied : 15s, replied : 12s } - } - - ct expectation ctexpect { - protocol tcp - dport 5432 - timeout 1h - size 12 - l3proto ip - } - - chain input { - } -}" - set -e $NFT add table test $NFT add chain test input $NFT add quota test https-quota 25 mbytes $NFT add ct helper test cthelp { type \"sip\" protocol tcp \; } -$NFT add ct timeout test cttime { protocol udp \; policy = {replied : 12, unreplied : 15 } \; } -$NFT add ct expectation test ctexpect { protocol tcp \; dport 5432 \; timeout 1h \; size 12 \; } -$NFT add table test-ip +if [ "$NFT_TEST_HAVE_cttimeout" != n ] ; then + $NFT add ct timeout test cttime { protocol udp \; policy = {replied : 12, unreplied : 15 } \; } +fi +if [ "$NFT_TEST_HAVE_ctexpect" != n ] ; then + $NFT add ct expectation test ctexpect { protocol tcp \; dport 5432 \; timeout 1h \; size 12 \; } +fi -GET="$($NFT list table test)" -if [ "$EXPECTED" != "$GET" ] ; then - $DIFF -u <(echo "$EXPECTED") <(echo "$GET") - exit 1 +if [ "$NFT_TEST_HAVE_cttimeout" = n ] ; then + echo "Ran partial test due to NFT_TEST_HAVE_cttimeout=n (skipped)" + exit 77 +fi +if [ "$NFT_TEST_HAVE_ctexpect" = n ] ; then + echo "Ran partial test due to NFT_TEST_HAVE_ctexpect=n (skipped)" + exit 77 fi diff --git a/tests/shell/testcases/listing/dumps/0013objects_0.nft b/tests/shell/testcases/listing/dumps/0013objects_0.nft index 1ea610f8b8d8..427db268163a 100644 --- a/tests/shell/testcases/listing/dumps/0013objects_0.nft +++ b/tests/shell/testcases/listing/dumps/0013objects_0.nft @@ -25,5 +25,3 @@ table ip test { chain input { } } -table ip test-ip { -} diff --git a/tests/shell/testcases/nft-f/0017ct_timeout_obj_0 b/tests/shell/testcases/nft-f/0017ct_timeout_obj_0 index 4f407793b23b..cfb789501bea 100755 --- a/tests/shell/testcases/nft-f/0017ct_timeout_obj_0 +++ b/tests/shell/testcases/nft-f/0017ct_timeout_obj_0 @@ -1,5 +1,7 @@ #!/bin/bash +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_cttimeout) + EXPECTED='table ip filter { ct timeout cttime{ protocol tcp -- 2.41.0