On Wed, Jun 22, 2016 at 04:16:27PM +0200, Arturo Borrero Gonzalez wrote:
> On 22 June 2016 at 13:18, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > This patch covers transactions using the flat syntax representation, eg.
> >
> > add table x
> > add chain x y { type filter hook forward priority 0; }
> > add chain x y { policy drop; }
> >
> > This also covers things like:
> >
> > add element x whitelist { 1.1.1.1 }
> > delete element x whitelist { 1.1.1.1 }
> >
> > The one above may look silly from a human behaviour point of view, but
> > silly robots may very well behave like this.
> >
> > These tests require several kernel patches though in order to pass
> > successfully.
> >
> > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
>
> I reviewed most of the testscases and they seem fine to me,
>
> Acked-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
>
> Side note:
>
> if you execute some of them without the kernel patches (so they fail),
> a segfault happens in nft (I guess related to cache handling).
>
> W: [FAILED] ./testcases/transactions/0037set_0: expected 0 but got 139
> ./testcases/transactions/0037set_0: line 19: 15139 Segmentation fault
> $NFT -f $tmpfile
> W: [FAILED] ./testcases/transactions/0038set_0: expected 0 but got 139
> ./testcases/transactions/0038set_0: line 21: 15151 Segmentation fault
> $NFT -f $tmpfile
> W: [FAILED] ./testcases/transactions/0039set_0: expected 0 but got 139
> ./testcases/transactions/0039set_0: line 21: 15163 Segmentation fault
> $NFT -f $tmpfile
You need this:
http://patchwork.ozlabs.org/patch/639098/
I have just pushed this mainstream.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
