Hi all,
Today's linux-next merge of the netfilter-next tree got a conflict in:
tools/testing/selftests/netfilter/nft_nat.sh
between commit:
51f9960db6ad ("netfilter: nat: fix icmp id randomization")
from the netfiler tree and commit:
6978cdb129da ("kselftests: extend nft_nat with inet family based nat hooks")
from the netfilter-next tree.
I fixed it up (I think, see below) and can carry the fix as
necessary. This is now fixed as far as linux-next is concerned, but any
non trivial conflicts should be mentioned to your upstream maintainer
when your tree is submitted for merging. You may also want to consider
cooperating with the maintainer of the conflicting tree to minimise any
particularly complex conflicts.
--
Cheers,
Stephen Rothwell
diff --cc tools/testing/selftests/netfilter/nft_nat.sh
index 3194007cf8d1,248905130d5d..000000000000
--- a/tools/testing/selftests/netfilter/nft_nat.sh
+++ b/tools/testing/selftests/netfilter/nft_nat.sh
@@@ -321,7 -346,7 +346,8 @@@ EO
test_masquerade6()
{
- local family=$1
+ local natflags=$1
++ local family=$2
local lret=0
ip netns exec ns0 sysctl net.ipv6.conf.all.forwarding=1 > /dev/null
@@@ -352,16 -377,21 +378,21 @@@
# add masquerading rule
ip netns exec ns0 nft -f - <<EOF
- table ip6 nat {
+ table $family nat {
chain postrouting {
type nat hook postrouting priority 0; policy accept;
- meta oif veth0 masquerade
+ meta oif veth0 masquerade $natflags
}
}
EOF
+ if [ $? -ne 0 ]; then
+ echo "SKIP: Could not add add $family masquerade hook"
+ return $ksft_skip
+ fi
+
ip netns exec ns2 ping -q -c 1 dead:1::99 > /dev/null # ping ns2->ns1
if [ $? -ne 0 ] ; then
- echo "ERROR: cannot ping ns1 from ns2 with active ipv6 masquerade $natflags"
- echo "ERROR: cannot ping ns1 from ns2 with active $family masquerading"
++ echo "ERROR: cannot ping ns1 from ns2 with active $family masquerade $natflags"
lret=1
fi
@@@ -398,26 -428,20 +429,27 @@@
fi
done
+ ip netns exec ns2 ping -q -c 1 dead:1::99 > /dev/null # ping ns2->ns1
+ if [ $? -ne 0 ] ; then
- echo "ERROR: cannot ping ns1 from ns2 with active ipv6 masquerade $natflags (attempt 2)"
++ echo "ERROR: cannot ping ns1 from ns2 with active $family masquerade $natflags (attempt 2)"
+ lret=1
+ fi
+
- ip netns exec ns0 nft flush chain ip6 nat postrouting
+ ip netns exec ns0 nft flush chain $family nat postrouting
if [ $? -ne 0 ]; then
- echo "ERROR: Could not flush ip6 nat postrouting" 1>&2
+ echo "ERROR: Could not flush $family nat postrouting" 1>&2
lret=1
fi
- test $lret -eq 0 && echo "PASS: IPv6 masquerade $natflags for ns2"
- test $lret -eq 0 && echo "PASS: $family IPv6 masquerade for ns2"
++ test $lret -eq 0 && echo "PASS: $family IPv6 masquerade $natflags for ns2"
return $lret
}
test_masquerade()
{
- local family=$1
+ local natflags=$1
++ local family=$2
local lret=0
ip netns exec ns0 sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null
@@@ -448,16 -472,21 +480,21 @@@
# add masquerading rule
ip netns exec ns0 nft -f - <<EOF
- table ip nat {
+ table $family nat {
chain postrouting {
type nat hook postrouting priority 0; policy accept;
- meta oif veth0 masquerade
+ meta oif veth0 masquerade $natflags
}
}
EOF
+ if [ $? -ne 0 ]; then
+ echo "SKIP: Could not add add $family masquerade hook"
+ return $ksft_skip
+ fi
+
ip netns exec ns2 ping -q -c 1 10.0.1.99 > /dev/null # ping ns2->ns1
if [ $? -ne 0 ] ; then
- echo "ERROR: cannot ping ns1 from ns2 with active ip masquere $natflags"
- echo "ERROR: cannot ping ns1 from ns2 with active $family masquerading"
++ echo "ERROR: cannot ping ns1 from ns2 with active $family masquere $natflags"
lret=1
fi
@@@ -493,19 -522,13 +530,19 @@@
fi
done
+ ip netns exec ns2 ping -q -c 1 10.0.1.99 > /dev/null # ping ns2->ns1
+ if [ $? -ne 0 ] ; then
- echo "ERROR: cannot ping ns1 from ns2 with active ip masquerade $natflags (attempt 2)"
++ echo "ERROR: cannot ping ns1 from ns2 with active $family masquerade $natflags (attempt 2)"
+ lret=1
+ fi
+
- ip netns exec ns0 nft flush chain ip nat postrouting
+ ip netns exec ns0 nft flush chain $family nat postrouting
if [ $? -ne 0 ]; then
- echo "ERROR: Could not flush nat postrouting" 1>&2
+ echo "ERROR: Could not flush $family nat postrouting" 1>&2
lret=1
fi
- test $lret -eq 0 && echo "PASS: IP masquerade $natflags for ns2"
- test $lret -eq 0 && echo "PASS: $family IP masquerade for ns2"
++ test $lret -eq 0 && echo "PASS: $family IP masquerade $natflags for ns2"
return $lret
}
@@@ -760,20 -795,25 +809,34 @@@ if [ $ret -eq 0 ];the
fi
reset_counters
- test_local_dnat
- test_local_dnat6
+ test_local_dnat ip
+ test_local_dnat6 ip6
+ reset_counters
+ $test_inet_nat && test_local_dnat inet
+ $test_inet_nat && test_local_dnat6 inet
+
+ reset_counters
-test_masquerade ip
-test_masquerade6 ip6
++test_masquerade "" ip
++test_masquerade6 "" ip6
++
++reset_counters
++test_masquerade "fully-random" ip
++test_masquerade6 "fully-random" ip6
+
+reset_counters
- test_masquerade ""
- test_masquerade6 ""
++$test_inet_nat && test_masquerade "" inet
++$test_inet_nat && test_masquerade6 "" inet
+
reset_counters
- test_masquerade "fully-random"
- test_masquerade6 "fully-random"
-$test_inet_nat && test_masquerade inet
-$test_inet_nat && test_masquerade6 inet
++$test_inet_nat && test_masquerade "fully-random" ip
++$test_inet_nat && test_masquerade6 "fully-random" ip6
reset_counters
- test_redirect
- test_redirect6
+ test_redirect ip
+ test_redirect6 ip6
+ reset_counters
+ $test_inet_nat && test_redirect inet
+ $test_inet_nat && test_redirect6 inet
for i in 0 1 2; do ip netns del ns$i;done
Attachment:
pgp1B1aEYWXfp.pgp
Description: OpenPGP digital signature
