Blame tests/shell/testcases/netns/0002loosecommands_0
|
Packit |
c5a612 |
#!/bin/bash
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
# test a kernel netns loading a simple ruleset
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
IP=$(which ip)
|
|
Packit |
c5a612 |
if [ ! -x "$IP" ] ; then
|
|
Packit |
c5a612 |
echo "E: no ip binary" >&2
|
|
Packit |
c5a612 |
exit 1
|
|
Packit |
c5a612 |
fi
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
function netns_exec()
|
|
Packit |
c5a612 |
{
|
|
Packit |
c5a612 |
# $1: netns_name $2: command
|
|
Packit |
c5a612 |
$IP netns exec $1 $2
|
|
Packit |
c5a612 |
if [ $? -ne 0 ] ; then
|
|
Packit |
c5a612 |
echo "E: failed to execute command in netns $1: $2" >&2
|
|
Packit |
c5a612 |
$IP netns del $1
|
|
Packit |
c5a612 |
exit 1
|
|
Packit |
c5a612 |
fi
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
NETNS_NAME=$(basename "$0")
|
|
Packit |
c5a612 |
$IP netns add $NETNS_NAME
|
|
Packit |
c5a612 |
if [ $? -ne 0 ] ; then
|
|
Packit |
c5a612 |
echo "E: unable to create netns" >&2
|
|
Packit |
c5a612 |
exit 1
|
|
Packit |
c5a612 |
fi
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
netns_exec $NETNS_NAME "$NFT add table ip t"
|
|
Packit |
c5a612 |
netns_exec $NETNS_NAME "$NFT add chain ip t c"
|
|
Packit |
c5a612 |
netns_exec $NETNS_NAME "$NFT add chain ip t other"
|
|
Packit |
c5a612 |
netns_exec $NETNS_NAME "$NFT add set ip t s { type ipv4_addr; }"
|
|
Packit |
c5a612 |
netns_exec $NETNS_NAME "$NFT add element ip t s {1.1.0.0 }"
|
|
Packit |
c5a612 |
netns_exec $NETNS_NAME "$NFT add rule ip t c ct state new"
|
|
Packit |
c5a612 |
netns_exec $NETNS_NAME "$NFT add rule ip t c udp dport { 12345, 54321 }"
|
|
Packit |
c5a612 |
netns_exec $NETNS_NAME "$NFT add rule ip t c ip saddr @s drop"
|
|
Packit |
c5a612 |
netns_exec $NETNS_NAME "$NFT add rule ip t c jump other"
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
RULESET="table ip t {
|
|
Packit |
c5a612 |
set s {
|
|
Packit |
c5a612 |
type ipv4_addr
|
|
Packit |
c5a612 |
elements = { 1.1.0.0 }
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
chain c {
|
|
Packit |
c5a612 |
ct state new
|
|
Packit |
c5a612 |
udp dport { 12345, 54321 }
|
|
Packit |
c5a612 |
ip saddr @s drop
|
|
Packit |
c5a612 |
jump other
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
chain other {
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
}"
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
KERNEL_RULESET="$($IP netns exec $NETNS_NAME $NFT list ruleset)"
|
|
Packit |
c5a612 |
$IP netns del $NETNS_NAME
|
|
Packit |
c5a612 |
if [ "$RULESET" != "$KERNEL_RULESET" ] ; then
|
|
Packit Service |
1227cd |
DIFF="$(which diff)"
|
|
Packit Service |
1227cd |
[ -x $DIFF ] && $DIFF -u <(echo "$RULESET") <(echo "$KERNEL_RULESET")
|
|
Packit |
c5a612 |
exit 1
|
|
Packit |
c5a612 |
fi
|