nftables/0078-tests-shell-auto-removal-of-chain-hook-on-netns-remo.patch

From 66369d42095a214672c1f935eed91902d4cca8d5 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Wed, 27 Apr 2022 14:37:00 +0200
Subject: [PATCH] tests: shell: auto-removal of chain hook on netns removal

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2070924
Upstream Status: nftables commit e632eea21f4b3
Conflicts: Commit b4775dec9f80b ("src: ingress inet support") creating
	   the test not backported, RHEL8 does not support inet ingress.
	   Script adjusted accordingly.

commit e632eea21f4b3d03b629a5c1ac7e776d65785873
Author: Florian Westphal <fw@strlen.de>
Date:   Tue Oct 19 14:07:25 2021 +0200

    tests: shell: auto-removal of chain hook on netns removal

    This is the nft equivalent of the syzbot report that lead to
    kernel commit 68a3765c659f8
    ("netfilter: nf_tables: skip netdev events generated on netns removal").

    Signed-off-by: Florian Westphal <fw@strlen.de>
---
 tests/shell/testcases/chains/0043chain_ingress_0 | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100755 tests/shell/testcases/chains/0043chain_ingress_0

diff --git a/tests/shell/testcases/chains/0043chain_ingress_0 b/tests/shell/testcases/chains/0043chain_ingress_0
new file mode 100755
index 0000000..09d6907
--- /dev/null
+++ b/tests/shell/testcases/chains/0043chain_ingress_0
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+# Test auto-removal of chain hook on netns removal
+unshare -n bash -c "ip link add br0 type bridge; \
+ $NFT add table netdev test; \
+ $NFT add chain netdev test ingress { type filter hook ingress device \"br0\" priority 0\; policy drop\; } ; \
+" || exit 1
+
+exit 0
-- 
2.34.1
Import rpm: c8s 2023-02-27 19:33:43 +00:00			`From 66369d42095a214672c1f935eed91902d4cca8d5 Mon Sep 17 00:00:00 2001`
			`From: Phil Sutter <psutter@redhat.com>`
			`Date: Wed, 27 Apr 2022 14:37:00 +0200`
			`Subject: [PATCH] tests: shell: auto-removal of chain hook on netns removal`

			`Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2070924`
			`Upstream Status: nftables commit e632eea21f4b3`
			`Conflicts: Commit b4775dec9f80b ("src: ingress inet support") creating`
			`the test not backported, RHEL8 does not support inet ingress.`
			`Script adjusted accordingly.`

			`commit e632eea21f4b3d03b629a5c1ac7e776d65785873`
			`Author: Florian Westphal <fw@strlen.de>`
			`Date: Tue Oct 19 14:07:25 2021 +0200`

			`tests: shell: auto-removal of chain hook on netns removal`

			`This is the nft equivalent of the syzbot report that lead to`
			`kernel commit 68a3765c659f8`
			`("netfilter: nf_tables: skip netdev events generated on netns removal").`

			`Signed-off-by: Florian Westphal <fw@strlen.de>`
			`---`
			`tests/shell/testcases/chains/0043chain_ingress_0 \| 11 +++++++++++`
			`1 file changed, 11 insertions(+)`
			`create mode 100755 tests/shell/testcases/chains/0043chain_ingress_0`

			`diff --git a/tests/shell/testcases/chains/0043chain_ingress_0 b/tests/shell/testcases/chains/0043chain_ingress_0`
			`new file mode 100755`
			`index 0000000..09d6907`
			`--- /dev/null`
			`+++ b/tests/shell/testcases/chains/0043chain_ingress_0`
			`@@ -0,0 +1,11 @@`
			`+#!/bin/bash`
			`+`
			`+set -e`
			`+`
			`+# Test auto-removal of chain hook on netns removal`
			`+unshare -n bash -c "ip link add br0 type bridge; \`
			`+ $NFT add table netdev test; \`
			`+ $NFT add chain netdev test ingress { type filter hook ingress device \"br0\" priority 0\; policy drop\; } ; \`
			`+" \|\| exit 1`
			`+`
			`+exit 0`
			`--`
			`2.34.1`