|
 |
6ef880 |
From 674cce10a34e90f2791a3d58789793eef29e8f8b Mon Sep 17 00:00:00 2001
|
|
|
6ef880 |
From: Phil Sutter <phil@nwl.cc>
|
|
|
6ef880 |
Date: Mon, 26 Oct 2020 17:25:03 +0100
|
|
|
6ef880 |
Subject: [PATCH] tests: shell: Improve concurrent noflush restore test a bit
|
|
|
6ef880 |
|
|
|
6ef880 |
The described issue happens only if chain FOO does not exist at program
|
|
|
6ef880 |
start so flush the ruleset after each iteration to make sure this is the
|
|
|
6ef880 |
case. Sadly the bug is still not 100% reproducible on my testing VM.
|
|
|
6ef880 |
|
|
|
6ef880 |
While being at it, add a paragraph describing what exact situation the
|
|
|
6ef880 |
test is trying to provoke.
|
|
|
6ef880 |
|
|
|
6ef880 |
Fixes: dac904bdcd9a1 ("nft: Fix for concurrent noflush restore calls")
|
|
|
6ef880 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
6ef880 |
(cherry picked from commit ed8c8b9316451a4499eeb592d2cf7d782bbe4e9a)
|
|
|
6ef880 |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
6ef880 |
---
|
|
|
6ef880 |
.../ipt-restore/0016-concurrent-restores_0 | 14 ++++++++++++++
|
|
|
6ef880 |
1 file changed, 14 insertions(+)
|
|
|
6ef880 |
|
|
|
6ef880 |
diff --git a/iptables/tests/shell/testcases/ipt-restore/0016-concurrent-restores_0 b/iptables/tests/shell/testcases/ipt-restore/0016-concurrent-restores_0
|
|
|
6ef880 |
index 53ec12fa368af..aa746ab458a3c 100755
|
|
|
6ef880 |
--- a/iptables/tests/shell/testcases/ipt-restore/0016-concurrent-restores_0
|
|
|
6ef880 |
+++ b/iptables/tests/shell/testcases/ipt-restore/0016-concurrent-restores_0
|
|
|
6ef880 |
@@ -1,5 +1,14 @@
|
|
|
6ef880 |
#!/bin/bash
|
|
|
6ef880 |
|
|
|
6ef880 |
+# test for iptables-restore --noflush skipping an explicitly requested chain
|
|
|
6ef880 |
+# flush because the chain did not exist when cache was fetched. In order to
|
|
|
6ef880 |
+# expect for that chain to appear when refreshing the transaction (due to a
|
|
|
6ef880 |
+# concurrent ruleset change), the chain flush job has to be present in batch
|
|
|
6ef880 |
+# job list (although disabled at first).
|
|
|
6ef880 |
+# The input line requesting chain flush is ':FOO - [0:0]'. RS1 and RS2 contents
|
|
|
6ef880 |
+# are crafted to cause EBUSY when deleting the BAR* chains if FOO is not
|
|
|
6ef880 |
+# flushed in the same transaction.
|
|
|
6ef880 |
+
|
|
|
6ef880 |
set -e
|
|
|
6ef880 |
|
|
|
6ef880 |
RS="*filter
|
|
|
6ef880 |
@@ -45,7 +54,12 @@ RS2="$RS
|
|
|
6ef880 |
COMMIT
|
|
|
6ef880 |
"
|
|
|
6ef880 |
|
|
|
6ef880 |
+NORS="*filter
|
|
|
6ef880 |
+COMMIT
|
|
|
6ef880 |
+"
|
|
|
6ef880 |
+
|
|
|
6ef880 |
for n in $(seq 1 10); do
|
|
|
6ef880 |
+ $XT_MULTI iptables-restore <<< "$NORS"
|
|
|
6ef880 |
$XT_MULTI iptables-restore --noflush -w <<< "$RS1" &
|
|
|
6ef880 |
$XT_MULTI iptables-restore --noflush -w <<< "$RS2" &
|
|
|
6ef880 |
wait -n
|
|
|
6ef880 |
--
|
|
|
6ef880 |
2.28.0
|
|
|
6ef880 |
|