-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bats test/100-bridge-iptables.bats fails #984
Comments
Please provide all the detail of your environment, what distro? Which version of bats, firewalld, ncat, iptables, etc... |
Looks like you are using the sit kernel module? If this device is automatically added to all network namespaces then this will break many test assumptions. I recommend to disable that if you want to run the tests. |
|
I am talking about the tests only, but I am not familiar with CONFIG_IPV6_SIT so I wouldn't know for sure. I have no idea about the firewall-cmd ones, timeout seems odd. If you do not use firewalld then I would suggest you just ignore/disable them. For the ncat maybe the 5 seconds is not enough in your env so maybe try giving it more here Line 647 in 395ace5
|
For some reason, we can't disable CONFIG_IPV6_SIT as it built-in kernel, not via module. Could you help to provide the cases which are maybe affected by sit module?
Yes, we did not use firewalld, is there only options provided to skip the cases as I notice not any 200-bridge-firewalld.bats includes the test related to firewalld, but also 250-bridge-nftables.bats includes firewalld cases?
After a simple search, it seems the timeout is hardcoded, is it possible to provide a option to configure timeout? Thanks you very much! |
Sorry I don't have time to look into that, my only suggestion is to build the kernel without it to run the tests and see how the results differ.
There are some special cases that need to check that the iptables and nftables integration works with the firewalld reload service. I think it is possible to move them into the firewalld file as well but not a priority.
I would suggest to bump the timeout in our tests, none should have a need to configure this. If 5s is not enough everywhere we can increase it by default. |
After disable CONFIG_IPV6_SIT, some of the above failed cases did pass, but only two of them as below. And could you help to confirm again, if the netavark only works with CONFIG_IPV6_SIT disabled. Or just the netavark tests need to disable CONFIG_IPV6_SIT. If just the tests need, maybe improving the tests to make the tests work with CONFIG_IPV6_SIT is helpful. But there still some cases failed such as: Chain INPUT (policy ACCEPT 0 packets, 0 bytes) Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) Chain INPUT (policy ACCEPT 0 packets, 0 bytes) Chain OUTPUT (policy ACCEPT 1 packets, 40 bytes) Chain POSTROUTING (policy ACCEPT 1 packets, 40 bytes) Chain INPUT (policy ACCEPT 0 packets, 0 bytes) Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
Thanks your feedback! It's more helpful if move the firewalld related tests in one file and I sent a PR as #994.
After a quick search for Line 647 in 395ace5
BTW, is it possible to print the test result into a file? That is to say, gather the output as below into a file. Chain INPUT (policy ACCEPT 0 packets, 0 bytes) Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) Chain INPUT (policy ACCEPT 0 packets, 0 bytes) Chain OUTPUT (policy ACCEPT 1 packets, 40 bytes) Chain POSTROUTING (policy ACCEPT 1 packets, 40 bytes) Chain INPUT (policy ACCEPT 0 packets, 0 bytes) Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) Thanks! |
The text was updated successfully, but these errors were encountered: