From f9dca1704ce66be31eceac4d7317b825269b3d07 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 2 Mar 2021 17:06:06 +0100 Subject: [PATCH] tests: Disable tests known to fail on RHEL8 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1919203 Upstream Status: RHEL-only RHEL8 kernel does not support: - ct timeout or expectation objects - synproxy - flowtables in families other than inet - meta time - bridge family-specific meta expressions (e.g. ibrvproto, ibrpvid) - socket mark - osf - delete set elements from packet path - update stateful objects - explicitly setting set element expiration (commit 79ebb5bb4e3) - flushing chains and deleting referenced objects in the same transaction (upstream commits with 'bogus EBUSY' in subject) Disable all related tests to make the testsuites pass. --- tests/monitor/testcases/object.t | 14 +++---- tests/py/any/meta.t | 36 ++++++++--------- tests/py/bridge/meta.t | 8 ++-- tests/py/inet/osf.t | 24 +++++------ tests/py/inet/socket.t | 2 +- tests/py/inet/synproxy.t | 12 +++--- tests/py/ip/objects.t | 46 +++++++++++----------- tests/py/ip6/sets.t | 2 +- .../testcases/flowtable/0002create_flowtable_0 | 8 ++-- .../testcases/flowtable/0003add_after_flush_0 | 8 ++-- .../testcases/flowtable/0004delete_after_add_0 | 6 +-- .../shell/testcases/flowtable/0005delete_in_use_1 | 10 ++--- tests/shell/testcases/flowtable/0007prio_0 | 6 +-- tests/shell/testcases/flowtable/0008prio_1 | 4 +- .../testcases/flowtable/0009deleteafterflush_0 | 12 +++--- tests/shell/testcases/listing/0013objects_0 | 2 + tests/shell/testcases/nft-f/0017ct_timeout_obj_0 | 2 + .../shell/testcases/nft-f/0018ct_expectation_obj_0 | 2 + .../testcases/nft-f/dumps/0017ct_timeout_obj_0.nft | 11 ------ .../nft-f/dumps/0017ct_timeout_obj_0.nft.disabled | 11 ++++++ .../testcases/optionals/update_object_handles_0 | 2 + .../sets/0036add_set_element_expiration_0 | 2 + tests/shell/testcases/transactions/0046set_0 | 2 + 23 files changed, 122 insertions(+), 110 deletions(-) delete mode 100644 tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft create mode 100644 tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft.disabled diff --git a/tests/monitor/testcases/object.t b/tests/monitor/testcases/object.t index 2afe33c..1b30384 100644 --- a/tests/monitor/testcases/object.t +++ b/tests/monitor/testcases/object.t @@ -37,10 +37,10 @@ I delete ct helper ip t cth O - J {"delete": {"ct helper": {"family": "ip", "name": "cth", "table": "t", "handle": 0, "type": "sip", "protocol": "tcp", "l3proto": "ip"}}} -I add ct timeout ip t ctt { protocol udp; l3proto ip; policy = { unreplied : 15, replied : 12 }; } -O - -J {"add": {"ct timeout": {"family": "ip", "name": "ctt", "table": "t", "handle": 0, "protocol": "udp", "l3proto": "ip", "policy": {"unreplied": 15, "replied": 12}}}} - -I delete ct timeout ip t ctt -O - -J {"delete": {"ct timeout": {"family": "ip", "name": "ctt", "table": "t", "handle": 0, "protocol": "udp", "l3proto": "ip", "policy": {"unreplied": 15, "replied": 12}}}} +# I add ct timeout ip t ctt { protocol udp; l3proto ip; policy = { unreplied : 15, replied : 12 }; } +# O - +# J {"add": {"ct timeout": {"family": "ip", "name": "ctt", "table": "t", "handle": 0, "protocol": "udp", "l3proto": "ip", "policy": {"unreplied": 15, "replied": 12}}}} +# +# I delete ct timeout ip t ctt +# O - +# J {"delete": {"ct timeout": {"family": "ip", "name": "ctt", "table": "t", "handle": 0, "protocol": "udp", "l3proto": "ip", "policy": {"unreplied": 15, "replied": 12}}}} diff --git a/tests/py/any/meta.t b/tests/py/any/meta.t index 327f973..241b466 100644 --- a/tests/py/any/meta.t +++ b/tests/py/any/meta.t @@ -204,21 +204,21 @@ meta iif . meta oif vmap { "lo" . "lo" : drop };ok;iif . oif vmap { "lo" . "lo" meta random eq 1;ok;meta random 1 meta random gt 1000000;ok;meta random > 1000000 -meta time "1970-05-23 21:07:14" drop;ok -meta time 12341234 drop;ok;meta time "1970-05-23 22:07:14" drop -meta time "2019-06-21 17:00:00" drop;ok -meta time "2019-07-01 00:00:00" drop;ok -meta time "2019-07-01 00:01:00" drop;ok -meta time "2019-07-01 00:00:01" drop;ok -meta day "Saturday" drop;ok -meta day 6 drop;ok;meta day "Saturday" drop -meta day "Satturday" drop;fail -meta hour "17:00" drop;ok -meta hour "17:00:00" drop;ok;meta hour "17:00" drop -meta hour "17:00:01" drop;ok -meta hour "00:00" drop;ok -meta hour "00:01" drop;ok - -meta time "meh";fail -meta hour "24:00" drop;fail -meta day 7 drop;fail +- meta time "1970-05-23 21:07:14" drop;ok +- meta time 12341234 drop;ok;meta time "1970-05-23 22:07:14" drop +- meta time "2019-06-21 17:00:00" drop;ok +- meta time "2019-07-01 00:00:00" drop;ok +- meta time "2019-07-01 00:01:00" drop;ok +- meta time "2019-07-01 00:00:01" drop;ok +- meta day "Saturday" drop;ok +- meta day 6 drop;ok;meta day "Saturday" drop +- meta day "Satturday" drop;fail +- meta hour "17:00" drop;ok +- meta hour "17:00:00" drop;ok;meta hour "17:00" drop +- meta hour "17:00:01" drop;ok +- meta hour "00:00" drop;ok +- meta hour "00:01" drop;ok + +- meta time "meh";fail +- meta hour "24:00" drop;fail +- meta day 7 drop;fail diff --git a/tests/py/bridge/meta.t b/tests/py/bridge/meta.t index 94525f2..9f55cde 100644 --- a/tests/py/bridge/meta.t +++ b/tests/py/bridge/meta.t @@ -2,7 +2,7 @@ *bridge;test-bridge;input -meta obrname "br0";ok -meta ibrname "br0";ok -meta ibrvproto vlan;ok -meta ibrpvid 100;ok +- meta obrname "br0";ok +- meta ibrname "br0";ok +- meta ibrvproto vlan;ok +- meta ibrpvid 100;ok diff --git a/tests/py/inet/osf.t b/tests/py/inet/osf.t index c828541..5191e72 100644 --- a/tests/py/inet/osf.t +++ b/tests/py/inet/osf.t @@ -4,15 +4,15 @@ *ip6;osfip6;osfchain *inet;osfinet;osfchain -osf name "Linux";ok -osf ttl loose name "Linux";ok -osf ttl skip name "Linux";ok -osf ttl skip version "Linux:3.0";ok -osf ttl skip version "morethan:sixteenbytes";fail -osf ttl nottl name "Linux";fail -osf name "morethansixteenbytes";fail -osf name ;fail -osf name { "Windows", "MacOs" };ok -osf version { "Windows:XP", "MacOs:Sierra" };ok -ct mark set osf name map { "Windows" : 0x00000001, "MacOs" : 0x00000002 };ok -ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 };ok +- osf name "Linux";ok +- osf ttl loose name "Linux";ok +- osf ttl skip name "Linux";ok +- osf ttl skip version "Linux:3.0";ok +- osf ttl skip version "morethan:sixteenbytes";fail +- osf ttl nottl name "Linux";fail +- osf name "morethansixteenbytes";fail +- osf name ;fail +- osf name { "Windows", "MacOs" };ok +- osf version { "Windows:XP", "MacOs:Sierra" };ok +- ct mark set osf name map { "Windows" : 0x00000001, "MacOs" : 0x00000002 };ok +- ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 };ok diff --git a/tests/py/inet/socket.t b/tests/py/inet/socket.t index 91846e8..dbc0554 100644 --- a/tests/py/inet/socket.t +++ b/tests/py/inet/socket.t @@ -8,4 +8,4 @@ socket transparent 0;ok socket transparent 1;ok socket transparent 2;fail -socket mark 0x00000005;ok +- socket mark 0x00000005;ok diff --git a/tests/py/inet/synproxy.t b/tests/py/inet/synproxy.t index 55a05e1..9c58239 100644 --- a/tests/py/inet/synproxy.t +++ b/tests/py/inet/synproxy.t @@ -4,10 +4,10 @@ *ip6;synproxyip6;synproxychain *inet;synproxyinet;synproxychain -synproxy;ok -synproxy mss 1460 wscale 7;ok -synproxy mss 1460 wscale 5 timestamp sack-perm;ok -synproxy timestamp sack-perm;ok -synproxy timestamp;ok -synproxy sack-perm;ok +-synproxy;ok +-synproxy mss 1460 wscale 7;ok +-synproxy mss 1460 wscale 5 timestamp sack-perm;ok +-synproxy timestamp sack-perm;ok +-synproxy timestamp;ok +-synproxy sack-perm;ok diff --git a/tests/py/ip/objects.t b/tests/py/ip/objects.t index 4fcde7c..06e94f1 100644 --- a/tests/py/ip/objects.t +++ b/tests/py/ip/objects.t @@ -33,26 +33,26 @@ ip saddr 192.168.1.3 limit name "lim1";ok ip saddr 192.168.1.3 limit name "lim3";fail limit name tcp dport map {443 : "lim1", 80 : "lim2", 22 : "lim1"};ok -# ct timeout -%cttime1 type ct timeout { protocol tcp; policy = { established:122 } ;};ok -%cttime2 type ct timeout { protocol udp; policy = { syn_sent:122 } ;};fail -%cttime3 type ct timeout { protocol tcp; policy = { established:132, close:16, close_wait:16 } ; l3proto ip ;};ok -%cttime4 type ct timeout { protocol udp; policy = { replied:14, unreplied:19 } ;};ok -%cttime5 type ct timeout {protocol tcp; policy = { estalbished:100 } ;};fail - -ct timeout set "cttime1";ok - -# ct expectation -%ctexpect1 type ct expectation { protocol tcp; dport 1234; timeout 2m; size 12; };ok -%ctexpect2 type ct expectation { protocol udp; };fail -%ctexpect3 type ct expectation { protocol tcp; dport 4321; };fail -%ctexpect4 type ct expectation { protocol tcp; dport 4321; timeout 2m; };fail -%ctexpect5 type ct expectation { protocol udp; dport 9876; timeout 2m; size 12; l3proto ip; };ok - -ct expectation set "ctexpect1";ok - -# synproxy -%synproxy1 type synproxy mss 1460 wscale 7;ok -%synproxy2 type synproxy mss 1460 wscale 7 timestamp sack-perm;ok - -synproxy name tcp dport map {443 : "synproxy1", 80 : "synproxy2"};ok +# # ct timeout +# %cttime1 type ct timeout { protocol tcp; policy = { established:122 } ;};ok +# %cttime2 type ct timeout { protocol udp; policy = { syn_sent:122 } ;};fail +# %cttime3 type ct timeout { protocol tcp; policy = { established:132, close:16, close_wait:16 } ; l3proto ip ;};ok +# %cttime4 type ct timeout { protocol udp; policy = { replied:14, unreplied:19 } ;};ok +# %cttime5 type ct timeout {protocol tcp; policy = { estalbished:100 } ;};fail +# +# ct timeout set "cttime1";ok + +# # ct expectation +# %ctexpect1 type ct expectation { protocol tcp; dport 1234; timeout 2m; size 12; };ok +# %ctexpect2 type ct expectation { protocol udp; };fail +# %ctexpect3 type ct expectation { protocol tcp; dport 4321; };fail +# %ctexpect4 type ct expectation { protocol tcp; dport 4321; timeout 2m; };fail +# %ctexpect5 type ct expectation { protocol udp; dport 9876; timeout 2m; size 12; l3proto ip; };ok +# +# ct expectation set "ctexpect1";ok + +# # synproxy +# %synproxy1 type synproxy mss 1460 wscale 7;ok +# %synproxy2 type synproxy mss 1460 wscale 7 timestamp sack-perm;ok +# +# synproxy name tcp dport map {443 : "synproxy1", 80 : "synproxy2"};ok diff --git a/tests/py/ip6/sets.t b/tests/py/ip6/sets.t index add82eb..cc43aca 100644 --- a/tests/py/ip6/sets.t +++ b/tests/py/ip6/sets.t @@ -40,4 +40,4 @@ ip6 saddr != @set33 drop;fail !set5 type ipv6_addr . ipv6_addr;ok ip6 saddr . ip6 daddr @set5 drop;ok add @set5 { ip6 saddr . ip6 daddr };ok -delete @set5 { ip6 saddr . ip6 daddr };ok +- delete @set5 { ip6 saddr . ip6 daddr };ok diff --git a/tests/shell/testcases/flowtable/0002create_flowtable_0 b/tests/shell/testcases/flowtable/0002create_flowtable_0 index 4c85c3f..8b80e34 100755 --- a/tests/shell/testcases/flowtable/0002create_flowtable_0 +++ b/tests/shell/testcases/flowtable/0002create_flowtable_0 @@ -1,12 +1,12 @@ #!/bin/bash set -e -$NFT add table t -$NFT add flowtable t f { hook ingress priority 10 \; devices = { lo }\; } -if $NFT create flowtable t f { hook ingress priority 10 \; devices = { lo }\; } 2>/dev/null ; then +$NFT add table inet t +$NFT add flowtable inet t f { hook ingress priority 10 \; devices = { lo }\; } +if $NFT create flowtable inet t f { hook ingress priority 10 \; devices = { lo }\; } 2>/dev/null ; then echo "E: flowtable creation not failing on existing set" >&2 exit 1 fi -$NFT add flowtable t f { hook ingress priority 10 \; devices = { lo }\; } +$NFT add flowtable inet t f { hook ingress priority 10 \; devices = { lo }\; } exit 0 diff --git a/tests/shell/testcases/flowtable/0003add_after_flush_0 b/tests/shell/testcases/flowtable/0003add_after_flush_0 index 481c7ed..b4243bc 100755 --- a/tests/shell/testcases/flowtable/0003add_after_flush_0 +++ b/tests/shell/testcases/flowtable/0003add_after_flush_0 @@ -1,8 +1,8 @@ #!/bin/bash set -e -$NFT add table x -$NFT add flowtable x y { hook ingress priority 0\; devices = { lo }\;} +$NFT add table inet x +$NFT add flowtable inet x y { hook ingress priority 0\; devices = { lo }\;} $NFT flush ruleset -$NFT add table x -$NFT add flowtable x y { hook ingress priority 0\; devices = { lo }\;} +$NFT add table inet x +$NFT add flowtable inet x y { hook ingress priority 0\; devices = { lo }\;} diff --git a/tests/shell/testcases/flowtable/0004delete_after_add_0 b/tests/shell/testcases/flowtable/0004delete_after_add_0 index 8d9a842..4618595 100755 --- a/tests/shell/testcases/flowtable/0004delete_after_add_0 +++ b/tests/shell/testcases/flowtable/0004delete_after_add_0 @@ -1,6 +1,6 @@ #!/bin/bash set -e -$NFT add table x -$NFT add flowtable x y { hook ingress priority 0\; devices = { lo }\;} -$NFT delete flowtable x y +$NFT add table inet x +$NFT add flowtable inet x y { hook ingress priority 0\; devices = { lo }\;} +$NFT delete flowtable inet x y diff --git a/tests/shell/testcases/flowtable/0005delete_in_use_1 b/tests/shell/testcases/flowtable/0005delete_in_use_1 index ef52620..eda1fb9 100755 --- a/tests/shell/testcases/flowtable/0005delete_in_use_1 +++ b/tests/shell/testcases/flowtable/0005delete_in_use_1 @@ -1,11 +1,11 @@ #!/bin/bash set -e -$NFT add table x -$NFT add chain x x -$NFT add flowtable x y { hook ingress priority 0\; devices = { lo }\;} -$NFT add rule x x flow add @y +$NFT add table inet x +$NFT add chain inet x x +$NFT add flowtable inet x y { hook ingress priority 0\; devices = { lo }\;} +$NFT add rule inet x x flow add @y -$NFT delete flowtable x y || exit 0 +$NFT delete flowtable inet x y || exit 0 echo "E: delete flowtable in use" exit 1 diff --git a/tests/shell/testcases/flowtable/0007prio_0 b/tests/shell/testcases/flowtable/0007prio_0 index 49bbcac..0ea262f 100755 --- a/tests/shell/testcases/flowtable/0007prio_0 +++ b/tests/shell/testcases/flowtable/0007prio_0 @@ -15,10 +15,10 @@ format_offset () { fi } -$NFT add table t +$NFT add table inet t for offset in -11 -10 0 10 11 do - $NFT add flowtable t f "{ hook ingress priority filter `format_offset $offset`; devices = { lo }; }" - $NFT delete flowtable t f + $NFT add flowtable inet t f "{ hook ingress priority filter `format_offset $offset`; devices = { lo }; }" + $NFT delete flowtable inet t f done diff --git a/tests/shell/testcases/flowtable/0008prio_1 b/tests/shell/testcases/flowtable/0008prio_1 index 48953d7..0d8cdff 100755 --- a/tests/shell/testcases/flowtable/0008prio_1 +++ b/tests/shell/testcases/flowtable/0008prio_1 @@ -1,9 +1,9 @@ #!/bin/bash -$NFT add table t +$NFT add table inet t for prioname in raw mangle dstnar security srcnat out dummy do - $NFT add flowtable t f { hook ingress priority $prioname \; devices = { lo }\; } + $NFT add flowtable inet t f { hook ingress priority $prioname \; devices = { lo }\; } if (($? == 0)) then echo "E: $prioname should not be a valid priority name for flowtables" >&2 diff --git a/tests/shell/testcases/flowtable/0009deleteafterflush_0 b/tests/shell/testcases/flowtable/0009deleteafterflush_0 index 2cda563..061e22e 100755 --- a/tests/shell/testcases/flowtable/0009deleteafterflush_0 +++ b/tests/shell/testcases/flowtable/0009deleteafterflush_0 @@ -1,9 +1,9 @@ #!/bin/bash set -e -$NFT add table x -$NFT add chain x y -$NFT add flowtable x f { hook ingress priority 0\; devices = { lo }\;} -$NFT add rule x y flow add @f -$NFT flush chain x y -$NFT delete flowtable x f +$NFT add table inet x +$NFT add chain inet x y +$NFT add flowtable inet x f { hook ingress priority 0\; devices = { lo }\;} +$NFT add rule inet x y flow add @f +$NFT flush chain inet x y +$NFT delete flowtable inet x f diff --git a/tests/shell/testcases/listing/0013objects_0 b/tests/shell/testcases/listing/0013objects_0 index 4d39143..130d02c 100755 --- a/tests/shell/testcases/listing/0013objects_0 +++ b/tests/shell/testcases/listing/0013objects_0 @@ -1,5 +1,7 @@ #!/bin/bash +exit 0 + # list table with all objects and chains EXPECTED="table ip test { diff --git a/tests/shell/testcases/nft-f/0017ct_timeout_obj_0 b/tests/shell/testcases/nft-f/0017ct_timeout_obj_0 index 4f40779..e0f9e44 100755 --- a/tests/shell/testcases/nft-f/0017ct_timeout_obj_0 +++ b/tests/shell/testcases/nft-f/0017ct_timeout_obj_0 @@ -1,5 +1,7 @@ #!/bin/bash +exit 0 + EXPECTED='table ip filter { ct timeout cttime{ protocol tcp diff --git a/tests/shell/testcases/nft-f/0018ct_expectation_obj_0 b/tests/shell/testcases/nft-f/0018ct_expectation_obj_0 index 4f9872f..f518cf7 100755 --- a/tests/shell/testcases/nft-f/0018ct_expectation_obj_0 +++ b/tests/shell/testcases/nft-f/0018ct_expectation_obj_0 @@ -1,5 +1,7 @@ #!/bin/bash +exit 0 + EXPECTED='table ip filter { ct expectation ctexpect{ protocol tcp diff --git a/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft b/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft deleted file mode 100644 index 7cff1ed..0000000 --- a/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft +++ /dev/null @@ -1,11 +0,0 @@ -table ip filter { - ct timeout cttime { - protocol tcp - l3proto ip - policy = { established : 123, close : 12 } - } - - chain c { - ct timeout set "cttime" - } -} diff --git a/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft.disabled b/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft.disabled new file mode 100644 index 0000000..7cff1ed --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0017ct_timeout_obj_0.nft.disabled @@ -0,0 +1,11 @@ +table ip filter { + ct timeout cttime { + protocol tcp + l3proto ip + policy = { established : 123, close : 12 } + } + + chain c { + ct timeout set "cttime" + } +} diff --git a/tests/shell/testcases/optionals/update_object_handles_0 b/tests/shell/testcases/optionals/update_object_handles_0 index 8b12b8c..e11b4e7 100755 --- a/tests/shell/testcases/optionals/update_object_handles_0 +++ b/tests/shell/testcases/optionals/update_object_handles_0 @@ -1,5 +1,7 @@ #!/bin/bash +exit 0 + set -e $NFT add table test-ip $NFT add counter test-ip traffic-counter diff --git a/tests/shell/testcases/sets/0036add_set_element_expiration_0 b/tests/shell/testcases/sets/0036add_set_element_expiration_0 index 51ed0f2..043bb8f 100755 --- a/tests/shell/testcases/sets/0036add_set_element_expiration_0 +++ b/tests/shell/testcases/sets/0036add_set_element_expiration_0 @@ -1,5 +1,7 @@ #!/bin/bash +exit 0 + set -e RULESET="add table ip x diff --git a/tests/shell/testcases/transactions/0046set_0 b/tests/shell/testcases/transactions/0046set_0 index 172e24d..1b24964 100755 --- a/tests/shell/testcases/transactions/0046set_0 +++ b/tests/shell/testcases/transactions/0046set_0 @@ -1,5 +1,7 @@ #!/bin/bash +exit 0 + RULESET='add table ip filter add chain ip filter group_7933 add map ip filter group_7933 { type ipv4_addr : classid; flags interval; } -- 1.8.3.1