Hi all,
On Mon, 15 Apr 2019 11:40:51 +1000 Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> wrote:
>
> Today's linux-next merge of the netfilter-next tree got a conflict in:
>
> tools/testing/selftests/netfilter/nft_nat.sh
>
> between commit:
>
> 51f9960db6ad ("netfilter: nat: fix icmp id randomization")
>
> from the netfiler tree and commit:
>
> 6978cdb129da ("kselftests: extend nft_nat with inet family based nat hooks")
>
> from the netfilter-next tree.
>
> I fixed it up (I think, see below) and can carry the fix as
> necessary. This is now fixed as far as linux-next is concerned, but any
> non trivial conflicts should be mentioned to your upstream maintainer
> when your tree is submitted for merging. You may also want to consider
> cooperating with the maintainer of the conflicting tree to minimise any
> particularly complex conflicts.
>
> --
> Cheers,
> Stephen Rothwell
>
> diff --cc tools/testing/selftests/netfilter/nft_nat.sh
> index 3194007cf8d1,248905130d5d..000000000000
> --- a/tools/testing/selftests/netfilter/nft_nat.sh
> +++ b/tools/testing/selftests/netfilter/nft_nat.sh
> @@@ -321,7 -346,7 +346,8 @@@ EO
>
> test_masquerade6()
> {
> - local family=$1
> + local natflags=$1
> ++ local family=$2
> local lret=0
>
> ip netns exec ns0 sysctl net.ipv6.conf.all.forwarding=1 > /dev/null
> @@@ -352,16 -377,21 +378,21 @@@
>
> # add masquerading rule
> ip netns exec ns0 nft -f - <<EOF
> - table ip6 nat {
> + table $family nat {
> chain postrouting {
> type nat hook postrouting priority 0; policy accept;
> - meta oif veth0 masquerade
> + meta oif veth0 masquerade $natflags
> }
> }
> EOF
> + if [ $? -ne 0 ]; then
> + echo "SKIP: Could not add add $family masquerade hook"
> + return $ksft_skip
> + fi
> +
> ip netns exec ns2 ping -q -c 1 dead:1::99 > /dev/null # ping ns2->ns1
> if [ $? -ne 0 ] ; then
> - echo "ERROR: cannot ping ns1 from ns2 with active ipv6 masquerade $natflags"
> - echo "ERROR: cannot ping ns1 from ns2 with active $family masquerading"
> ++ echo "ERROR: cannot ping ns1 from ns2 with active $family masquerade $natflags"
> lret=1
> fi
>
> @@@ -398,26 -428,20 +429,27 @@@
> fi
> done
>
> + ip netns exec ns2 ping -q -c 1 dead:1::99 > /dev/null # ping ns2->ns1
> + if [ $? -ne 0 ] ; then
> - echo "ERROR: cannot ping ns1 from ns2 with active ipv6 masquerade $natflags (attempt 2)"
> ++ echo "ERROR: cannot ping ns1 from ns2 with active $family masquerade $natflags (attempt 2)"
> + lret=1
> + fi
> +
> - ip netns exec ns0 nft flush chain ip6 nat postrouting
> + ip netns exec ns0 nft flush chain $family nat postrouting
> if [ $? -ne 0 ]; then
> - echo "ERROR: Could not flush ip6 nat postrouting" 1>&2
> + echo "ERROR: Could not flush $family nat postrouting" 1>&2
> lret=1
> fi
>
> - test $lret -eq 0 && echo "PASS: IPv6 masquerade $natflags for ns2"
> - test $lret -eq 0 && echo "PASS: $family IPv6 masquerade for ns2"
> ++ test $lret -eq 0 && echo "PASS: $family IPv6 masquerade $natflags for ns2"
>
> return $lret
> }
>
> test_masquerade()
> {
> - local family=$1
> + local natflags=$1
> ++ local family=$2
> local lret=0
>
> ip netns exec ns0 sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null
> @@@ -448,16 -472,21 +480,21 @@@
>
> # add masquerading rule
> ip netns exec ns0 nft -f - <<EOF
> - table ip nat {
> + table $family nat {
> chain postrouting {
> type nat hook postrouting priority 0; policy accept;
> - meta oif veth0 masquerade
> + meta oif veth0 masquerade $natflags
> }
> }
> EOF
> + if [ $? -ne 0 ]; then
> + echo "SKIP: Could not add add $family masquerade hook"
> + return $ksft_skip
> + fi
> +
> ip netns exec ns2 ping -q -c 1 10.0.1.99 > /dev/null # ping ns2->ns1
> if [ $? -ne 0 ] ; then
> - echo "ERROR: cannot ping ns1 from ns2 with active ip masquere $natflags"
> - echo "ERROR: cannot ping ns1 from ns2 with active $family masquerading"
> ++ echo "ERROR: cannot ping ns1 from ns2 with active $family masquere $natflags"
> lret=1
> fi
>
> @@@ -493,19 -522,13 +530,19 @@@
> fi
> done
>
> + ip netns exec ns2 ping -q -c 1 10.0.1.99 > /dev/null # ping ns2->ns1
> + if [ $? -ne 0 ] ; then
> - echo "ERROR: cannot ping ns1 from ns2 with active ip masquerade $natflags (attempt 2)"
> ++ echo "ERROR: cannot ping ns1 from ns2 with active $family masquerade $natflags (attempt 2)"
> + lret=1
> + fi
> +
> - ip netns exec ns0 nft flush chain ip nat postrouting
> + ip netns exec ns0 nft flush chain $family nat postrouting
> if [ $? -ne 0 ]; then
> - echo "ERROR: Could not flush nat postrouting" 1>&2
> + echo "ERROR: Could not flush $family nat postrouting" 1>&2
> lret=1
> fi
>
> - test $lret -eq 0 && echo "PASS: IP masquerade $natflags for ns2"
> - test $lret -eq 0 && echo "PASS: $family IP masquerade for ns2"
> ++ test $lret -eq 0 && echo "PASS: $family IP masquerade $natflags for ns2"
>
> return $lret
> }
> @@@ -760,20 -795,25 +809,34 @@@ if [ $ret -eq 0 ];the
> fi
>
> reset_counters
> - test_local_dnat
> - test_local_dnat6
> + test_local_dnat ip
> + test_local_dnat6 ip6
> + reset_counters
> + $test_inet_nat && test_local_dnat inet
> + $test_inet_nat && test_local_dnat6 inet
> +
> + reset_counters
> -test_masquerade ip
> -test_masquerade6 ip6
> ++test_masquerade "" ip
> ++test_masquerade6 "" ip6
> ++
> ++reset_counters
> ++test_masquerade "fully-random" ip
> ++test_masquerade6 "fully-random" ip6
> +
> +reset_counters
> - test_masquerade ""
> - test_masquerade6 ""
> ++$test_inet_nat && test_masquerade "" inet
> ++$test_inet_nat && test_masquerade6 "" inet
> +
> reset_counters
> - test_masquerade "fully-random"
> - test_masquerade6 "fully-random"
> -$test_inet_nat && test_masquerade inet
> -$test_inet_nat && test_masquerade6 inet
> ++$test_inet_nat && test_masquerade "fully-random" ip
> ++$test_inet_nat && test_masquerade6 "fully-random" ip6
>
> reset_counters
> - test_redirect
> - test_redirect6
> + test_redirect ip
> + test_redirect6 ip6
> + reset_counters
> + $test_inet_nat && test_redirect inet
> + $test_inet_nat && test_redirect6 inet
>
> for i in 0 1 2; do ip netns del ns$i;done
>
This is now a conflict between the net-next and netfilter trees.
--
Cheers,
Stephen Rothwell
Attachment:
pgpknmxoSmAYz.pgp
Description: OpenPGP digital signature
