On Tue, Oct 22, 2024 at 02:30:57PM +0200, Phil Sutter wrote: > Hi Pablo, > > On Mon, Oct 21, 2024 at 12:47:07AM +0200, Pablo Neira Ayuso wrote: > > Update iptables-test.py to run libxt_*.t both for iptables and > > ip6tables. This update requires changes in the existing tests. > > Thanks for working on this! I see a few things we could still improve: > > - Output prints libxt tests twice. Maybe append the command name? OK, I can just make it print it once. > - The copying of libxt into libipt and libip6t creates some redundancy > depending on test content. Maybe keep the non-specific ones in a libxt > test file? I can take a look at what is common and keep it in libxt_ , I quickly splitted and convert. > - I noticed there are some remains of supporting '-4' and '-6' flags in > iptables-test.py but it is unused and seems broken. One could revive > it to keep everything in libxt files, prefixing the specific tests > accordingly. I'll give this a try to see how much work it is to > implement support for. Not sure it is worth, but your call. > - With your patch applied, 20 rules fail (in both variants). Is this > expected or a bug on my side? Maybe you don't have the NFLOG, mark and TRACE fix that is missing? I don't see this in v2 of this patch + kernel fix.
