Re: [PATCH nft] tests: shell: flush ruleset with -U after feature probing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2023-12-05 at 20:29 +0100, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > feature probe script leave a ruleset in place, flush it once
> > probing is
> > complete.
> 
> Perhaps change feature_probe() to always use 'unshare -n'?

feature_probe already uses unshare, unless the caller opts out of it.
Maybe don't do that. 

> Some scripts also create netdevices.

Some tests also create netdevices and may not clean them up properly.
It's even desirable that tests don't clean them up, because it removes
boilerplate from tests. But more importantly: not deleting those
devices leaves a certain state after the test, that can be checked by
`.nft`/`.json-nft` dumps.


The mode without unshare exists for historic reasons, as unshare was
added initially. At this point, what is the use of supporting or using
that?


Thomas






[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux