lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240510090336.54180074@kernel.org>
Date: Fri, 10 May 2024 09:03:36 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Florian Westphal <fw@...len.de>
Cc: Simon Horman <horms@...nel.org>, Hangbin Liu <liuhangbin@...il.com>,
 Jaehee Park <jhpark1013@...il.com>, Petr Machata <petrm@...dia.com>,
 Nikolay Aleksandrov <razor@...ckwall.org>, Ido Schimmel
 <idosch@...dia.com>, Davide Caratti <dcaratti@...hat.com>, Matthieu Baerts
 <matttbe@...nel.org>, netdev@...r.kernel.org
Subject: Re: [TEST] Flake report

On Fri, 10 May 2024 07:47:16 -0700 Jakub Kicinski wrote:
> On Fri, 10 May 2024 10:35:51 +0200 Florian Westphal wrote:
> > Jakub Kicinski <kuba@...nel.org> wrote:  
> > > To: Florian Westphal <fw@...len.de>
> > > 
> > > These are skipped because of some compatibility issues:
> > > 
> > >  nft-flowtable-sh, bridge-brouter-sh, nft-audit-sh
> > > 
> > > Please LMK if I need to update the CLI tooling. 
> > > Or is this missing kernel config?    
> > 
> > No, its related to the userspace tooling.
> > This should start to work once amazon linux updates nftables.
> > 
> > bridge-brouter-sh would work with the old ebtables-legacy instead
> > of ebtables-nft, or a more recent version of ebtables-nft.
> > 
> > ATM it uses a version of ebtables-nft that lacks "broute" table emulation.  
> 
> Amazon Linux is more of a base OS for loading containers it seems.
> I build pretty much all the tools from source.
> 
> So I just built nft too.. Whether it will actually work we'll find
> out in about 15 min :)

M. Looks like that didn't do anything.

I tried to investigate nft_audit.sh

https://netdev-3.bots.linux.dev/vmksft-nf/results/589221/22-nft-audit-sh/stdout

  # selftests: net/netfilter: nft_audit.sh
  # SKIP: nft reset feature test failed: nftables v1.0.9 (Old Doc Yak #3)
  ok 1 selftests: net/netfilter: nft_audit.sh # SKIP

This is what it hits:

  bash-5.2# nft -v
  nftables v1.0.9 (Old Doc Yak #3)
  bash-5.2# nft --check -f /dev/stdin <<EOF
  add table t
  add chain t c
  reset rules t c
  EOF
  /dev/stdin:3:7-11: Error: syntax error, unexpected string, expecting counter or counters or quotas or quota
  reset rules t c
        ^^^^^

What does that mean in lay terms? 

Question #2, for the ebtables test - do I need to build iptables?
I built nft with
	./configure --with-json --with-xtables 
but no xtables-nft-multi popped out.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ