On Sat, 3 Nov 2018 at 22:47, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > Hi Taehee! > > On Wed, Oct 31, 2018 at 03:22:22AM +0900, Taehee Yoo wrote: > > On Tue, 30 Oct 2018 at 08:00, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > > > > > > Hi Pablo, > > Thank you for review! > > > > > On Fri, Oct 19, 2018 at 12:27:57AM +0900, Taehee Yoo wrote: > > > > xt_rateest_net_exit() was added to check whether rules are flushed > > > > successfully. but ->net_exit() callback is called earlier than > > > > ->destroy() callback. > > > > So that ->net_exit() callback can't check that. > > > > > > > > test commands: > > > > %ip netns add vm1 > > > > %ip netns exec vm1 iptables -t mangle -I PREROUTING -p udp \ > > > > --dport 1111 -j RATEEST --rateest-name ap \ > > > > --rateest-interval 250ms --rateest-ewma 0.5s > > > > %ip netns del vm1 > > > > > > Hm, I cannot reproduce this here. > > > > > > I can see iptables-tests.py with -N fails to load entries: > > > > > > # ip netns exec ____test xtables-legacy-multi iptables -A INPUT -m rateest --rateest RE1 --rateest-lt --rateest-bps 8bit > > > iptables: No chain/target/match by that name. > > > > > > but not this warning, probably I'm missing instrumention, something > > > not enabled here. > > > > > > > I think you need RE1 RATEEST entry because rateest match needs RATEEST entry. > > So that below command is needed. > > %ip netns exec ____test xtables-legacy-multi iptables -t mangle -I > > PREROUTING -p udp \ > > --dport 1111 -j RATEEST --rateest-name RE1 > > --rateest-interval 250ms --rateest-ewma 0.5s > > RE1 entry is created by above command. > > Then, your command would not be failed. > > OK, running here: > > # iptables-tests.py -N > > [ After you fix for this for iptables-tests.py ;-) ] > > I don't hit this splat here, can you hit it there? Probably there's > something in my testbed that makes thing behave differently. So I > cannot still reproduce it, hm. Oh, I'm so sorry, my original test command couldn't make this splat always. And I found a condition to make this splat. This command set will make splat. %modprobe -rv ipfilter_filter %modprobe -rv xt_RATEEST %modprobe iptable_filter %modprobe xt_RATEEST %iptables-test.py -N ./extensions/libxt_RATEEST.t And below command could not make splat. %modprobe -rv ipfilter_filter %modprobe -rv xt_RATEEST %modprobe xt_RATEEST %modprobe iptable_filter %iptables-test.py -N ./extensions/libxt_RATEEST.t Thanks!
