make -C tools/testing/selftests TARGETS=net/netfilter TEST_PROGS=nft_flowttable.sh TEST_GEN_PROGS="" run_tests make: Entering directory '/home/virtme/testing-16/tools/testing/selftests' make[1]: Entering directory '/home/virtme/testing-16/tools/testing/selftests/net/netfilter' make[1]: Nothing to be done for 'all'. make[1]: Leaving directory '/home/virtme/testing-16/tools/testing/selftests/net/netfilter' make[1]: Entering directory '/home/virtme/testing-16/tools/testing/selftests/net/netfilter' TAP version 13 1..1 # overriding timeout to 3600 # selftests: net/netfilter: nft_flowtable.sh # 2024/05/10 17:34:36 socat[12204] E write(7, 0x55c485bff000, 8192): Broken pipe # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 21529600 May 10 17:34 /tmp/tmp.IjiIUEmSI8 # -rw------- 1 root root 18117332 May 10 17:34 /tmp/tmp.AgrJsFBGTu # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 21529600 May 10 17:34 /tmp/tmp.IjiIUEmSI8 # -rw------- 1 root root 18464768 May 10 17:34 /tmp/tmp.QHDo1yRDrA # FAIL: flow offload for ns1/ns2: # table inet filter { # counter routed_orig { # packets 1222 bytes 18507272 # } # # counter routed_repl { # packets 9117 bytes 18217380 # } # # flowtable f1 { # hook ingress priority filter # devices = { veth0, veth1 } # } # # chain forward { # type filter hook forward priority filter; policy drop; # oif "veth1" tcp dport 12345 ct mark set 0x00000001 flow add @f1 counter name "routed_orig" accept # ct mark 0x00000001 counter name ct direction map { original : "routed_orig", reply : "routed_repl" } accept # ct state established,related accept # meta l4proto icmp accept # meta l4proto ipv6-icmp accept # } # } # PASS: dscp_none: dscp packet counters match # 2024/05/10 17:34:50 socat[12236] E write(7, 0x5632018aa000, 1024): Broken pipe # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 21529600 May 10 17:34 /tmp/tmp.IjiIUEmSI8 # -rw------- 1 root root 17874944 May 10 17:34 /tmp/tmp.AgrJsFBGTu # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 21529600 May 10 17:34 /tmp/tmp.IjiIUEmSI8 # -rw------- 1 root root 19587072 May 10 17:34 /tmp/tmp.QHDo1yRDrA # PASS: dscp_ingress: dscp packet counters match # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 21529600 May 10 17:34 /tmp/tmp.IjiIUEmSI8 # -rw------- 1 root root 20267008 May 10 17:35 /tmp/tmp.AgrJsFBGTu # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 21529600 May 10 17:34 /tmp/tmp.IjiIUEmSI8 # -rw------- 1 root root 20570112 May 10 17:35 /tmp/tmp.QHDo1yRDrA # PASS: dscp_egress: dscp packet counters match # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 21529600 May 10 17:34 /tmp/tmp.IjiIUEmSI8 # -rw------- 1 root root 19261340 May 10 17:35 /tmp/tmp.AgrJsFBGTu # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 21529600 May 10 17:34 /tmp/tmp.IjiIUEmSI8 # -rw------- 1 root root 19914752 May 10 17:35 /tmp/tmp.QHDo1yRDrA # PASS: dscp_fwd: dscp packet counters match # 2024/05/10 17:35:28 socat[12306] E write(7, 0x5566b77e4000, 8192): Broken pipe # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 21529600 May 10 17:34 /tmp/tmp.IjiIUEmSI8 # -rw------- 1 root root 18114460 May 10 17:35 /tmp/tmp.AgrJsFBGTu # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 21529600 May 10 17:34 /tmp/tmp.IjiIUEmSI8 # -rw------- 1 root root 19169280 May 10 17:35 /tmp/tmp.QHDo1yRDrA # FAIL: flow offload for ns1/ns2 with NAT # table inet filter { # counter routed_orig { # packets 6818 bytes 100854648 # } # # counter routed_repl { # packets 48207 bytes 96323884 # } # # flowtable f1 { # hook ingress priority filter # devices = { veth0, veth1 } # } # # chain forward { # type filter hook forward priority filter; policy drop; # ip dscp set cs3 # oif "veth1" tcp dport 12345 ct mark set 0x00000001 flow add @f1 counter name "routed_orig" accept # ct mark 0x00000001 counter name ct direction map { original : "routed_orig", reply : "routed_repl" } accept # ct state established,related accept # meta l4proto icmp accept # meta l4proto ipv6-icmp accept # } # } # table ip nat { # chain prerouting { # type nat hook prerouting priority filter; policy accept; # iif "veth0" ip daddr 10.6.6.6 tcp dport 1666 counter packets 0 bytes 0 dnat to 10.0.2.99:12345 # } # # chain postrouting { # type nat hook postrouting priority filter; policy accept; # oifname "veth1" counter packets 4 bytes 240 masquerade # } # } # table netdev dscpmangle { # chain setdscp0 { # type filter hook egress device "veth1" priority filter; policy accept; # } # } # PASS: flow offload for ns1/ns2 with masquerade and pmtu discovery # PASS: flow offload for ns1/ns2 with dnat and pmtu discovery ns1 <- ns2 # PASS: flow offload for ns1/ns2 with masquerade and pmtu discovery on bridge # PASS: flow offload for ns1/ns2 with dnat and pmtu discovery ns1 <- ns2 # PASS: flow offload for ns1/ns2 with masquerade and pmtu discovery bridge and VLAN # PASS: flow offload for ns1/ns2 with dnat and pmtu discovery ns1 <- ns2 # 2024/05/10 17:36:14 socat[12531] E write(7, 0x56281de49000, 8192): Broken pipe # FAIL: file mismatch for ns1 -> ns2 # -rw------- 1 root root 21529600 May 10 17:34 /tmp/tmp.IjiIUEmSI8 # -rw------- 1 root root 12951552 May 10 17:36 /tmp/tmp.AgrJsFBGTu # FAIL: file mismatch for ns1 <- ns2 # -rw------- 1 root root 21529600 May 10 17:34 /tmp/tmp.IjiIUEmSI8 # -rw------- 1 root root 14622720 May 10 17:36 /tmp/tmp.QHDo1yRDrA # FAIL: ipsec tunnel mode for ns1/ns2 # table inet filter { # counter routed_orig { # packets 2 bytes 112 # } # # counter routed_repl { # packets 3 bytes 164 # } # # flowtable f1 { # hook ingress priority filter # devices = { veth0, veth1 } # } # # chain forward { # type filter hook forward priority filter; policy drop; # ip dscp set cs3 # oif "veth1" tcp dport 12345 ct mark set 0x00000001 flow add @f1 counter name "routed_orig" accept # ct mark 0x00000001 counter name ct direction map { original : "routed_orig", reply : "routed_repl" } accept # ct state established,related accept # meta l4proto icmp accept # meta l4proto ipv6-icmp accept # } # } # table netdev dscpmangle { # chain setdscp0 { # type filter hook egress device "veth1" priority filter; policy accept; # } # } # XfrmInError 0 # XfrmInBufferError 0 # XfrmInHdrError 0 # XfrmInNoStates 0 # XfrmInStateProtoError 0 # XfrmInStateModeError 0 # XfrmInStateSeqError 0 # XfrmInStateExpired 0 # XfrmInStateMismatch 0 # XfrmInStateInvalid 0 # XfrmInTmplMismatch 0 # XfrmInNoPols 0 # XfrmInPolBlock 0 # XfrmInPolError 0 # XfrmOutError 0 # XfrmOutBundleGenError 0 # XfrmOutBundleCheckError 0 # XfrmOutNoStates 0 # XfrmOutStateProtoError 0 # XfrmOutStateModeError 0 # XfrmOutStateSeqError 0 # XfrmOutStateExpired 0 # XfrmOutPolBlock 0 # XfrmOutPolDead 0 # XfrmOutPolError 0 # XfrmFwdHdrError 0 # XfrmOutStateInvalid 0 # XfrmAcquireError 0 # XfrmOutStateDirError 0 # XfrmInStateDirError 0 # re-run with random mtus: -o 9158 -l 14692 -r 27096 # PASS: flow offloaded for ns1/ns2 # PASS: dscp_none: dscp packet counters match # PASS: dscp_ingress: dscp packet counters match # PASS: dscp_egress: dscp packet counters match # PASS: dscp_fwd: dscp packet counters match # PASS: flow offload for ns1/ns2 with masquerade # PASS: flow offload for ns1/ns2 with dnat ns1 <- ns2 # PASS: flow offload for ns1/ns2 with masquerade and pmtu discovery # PASS: flow offload for ns1/ns2 with dnat and pmtu discovery ns1 <- ns2 # PASS: flow offload for ns1/ns2 with masquerade and pmtu discovery on bridge # PASS: flow offload for ns1/ns2 with dnat and pmtu discovery ns1 <- ns2 # PASS: flow offload for ns1/ns2 with masquerade and pmtu discovery bridge and VLAN # PASS: flow offload for ns1/ns2 with dnat and pmtu discovery ns1 <- ns2 # PASS: ipsec tunnel mode for ns1/ns2 not ok 1 selftests: net/netfilter: nft_flowtable.sh # exit=1 make[1]: Leaving directory '/home/virtme/testing-16/tools/testing/selftests/net/netfilter' make: Leaving directory '/home/virtme/testing-16/tools/testing/selftests' xx__-> echo $? 0 xx__->