linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* linux-next: manual merge of the netfilter-next tree with the netfiler tree
@ 2019-04-15  1:40 Stephen Rothwell
  2019-04-16  1:24 ` Stephen Rothwell
  0 siblings, 1 reply; 2+ messages in thread
From: Stephen Rothwell @ 2019-04-15  1:40 UTC (permalink / raw)
  To: Pablo Neira Ayuso, NetFilter
  Cc: Linux Next Mailing List, Linux Kernel Mailing List, Florian Westphal

[-- Attachment #1: Type: text/plain, Size: 5986 bytes --]

Hi all,

Today's linux-next merge of the netfilter-next tree got a conflict in:

  tools/testing/selftests/netfilter/nft_nat.sh

between commit:

  51f9960db6ad ("netfilter: nat: fix icmp id randomization")

from the netfiler tree and commit:

  6978cdb129da ("kselftests: extend nft_nat with inet family based nat hooks")

from the netfilter-next tree.

I fixed it up (I think, see below) and can carry the fix as
necessary. This is now fixed as far as linux-next is concerned, but any
non trivial conflicts should be mentioned to your upstream maintainer
when your tree is submitted for merging.  You may also want to consider
cooperating with the maintainer of the conflicting tree to minimise any
particularly complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc tools/testing/selftests/netfilter/nft_nat.sh
index 3194007cf8d1,248905130d5d..000000000000
--- a/tools/testing/selftests/netfilter/nft_nat.sh
+++ b/tools/testing/selftests/netfilter/nft_nat.sh
@@@ -321,7 -346,7 +346,8 @@@ EO
  
  test_masquerade6()
  {
 -	local family=$1
 +	local natflags=$1
++	local family=$2
  	local lret=0
  
  	ip netns exec ns0 sysctl net.ipv6.conf.all.forwarding=1 > /dev/null
@@@ -352,16 -377,21 +378,21 @@@
  
  # add masquerading rule
  ip netns exec ns0 nft -f - <<EOF
- table ip6 nat {
+ table $family nat {
  	chain postrouting {
  		type nat hook postrouting priority 0; policy accept;
 -		meta oif veth0 masquerade
 +		meta oif veth0 masquerade $natflags
  	}
  }
  EOF
+ 	if [ $? -ne 0 ]; then
+ 		echo "SKIP: Could not add add $family masquerade hook"
+ 		return $ksft_skip
+ 	fi
+ 
  	ip netns exec ns2 ping -q -c 1 dead:1::99 > /dev/null # ping ns2->ns1
  	if [ $? -ne 0 ] ; then
- 		echo "ERROR: cannot ping ns1 from ns2 with active ipv6 masquerade $natflags"
 -		echo "ERROR: cannot ping ns1 from ns2 with active $family masquerading"
++		echo "ERROR: cannot ping ns1 from ns2 with active $family masquerade $natflags"
  		lret=1
  	fi
  
@@@ -398,26 -428,20 +429,27 @@@
  		fi
  	done
  
 +	ip netns exec ns2 ping -q -c 1 dead:1::99 > /dev/null # ping ns2->ns1
 +	if [ $? -ne 0 ] ; then
- 		echo "ERROR: cannot ping ns1 from ns2 with active ipv6 masquerade $natflags (attempt 2)"
++		echo "ERROR: cannot ping ns1 from ns2 with active $family masquerade $natflags (attempt 2)"
 +		lret=1
 +	fi
 +
- 	ip netns exec ns0 nft flush chain ip6 nat postrouting
+ 	ip netns exec ns0 nft flush chain $family nat postrouting
  	if [ $? -ne 0 ]; then
- 		echo "ERROR: Could not flush ip6 nat postrouting" 1>&2
+ 		echo "ERROR: Could not flush $family nat postrouting" 1>&2
  		lret=1
  	fi
  
- 	test $lret -eq 0 && echo "PASS: IPv6 masquerade $natflags for ns2"
 -	test $lret -eq 0 && echo "PASS: $family IPv6 masquerade for ns2"
++	test $lret -eq 0 && echo "PASS: $family IPv6 masquerade $natflags for ns2"
  
  	return $lret
  }
  
  test_masquerade()
  {
 -	local family=$1
 +	local natflags=$1
++	local family=$2
  	local lret=0
  
  	ip netns exec ns0 sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null
@@@ -448,16 -472,21 +480,21 @@@
  
  # add masquerading rule
  ip netns exec ns0 nft -f - <<EOF
- table ip nat {
+ table $family nat {
  	chain postrouting {
  		type nat hook postrouting priority 0; policy accept;
 -		meta oif veth0 masquerade
 +		meta oif veth0 masquerade $natflags
  	}
  }
  EOF
+ 	if [ $? -ne 0 ]; then
+ 		echo "SKIP: Could not add add $family masquerade hook"
+ 		return $ksft_skip
+ 	fi
+ 
  	ip netns exec ns2 ping -q -c 1 10.0.1.99 > /dev/null # ping ns2->ns1
  	if [ $? -ne 0 ] ; then
- 		echo "ERROR: cannot ping ns1 from ns2 with active ip masquere $natflags"
 -		echo "ERROR: cannot ping ns1 from ns2 with active $family masquerading"
++		echo "ERROR: cannot ping ns1 from ns2 with active $family masquere $natflags"
  		lret=1
  	fi
  
@@@ -493,19 -522,13 +530,19 @@@
  		fi
  	done
  
 +	ip netns exec ns2 ping -q -c 1 10.0.1.99 > /dev/null # ping ns2->ns1
 +	if [ $? -ne 0 ] ; then
- 		echo "ERROR: cannot ping ns1 from ns2 with active ip masquerade $natflags (attempt 2)"
++		echo "ERROR: cannot ping ns1 from ns2 with active $family masquerade $natflags (attempt 2)"
 +		lret=1
 +	fi
 +
- 	ip netns exec ns0 nft flush chain ip nat postrouting
+ 	ip netns exec ns0 nft flush chain $family nat postrouting
  	if [ $? -ne 0 ]; then
- 		echo "ERROR: Could not flush nat postrouting" 1>&2
+ 		echo "ERROR: Could not flush $family nat postrouting" 1>&2
  		lret=1
  	fi
  
- 	test $lret -eq 0 && echo "PASS: IP masquerade $natflags for ns2"
 -	test $lret -eq 0 && echo "PASS: $family IP masquerade for ns2"
++	test $lret -eq 0 && echo "PASS: $family IP masquerade $natflags for ns2"
  
  	return $lret
  }
@@@ -760,20 -795,25 +809,34 @@@ if [ $ret -eq 0 ];the
  fi
  
  reset_counters
- test_local_dnat
- test_local_dnat6
+ test_local_dnat ip
+ test_local_dnat6 ip6
+ reset_counters
+ $test_inet_nat && test_local_dnat inet
+ $test_inet_nat && test_local_dnat6 inet
+ 
+ reset_counters
 -test_masquerade ip
 -test_masquerade6 ip6
++test_masquerade "" ip
++test_masquerade6 "" ip6
++
++reset_counters
++test_masquerade "fully-random" ip
++test_masquerade6 "fully-random" ip6
 +
 +reset_counters
- test_masquerade ""
- test_masquerade6 ""
++$test_inet_nat && test_masquerade "" inet
++$test_inet_nat && test_masquerade6 "" inet
 +
  reset_counters
- test_masquerade "fully-random"
- test_masquerade6 "fully-random"
 -$test_inet_nat && test_masquerade inet
 -$test_inet_nat && test_masquerade6 inet
++$test_inet_nat && test_masquerade "fully-random" ip
++$test_inet_nat && test_masquerade6 "fully-random" ip6
  
  reset_counters
- test_redirect
- test_redirect6
+ test_redirect ip
+ test_redirect6 ip6
+ reset_counters
+ $test_inet_nat && test_redirect inet
+ $test_inet_nat && test_redirect6 inet
  
  for i in 0 1 2; do ip netns del ns$i;done
  

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: linux-next: manual merge of the netfilter-next tree with the netfiler tree
  2019-04-15  1:40 linux-next: manual merge of the netfilter-next tree with the netfiler tree Stephen Rothwell
@ 2019-04-16  1:24 ` Stephen Rothwell
  0 siblings, 0 replies; 2+ messages in thread
From: Stephen Rothwell @ 2019-04-16  1:24 UTC (permalink / raw)
  To: Pablo Neira Ayuso, NetFilter, David Miller, Networking
  Cc: Linux Next Mailing List, Linux Kernel Mailing List, Florian Westphal

[-- Attachment #1: Type: text/plain, Size: 6568 bytes --]

Hi all,

On Mon, 15 Apr 2019 11:40:51 +1000 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Today's linux-next merge of the netfilter-next tree got a conflict in:
> 
>   tools/testing/selftests/netfilter/nft_nat.sh
> 
> between commit:
> 
>   51f9960db6ad ("netfilter: nat: fix icmp id randomization")
> 
> from the netfiler tree and commit:
> 
>   6978cdb129da ("kselftests: extend nft_nat with inet family based nat hooks")
> 
> from the netfilter-next tree.
> 
> I fixed it up (I think, see below) and can carry the fix as
> necessary. This is now fixed as far as linux-next is concerned, but any
> non trivial conflicts should be mentioned to your upstream maintainer
> when your tree is submitted for merging.  You may also want to consider
> cooperating with the maintainer of the conflicting tree to minimise any
> particularly complex conflicts.
> 
> -- 
> Cheers,
> Stephen Rothwell
> 
> diff --cc tools/testing/selftests/netfilter/nft_nat.sh
> index 3194007cf8d1,248905130d5d..000000000000
> --- a/tools/testing/selftests/netfilter/nft_nat.sh
> +++ b/tools/testing/selftests/netfilter/nft_nat.sh
> @@@ -321,7 -346,7 +346,8 @@@ EO
>   
>   test_masquerade6()
>   {
>  -	local family=$1
>  +	local natflags=$1
> ++	local family=$2
>   	local lret=0
>   
>   	ip netns exec ns0 sysctl net.ipv6.conf.all.forwarding=1 > /dev/null
> @@@ -352,16 -377,21 +378,21 @@@
>   
>   # add masquerading rule
>   ip netns exec ns0 nft -f - <<EOF
> - table ip6 nat {
> + table $family nat {
>   	chain postrouting {
>   		type nat hook postrouting priority 0; policy accept;
>  -		meta oif veth0 masquerade
>  +		meta oif veth0 masquerade $natflags
>   	}
>   }
>   EOF
> + 	if [ $? -ne 0 ]; then
> + 		echo "SKIP: Could not add add $family masquerade hook"
> + 		return $ksft_skip
> + 	fi
> + 
>   	ip netns exec ns2 ping -q -c 1 dead:1::99 > /dev/null # ping ns2->ns1
>   	if [ $? -ne 0 ] ; then
> - 		echo "ERROR: cannot ping ns1 from ns2 with active ipv6 masquerade $natflags"
>  -		echo "ERROR: cannot ping ns1 from ns2 with active $family masquerading"
> ++		echo "ERROR: cannot ping ns1 from ns2 with active $family masquerade $natflags"
>   		lret=1
>   	fi
>   
> @@@ -398,26 -428,20 +429,27 @@@
>   		fi
>   	done
>   
>  +	ip netns exec ns2 ping -q -c 1 dead:1::99 > /dev/null # ping ns2->ns1
>  +	if [ $? -ne 0 ] ; then
> - 		echo "ERROR: cannot ping ns1 from ns2 with active ipv6 masquerade $natflags (attempt 2)"
> ++		echo "ERROR: cannot ping ns1 from ns2 with active $family masquerade $natflags (attempt 2)"
>  +		lret=1
>  +	fi
>  +
> - 	ip netns exec ns0 nft flush chain ip6 nat postrouting
> + 	ip netns exec ns0 nft flush chain $family nat postrouting
>   	if [ $? -ne 0 ]; then
> - 		echo "ERROR: Could not flush ip6 nat postrouting" 1>&2
> + 		echo "ERROR: Could not flush $family nat postrouting" 1>&2
>   		lret=1
>   	fi
>   
> - 	test $lret -eq 0 && echo "PASS: IPv6 masquerade $natflags for ns2"
>  -	test $lret -eq 0 && echo "PASS: $family IPv6 masquerade for ns2"
> ++	test $lret -eq 0 && echo "PASS: $family IPv6 masquerade $natflags for ns2"
>   
>   	return $lret
>   }
>   
>   test_masquerade()
>   {
>  -	local family=$1
>  +	local natflags=$1
> ++	local family=$2
>   	local lret=0
>   
>   	ip netns exec ns0 sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null
> @@@ -448,16 -472,21 +480,21 @@@
>   
>   # add masquerading rule
>   ip netns exec ns0 nft -f - <<EOF
> - table ip nat {
> + table $family nat {
>   	chain postrouting {
>   		type nat hook postrouting priority 0; policy accept;
>  -		meta oif veth0 masquerade
>  +		meta oif veth0 masquerade $natflags
>   	}
>   }
>   EOF
> + 	if [ $? -ne 0 ]; then
> + 		echo "SKIP: Could not add add $family masquerade hook"
> + 		return $ksft_skip
> + 	fi
> + 
>   	ip netns exec ns2 ping -q -c 1 10.0.1.99 > /dev/null # ping ns2->ns1
>   	if [ $? -ne 0 ] ; then
> - 		echo "ERROR: cannot ping ns1 from ns2 with active ip masquere $natflags"
>  -		echo "ERROR: cannot ping ns1 from ns2 with active $family masquerading"
> ++		echo "ERROR: cannot ping ns1 from ns2 with active $family masquere $natflags"
>   		lret=1
>   	fi
>   
> @@@ -493,19 -522,13 +530,19 @@@
>   		fi
>   	done
>   
>  +	ip netns exec ns2 ping -q -c 1 10.0.1.99 > /dev/null # ping ns2->ns1
>  +	if [ $? -ne 0 ] ; then
> - 		echo "ERROR: cannot ping ns1 from ns2 with active ip masquerade $natflags (attempt 2)"
> ++		echo "ERROR: cannot ping ns1 from ns2 with active $family masquerade $natflags (attempt 2)"
>  +		lret=1
>  +	fi
>  +
> - 	ip netns exec ns0 nft flush chain ip nat postrouting
> + 	ip netns exec ns0 nft flush chain $family nat postrouting
>   	if [ $? -ne 0 ]; then
> - 		echo "ERROR: Could not flush nat postrouting" 1>&2
> + 		echo "ERROR: Could not flush $family nat postrouting" 1>&2
>   		lret=1
>   	fi
>   
> - 	test $lret -eq 0 && echo "PASS: IP masquerade $natflags for ns2"
>  -	test $lret -eq 0 && echo "PASS: $family IP masquerade for ns2"
> ++	test $lret -eq 0 && echo "PASS: $family IP masquerade $natflags for ns2"
>   
>   	return $lret
>   }
> @@@ -760,20 -795,25 +809,34 @@@ if [ $ret -eq 0 ];the
>   fi
>   
>   reset_counters
> - test_local_dnat
> - test_local_dnat6
> + test_local_dnat ip
> + test_local_dnat6 ip6
> + reset_counters
> + $test_inet_nat && test_local_dnat inet
> + $test_inet_nat && test_local_dnat6 inet
> + 
> + reset_counters
>  -test_masquerade ip
>  -test_masquerade6 ip6
> ++test_masquerade "" ip
> ++test_masquerade6 "" ip6
> ++
> ++reset_counters
> ++test_masquerade "fully-random" ip
> ++test_masquerade6 "fully-random" ip6
>  +
>  +reset_counters
> - test_masquerade ""
> - test_masquerade6 ""
> ++$test_inet_nat && test_masquerade "" inet
> ++$test_inet_nat && test_masquerade6 "" inet
>  +
>   reset_counters
> - test_masquerade "fully-random"
> - test_masquerade6 "fully-random"
>  -$test_inet_nat && test_masquerade inet
>  -$test_inet_nat && test_masquerade6 inet
> ++$test_inet_nat && test_masquerade "fully-random" ip
> ++$test_inet_nat && test_masquerade6 "fully-random" ip6
>   
>   reset_counters
> - test_redirect
> - test_redirect6
> + test_redirect ip
> + test_redirect6 ip6
> + reset_counters
> + $test_inet_nat && test_redirect inet
> + $test_inet_nat && test_redirect6 inet
>   
>   for i in 0 1 2; do ip netns del ns$i;done
>   

This is now a conflict between the net-next and netfilter trees.

-- 
Cheers,
Stephen Rothwell

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-04-16  1:24 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-15  1:40 linux-next: manual merge of the netfilter-next tree with the netfiler tree Stephen Rothwell
2019-04-16  1:24 ` Stephen Rothwell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).