On Wed, Feb 09, 2022 at 03:11:42PM +0100, Pablo Neira Ayuso wrote: > On Fri, Feb 04, 2022 at 06:55:20PM +0100, Phil Sutter wrote: > > Some test results are not consistent between variants: > > > > * CLUSTERIP is not supported with nft_compat, so all related tests fail > > with iptables-nft. > > * iptables-legacy mandates TCPMSS be combined with SYN flag match, > > iptables-nft does not care. (Or precisely, xt_TCPMSS.ko can't validate > > match presence.) > > > > Avoid the expected failures by allowing "NFT" and "LGC" outcomes in > > addition to "OK" and "FAIL". They specify the variant with which given > > test should pass. > > > > Signed-off-by: Phil Sutter <phil@xxxxxx> > > --- > > extensions/libipt_CLUSTERIP.t | 4 ++-- > > extensions/libxt_TCPMSS.t | 2 +- > > iptables-test.py | 7 +++++-- > > 3 files changed, 8 insertions(+), 5 deletions(-) > > > > diff --git a/extensions/libipt_CLUSTERIP.t b/extensions/libipt_CLUSTERIP.t > > index 5af555e005c1d..d3a2d6cbb1b2e 100644 > > --- a/extensions/libipt_CLUSTERIP.t > > +++ b/extensions/libipt_CLUSTERIP.t > > @@ -1,4 +1,4 @@ > > :INPUT > > -d 10.31.3.236/32 -i lo -j CLUSTERIP --new --hashmode sourceip --clustermac 01:AA:7B:47:F7:D7 --total-nodes 2 --local-node 0 --hash-init 1;=;FAIL > > --d 10.31.3.236/32 -i lo -j CLUSTERIP --new --hashmode sourceip --clustermac 01:AA:7B:47:F7:D7 --total-nodes 2 --local-node 1 --hash-init 1;=;OK > > Could you add a new semicolon to the test line instead? > > --d 10.31.3.236/32 -i lo -j CLUSTERIP --new --hashmode sourceip --clustermac 01:AA:7B:47:F7:D7 --total-nodes 2 --local-node 1 --hash-init 1;=;OK;LEGACY Sure, will do. It means we'll have semantical aliases: - ...;OK;LEGAY == ...;FAIL;NFT - ...;OK:NFT == ...;FAIL;LEGACY Not a real issue, though. Thanks, Phil
