diff options
| author | Vitaly Ostrosablin <vostrosablin@virtuozzo.com> | 2019-11-01 12:00:23 +0300 |
|---|---|---|
| committer | Andrei Vagin <avagin@gmail.com> | 2020-02-04 23:39:04 +0300 |
| commit | c4006c0034ef2162693d9dd619d025c240affc78 (patch) | |
| tree | 9c76821fe5b86ca9af049def87d9ef49869fcb29 /test | |
| parent | a7c625938eb1d472341770699469ca6ddb4d91b1 (diff) | |
test/static:conntracks: Support nftables
Update test to support both iptables and nft to create conntrack rules.
Signed-off-by: Vitaly Ostrosablin <vostrosablin@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Diffstat (limited to 'test')
| -rwxr-xr-x | test/zdtm/static/conntracks | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/test/zdtm/static/conntracks b/test/zdtm/static/conntracks index a30e0e268..26220f97c 100755 --- a/test/zdtm/static/conntracks +++ b/test/zdtm/static/conntracks @@ -23,7 +23,7 @@ do_or_fail() fail "$failmsg: $output" } -do_start() +do_start_ipt() { [ -f "$statefile" ] && die "state file $statefile aleady exists" @@ -35,7 +35,7 @@ do_start() iptables -L \> "$statefile" } -do_stop() +do_stop_ipt() { do_or_fail "can't compare the iptables" \ iptables -L \| diff -u "$statefile" - @@ -45,6 +45,38 @@ do_stop() echo "PASS" > $outfile } +do_start_nft() +{ + [ -f "$statefile" ] && die "state file $statefile aleady exists" + + do_or_fail "can't install a state match" \ + nft add rule filter INPUT \ + ct state related,established accept + + do_or_fail "can't list the loaded nftables" \ + nft list ruleset \> "$statefile" +} + +do_stop_nft() +{ + do_or_fail "can't compare the nftables" \ + nft list ruleset \| diff -u "$statefile" - + + rm -f "$statefile" + + echo "PASS" > $outfile +} + +do_start() +{ + [ -x "$(command -v nft)" ] && do_start_nft || do_start_ipt +} + +do_stop() +{ + [ -x "$(command -v nft)" ] && do_stop_nft || do_stop_ipt +} + tmpargs="$(../lib/parseargs.sh --name=$0 \ --flags-req=statefile,outfile \ --flags-opt="start,stop" -- "$@")" || |