On Tue, Oct 22, 2024 at 04:55:33PM +0200, Phil Sutter wrote:
> On Tue, Oct 22, 2024 at 03:48:12PM +0200, Pablo Neira Ayuso wrote:
> > On Tue, Oct 22, 2024 at 03:08:01PM +0200, Phil Sutter wrote:
> > > On Tue, Oct 22, 2024 at 02:30:58PM +0200, Phil Sutter wrote:
> > > [...]
> > > > - With your patch applied, 20 rules fail (in both variants). Is this
> > > > expected or a bug on my side?
> > >
> > > OK, so most failures are caused by my test kernel not having
> > > CONFIG_IP_VS_IPV6 enabled.
> > >
> > > Apart from that, there is a minor bug in introduced libip6t_recent.t in
> > > that it undoes commit d859b91e6f3ed ("extensions: recent: New kernels
> > > support 999 hits") by accident. More interesting though, it's reported
> > > twice, once for fast mode and once for normal mode. I'll see how I can
> > > turn off error reporting in fast mode, failing tests are repeated
> > > anyway.
> >
> > Would you point me to the relevant line in the libip6t_recent.t?
>
> It is in line 7, I had changed the supposed-to-fail --hitcount value of
> 999 to 65536.
This was already fixed in v2, correct?
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20241021101442.182533-1-pablo@xxxxxxxxxxxxx/
I am using 65536 there.
Thanks.
