Hi, On Sun, May 24, 2020 at 02:59:57PM +0200, Stefano Brivio wrote: > It might be convenient to run tests from a development branch that > resides on another host, and if we break connectivity on the test > host as tests are executed, we con't run them this way. > > To preserve connectivity, for shell tests, we can simply use the > 'forward' hook instead of 'input' in chains/0036_policy_variable_0 > and transactions/0011_chain_0, without affecting test coverage. > > For py tests, this is more complicated as some test cases install > chains for all the available hooks, and we would probably need a > more refined approach to avoid dropping relevant traffic, so I'm > not covering that right now. This is a recurring issue, iptables testsuites suffer from this problem as well. There it was solved by running everything in a dedicated netns: iptables/tests/shell: Call testscripts via 'unshare -n <file>'. iptables-test.py: If called with --netns, 'ip netns exec <foo>' is added as prefix to any of the iptables commands. I considered doing the same in nftables testsuites several times but never managed to keep me motivated enough. Maybe you want to give it a try? Cheers, Phil
