| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260120220103.327771-1-aleksey.oladko@virtuozzo.com>
Date: Tue, 20 Jan 2026 22:01:02 +0000
From: Aleksei Oladko <aleksey.oladko@...tuozzo.com>
To: Pablo Neira Ayuso <pablo@...filter.org>, Florian Westphal <fw@...len.de>,
Phil Sutter <phil@....cc>, "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>,
Shuah Khan <shuah@...nel.org>
Cc: Aleksei Oladko <aleksey.oladko@...tuozzo.com>,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
netdev@...r.kernel.org, linux-kselftest@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] selftests: netfilter: ensure conntrack is enabled for helper test
The nft_conntrack_helper.sh assumes that conntrack entries are created
for the generated test traffic. This is not the case when only raw table
rules are installed, as conntrack is not required and remains disabled.
Add a stateful rule to force conntrack to be enabled, ensuring that
conntrack entries are created and the helper assignment can be verified.
Signed-off-by: Aleksei Oladko <aleksey.oladko@...tuozzo.com>
---
.../testing/selftests/net/netfilter/nft_conntrack_helper.sh | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh b/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
index abcaa7337197..43761f2eb3ec 100755
--- a/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
+++ b/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
@@ -60,6 +60,12 @@ table $family raw {
tcp dport 2121 ct helper set "ftp"
}
}
+table $family filter {
+ chain forward {
+ type filter hook forward priority 0; policy accept;
+ ct state new,established,related accept
+ }
+}
EOF
return $?
}
--
2.43.0
Powered by blists - more mailing lists