From 66369d42095a214672c1f935eed91902d4cca8d5 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Wed, 27 Apr 2022 14:37:00 +0200
Subject: [PATCH] tests: shell: auto-removal of chain hook on netns removal

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2070924
Upstream Status: nftables commit e632eea21f4b3
Conflicts: Commit b4775dec9f80b ("src: ingress inet support") creating
	   the test not backported, RHEL8 does not support inet ingress.
	   Script adjusted accordingly.

commit e632eea21f4b3d03b629a5c1ac7e776d65785873
Author: Florian Westphal <fw@strlen.de>
Date:   Tue Oct 19 14:07:25 2021 +0200

    tests: shell: auto-removal of chain hook on netns removal

    This is the nft equivalent of the syzbot report that lead to
    kernel commit 68a3765c659f8
    ("netfilter: nf_tables: skip netdev events generated on netns removal").

    Signed-off-by: Florian Westphal <fw@strlen.de>
---
 tests/shell/testcases/chains/0043chain_ingress_0 | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100755 tests/shell/testcases/chains/0043chain_ingress_0

diff --git a/tests/shell/testcases/chains/0043chain_ingress_0 b/tests/shell/testcases/chains/0043chain_ingress_0
new file mode 100755
index 0000000..09d6907
--- /dev/null
+++ b/tests/shell/testcases/chains/0043chain_ingress_0
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+# Test auto-removal of chain hook on netns removal
+unshare -n bash -c "ip link add br0 type bridge; \
+ $NFT add table netdev test; \
+ $NFT add chain netdev test ingress { type filter hook ingress device \"br0\" priority 0\; policy drop\; } ; \
+" || exit 1
+
+exit 0
-- 
2.34.1