On 19/05/2020 18:35, Pablo Neira Ayuso wrote: > Did you test your patch with netfilter? I don't think. As I mentioned in v1 (and should have repeated on v2, sorry) this is compile tested only, as I don't have the hardware to test it. (I have done some testing with the not-yet-upstream sfc_ef100 driver, though.) But as I'm not a netfilter user, I don't have a handy set of netfilter rules to test this with anyway; and my previous attempts to find useful documentation on netfilter.org were not fruitful (although I've just now found wiki.nftables.org). I was hoping someone with the domain knowledge (and the hardware) could test this. (Also, for complicated reasons, getting nft built for my ef100 test system would be decidedly nontrivial; and any test I do without offload hardware at the bottom would necessarily be so synthetic I'm not sure I'd trust it to prove anything.) > Netfilter is a client of this flow offload API, you have to test that > your core updates do not break any of existing clients. Okay, but can we distinguish between "this needs to be tested with netfilter before it can be merged" and "this is breaking netfilter"? Or do you have a specific reason why you think this is broken, beyond merely 'it isn't tested'?
