| Message ID | 20170322002636.14081-2-phil@nwl.cc |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
On 22 March 2017 at 01:26, Phil Sutter <phil@nwl.cc> wrote: > If rule set applying failed, this would leave a stray netns in place. > Thanks Phil. Acked-by: Arturo Borrero Gonzalez <arturo@debian.org> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Mar 22, 2017 at 01:26:35AM +0100, Phil Sutter wrote: > If rule set applying failed, this would leave a stray netns in place. > > Interestingly, this situation led to other, seemingly unrelated > testcases to fail with spurious errors, e.g. sets/0015rulesetflush_0: > > | $ ./run-tests.sh testcases/sets/0015rulesetflush_0 > | I: using nft binary ../../src/nft > | > | W: [FAILED] testcases/sets/0015rulesetflush_0: expected 0 but got 1 > | /tmp/tmp.BY7cuUYL8f:5:1-2: Error: Could not process rule: Operation not supported > | table inet filter { > | ^^ > | /tmp/tmp.BY7cuUYL8f:9:1-2: Error: Could not process rule: No such file or directory > | add element inet filter blacklist_v4 { > | ^^ > | /tmp/tmp.BY7cuUYL8f:5:1-2: Error: Could not process rule: Operation not supported > | table inet filter { > | ^^ > | /tmp/tmp.BY7cuUYL8f:9:1-2: Error: Could not process rule: No such file or directory > | add element inet filter blacklist_v4 { > | ^^ > | > | I: results: [OK] 0 [FAILED] 1 [TOTAL] 1 > | > | $ ip netns list > | 1_0003many_0 > | $ ip netns del 1_0003many_0 > | > | $ ./run-tests.sh testcases/sets/0015rulesetflush_0 > | I: using nft binary ../../src/nft > | > | I: [OK] testcases/sets/0015rulesetflush_0 > | > | I: results: [OK] 1 [FAILED] 0 [TOTAL] 1 Also applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/tests/shell/testcases/netns/0003many_0 b/tests/shell/testcases/netns/0003many_0 index f8853ee5a98c2..17d7b93588f34 100755 --- a/tests/shell/testcases/netns/0003many_0 +++ b/tests/shell/testcases/netns/0003many_0 @@ -109,6 +109,7 @@ function test_netns() echo "E: ruleset in netns $NETNS_NAME differs from the loaded" >&2 DIFF="$(which diff)" [ -x $DIFF ] && $DIFF -u <(echo "$RULESET") <(echo "$KERNEL_RULESET") + $IP netns del $NETNS_NAME exit 1 fi
If rule set applying failed, this would leave a stray netns in place. Interestingly, this situation led to other, seemingly unrelated testcases to fail with spurious errors, e.g. sets/0015rulesetflush_0: | $ ./run-tests.sh testcases/sets/0015rulesetflush_0 | I: using nft binary ../../src/nft | | W: [FAILED] testcases/sets/0015rulesetflush_0: expected 0 but got 1 | /tmp/tmp.BY7cuUYL8f:5:1-2: Error: Could not process rule: Operation not supported | table inet filter { | ^^ | /tmp/tmp.BY7cuUYL8f:9:1-2: Error: Could not process rule: No such file or directory | add element inet filter blacklist_v4 { | ^^ | /tmp/tmp.BY7cuUYL8f:5:1-2: Error: Could not process rule: Operation not supported | table inet filter { | ^^ | /tmp/tmp.BY7cuUYL8f:9:1-2: Error: Could not process rule: No such file or directory | add element inet filter blacklist_v4 { | ^^ | | I: results: [OK] 0 [FAILED] 1 [TOTAL] 1 | | $ ip netns list | 1_0003many_0 | $ ip netns del 1_0003many_0 | | $ ./run-tests.sh testcases/sets/0015rulesetflush_0 | I: using nft binary ../../src/nft | | I: [OK] testcases/sets/0015rulesetflush_0 | | I: results: [OK] 1 [FAILED] 0 [TOTAL] 1 Signed-off-by: Phil Sutter <phil@nwl.cc> --- tests/shell/testcases/netns/0003many_0 | 1 + 1 file changed, 1 insertion(+)