lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20241104142529.2352-1-fw@strlen.de>
Date: Mon,  4 Nov 2024 15:25:24 +0100
From: Florian Westphal <fw@...len.de>
To: <netdev@...r.kernel.org>
Cc: <netfilter-devel@...r.kernel.org>,
	Florian Westphal <fw@...len.de>
Subject: [PATCH net-next] selftests: netfilter: run conntrack_dump_flush in netns

This test will fail if the initial namespace has conntrack
active due to unexpected number of flows returned on dump:

  conntrack_dump_flush.c:451:test_flush_by_zone:Expected ret (7) == 2 (2)
  test_flush_by_zone: Test failed
  FAIL  conntrack_dump_flush.test_flush_by_zone
  not ok 2 conntrack_dump_flush.test_flush_by_zone

Add a wrapper that unshares this program to avoid this problem.

Signed-off-by: Florian Westphal <fw@...len.de>
---
 tools/testing/selftests/net/netfilter/Makefile                | 4 ++--
 tools/testing/selftests/net/netfilter/conntrack_dump_flush.sh | 3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100755 tools/testing/selftests/net/netfilter/conntrack_dump_flush.sh

diff --git a/tools/testing/selftests/net/netfilter/Makefile b/tools/testing/selftests/net/netfilter/Makefile
index e6c9e777fead..ab543625d6a0 100644
--- a/tools/testing/selftests/net/netfilter/Makefile
+++ b/tools/testing/selftests/net/netfilter/Makefile
@@ -8,6 +8,7 @@ MNL_LDLIBS := $(shell $(HOSTPKG_CONFIG) --libs libmnl 2>/dev/null || echo -lmnl)
 
 TEST_PROGS := br_netfilter.sh bridge_brouter.sh
 TEST_PROGS += br_netfilter_queue.sh
+TEST_PROGS += conntrack_dump_flush.sh
 TEST_PROGS += conntrack_icmp_related.sh
 TEST_PROGS += conntrack_ipip_mtu.sh
 TEST_PROGS += conntrack_tcp_unreplied.sh
@@ -35,10 +36,9 @@ TEST_PROGS += xt_string.sh
 
 TEST_PROGS_EXTENDED = nft_concat_range_perf.sh
 
-TEST_GEN_PROGS = conntrack_dump_flush
-
 TEST_GEN_FILES = audit_logread
 TEST_GEN_FILES += connect_close nf_queue
+TEST_GEN_FILES += conntrack_dump_flush
 TEST_GEN_FILES += conntrack_reverse_clash
 TEST_GEN_FILES += sctp_collision
 
diff --git a/tools/testing/selftests/net/netfilter/conntrack_dump_flush.sh b/tools/testing/selftests/net/netfilter/conntrack_dump_flush.sh
new file mode 100755
index 000000000000..8b0935385849
--- /dev/null
+++ b/tools/testing/selftests/net/netfilter/conntrack_dump_flush.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+exec unshare -n ./conntrack_dump_flush
-- 
2.45.2


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ