On Thu, Oct 29, 2020 at 12:18:24PM +0100, Phil Sutter wrote: > Hi Pablo, > > On Wed, Oct 28, 2020 at 08:08:47PM +0100, Pablo Neira Ayuso wrote: > > On Wed, Oct 28, 2020 at 08:05:38PM +0100, Pablo Neira Ayuso wrote: > > > Hi Phil, > > > > > > On Wed, Oct 28, 2020 at 06:03:38PM +0100, Phil Sutter wrote: > > > > This reverts both commits 46b54fdcf266d3d631ffb6102067825d7672db46 and > > > > 0e258556f7f3da35deeb6d5cfdec51eafc7db80d. > > > > > > > > With both applied, the test succeeded *only* if 'nft monitor' was > > > > running in background, which is equivalent to the original problem > > > > (where the test succeeded only if *no* 'nft monitor' was running). > > > > > > > > The test merely exposed a kernel bug, so in fact it is correct. > > > > > > Please, do not revert this. > > > > > > This kernel patch needs this fix: > > > > > > https://patchwork.ozlabs.org/project/netfilter-devel/patch/20201022204032.28904-1-pablo@xxxxxxxxxxxxx/ > > > > With the kernel patch above, this test does not break anymore. > > > > ie. --echo is not printing the generation ID because kernel bug. > > Oh, I mis-read the kernel patch, sorry for the mess. I would suggest to > change your test case fix into this though: > > | -test_output=$($NFT -e -f - <<< "$RULESET" 2>&1 | head -n -1) > | +test_output=$($NFT -e -f - <<< "$RULESET" 2>&1 | grep -v '# new generation') > > This makes it clear what is to be omitted and also makes the test work > with unpatched kernels as well. Fine with you? That's fine indeed and more readable indeed.
