* [LTP] [PATCH] network/iptables: add ipv6 support
@ 2019-12-26 13:58 Alexey Kodanev
2020-01-03 12:48 ` Petr Vorel
0 siblings, 1 reply; 5+ messages in thread
From: Alexey Kodanev @ 2019-12-26 13:58 UTC (permalink / raw)
To: ltp
New tests: ip6tables, nft6.
Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
---
runtest/net.ipv6 | 2 +
testcases/network/iptables/iptables_lib.sh | 120 +++++++++++----------
testcases/network/iptables/nft01.sh | 17 +--
3 files changed, 77 insertions(+), 62 deletions(-)
diff --git a/runtest/net.ipv6 b/runtest/net.ipv6
index a238a087a..e599978c0 100644
--- a/runtest/net.ipv6
+++ b/runtest/net.ipv6
@@ -8,3 +8,5 @@ traceroute601 traceroute01.sh -6
dhcpd6 dhcpd_tests.sh -6
dnsmasq6 dnsmasq_tests.sh -6
ipneigh6_ip ipneigh01.sh -6 -c ip
+ip6tables iptables01.sh -6
+nft6 nft01.sh -6
diff --git a/testcases/network/iptables/iptables_lib.sh b/testcases/network/iptables/iptables_lib.sh
index b029950f9..ad2a894b6 100755
--- a/testcases/network/iptables/iptables_lib.sh
+++ b/testcases/network/iptables/iptables_lib.sh
@@ -12,43 +12,52 @@ TST_NEEDS_TMPDIR=1
TST_NEEDS_ROOT=1
TST_SETUP="${TST_SETUP:-init}"
TST_CLEANUP="${TST_CLEANUP:-cleanup}"
+TST_NEEDS_CMDS="grep telnet"
-if [ "$use_iptables" = 1 ]; then
- toolname=iptables
- cmds="$toolname"
- TST_NEEDS_DRIVERS="ip_tables"
-else
- toolname=nft
- cmds="$toolname iptables-translate"
- TST_NEEDS_DRIVERS="nf_tables"
-fi
-
-TST_NEEDS_CMDS="$cmds grep ping telnet"
-
-. tst_test.sh
+. tst_net.sh
NFRUN()
{
local rule
if [ "$use_iptables" = 1 ]; then
- iptables $@
+ ip${TST_IPV6}tables $@
else
- $(iptables-translate $@ | sed 's,\\,,g')
+ $(ip${TST_IPV6}tables-translate $@ | sed 's,\\,,g')
fi
}
NFRUN_REMOVE()
{
if [ "$use_iptables" = 1 ]; then
- ROD iptables -D INPUT 1
+ ROD ip${TST_IPV6}tables -D INPUT 1
else
- ROD nft flush chain ip filter INPUT
+ ROD nft flush chain ip${TST_IPV6} filter INPUT
fi
}
init()
{
+ if [ "$use_iptables" = 1 ]; then
+ toolname=ip${TST_IPV6}tables
+ cmds="$toolname"
+ tst_require_drivers ip${TST_IPV6}_tables
+ else
+ toolname=nft
+ cmds="$toolname ip${TST_IPV6}tables-translate"
+ fi
+
+ if [ "$TST_IPV6" ];then
+ loc_addr="::1"
+ proto="icmpv6"
+ else
+ loc_addr="127.0.0.1"
+ proto="icmp"
+ fi
+
+ ping_cmd="ping$TST_IPV6"
+ tst_require_cmds $cmds $ping_cmd
+
tst_res TINFO "INIT: Flushing all rules"
NFRUN -F -t filter > tst_iptables.out 2>&1
NFRUN -F -t nat > tst_iptables.out 2>&1
@@ -57,29 +66,28 @@ init()
cleanup()
{
- if lsmod | grep -q "ip_tables"; then
+ if lsmod | grep -q "ip${TST_IPV6}_tables"; then
NFTRUN -F -t filter > /dev/null 2>&1
NFTRUN -F -t nat > /dev/null 2>&1
NFTRUN -F -t mangle > /dev/null 2>&1
rmmod -v ipt_limit ipt_multiport ipt_LOG ipt_REJECT \
- iptable_mangle iptable_nat ip_conntrack \
- iptable_filter ip_tables nf_nat_ipv4 nf_nat \
- nf_log_ipv4 nf_log_common nf_reject_ipv4 \
- nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack \
+ ip${TST_IPV6}table_mangle ip${TST_IPV6}table_nat ip_conntrack \
+ ip${TST_IPV6}table_filter ip${TST_IPV6}_tables nf_nat_ipv${TST_IPVER} nf_nat \
+ nf_log_ipv${TST_IPVER} nf_log_common nf_reject_ipv${TST_IPVER} \
+ nf_conntrack_ipv${TST_IPVER} nf_defrag_ipv${TST_IPVER} nf_conntrack \
> tst_iptables.out 2>&1
fi
}
test1()
{
-
if [ "$use_iptables" != 1 ]; then
tst_res TCONF "$toolname not applicable for test $1"
return
fi
local chaincnt=0
-
- local cmd="iptables -L -t filter"
+ local ipt_cmd="ip${TST_IPV6}tables"
+ local cmd="$ipt_cmd -L -t filter"
tst_res TINFO "$cmd will list all rules in table filter"
$cmd > tst_iptables.out 2>&1
if [ $? -ne 0 ]; then
@@ -97,7 +105,7 @@ test1()
fi
fi
- local cmd="iptables -L -t nat"
+ local cmd="$ipt_cmd -L -t nat"
tst_res TINFO "$cmd will list all rules in table nat"
$cmd > tst_iptables.out 2>&1
if [ $? -ne 0 ]; then
@@ -115,7 +123,7 @@ test1()
fi
fi
- local cmd="iptables -L -t mangle"
+ local cmd="$ipt_cmd -L -t mangle"
tst_res TINFO "$cmd will list all rules in table mangle"
$cmd > tst_iptables.out 2>&1
if [ $? -ne 0 ]; then
@@ -132,23 +140,23 @@ test1()
fi
fi
- tst_res TPASS "iptables -L lists rules"
+ tst_res TPASS "$ipt_cmd -L lists rules"
}
test2()
{
tst_res TINFO "Use $toolname to DROP packets from particular IP"
- tst_res TINFO "Rule to block icmp from 127.0.0.1"
+ tst_res TINFO "Rule to block icmp from $loc_addr"
- NFRUN -A INPUT -s 127.0.0.1 -p icmp -j DROP > tst_iptables.out 2>&1
+ NFRUN -A INPUT -s $loc_addr -p $proto -j DROP > tst_iptables.out 2>&1
if [ $? -ne 0 ]; then
tst_res TFAIL "$toolname command failed to append new rule"
cat tst_iptables.out
return
fi
- tst_res TINFO "Pinging 127.0.0.1"
- ping -c 2 127.0.0.1 -W 1 -i 0 > tst_iptables.out 2>&1
+ tst_res TINFO "Pinging $loc_addr"
+ $ping_cmd -c 2 $loc_addr -W 1 -i 0 > tst_iptables.out 2>&1
if [ $? -ne 0 ]; then
grep "100% packet loss" tst_iptables.out > tst_iptables.err 2>&1
if [ $? -ne 0 ]; then
@@ -157,19 +165,19 @@ test2()
cat tst_iptables.err
return
else
- tst_res TINFO "Ping 127.0.0.1 not successful"
+ tst_res TINFO "Ping $loc_addr not successful"
fi
else
- tst_res TFAIL "$toolname did not block icmp from 127.0.0.1"
+ tst_res TFAIL "$toolname did not block $proto from $loc_addr"
cat tst_iptables.out
return
fi
- tst_res TINFO "Deleting icmp DROP from 127.0.0.1 rule"
+ tst_res TINFO "Deleting $proto DROP from $loc_addr rule"
NFRUN_REMOVE
- tst_res TINFO "Pinging 127.0.0.1 again"
- ping -c 2 127.0.0.1 -W 1 -i 0 > tst_iptables.out 2>&1
+ tst_res TINFO "Pinging $loc_addr again"
+ $ping_cmd -c 2 $loc_addr -W 1 -i 0 > tst_iptables.out 2>&1
if [ $? -ne 0 ]; then
tst_res TFAIL "$toolname blocking loopback. This is expected" \
"behaviour on certain distributions where" \
@@ -186,7 +194,7 @@ test3()
tst_res TINFO "Use $toolname to REJECT ping request"
tst_res TINFO "Rule to reject ping request"
- NFRUN -A INPUT -p icmp --icmp-type echo-request -d 127.0.0.1 -j \
+ NFRUN -A INPUT -p $proto --${proto}-type echo-request -d $loc_addr -j \
REJECT > tst_iptables.out 2>&1
if [ $? -ne 0 ]; then
tst_res TFAIL "$toolname command failed to append new rule"
@@ -194,8 +202,8 @@ test3()
return
fi
- tst_res TINFO "Pinging 127.0.0.1"
- ping -c 2 127.0.0.1 -W 1 -i 0 > tst_iptables.out 2>&1
+ tst_res TINFO "Pinging $loc_addr"
+ $ping_cmd -c 2 $loc_addr -W 1 -i 0 > tst_iptables.out 2>&1
if [ $? -ne 0 ]; then
grep "100% packet loss" tst_iptables.out > tst_iptables.err 2>&1
if [ $? -ne 0 ]; then
@@ -203,7 +211,7 @@ test3()
cat tst_iptables.err
return
else
- tst_res TINFO "Ping 127.0.0.1 not successful"
+ tst_res TINFO "Ping $loc_addr not successful"
fi
else
tst_res TFAIL "$toolname did not reject ping request"
@@ -214,8 +222,8 @@ test3()
tst_res TINFO "Deleting icmp request REJECT rule"
NFRUN_REMOVE
- tst_res TINFO "Pinging 127.0.0.1 again"
- ping -c 2 127.0.0.1 -W 1 -i 0 > tst_iptables.out 2>&1
+ tst_res TINFO "Pinging $loc_addr again"
+ $ping_cmd -c 2 $loc_addr -W 1 -i 0 > tst_iptables.out 2>&1
if [ $? -ne 0 ]; then
tst_res TFAIL "$toolname blocking ping requests. This is" \
"expected behaviour on certain distributions" \
@@ -236,7 +244,7 @@ test4()
tst_res TINFO "Use $toolname to log packets to particular port"
tst_res TINFO "Rule to log tcp packets to particular port"
- NFRUN -A INPUT -p tcp -d 127.0.0.1 --dport $dport -j LOG \
+ NFRUN -A INPUT -p tcp -d $loc_addr --dport $dport -j LOG \
--log-prefix "$logprefix" > tst_iptables.out 2>&1
if [ $? -ne 0 ]; then
tst_res TFAIL "$toolname command failed to append new rule"
@@ -244,8 +252,8 @@ test4()
return
fi
- tst_res TINFO "telnet 127.0.0.1 $dport"
- telnet 127.0.0.1 $dport > tst_iptables.out 2>&1
+ tst_res TINFO "telnet $loc_addr $dport"
+ telnet $loc_addr $dport > tst_iptables.out 2>&1
if [ $? -ne 0 ]; then
sleep 2
dmesg | grep "$logprefix" > tst_iptables.err 2>&1
@@ -258,7 +266,7 @@ test4()
tst_res TINFO "Packets to port $dport logged"
fi
else
- tst_res TFAIL "telnet to 127.0.0.1 $dport should fail"
+ tst_res TFAIL "telnet to $loc_addr $dport should fail"
cat tst_iptables.out
return
fi
@@ -277,7 +285,7 @@ test5()
tst_res TINFO "Use $toolname to log packets to multiple ports"
tst_res TINFO "Rule to log tcp packets to port 45801 - 45803"
- NFRUN -A INPUT -p tcp -d 127.0.0.1 --dport 45801:45803 -j LOG \
+ NFRUN -A INPUT -p tcp -d $loc_addr --dport 45801:45803 -j LOG \
--log-prefix "$logprefix" > tst_iptables.out 2>&1
if [ $? -ne 0 ]; then
tst_res TFAIL "$toolname command failed to append new rule"
@@ -286,7 +294,7 @@ test5()
fi
tst_res TINFO "Rule to log tcp packets to port 45804 - 45806"
- NFRUN -A INPUT -p tcp -d 127.0.0.1 -m multiport --dports \
+ NFRUN -A INPUT -p tcp -d $loc_addr -m multiport --dports \
45804,45806,45805 -j LOG --log-prefix "$logprefix" \
> tst_iptables.out 2>&1
if [ $? -ne 0 ]; then
@@ -296,8 +304,8 @@ test5()
fi
for dport in 45801 45802 45803 45804 45805 45806; do
- tst_res TINFO "telnet 127.0.0.1 $dport"
- telnet 127.0.0.1 $dport > tst_iptables.out 2>&1
+ tst_res TINFO "telnet $loc_addr $dport"
+ telnet $loc_addr $dport > tst_iptables.out 2>&1
if [ $? -ne 0 ]; then
sleep 2
dmesg | grep "$logprefix" | grep "=$dport " \
@@ -311,7 +319,7 @@ test5()
tst_res TINFO "Packets to port $dport logged"
fi
else
- tst_res TFAIL "telnet to 127.0.0.1 $dport should fail"
+ tst_res TFAIL "telnet to $loc_addr $dport should fail"
cat tst_iptables.out
return
fi
@@ -336,7 +344,7 @@ test6()
tst_res TINFO "Use $toolname to log ping request with limited rate"
tst_res TINFO "Rule to log ping request"
- NFRUN -A INPUT -p icmp --icmp-type echo-request -d 127.0.0.1 -m \
+ NFRUN -A INPUT -p $proto --$proto-type echo-request -d $loc_addr -m \
limit -j LOG --log-prefix "$logprefix" > tst_iptables.out 2>&1
if [ $? -ne 0 ]; then
tst_res TFAIL "$toolname command failed to append new rule"
@@ -344,8 +352,8 @@ test6()
return
fi
- tst_res TINFO "ping 127.0.0.1"
- ping -c 10 127.0.0.1 -W 1 -i 0 > tst_iptables.out 2>&1
+ tst_res TINFO "Pinging $loc_addr"
+ $ping_cmd -c 10 $loc_addr -W 1 -i 0 > tst_iptables.out 2>&1
if [ $? -eq 0 ]; then
sleep 2
logcnt=$(dmesg | grep -c "$logprefix")
@@ -358,7 +366,7 @@ test6()
tst_res TINFO "ping requests logged with limited rate"
fi
else
- tst_res TFAIL "ping to 127.0.0.1 failed. This is expected" \
+ tst_res TFAIL "ping to $loc_addr failed. This is expected" \
"behaviour on certain distributions where" \
"enabling firewall drops all packets by default"
cat tst_iptables.out
diff --git a/testcases/network/iptables/nft01.sh b/testcases/network/iptables/nft01.sh
index 6cbd7a3a6..1ae086678 100755
--- a/testcases/network/iptables/nft01.sh
+++ b/testcases/network/iptables/nft01.sh
@@ -4,6 +4,7 @@
TST_SETUP="do_setup"
TST_CLEANUP="do_cleanup"
+TST_NEEDS_DRIVERS="nf_tables"
use_iptables=0
cleanup_table=0
cleanup_chain=0
@@ -12,12 +13,14 @@ cleanup_chain=0
do_setup()
{
- if ! nft list table ip filter > /dev/null 2>&1; then
- ROD nft add table ip filter
+ local ip_table="ip${TST_IPV6}"
+
+ if ! nft list table $ip_table filter > /dev/null 2>&1; then
+ ROD nft add table $ip_table filter
cleanup_table=1
fi
- if ! nft list chain ip filter INPUT > /dev/null 2>&1; then
- ROD nft add chain ip filter INPUT '{ type filter hook input priority 0; }'
+ if ! nft list chain $ip_table filter INPUT > /dev/null 2>&1; then
+ ROD nft add chain $ip_table filter INPUT '{ type filter hook input priority 0; }'
cleanup_chain=1
fi
init
@@ -25,8 +28,10 @@ do_setup()
do_cleanup()
{
- [ "$cleanup_chain" = 1 ] && nft delete chain ip filter INPUT >/dev/null 2>&1
- [ "$cleanup_table" = 1 ] && nft delete table ip filter >/dev/null 2>&1
+ local ip_table="ip${TST_IPV6}"
+
+ [ "$cleanup_chain" = 1 ] && nft delete chain $ip_table filter INPUT >/dev/null 2>&1
+ [ "$cleanup_table" = 1 ] && nft delete table $ip_table filter >/dev/null 2>&1
cleanup
}
--
2.20.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [LTP] [PATCH] network/iptables: add ipv6 support
2019-12-26 13:58 [LTP] [PATCH] network/iptables: add ipv6 support Alexey Kodanev
@ 2020-01-03 12:48 ` Petr Vorel
2020-01-09 10:17 ` Alexey Kodanev
0 siblings, 1 reply; 5+ messages in thread
From: Petr Vorel @ 2020-01-03 12:48 UTC (permalink / raw)
To: ltp
Hi Alexey,
> New tests: ip6tables, nft6.
great idea, just there is a regression in nft01.sh, see below.
> Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
> --- a/testcases/network/iptables/iptables_lib.sh
...
> init()
> {
> + if [ "$use_iptables" = 1 ]; then
> + toolname=ip${TST_IPV6}tables
> + cmds="$toolname"
> + tst_require_drivers ip${TST_IPV6}_tables
> + else
> + toolname=nft
> + cmds="$toolname ip${TST_IPV6}tables-translate"
> + fi
> +
> + if [ "$TST_IPV6" ];then
> + loc_addr="::1"
> + proto="icmpv6"
> + else
> + loc_addr="127.0.0.1"
> + proto="icmp"
> + fi
> +
> + ping_cmd="ping$TST_IPV6"
> + tst_require_cmds $cmds $ping_cmd
change to tst_require_cmds() does not catch missing nft:
nft check broke, original:
nft01 1 TCONF: 'nft' not found
now:
/bin/sh: 1: nft: not found
nft01 1 TBROK: nft add table ip filter failed
one of these fixes it (take whatever you like. Both variants check nft twice,
I'd ignore it).
* use TST_NEEDS_CMDS
diff --git testcases/network/iptables/iptables_lib.sh testcases/network/iptables/iptables_lib.sh
index ad2a894b6..8d220bc0e 100755
--- testcases/network/iptables/iptables_lib.sh
+++ testcases/network/iptables/iptables_lib.sh
@@ -12,7 +12,7 @@ TST_NEEDS_TMPDIR=1
TST_NEEDS_ROOT=1
TST_SETUP="${TST_SETUP:-init}"
TST_CLEANUP="${TST_CLEANUP:-cleanup}"
-TST_NEEDS_CMDS="grep telnet"
+TST_NEEDS_CMDS="$TST_NEEDS_CMDS grep telnet"
. tst_net.sh
diff --git testcases/network/iptables/nft01.sh testcases/network/iptables/nft01.sh
index 1ae086678..225f59bc5 100755
--- testcases/network/iptables/nft01.sh
+++ testcases/network/iptables/nft01.sh
@@ -5,6 +5,7 @@
TST_SETUP="do_setup"
TST_CLEANUP="do_cleanup"
TST_NEEDS_DRIVERS="nf_tables"
+TST_NEEDS_CMDS="nft"
use_iptables=0
cleanup_table=0
cleanup_chain=0
* use tst_require_cmds
diff --git testcases/network/iptables/nft01.sh testcases/network/iptables/nft01.sh
index 1ae086678..e5799b918 100755
--- testcases/network/iptables/nft01.sh
+++ testcases/network/iptables/nft01.sh
@@ -15,6 +15,7 @@ do_setup()
{
local ip_table="ip${TST_IPV6}"
+ tst_require_cmds nft
if ! nft list table $ip_table filter > /dev/null 2>&1; then
ROD nft add table $ip_table filter
cleanup_table=1
Kind regards,
Petr
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [LTP] [PATCH] network/iptables: add ipv6 support
2020-01-03 12:48 ` Petr Vorel
@ 2020-01-09 10:17 ` Alexey Kodanev
2020-01-09 10:51 ` Petr Vorel
0 siblings, 1 reply; 5+ messages in thread
From: Alexey Kodanev @ 2020-01-09 10:17 UTC (permalink / raw)
To: ltp
Hi Petr,
On 03.01.2020 15:48, Petr Vorel wrote:
> Hi Alexey,
>
>> New tests: ip6tables, nft6.
> great idea, just there is a regression in nft01.sh, see below.
>
>> Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
> Reviewed-by: Petr Vorel <pvorel@suse.cz>
>
>> --- a/testcases/network/iptables/iptables_lib.sh
> ...
>> init()
>> {
>> + if [ "$use_iptables" = 1 ]; then
>> + toolname=ip${TST_IPV6}tables
>> + cmds="$toolname"
>> + tst_require_drivers ip${TST_IPV6}_tables
>> + else
>> + toolname=nft
>> + cmds="$toolname ip${TST_IPV6}tables-translate"
>> + fi
>> +
>> + if [ "$TST_IPV6" ];then
>> + loc_addr="::1"
>> + proto="icmpv6"
>> + else
>> + loc_addr="127.0.0.1"
>> + proto="icmp"
>> + fi
>> +
>> + ping_cmd="ping$TST_IPV6"
>> + tst_require_cmds $cmds $ping_cmd
>
> change to tst_require_cmds() does not catch missing nft:
>
> nft check broke, original:
> nft01 1 TCONF: 'nft' not found
>
> now:
> /bin/sh: 1: nft: not found
> nft01 1 TBROK: nft add table ip filter failed
Good catch, what about starting with init() in do_setup()?
diff --git a/testcases/network/iptables/nft01.sh b/testcases/network/iptables/nft01.sh
index 1ae086678..bf2a53c28 100755
--- a/testcases/network/iptables/nft01.sh
+++ b/testcases/network/iptables/nft01.sh
@@ -13,6 +13,7 @@ cleanup_chain=0
do_setup()
{
+ init
local ip_table="ip${TST_IPV6}"
if ! nft list table $ip_table filter > /dev/null 2>&1; then
@@ -23,7 +24,6 @@ do_setup()
ROD nft add chain $ip_table filter INPUT '{ type filter hook input priority 0; }'
cleanup_chain=1
fi
- init
}
>
> one of these fixes it (take whatever you like. Both variants check nft twice,
> I'd ignore it).
>
> * use TST_NEEDS_CMDS
> diff --git testcases/network/iptables/iptables_lib.sh testcases/network/iptables/iptables_lib.sh
> index ad2a894b6..8d220bc0e 100755
> --- testcases/network/iptables/iptables_lib.sh
> +++ testcases/network/iptables/iptables_lib.sh
> @@ -12,7 +12,7 @@ TST_NEEDS_TMPDIR=1
> TST_NEEDS_ROOT=1
> TST_SETUP="${TST_SETUP:-init}"
> TST_CLEANUP="${TST_CLEANUP:-cleanup}"
> -TST_NEEDS_CMDS="grep telnet"
> +TST_NEEDS_CMDS="$TST_NEEDS_CMDS grep telnet"
>
> . tst_net.sh
>
> diff --git testcases/network/iptables/nft01.sh testcases/network/iptables/nft01.sh
> index 1ae086678..225f59bc5 100755
> --- testcases/network/iptables/nft01.sh
> +++ testcases/network/iptables/nft01.sh
> @@ -5,6 +5,7 @@
> TST_SETUP="do_setup"
> TST_CLEANUP="do_cleanup"
> TST_NEEDS_DRIVERS="nf_tables"
> +TST_NEEDS_CMDS="nft"
> use_iptables=0
> cleanup_table=0
> cleanup_chain=0
>
> * use tst_require_cmds
> diff --git testcases/network/iptables/nft01.sh testcases/network/iptables/nft01.sh
> index 1ae086678..e5799b918 100755
> --- testcases/network/iptables/nft01.sh
> +++ testcases/network/iptables/nft01.sh
> @@ -15,6 +15,7 @@ do_setup()
> {
> local ip_table="ip${TST_IPV6}"
>
> + tst_require_cmds nft
> if ! nft list table $ip_table filter > /dev/null 2>&1; then
> ROD nft add table $ip_table filter
> cleanup_table=1
>
>
> Kind regards,
> Petr
>
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [LTP] [PATCH] network/iptables: add ipv6 support
2020-01-09 10:17 ` Alexey Kodanev
@ 2020-01-09 10:51 ` Petr Vorel
2020-01-09 14:16 ` Alexey Kodanev
0 siblings, 1 reply; 5+ messages in thread
From: Petr Vorel @ 2020-01-09 10:51 UTC (permalink / raw)
To: ltp
Hi Alexey,
> > now:
> > /bin/sh: 1: nft: not found
> > nft01 1 TBROK: nft add table ip filter failed
> Good catch, what about starting with init() in do_setup()?
> diff --git a/testcases/network/iptables/nft01.sh b/testcases/network/iptables/nft01.sh
> index 1ae086678..bf2a53c28 100755
> --- a/testcases/network/iptables/nft01.sh
> +++ b/testcases/network/iptables/nft01.sh
> @@ -13,6 +13,7 @@ cleanup_chain=0
> do_setup()
> {
> + init
> local ip_table="ip${TST_IPV6}"
> if ! nft list table $ip_table filter > /dev/null 2>&1; then
> @@ -23,7 +24,6 @@ do_setup()
> ROD nft add chain $ip_table filter INPUT '{ type filter hook input priority 0; }'
> cleanup_chain=1
> fi
> - init
> }
Great, what a simple fix :).
Kind regards,
Petr
^ permalink raw reply [flat|nested] 5+ messages in thread
* [LTP] [PATCH] network/iptables: add ipv6 support
2020-01-09 10:51 ` Petr Vorel
@ 2020-01-09 14:16 ` Alexey Kodanev
0 siblings, 0 replies; 5+ messages in thread
From: Alexey Kodanev @ 2020-01-09 14:16 UTC (permalink / raw)
To: ltp
On 09.01.2020 13:51, Petr Vorel wrote:
> Hi Alexey,
>
>>> now:
>>> /bin/sh: 1: nft: not found
>>> nft01 1 TBROK: nft add table ip filter failed
>
>> Good catch, what about starting with init() in do_setup()?
>
>> diff --git a/testcases/network/iptables/nft01.sh b/testcases/network/iptables/nft01.sh
>> index 1ae086678..bf2a53c28 100755
>> --- a/testcases/network/iptables/nft01.sh
>> +++ b/testcases/network/iptables/nft01.sh
>> @@ -13,6 +13,7 @@ cleanup_chain=0
>
>> do_setup()
>> {
>> + init
>> local ip_table="ip${TST_IPV6}"
>
>> if ! nft list table $ip_table filter > /dev/null 2>&1; then
>> @@ -23,7 +24,6 @@ do_setup()
>> ROD nft add chain $ip_table filter INPUT '{ type filter hook input priority 0; }'
>> cleanup_chain=1
>> fi
>> - init
>> }
>
> Great, what a simple fix :).
>
Applied with this change, thanks for your review Petr!
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-01-09 14:16 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-26 13:58 [LTP] [PATCH] network/iptables: add ipv6 support Alexey Kodanev
2020-01-03 12:48 ` Petr Vorel
2020-01-09 10:17 ` Alexey Kodanev
2020-01-09 10:51 ` Petr Vorel
2020-01-09 14:16 ` Alexey Kodanev
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.