Hi Taehee!
On Wed, Oct 31, 2018 at 03:22:22AM +0900, Taehee Yoo wrote:
> On Tue, 30 Oct 2018 at 08:00, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> >
>
> Hi Pablo,
> Thank you for review!
>
> > On Fri, Oct 19, 2018 at 12:27:57AM +0900, Taehee Yoo wrote:
> > > xt_rateest_net_exit() was added to check whether rules are flushed
> > > successfully. but ->net_exit() callback is called earlier than
> > > ->destroy() callback.
> > > So that ->net_exit() callback can't check that.
> > >
> > > test commands:
> > > %ip netns add vm1
> > > %ip netns exec vm1 iptables -t mangle -I PREROUTING -p udp \
> > > --dport 1111 -j RATEEST --rateest-name ap \
> > > --rateest-interval 250ms --rateest-ewma 0.5s
> > > %ip netns del vm1
> >
> > Hm, I cannot reproduce this here.
> >
> > I can see iptables-tests.py with -N fails to load entries:
> >
> > # ip netns exec ____test xtables-legacy-multi iptables -A INPUT -m rateest --rateest RE1 --rateest-lt --rateest-bps 8bit
> > iptables: No chain/target/match by that name.
> >
> > but not this warning, probably I'm missing instrumention, something
> > not enabled here.
> >
>
> I think you need RE1 RATEEST entry because rateest match needs RATEEST entry.
> So that below command is needed.
> %ip netns exec ____test xtables-legacy-multi iptables -t mangle -I
> PREROUTING -p udp \
> --dport 1111 -j RATEEST --rateest-name RE1
> --rateest-interval 250ms --rateest-ewma 0.5s
> RE1 entry is created by above command.
> Then, your command would not be failed.
OK, running here:
# iptables-tests.py -N
[ After you fix for this for iptables-tests.py ;-) ]
I don't hit this splat here, can you hit it there? Probably there's
something in my testbed that makes thing behave differently. So I
cannot still reproduce it, hm.
