lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aDWJ7DyVyt3Rq-Gc@calendula>
Date: Tue, 27 May 2025 11:46:20 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: Phil Sutter <phil@....cc>
Cc: Paolo Abeni <pabeni@...hat.com>, netfilter-devel@...r.kernel.org,
	davem@...emloft.net, netdev@...r.kernel.org, kuba@...nel.org,
	edumazet@...gle.com, fw@...len.de, horms@...nel.org
Subject: Re: [net-next PATCH] selftests: netfilter: Fix skip of wildcard
 interface test

On Tue, May 27, 2025 at 11:41:17AM +0200, Phil Sutter wrote:
> The script is supposed to skip wildcard interface testing if unsupported
> by the host's nft tool. The failing check caused script abort due to
> 'set -e' though. Fix this by running the potentially failing nft command
> inside the if-conditional pipe.

Thanks Phil, this is an easy fix for this.

> Fixes: 73db1b5dab6f ("selftests: netfilter: Torture nftables netdev hooks")
> Signed-off-by: Phil Sutter <phil@....cc>

Acked-by: Pablo Neira Ayuso <pablo@...filter.org>

Paolo, you can take this now to calm down CI. Thanks

> ---
>  .../selftests/net/netfilter/nft_interface_stress.sh        | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/tools/testing/selftests/net/netfilter/nft_interface_stress.sh b/tools/testing/selftests/net/netfilter/nft_interface_stress.sh
> index 11d82d11495e..5ff7be9daeee 100755
> --- a/tools/testing/selftests/net/netfilter/nft_interface_stress.sh
> +++ b/tools/testing/selftests/net/netfilter/nft_interface_stress.sh
> @@ -97,7 +97,8 @@ kill $nft_monitor_pid
>  kill $rename_loop_pid
>  wait
>  
> -ip netns exec $nsr nft -f - <<EOF
> +wildcard_prep() {
> +	ip netns exec $nsr nft -f - <<EOF
>  table ip t {
>  	flowtable ft_wild {
>  		hook ingress priority 0
> @@ -105,7 +106,9 @@ table ip t {
>  	}
>  }
>  EOF
> -if [[ $? -ne 0 ]]; then
> +}
> +
> +if ! wildcard_prep; then
>  	echo "SKIP wildcard tests: not supported by host's nft?"
>  else
>  	for ((i = 0; i < 100; i++)); do
> -- 
> 2.49.0
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ