tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

selftests: netfilter: Fix and review rpath.sh

Address a few problems with the initial test script version:

* On systems with ip6tables but no ip6tables-legacy, testing for
ip6tables was disabled by accident.
* Firewall setup phase did not respect possibly unavailable tools.
* Consistently call nft via '$nft'.

Fixes: 6e31ce831c63b ("selftests: netfilter: Test reverse path filtering")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Phil Sutter and committed by
Pablo Neira Ayuso 58bb78ce 03c1f1ef

+8 -6
+8 -6
tools/testing/selftests/netfilter/rpath.sh
··· 15 15 16 16 if ip6tables-legacy --version >/dev/null 2>&1; then 17 17 ip6tables='ip6tables-legacy' 18 - elif ! ip6tables --version >/dev/null 2>&1; then 18 + elif ip6tables --version >/dev/null 2>&1; then 19 19 ip6tables='ip6tables' 20 20 else 21 21 ip6tables='' ··· 62 62 ip -net "$ns2" a a fec0:42::1/64 dev d0 nodad 63 63 64 64 # firewall matches to test 65 - ip netns exec "$ns2" "$iptables" -t raw -A PREROUTING -s 192.168.0.0/16 -m rpfilter 66 - ip netns exec "$ns2" "$ip6tables" -t raw -A PREROUTING -s fec0::/16 -m rpfilter 67 - ip netns exec "$ns2" nft -f - <<EOF 65 + [ -n "$iptables" ] && ip netns exec "$ns2" \ 66 + "$iptables" -t raw -A PREROUTING -s 192.168.0.0/16 -m rpfilter 67 + [ -n "$ip6tables" ] && ip netns exec "$ns2" \ 68 + "$ip6tables" -t raw -A PREROUTING -s fec0::/16 -m rpfilter 69 + [ -n "$nft" ] && ip netns exec "$ns2" $nft -f - <<EOF 68 70 table inet t { 69 71 chain c { 70 72 type filter hook prerouting priority raw; ··· 108 106 if [ -n "$nft" ]; then 109 107 ( 110 108 echo "delete table inet t"; 111 - ip netns exec "$ns2" nft -s list table inet t; 112 - ) | ip netns exec "$ns2" nft -f - 109 + ip netns exec "$ns2" $nft -s list table inet t; 110 + ) | ip netns exec "$ns2" $nft -f - 113 111 fi 114 112 115 113 # test 1: martian traffic should fail rpfilter matches