make -C tools/testing/selftests TARGETS=net/netfilter TEST_PROGS=nft_flowttable.sh TEST_GEN_PROGS="" run_tests make: Entering directory '/home/virtme/testing-16/tools/testing/selftests' make[1]: Entering directory '/home/virtme/testing-16/tools/testing/selftests/net/netfilter' make[1]: Nothing to be done for 'all'. make[1]: Leaving directory '/home/virtme/testing-16/tools/testing/selftests/net/netfilter' make[1]: Entering directory '/home/virtme/testing-16/tools/testing/selftests/net/netfilter' TAP version 13 1..1 # overriding timeout to 3600 # selftests: net/netfilter: nft_flowtable.sh # 2024/05/10 17:53:10 socat[17945] E write(7, 0x5560faa94000, 8192): Broken pipe # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 33317888 May 10 17:52 /tmp/tmp.ICP3LChhLg # -rw------- 1 root root 23642112 May 10 17:53 /tmp/tmp.PJ9xmsIyCl # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 33317888 May 10 17:52 /tmp/tmp.ICP3LChhLg # -rw------- 1 root root 22253368 May 10 17:53 /tmp/tmp.q8dQkGeuAt # FAIL: flow offload for ns1/ns2: # table inet filter { # counter routed_orig { # packets 2176 bytes 26698920 # } # # counter routed_repl { # packets 11173 bytes 22160348 # } # # flowtable f1 { # hook ingress priority filter # devices = { veth0, veth1 } # } # # chain forward { # type filter hook forward priority filter; policy drop; # oif "veth1" tcp dport 12345 ct mark set 0x00000001 flow add @f1 counter name "routed_orig" accept # ct mark 0x00000001 counter name ct direction map { original : "routed_orig", reply : "routed_repl" } accept # ct state established,related accept # meta l4proto icmp accept # meta l4proto ipv6-icmp accept # } # } # PASS: dscp_none: dscp packet counters match # 2024/05/10 17:53:23 socat[17973] E write(7, 0x562dfd9eb000, 8192): Broken pipe # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 33317888 May 10 17:52 /tmp/tmp.ICP3LChhLg # -rw------- 1 root root 18325504 May 10 17:53 /tmp/tmp.PJ9xmsIyCl # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 33317888 May 10 17:52 /tmp/tmp.ICP3LChhLg # -rw------- 1 root root 19496960 May 10 17:53 /tmp/tmp.q8dQkGeuAt # PASS: dscp_ingress: dscp packet counters match # 2024/05/10 17:53:36 socat[18003] E write(7, 0x55a578219000, 8192): Broken pipe # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 33317888 May 10 17:52 /tmp/tmp.ICP3LChhLg # -rw------- 1 root root 18808432 May 10 17:53 /tmp/tmp.PJ9xmsIyCl # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 33317888 May 10 17:52 /tmp/tmp.ICP3LChhLg # -rw------- 1 root root 20422656 May 10 17:53 /tmp/tmp.q8dQkGeuAt # PASS: dscp_egress: dscp packet counters match # 2024/05/10 17:53:49 socat[18027] E write(7, 0x563447370000, 8192): Broken pipe # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 33317888 May 10 17:52 /tmp/tmp.ICP3LChhLg # -rw------- 1 root root 25329664 May 10 17:53 /tmp/tmp.PJ9xmsIyCl # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 33317888 May 10 17:52 /tmp/tmp.ICP3LChhLg # -rw------- 1 root root 24289280 May 10 17:53 /tmp/tmp.q8dQkGeuAt # PASS: dscp_fwd: dscp packet counters match # 2024/05/10 17:54:01 socat[18049] E write(7, 0x55cbb4ad5000, 8192): Broken pipe # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 33317888 May 10 17:52 /tmp/tmp.ICP3LChhLg # -rw------- 1 root root 20324196 May 10 17:54 /tmp/tmp.PJ9xmsIyCl # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 33317888 May 10 17:52 /tmp/tmp.ICP3LChhLg # -rw------- 1 root root 20766720 May 10 17:54 /tmp/tmp.q8dQkGeuAt # FAIL: flow offload for ns1/ns2 with NAT # table inet filter { # counter routed_orig { # packets 9303 bytes 117963376 # } # # counter routed_repl { # packets 53318 bytes 106239432 # } # # flowtable f1 { # hook ingress priority filter # devices = { veth0, veth1 } # } # # chain forward { # type filter hook forward priority filter; policy drop; # ip dscp set cs3 # oif "veth1" tcp dport 12345 ct mark set 0x00000001 flow add @f1 counter name "routed_orig" accept # ct mark 0x00000001 counter name ct direction map { original : "routed_orig", reply : "routed_repl" } accept # ct state established,related accept # meta l4proto icmp accept # meta l4proto ipv6-icmp accept # } # } # table ip nat { # chain prerouting { # type nat hook prerouting priority filter; policy accept; # iif "veth0" ip daddr 10.6.6.6 tcp dport 1666 counter packets 0 bytes 0 dnat to 10.0.2.99:12345 # } # # chain postrouting { # type nat hook postrouting priority filter; policy accept; # oifname "veth1" counter packets 4 bytes 240 masquerade # } # } # table netdev dscpmangle { # chain setdscp0 { # type filter hook egress device "veth1" priority filter; policy accept; # } # } # PASS: flow offload for ns1/ns2 with masquerade and pmtu discovery # PASS: flow offload for ns1/ns2 with dnat and pmtu discovery ns1 <- ns2 # PASS: flow offload for ns1/ns2 with masquerade and pmtu discovery on bridge # PASS: flow offload for ns1/ns2 with dnat and pmtu discovery ns1 <- ns2 # PASS: flow offload for ns1/ns2 with masquerade and pmtu discovery bridge and VLAN # PASS: flow offload for ns1/ns2 with dnat and pmtu discovery ns1 <- ns2 # 2024/05/10 17:54:48 socat[18248] E write(7, 0x5598afef8000, 8192): Connection reset by peer # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 33317888 May 10 17:52 /tmp/tmp.ICP3LChhLg # -rw------- 1 root root 14450688 May 10 17:54 /tmp/tmp.PJ9xmsIyCl # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 33317888 May 10 17:52 /tmp/tmp.ICP3LChhLg # -rw------- 1 root root 13959784 May 10 17:54 /tmp/tmp.q8dQkGeuAt # FAIL: ipsec tunnel mode for ns1/ns2 # table inet filter { # counter routed_orig { # packets 2 bytes 112 # } # # counter routed_repl { # packets 7 bytes 300 # } # # flowtable f1 { # hook ingress priority filter # devices = { veth0, veth1 } # } # # chain forward { # type filter hook forward priority filter; policy drop; # ip dscp set cs3 # oif "veth1" tcp dport 12345 ct mark set 0x00000001 flow add @f1 counter name "routed_orig" accept # ct mark 0x00000001 counter name ct direction map { original : "routed_orig", reply : "routed_repl" } accept # ct state established,related accept # meta l4proto icmp accept # meta l4proto ipv6-icmp accept # } # } # table netdev dscpmangle { # chain setdscp0 { # type filter hook egress device "veth1" priority filter; policy accept; # } # } # XfrmInError 0 # XfrmInBufferError 0 # XfrmInHdrError 0 # XfrmInNoStates 0 # XfrmInStateProtoError 0 # XfrmInStateModeError 0 # XfrmInStateSeqError 0 # XfrmInStateExpired 0 # XfrmInStateMismatch 0 # XfrmInStateInvalid 0 # XfrmInTmplMismatch 0 # XfrmInNoPols 0 # XfrmInPolBlock 0 # XfrmInPolError 0 # XfrmOutError 0 # XfrmOutBundleGenError 0 # XfrmOutBundleCheckError 0 # XfrmOutNoStates 0 # XfrmOutStateProtoError 0 # XfrmOutStateModeError 0 # XfrmOutStateSeqError 0 # XfrmOutStateExpired 0 # XfrmOutPolBlock 0 # XfrmOutPolDead 0 # XfrmOutPolError 0 # XfrmFwdHdrError 0 # XfrmOutStateInvalid 0 # XfrmAcquireError 0 # XfrmOutStateDirError 0 # XfrmInStateDirError 0 # re-run with random mtus: -o 30173 -l 13444 -r 12288 # PASS: flow offloaded for ns1/ns2 # PASS: dscp_none: dscp packet counters match # PASS: dscp_ingress: dscp packet counters match # PASS: dscp_egress: dscp packet counters match # PASS: dscp_fwd: dscp packet counters match # PASS: flow offload for ns1/ns2 with masquerade # PASS: flow offload for ns1/ns2 with dnat ns1 <- ns2 # PASS: flow offload for ns1/ns2 with masquerade and pmtu discovery # PASS: flow offload for ns1/ns2 with dnat and pmtu discovery ns1 <- ns2 # PASS: flow offload for ns1/ns2 with masquerade and pmtu discovery on bridge # PASS: flow offload for ns1/ns2 with dnat and pmtu discovery ns1 <- ns2 # PASS: flow offload for ns1/ns2 with masquerade and pmtu discovery bridge and VLAN # PASS: flow offload for ns1/ns2 with dnat and pmtu discovery ns1 <- ns2 # PASS: ipsec tunnel mode for ns1/ns2 not ok 1 selftests: net/netfilter: nft_flowtable.sh # exit=1 make[1]: Leaving directory '/home/virtme/testing-16/tools/testing/selftests/net/netfilter' make: Leaving directory '/home/virtme/testing-16/tools/testing/selftests' xx__-> echo $? 0 xx__->