nftables: update to 0.8.2, backport flowtable support

Signed-off-by: Felix Fietkau <nbd@nbd.name>

1 files changed, 110 insertions, 0 deletions

diff --git a/package/network/utils/nftables/patches/204-tests-shell-add-flowtable-tests.patch b/package/network/utils/nftables/patches/204-tests-shell-add-flowtable-tests.patch
new file mode 100644
index 0000000..e6dbf8f
--- /dev/null
+++ b/package/network/utils/nftables/patches/204-tests-shell-add-flowtable-tests.patch
@@ -0,0 +1,110 @@
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Mon, 22 Jan 2018 19:54:36 +0100
+Subject: [PATCH] tests: shell: add flowtable tests
+
+Add basic flowtable tests.
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ create mode 100755 tests/shell/testcases/flowtable/0001flowtable_0
+ create mode 100755 tests/shell/testcases/flowtable/0002create_flowtable_0
+ create mode 100755 tests/shell/testcases/flowtable/0003add_after_flush_0
+ create mode 100755 tests/shell/testcases/flowtable/0004delete_after_add0
+ create mode 100755 tests/shell/testcases/flowtable/0005delete_in_use_1
+
+--- a/tests/shell/run-tests.sh
++++ b/tests/shell/run-tests.sh
+@@ -68,7 +68,9 @@ kernel_cleanup() {
+ 	nft_set_hash nft_set_rbtree nft_set_bitmap \
+ 	nft_chain_nat_ipv4 nft_chain_nat_ipv6 \
+ 	nf_tables_inet nf_tables_bridge nf_tables_arp \
+-	nf_tables_ipv4 nf_tables_ipv6 nf_tables
++	nf_tables_ipv4 nf_tables_ipv6 nf_tables \
++	nf_flow_table nf_flow_table_ipv4 nf_flow_tables_ipv6 \
++	nf_flow_table_inet nft_flow_offload
+ }
+ 
+ find_tests() {
+--- /dev/null
++++ b/tests/shell/testcases/flowtable/0001flowtable_0
+@@ -0,0 +1,33 @@
++#!/bin/bash
++
++tmpfile=$(mktemp)
++if [ ! -w $tmpfile ] ; then
++	echo "Failed to create tmp file" >&2
++	exit 0
++fi
++
++trap "rm -rf $tmpfile" EXIT # cleanup if aborted
++
++
++EXPECTED='table inet t {
++	flowtable f {
++		hook ingress priority 10
++		devices = { eth0, wlan0 }
++	}
++
++	chain c {
++		flow offload @f
++	}
++}'
++
++echo "$EXPECTED" > $tmpfile
++set -e
++$NFT -f $tmpfile
++
++GET="$($NFT list ruleset)"
++
++if [ "$EXPECTED" != "$GET" ] ; then
++	DIFF="$(which diff)"
++	[ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
++	exit 1
++fi
+--- /dev/null
++++ b/tests/shell/testcases/flowtable/0002create_flowtable_0
+@@ -0,0 +1,12 @@
++#!/bin/bash
++
++set -e
++$NFT add table t
++$NFT add flowtable t f { hook ingress priority 10 \; devices = { eth0, wlan0 }\; }
++if $NFT create flowtable t f { hook ingress priority 10 \; devices = { eth0, wlan0 }\; } 2>/dev/null ; then
++	echo "E: flowtable creation not failing on existing set" >&2
++	exit 1
++fi
++$NFT add flowtable t f { hook ingress priority 10 \; devices = { eth0, wlan0 }\; }
++
++exit 0
+--- /dev/null
++++ b/tests/shell/testcases/flowtable/0003add_after_flush_0
+@@ -0,0 +1,8 @@
++#!/bin/bash
++
++set -e
++$NFT add table x
++$NFT add flowtable x y { hook ingress priority 0\; devices = { eth0, wlan0 }\;}
++$NFT flush ruleset
++$NFT add table x
++$NFT add flowtable x y { hook ingress priority 0\; devices = { eth0, wlan0 }\;}
+--- /dev/null
++++ b/tests/shell/testcases/flowtable/0004delete_after_add0
+@@ -0,0 +1,6 @@
++#!/bin/bash
++
++set -e
++$NFT add table x
++$NFT add flowtable x y { hook ingress priority 0\; devices = { eth0, wlan0 }\;}
++$NFT delete flowtable x y
+--- /dev/null
++++ b/tests/shell/testcases/flowtable/0005delete_in_use_1
+@@ -0,0 +1,9 @@
++#!/bin/bash
++
++set -e
++$NFT add table x
++$NFT add chain x x
++$NFT add flowtable x y { hook ingress priority 0\; devices = { eth0, wlan0 }\;}
++$NFT add rule x x flow offload @y
++$NFT delete flowtable x y
++echo "E: delete flowtable in use"