KERNEL SELFTESTS: linux_headers_dir is /usr/src/linux-headers-x86_64-rhel-8.3-kselftests-6069da443bf65f513bb507bb21e2f87cfb1ad0b6 2022-03-27 14:54:47 ln -sf /usr/bin/clang 2022-03-27 14:54:47 ln -sf /usr/bin/llc 2022-03-27 14:54:47 sed -i s/default_timeout=45/default_timeout=300/ kselftest/runner.sh update-alternatives: using /usr/sbin/ebtables-legacy to provide /usr/sbin/ebtables (ebtables) in manual mode 2022-03-27 14:54:47 make -C netfilter make: Entering directory '/usr/src/perf_selftests-x86_64-rhel-8.3-kselftests-6069da443bf65f513bb507bb21e2f87cfb1ad0b6/tools/testing/selftests/netfilter' gcc nf-queue.c -lmnl -o /usr/src/perf_selftests-x86_64-rhel-8.3-kselftests-6069da443bf65f513bb507bb21e2f87cfb1ad0b6/tools/testing/selftests/netfilter/nf-queue make: Leaving directory '/usr/src/perf_selftests-x86_64-rhel-8.3-kselftests-6069da443bf65f513bb507bb21e2f87cfb1ad0b6/tools/testing/selftests/netfilter' 2022-03-27 14:54:47 make run_tests -C netfilter make: Entering directory '/usr/src/perf_selftests-x86_64-rhel-8.3-kselftests-6069da443bf65f513bb507bb21e2f87cfb1ad0b6/tools/testing/selftests/netfilter' TAP version 13 1..16 # selftests: netfilter: nft_trans_stress.sh ok 1 selftests: netfilter: nft_trans_stress.sh # selftests: netfilter: nft_fib.sh # PASS: fib expression did not cause unwanted packet drops # PASS: fib expression did drop packets for 1.1.1.1 # PASS: fib expression did drop packets for 1c3::c01d ok 2 selftests: netfilter: nft_fib.sh # selftests: netfilter: nft_nat.sh # PASS: netns routing/connectivity: ns0-Y3H6k0fe can reach ns1-Y3H6k0fe and ns2-Y3H6k0fe # PASS: ping to ns1-Y3H6k0fe was ip NATted to ns2-Y3H6k0fe # PASS: ping to ns1-Y3H6k0fe OK after ip nat output chain flush # PASS: ipv6 ping to ns1-Y3H6k0fe was ip6 NATted to ns2-Y3H6k0fe # SKIP: inet nat tests # PASS: ip IP masquerade for ns2-Y3H6k0fe # PASS: ip6 IPv6 masquerade for ns2-Y3H6k0fe # PASS: ip IP masquerade fully-random for ns2-Y3H6k0fe # PASS: ip6 IPv6 masquerade fully-random for ns2-Y3H6k0fe # PASS: ip IP redirection for ns2-Y3H6k0fe # PASS: ip6 IPv6 redirection for ns2-Y3H6k0fe # PASS: portshadow test default: got reply from ROUTER # PASS: portshadow test port-filter: got reply from ROUTER # PASS: portshadow test port-notrack: got reply from ROUTER # PASS: portshadow test pat: got reply from ROUTER # /dev/stdin:3:17-22: Error: syntax error, unexpected string # typeof meta iifname . ip saddr . ip daddr : ip daddr # ^^^^^^ # /dev/stdin:9:17-22: Error: syntax error, unexpected string # typeof meta iifname . ip saddr . ip daddr : ip daddr # ^^^^^^ # /dev/stdin:2:13-20: Error: set definition does not specify key # map xlate_in { # ^^^^^^^^ # SKIP: Could not add ip statless rules ok 3 selftests: netfilter: nft_nat.sh # selftests: netfilter: bridge_brouter.sh # PASS: netns connectivity: ns1 and ns2 can reach each other # PASS: ns1/ns2 connectivity with active broute rule # PASS: ns1/ns2 connectivity with active broute rule and bridge forward drop ok 4 selftests: netfilter: bridge_brouter.sh # selftests: netfilter: conntrack_icmp_related.sh # PASS: icmp mtu error had RELATED state ok 5 selftests: netfilter: conntrack_icmp_related.sh # selftests: netfilter: nft_flowtable.sh # PASS: netns routing/connectivity: ns1 can reach ns2 # PASS: flow offloaded for ns1/ns2 # /dev/stdin:4:73-74: Error: syntax error, unexpected to, expecting newline or semicolon # meta iif "veth0" ip daddr 10.6.6.6 tcp dport 1666 counter dnat ip to 10.0.2.99:12345 # ^^ # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 4192256 Mar 27 14:56 /tmp/tmp.dy3uEikeWv # -rw------- 1 root root 0 Mar 27 14:56 /tmp/tmp.GJ9aEj7xBN # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 1172480 Mar 27 14:56 /tmp/tmp.kVmfN9gAUV # -rw------- 1 root root 0 Mar 27 14:56 /tmp/tmp.dDqhbMrPaw # FAIL: flow offload for ns1/ns2 with NAT # table inet filter { # flowtable f1 { # hook ingress priority 0 # devices = { veth0, veth1 } # } # # chain forward { # type filter hook forward priority 0; policy drop; # oif "veth1" tcp dport 12345 flow offload @f1 counter packets 2 bytes 112 # tcp dport 12345 meta length > 200 ct mark set 0x00000001 counter packets 303 bytes 4172868 # tcp flags fin,rst ct mark set 0x00000000 accept # meta length > 1500 accept comment "something-to-grep-for" # tcp sport 12345 ct mark 0x00000001 counter packets 0 bytes 0 log prefix "mark failure " drop # ct state established,related accept # meta length < 200 oif "veth1" tcp dport 12345 counter packets 3 bytes 180 accept # meta l4proto icmp accept # meta l4proto ipv6-icmp accept # } # } # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 4192256 Mar 27 14:56 /tmp/tmp.dy3uEikeWv # -rw------- 1 root root 0 Mar 27 14:56 /tmp/tmp.GJ9aEj7xBN # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 1172480 Mar 27 14:56 /tmp/tmp.kVmfN9gAUV # -rw------- 1 root root 0 Mar 27 14:56 /tmp/tmp.dDqhbMrPaw # FAIL: flow offload for ns1/ns2 with NAT and pmtu discovery # table inet filter { # flowtable f1 { # hook ingress priority 0 # devices = { veth0, veth1 } # } # # chain forward { # type filter hook forward priority 0; policy drop; # oif "veth1" tcp dport 12345 flow offload @f1 counter packets 3 bytes 172 # tcp dport 12345 meta length > 200 ct mark set 0x00000001 counter packets 303 bytes 4172868 # tcp flags fin,rst ct mark set 0x00000000 accept # tcp sport 12345 ct mark 0x00000001 counter packets 0 bytes 0 log prefix "mark failure " drop # ct state established,related accept # meta length < 200 oif "veth1" tcp dport 12345 counter packets 5 bytes 300 accept # meta l4proto icmp accept # meta l4proto ipv6-icmp accept # } # } # /dev/stdin:5:71-72: Error: syntax error, unexpected to, expecting newline or semicolon # meta iif "br0" ip daddr 10.6.6.6 tcp dport 1666 counter dnat ip to 10.0.2.99:12345 # ^^ # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 4192256 Mar 27 14:56 /tmp/tmp.dy3uEikeWv # -rw------- 1 root root 0 Mar 27 14:56 /tmp/tmp.GJ9aEj7xBN # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 1172480 Mar 27 14:56 /tmp/tmp.kVmfN9gAUV # -rw------- 1 root root 0 Mar 27 14:56 /tmp/tmp.dDqhbMrPaw # FAIL: flow offload for ns1/ns2 with bridge NAT # table inet filter { # flowtable f1 { # hook ingress priority 0 # devices = { veth0, veth1 } # } # # chain forward { # type filter hook forward priority 0; policy drop; # oif "veth1" tcp dport 12345 flow offload @f1 counter packets 4 bytes 232 # tcp dport 12345 meta length > 200 ct mark set 0x00000001 counter packets 303 bytes 4172868 # tcp flags fin,rst ct mark set 0x00000000 accept # tcp sport 12345 ct mark 0x00000001 counter packets 0 bytes 0 log prefix "mark failure " drop # ct state established,related accept # meta length < 200 oif "veth1" tcp dport 12345 counter packets 7 bytes 420 accept # meta l4proto icmp accept # meta l4proto ipv6-icmp accept # } # } # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 4192256 Mar 27 14:56 /tmp/tmp.dy3uEikeWv # -rw------- 1 root root 0 Mar 27 14:56 /tmp/tmp.GJ9aEj7xBN # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 1172480 Mar 27 14:56 /tmp/tmp.kVmfN9gAUV # -rw------- 1 root root 0 Mar 27 14:56 /tmp/tmp.dDqhbMrPaw # FAIL: flow offload for ns1/ns2 with bridge NAT and VLAN # table inet filter { # flowtable f1 { # hook ingress priority 0 # devices = { veth0, veth1 } # } # # chain forward { # type filter hook forward priority 0; policy drop; # oif "veth1" tcp dport 12345 flow offload @f1 counter packets 5 bytes 292 # tcp dport 12345 meta length > 200 ct mark set 0x00000001 counter packets 303 bytes 4172868 # tcp flags fin,rst ct mark set 0x00000000 accept # tcp sport 12345 ct mark 0x00000001 counter packets 0 bytes 0 log prefix "mark failure " drop # ct state established,related accept # meta length < 200 oif "veth1" tcp dport 12345 counter packets 9 bytes 540 accept # meta l4proto icmp accept # meta l4proto ipv6-icmp accept # } # } # Error: Could not process rule: No such file or directory # delete table ip nat # ^^^^^^^^^^^^^^^^^^^^ # PASS: ipsec tunnel mode for ns1/ns2 not ok 6 selftests: netfilter: nft_flowtable.sh # exit=1 # selftests: netfilter: ipvs.sh # Testing DR mode... # Testing NAT mode... # Testing Tunnel mode... # -e ipvs.sh: PASS ok 7 selftests: netfilter: ipvs.sh # selftests: netfilter: nft_concat_range.sh # TEST: reported issues # Add two elements, flush, re-add Error: concatenated types not supported in interval sets # add table t { set s { type ipv4_addr . inet_service; flags interval; }; } # ^ # [SKIP] # net,mac with reload /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # TEST: correctness # net,port /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # port,net /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net6,port /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # port,proto /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net6,port,mac /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net6,port,mac,proto /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net,port,net /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net,mac /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # mac,net /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net,mac - ICMP /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net6,mac - ICMPv6 /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net6,port,net6,port /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net,port,mac,proto,net /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # TEST: concurrency # net,port /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # port,net /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net6,port /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net,port,net /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net6,port,net6,port /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # TEST: timeout # net,port /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # port,net /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net6,port /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # port,proto /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net6,port,mac /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net6,port,mac,proto /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net,port,net /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net,mac /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # mac,net /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net,mac - ICMP /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net6,mac - ICMPv6 /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net6,port,net6,port /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # net,port,mac,proto,net /dev/stdin:9:13-16: Error: concatenated types not supported in interval sets # # /dev/stdin:29:13-16: Error: concatenated types not supported in interval sets # # [SKIP] # set not supported # TEST: performance # net,port [SKIP] # perf not supported # port,net [SKIP] # perf not supported # net6,port [SKIP] # perf not supported # port,proto [SKIP] # perf not supported # net6,port,mac [SKIP] # perf not supported # net6,port,mac,proto [SKIP] # perf not supported # net,mac [SKIP] # perf not supported ok 8 selftests: netfilter: nft_concat_range.sh # SKIP # selftests: netfilter: nft_conntrack_helper.sh # PASS: ns1-5rat74VC connection on port 2121 has ftp helper attached # PASS: ns2-5rat74VC connection on port 2121 has ftp helper attached # PASS: ns1-5rat74VC connection on port 2121 has ftp helper attached # PASS: ns2-5rat74VC connection on port 2121 has ftp helper attached # PASS: ns1-5rat74VC connection on port 21 has ftp helper attached # PASS: ns2-5rat74VC connection on port 21 has ftp helper attached # PASS: ns1-5rat74VC connection on port 21 has ftp helper attached # PASS: ns2-5rat74VC connection on port 21 has ftp helper attached ok 9 selftests: netfilter: nft_conntrack_helper.sh # selftests: netfilter: nft_queue.sh # PASS: ns1-e603wsly can reach ns2-e603wsly # PASS: ip: statement with no listener results in packet drop # PASS: ip6: statement with no listener results in packet drop # PASS: Expected and received 10 packets total # PASS: Expected and received 20 packets total # PASS: tcp and nfqueue in forward chain # PASS: tcp via loopback # PASS: tcp via loopback and re-queueing # PASS: icmp+nfqueue via vrf ok 10 selftests: netfilter: nft_queue.sh # selftests: netfilter: nft_meta.sh # /dev/stdin:34:17-25: Error: syntax error, unexpected time, known keys are length, protocol, priority, mark, iif, oif, iifname, oifname, iiftype, oiftype, skuid, skgid, nftrace, rtclassid, nfproto, l4proto, ibrname, obrname, pkttype, cpu, iifgroup, oifgroup, cgroup, random, secpath # meta time "2021-01-01" - "2021-12-31" counter name ilastyearcounter # ^^^^^^^^^ # /dev/stdin:35:17-25: Error: syntax error, unexpected time, known keys are length, protocol, priority, mark, iif, oif, iifname, oifname, iiftype, oiftype, skuid, skgid, nftrace, rtclassid, nfproto, l4proto, ibrname, obrname, pkttype, cpu, iifgroup, oifgroup, cgroup, random, secpath # meta time "2022-01-01" - "2022-12-31" counter name icurrentyearcounter # ^^^^^^^^^ # SKIP: Could not add test ruleset ok 11 selftests: netfilter: nft_meta.sh # SKIP # selftests: netfilter: nf_nat_edemux.sh # PASS: socat can connect via NAT'd address ok 12 selftests: netfilter: nf_nat_edemux.sh # selftests: netfilter: ipip-conntrack-mtu.sh # OK: PMTU without connection tracking # OK: PMTU with connection tracking ok 13 selftests: netfilter: ipip-conntrack-mtu.sh # selftests: netfilter: conntrack_tcp_unreplied.sh # INFO: connect ns1-OMfqpePA -> ns2-OMfqpePA to the virtual ip # /dev/stdin:4:51-58: Error: NAT is only supported for IPv4/IPv6 # ip daddr 10.99.99.99 tcp dport 80 redirect to :8080 # ^^^^^^^^ # ERROR: Could not load nat redirect not ok 14 selftests: netfilter: conntrack_tcp_unreplied.sh # exit=1 # selftests: netfilter: conntrack_vrf.sh # /dev/stdin:3:54-56: Error: syntax error, unexpected string, expecting - or number # # /dev/stdin:13:50-52: Error: syntax error, unexpected string, expecting - or number # # FAIL: entry not found in conntrack zone 1 # FAIL: entry not in zone 1 or 2, dumping table # conntrack v1.4.5 (conntrack-tools): 0 flow entries have been shown. # /dev/stdin:4:50-52: Error: syntax error, unexpected string, expecting - or number # # /dev/stdin:9:55-60: Error: syntax error, unexpected string, expecting - or number # # Error: Could not process rule: No such file or directory # list table ip nat # ^^^ # FAIL: vrf rules have unexpected counter value # /dev/stdin:4:50-52: Error: syntax error, unexpected string, expecting - or number # # /dev/stdin:9:55-60: Error: syntax error, unexpected string, expecting - or number # # Error: Could not process rule: No such file or directory # list table ip nat # ^^^ # FAIL: vrf rules have unexpected counter value # PASS: iperf3 connect with masquerade + sport rewrite on veth device not ok 15 selftests: netfilter: conntrack_vrf.sh # exit=1 # selftests: netfilter: nft_synproxy.sh # /dev/stdin:12:94-102: Error: syntax error, unexpected timestamp, expecting newline or semicolon # meta iif veth0 meta l4proto tcp ct state untracked,invalid synproxy mss 1460 sack-perm timestamp # ^^^^^^^^^ # SKIP: Cannot add nft synproxy ok 16 selftests: netfilter: nft_synproxy.sh # SKIP make: Leaving directory '/usr/src/perf_selftests-x86_64-rhel-8.3-kselftests-6069da443bf65f513bb507bb21e2f87cfb1ad0b6/tools/testing/selftests/netfilter'