Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2229771/?format=api
{ "id": 2229771, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2229771/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260428174130.14287-1-fw@strlen.de/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/1.1/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260428174130.14287-1-fw@strlen.de>", "date": "2026-04-28T17:41:26", "name": "[conntrack-tools] tests: nfct: make it suitable for CI pipeline", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "2a510acc7ad2610209bf5f6c114f77e17089b99c", "submitter": { "id": 1025, "url": "http://patchwork.ozlabs.org/api/1.1/people/1025/?format=api", "name": "Florian Westphal", "email": "fw@strlen.de" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260428174130.14287-1-fw@strlen.de/mbox/", "series": [ { "id": 501912, "url": "http://patchwork.ozlabs.org/api/1.1/series/501912/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=501912", "date": "2026-04-28T17:41:26", "name": "[conntrack-tools] tests: nfct: make it suitable for CI pipeline", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/501912/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2229771/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2229771/checks/", "tags": {}, "headers": { "Return-Path": "\n <netfilter-devel+bounces-12264-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12264-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=91.216.245.30", "smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=strlen.de", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=Chamillionaire.breakpoint.cc" ], "Received": [ "from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4np42PYJz1yHv\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 03:42:52 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id 0F835301C6F2\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 17:41:56 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 1A39644D696;\n\tTue, 28 Apr 2026 17:41:55 +0000 (UTC)", "from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc\n [91.216.245.30])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 5E2AD44D022\n\tfor <netfilter-devel@vger.kernel.org>; Tue, 28 Apr 2026 17:41:53 +0000 (UTC)", "by Chamillionaire.breakpoint.cc (Postfix, from userid 1003)\n\tid 39F3760420; Tue, 28 Apr 2026 19:41:51 +0200 (CEST)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777398114; cv=none;\n b=qTQfinbYhOCg952lNf+PtETg/tI6Xm4O+Rg2O0V9oH4X86oqKnIEmfXQ3UYdpPInibMm7NDU7ghSqBeWJRPWrGdh0UVCZ6Mke+leOFLNdGX4ynmZFE7OPYeW8IYGhv6C/zDr79f7sy13a7uycpMSv13WiWnFhv9Juaq6HzFJCWA=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777398114; c=relaxed/simple;\n\tbh=8mUgn8gYZ7wybOzSRhjEXcennaKpyJGHLCbcD26Pb/M=;\n\th=From:To:Cc:Subject:Date:Message-ID:MIME-Version;\n b=TlbOsAAEACc2JHXQwPop0w+ePQMJjyE059LyhXN64ZZH8ctl0okNYw5GAFqaxNpU1cn8JZ14Z65ZlwESpGaj/P6Jeoo1N3kEfwJ0yD54OoSMpXH4Ykzp9+9zDAbPb0vPqrTDGj5WASp70NQz3sEao2Dqz5XXBn9J38aRMB8zlUs=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=strlen.de;\n spf=pass smtp.mailfrom=Chamillionaire.breakpoint.cc;\n arc=none smtp.client-ip=91.216.245.30", "From": "Florian Westphal <fw@strlen.de>", "To": "<netfilter-devel@vger.kernel.org>", "Cc": "Florian Westphal <fw@strlen.de>", "Subject": "[PATCH conntrack-tools] tests: nfct: make it suitable for CI pipeline", "Date": "Tue, 28 Apr 2026 19:41:26 +0200", "Message-ID": "<20260428174130.14287-1-fw@strlen.de>", "X-Mailer": "git-send-email 2.53.0", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit" }, "content": "1. make run-test.sh call test prog via unshare -n.\n2. remove various modprobe calls, these are all built into\n nf_conntrack.ko.\n3. make test.c exit nonzero when bad tests are detected.\n4. remove dccp+udplite, they fail on modern kernels due to removal of\n these protocols.\n5. update test-live.sh. Auto-rexec via unshare. Streamline output:\n\nCheck timeout policy test-generic for protocol 13\n [NEW] unknown 13 3 src=10.0.0.1 dst=8.8.8.8 [UNREPLIED] src=8.8.8.8 dst=10.0.0.1\nCheck timeout policy test-tcp for protocol tcp\n [NEW] tcp 6 2 SYN_SENT src=10.0.0.1 dst=8.8.8.8 sport=5050 dport=80 [UNREPLIED] src=8.8.8.8 dst=10.0.0.1 sport=80 dport=5050\nCheck timeout policy test-icmp for protocol icmp\n [NEW] icmp 1 4 src=10.0.0.1 dst=8.8.8.8 type=8 code=0 id=41473 [UNREPLIED] src=8.8.8.8 dst=10.0.0.1 type=0 code=0 id=41473\n\nThe effective timeout is validated by checking the new timeout reported\nvia ctnetlink.\n\nSigned-off-by: Florian Westphal <fw@strlen.de>\n---\n tests/nfct/run-test.sh | 15 +----\n tests/nfct/test-live.sh | 125 +++++++++++++++++++++++------------\n tests/nfct/test.c | 4 ++\n tests/nfct/timeout/03udplite | 16 -----\n tests/nfct/timeout/07dccp | 16 -----\n 5 files changed, 89 insertions(+), 87 deletions(-)\n mode change 100644 => 100755 tests/nfct/run-test.sh\n mode change 100644 => 100755 tests/nfct/test-live.sh\n delete mode 100644 tests/nfct/timeout/03udplite\n delete mode 100644 tests/nfct/timeout/07dccp", "diff": "diff --git a/tests/nfct/run-test.sh b/tests/nfct/run-test.sh\nold mode 100644\nnew mode 100755\nindex f5f220baebf1..88999f8c8517\n--- a/tests/nfct/run-test.sh\n+++ b/tests/nfct/run-test.sh\n@@ -7,16 +7,5 @@ then\n \texit 1\n fi\n \n-gcc test.c -o test\n-#\n-# XXX: module auto-load not support by nfnetlink_cttimeout yet :-(\n-#\n-# any or all of these might be built-ins rather than modules, so don't error\n-# out on failure from modprobe\n-modprobe nf_conntrack_ipv4 || true\n-modprobe nf_conntrack_ipv6 || true\n-modprobe nf_conntrack_proto_udplite || true\n-modprobe nf_conntrack_proto_sctp || true\n-modprobe nf_conntrack_proto_dccp || true\n-modprobe nf_conntrack_proto_gre || true\n-./test timeout\n+test -x test || gcc test.c -o test\n+exec unshare -n ./test timeout\ndiff --git a/tests/nfct/test-live.sh b/tests/nfct/test-live.sh\nold mode 100644\nnew mode 100755\nindex 22570875f4e6..6f752ee61f59\n--- a/tests/nfct/test-live.sh\n+++ b/tests/nfct/test-live.sh\n@@ -3,71 +3,112 @@\n # simple testing for cttimeout infrastructure using one single computer\n #\n \n-WAIT_BETWEEN_TESTS=10\n-\n-# flush cttimeout table\n-nfct flush timeout\n-\n-# flush the conntrack table\n-conntrack -F\n+if [ \"$1\" != \"run\" ] ;then\n+\texec unshare -n ./$0 \"run\"\n+fi\n+\n+die() {\n+\techo \"$@\"\n+\texit 1\n+}\n+\n+warn() {\n+\techo \"WARN: $@\"\n+}\n+\n+tmp=$(mktemp)\n+cleanup()\n+{\n+\tip link del eth0\n+\trm -f \"$tmp\"\n+}\n+trap cleanup EXIT\n+\n+ret=0\n+check_timeout() {\n+\tlocal proto=\"$1\"\n+\tlocal timeout=\"$2\"\n+\n+\tif ! grep '[NEW]' \"$tmp\" | grep \"$proto $timeout\";then\n+\t\twarn \"Did not find expected output, got:\"\n+\t\tcat \"$tmp\"\n+\t\techo ----- EOF -----\n+\t\tret=1\n+\tfi\n+}\n+\n+add_rule() {\n+\tlocal proto=\"$1\"\n+\tlocal name=\"$2\"\n+\n+\techo \"Check timeout policy $name for protocol $proto\"\n+\tiptables -I OUTPUT -t raw -p \"$proto\" -j CT --timeout \"$name\" || die \"can't add -p $proto -j CT $name\"\n+}\n+\n+rm_rules() {\n+\tlocal proto=\"$1\"\n+\tlocal name=\"$2\"\n+\n+\tiptables -D OUTPUT -t raw -p $proto -j CT --timeout \"$name\" || warn \"can't remove $proto $name rule\"\n+\tnfct del timeout \"$name\" || warn \"can't remove $name policy\"\n+}\n+\n+ip link add eth0 type dummy\n+ip link set eth0 up\n+ip link set lo up\n+ip addr add 10.0.0.1/8 dev eth0\n+ip route add default via 10.0.0.99 dev eth0\n+\n+WAIT_BETWEEN_TESTS=5\n \n #\n # No.1: test generic timeout policy\n #\n+conntrack -E -p 13 > \"$tmp\" 2>/dev/null &\n+pid=$!\n \n-echo \"---- test no. 1 ----\"\n-\n-conntrack -E -p 13 &\n-\n-nfct add timeout test-generic inet generic timeout 100\n-iptables -I OUTPUT -t raw -p all -j CT --timeout test-generic\n-hping3 -c 1 -V -I eth0 -0 8.8.8.8 -H 13\n-\n-killall -15 conntrack\n-\n-echo \"---- end test no. 1 ----\"\n+nfct add timeout \"test-generic\" inet generic timeout 3 || die \"can't add generic timeout\"\n+add_rule 13 \"test-generic\"\n+hping3 -c 1 -I eth0 -0 8.8.8.8 -H 13 > /dev/null 2>&1\n+check_timeout 13 3\n+kill $pid\n \n sleep $WAIT_BETWEEN_TESTS\n-\n-iptables -D OUTPUT -t raw -p all -j CT --timeout test-generic\n-nfct del timeout test-generic\n+rm_rules 13 \"test-generic\"\n \n #\n # No.2: test TCP timeout policy\n #\n \n-echo \"---- test no. 2 ----\"\n+conntrack -E -p tcp > \"$tmp\" 2>/dev/null &\n+pid=$!\n \n-conntrack -E -p tcp &\n+nfct add timeout test-tcp inet tcp syn_sent 2 || die \"can't add tcp timeout policy\"\n+add_rule \"tcp\" \"test-tcp\"\n+hping3 -S -p 80 -s 5050 8.8.8.8 -c 1 > /dev/null 2>&1\n \n-nfct add timeout test-tcp inet tcp syn_sent 100\n-iptables -I OUTPUT -t raw -p tcp -j CT --timeout test-tcp\n-hping3 -V -S -p 80 -s 5050 8.8.8.8 -c 1\n+check_timeout 6 2\n+kill $pid\n \n sleep $WAIT_BETWEEN_TESTS\n-\n-iptables -D OUTPUT -t raw -p tcp -j CT --timeout test-tcp\n-nfct del timeout test-tcp\n-\n-killall -15 conntrack\n-\n-echo \"---- end test no. 2 ----\"\n+rm_rules \"tcp\" \"test-tcp\"\n \n #\n # No. 3: test ICMP timeout policy\n #\n \n-echo \"---- test no. 3 ----\"\n+conntrack -E -p icmp > \"$tmp\" 2>/dev/null &\n+pid=$!\n \n-conntrack -E -p icmp &\n+nfct add timeout test-icmp inet icmp timeout 4 || die \"can't add test-icmp policy\"\n+add_rule \"icmp\" \"test-icmp\"\n \n-nfct add timeout test-icmp inet icmp timeout 50\n-iptables -I OUTPUT -t raw -p icmp -j CT --timeout test-icmp\n-hping3 -1 8.8.8.8 -c 2\n+hping3 -1 8.8.8.8 -c 2 > /dev/null 2>&1\n \n-iptables -D OUTPUT -t raw -p icmp -j CT --timeout test-icmp\n-nfct del timeout test-icmp\n+check_timeout 1 4\n+kill \"$pid\"\n \n-killall -15 conntrack\n+sleep $WAIT_BETWEEN_TESTS\n+rm_rules \"icmp\" \"test-icmp\"\n \n-echo \"---- end test no. 3 ----\"\n+exit $ret\ndiff --git a/tests/nfct/test.c b/tests/nfct/test.c\nindex a833dcc9e99b..bce927829190 100644\n--- a/tests/nfct/test.c\n+++ b/tests/nfct/test.c\n@@ -97,4 +97,8 @@ int main(int argc, char *argv[])\n \tclosedir(d);\n \n \tfprintf(stdout, \"OK: %d BAD: %d\\n\", ok, bad);\n+\tif (bad)\n+\t\treturn 1;\n+\n+\treturn ok > 0 ? 0 : 1;\n }\ndiff --git a/tests/nfct/timeout/03udplite b/tests/nfct/timeout/03udplite\ndeleted file mode 100644\nindex 8ed345901651..000000000000\n--- a/tests/nfct/timeout/03udplite\n+++ /dev/null\n@@ -1,16 +0,0 @@\n-# add policy object `test'\n-nfct add timeout test inet udplite unreplied 10 ; OK\n-# get policy object `test'\n-nfct get timeout test ; OK\n-# delete policy object `test'\n-nfct delete timeout test ; OK\n-# get unexistent policy object `dummy'\n-nfct get timeout test ; BAD\n-# delete policy object `test', however, it does not exists anymore\n-nfct delete timeout test ; BAD\n-# add policy object `test'\n-nfct add timeout test inet udplite unreplied 1 replied 2 ; OK\n-# get policy object `test'\n-nfct get timeout test ; OK\n-# delete policy object `test'\n-nfct delete timeout test ; OK\ndiff --git a/tests/nfct/timeout/07dccp b/tests/nfct/timeout/07dccp\ndeleted file mode 100644\nindex 1d885853f577..000000000000\n--- a/tests/nfct/timeout/07dccp\n+++ /dev/null\n@@ -1,16 +0,0 @@\n-# add policy object `test'\n-nfct add timeout test inet dccp request 100 ; OK\n-# get policy object `test'\n-nfct get timeout test ; OK\n-# delete policy object `test'\n-nfct delete timeout test ; OK\n-# get unexistent policy object `dummy'\n-nfct get timeout test ; BAD\n-# delete policy object `test', however, it does not exists anymore\n-nfct delete timeout test ; BAD\n-# add policy object `test'\n-nfct add timeout test inet dccp request 1 respond 2 partopen 3 open 4 closereq 5 closing 6 timewait 7 ; OK\n-# get policy object `test'\n-nfct get timeout test ; OK\n-# delete policy object `test'\n-nfct delete timeout test ; OK\n", "prefixes": [ "conntrack-tools" ] }