在 2019/12/31 4:02, Pablo Neira Ayuso 写道:
On Mon, Dec 30, 2019 at 09:25:36PM +0800, wenxu wrote:
Hi pablo,
How about this patch?
This test still fails after a second run with this patch:
./run-tests.sh testcases/flowtable/0009deleteafterflush_0
I: using nft binary ./../../src/nft
W: [FAILED] testcases/flowtable/0009deleteafterflush_0: got 1
Error: Could not process rule: Device or resource busy
delete flowtable x f
Hi pablo,
I did the same test for testcase 0009deleteafterflush_0, It is okay even
there is no this patch in my tree.
++ which nft
+ NFT=/usr/sbin/nft
+ /usr/sbin/nft add table x
+ /usr/sbin/nft add chain x y
+ /usr/sbin/nft add flowtable x f '{' hook ingress priority '0;' devices
= '{' lo '};}'
+ /usr/sbin/nft add rule x y flow add @f
+ /usr/sbin/nft flush chain x y
+ /usr/sbin/nft delete flowtable x f
This patch fix the problem that there are nft_flow_offload rules, when
flush the rules or chain which will lead the use counter double decrease
and overflow.
nft add rule firewall ftb-all ct zone 1 ip protocol tcp flow offload @f
nft add rule firewall ftb-all ct zone 1 ip protocol udp flow offload @f
This testcase does not have any nft_flow_offload rules. So this testcase
don't cover the problem I want to fixes.
Ps:
I test the nf-next tree, this testcase have the problem, I think it
should be another new problem. I will check it.
