On Wed, Jan 24, 2024 at 06:35:14PM +0000, Matthieu Baerts wrote: > Hello, > > 24 Jan 2024 17:01:24 Jakub Kicinski <kuba@xxxxxxxxxx>: > > > On Wed, 24 Jan 2024 08:22:55 -0800 Jakub Kicinski wrote: > >>> Going through the failing ksft-net series on > >>> https://netdev.bots.linux.dev/status.html, all the tests I'm > >>> responsible seem to be passing. > >> > >> Here's a more handy link filtered down to failures (clicking on > >> the test counts links here): > >> > >> https://netdev.bots.linux.dev/contest.html?branch=net-next-2024-01-24--15-00&executor=vmksft-net-mp&pass=0 > >> > >> I have been attributing the udpg[rs]o and timestamp tests to you, > >> but I haven't actually checked.. are they not yours? :) > > > > Ah, BTW, a major source of failures seems to be that iptables is > > mapping to nftables on the executor. And either nftables doesn't > > support the functionality the tests expect or we're missing configs :( > > E.g. the TTL module. > > I don't know if it is the same issue, but for MPTCP, we use > 'iptables-legacy' if available. > > https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=0c4cd3f86a400 I'd suggest you do the other way around, first check if iptables-nft is available, otherwise fall back to iptables-nft commit refers to 5.15 already have iptables-nft support, it should work out of the box.
