lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 6 Jun 2024 10:10:44 +0800
From: Hangbin Liu <liuhangbin@...il.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: Jianguo Wu <wujianguo106@....com>,
	wujianguo <wujianguo@...natelecom.cn>, netdev@...r.kernel.org,
	edumazet@...gle.com, contact@...elbtn.com, pablo@...filter.org,
	dsahern@...nel.org, pabeni@...hat.com,
	netfilter-devel@...r.kernel.org, fw@...len.de
Subject: Re: [PATCH net v2 2/3] selftests: add selftest for the SRv6 End.DX4
 behavior with netfilter

On Wed, Jun 05, 2024 at 05:35:32PM -0700, Jakub Kicinski wrote:
> On Wed, 5 Jun 2024 11:28:17 +0800 Jianguo Wu wrote:
> > > sysctl: cannot stat /proc/sys/net/netfilter/nf_hooks_lwtunnel: No such file or directory
> > > Warning: Extension rpfilter revision 0 not supported, missing kernel module?
> > > iptables v1.8.9 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain PREROUTING
> > >   
> > 
> > What is your kernel version? The file was introduced from v5.15-rc1
> > 
> > > Looks we are missing some config in selftest net/config.
> > >   
> > 
> > Sorry, I can't find what config to add, please tell me.
> 
> Please follow the instructions from here:
> https://github.com/linux-netdev/nipa/wiki/How-to-run-netdev-selftests-CI-style
> the kernel we build for testing is minimal.
> 
> We see this output:
> 
> # ################################################################################
> # TEST SECTION: SRv6 VPN connectivity test with netfilter enabled in routers
> # ################################################################################

If I run the test specifically, I also got error:
sysctl: cannot stat /proc/sys/net/netfilter/nf_hooks_lwtunnel: No such file or directory

This is because CONFIG_NF_CONNTRACK is build as module. The test need to load
nf_conntrack specifically. I guest the reason you don't have this error is
because you have run the netfilter tests first? Which has loaded this module.

> # Warning: Extension rpfilter revision 0 not supported, missing kernel module?
> # iptables v1.8.8 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain PREROUTING
> # Warning: Extension rpfilter revision 0 not supported, missing kernel module?
> # iptables v1.8.8 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain PREROUTING

Just checked, we need CONFIG_IP_NF_MATCH_RPFILTER=m in config file.

Thanks
Hangbin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ