* [PATCHv6 net-next 0/2] wireguard: selftests: use nftables for testing
@ 2025-04-08 8:16 Hangbin Liu
2025-04-08 8:16 ` [PATCHv6 net-next 1/2] wireguard: selftests: convert iptables to nft Hangbin Liu
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Hangbin Liu @ 2025-04-08 8:16 UTC (permalink / raw)
To: netdev
Cc: Jason A. Donenfeld, Jakub Kicinski, Shuah Khan, David S. Miller,
Simon Horman, Phil Sutter, Florian Westphal, Petr Mladek,
Yoann Congal, wireguard, linux-kselftest, linux-kernel,
Hangbin Liu
This patch set convert the wireguard selftest to nftables, as iptables is
deparated and nftables is the default framework of most releases.
v6: fix typo in patch 1/2. Update the description (Phil Sutter)
v5: remove the counter in nft rules and link nft statically (Jason A. Donenfeld)
v4: no update, just re-send
v3: drop iptables directly (Jason A. Donenfeld)
Also convert to using nft for qemu testing (Jason A. Donenfeld)
v2: use one nft table for testing (Phil Sutter)
Hangbin Liu (2):
wireguard: selftests: convert iptables to nft
wireguard: selftests: update to using nft for qemu test
tools/testing/selftests/wireguard/netns.sh | 29 +++++++++------
.../testing/selftests/wireguard/qemu/Makefile | 36 ++++++++++++++-----
.../selftests/wireguard/qemu/kernel.config | 7 ++--
3 files changed, 49 insertions(+), 23 deletions(-)
--
2.46.0
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCHv6 net-next 1/2] wireguard: selftests: convert iptables to nft
2025-04-08 8:16 [PATCHv6 net-next 0/2] wireguard: selftests: use nftables for testing Hangbin Liu
@ 2025-04-08 8:16 ` Hangbin Liu
2025-04-08 9:38 ` Phil Sutter
2025-04-08 8:16 ` [PATCHv6 net-next 2/2] wireguard: selftests: update to using nft for qemu test Hangbin Liu
2025-05-22 4:34 ` [PATCHv6 net-next 0/2] wireguard: selftests: use nftables for testing Hangbin Liu
2 siblings, 1 reply; 6+ messages in thread
From: Hangbin Liu @ 2025-04-08 8:16 UTC (permalink / raw)
To: netdev
Cc: Jason A. Donenfeld, Jakub Kicinski, Shuah Khan, David S. Miller,
Simon Horman, Phil Sutter, Florian Westphal, Petr Mladek,
Yoann Congal, wireguard, linux-kselftest, linux-kernel,
Hangbin Liu
Convert the selftest to nft as it is the replacement for iptables, which
is used by default in most releases.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
---
tools/testing/selftests/wireguard/netns.sh | 29 ++++++++++++++--------
1 file changed, 19 insertions(+), 10 deletions(-)
diff --git a/tools/testing/selftests/wireguard/netns.sh b/tools/testing/selftests/wireguard/netns.sh
index 55500f901fbc..8b840fef90af 100755
--- a/tools/testing/selftests/wireguard/netns.sh
+++ b/tools/testing/selftests/wireguard/netns.sh
@@ -75,6 +75,11 @@ pp ip netns add $netns1
pp ip netns add $netns2
ip0 link set up dev lo
+# init nft tables
+n0 nft add table ip wgtest
+n1 nft add table ip wgtest
+n2 nft add table ip wgtest
+
ip0 link add dev wg0 type wireguard
ip0 link set wg0 netns $netns1
ip0 link add dev wg0 type wireguard
@@ -196,13 +201,14 @@ ip1 link set wg0 mtu 1300
ip2 link set wg0 mtu 1300
n1 wg set wg0 peer "$pub2" endpoint 127.0.0.1:2
n2 wg set wg0 peer "$pub1" endpoint 127.0.0.1:1
-n0 iptables -A INPUT -m length --length 1360 -j DROP
+n0 nft add chain ip wgtest INPUT { type filter hook input priority filter \; policy accept \; }
+n0 nft add rule ip wgtest INPUT meta length 1360 drop
n1 ip route add 192.168.241.2/32 dev wg0 mtu 1299
n2 ip route add 192.168.241.1/32 dev wg0 mtu 1299
n2 ping -c 1 -W 1 -s 1269 192.168.241.1
n2 ip route delete 192.168.241.1/32 dev wg0 mtu 1299
n1 ip route delete 192.168.241.2/32 dev wg0 mtu 1299
-n0 iptables -F INPUT
+n0 nft flush table ip wgtest
ip1 link set wg0 mtu $orig_mtu
ip2 link set wg0 mtu $orig_mtu
@@ -335,7 +341,8 @@ n0 bash -c 'printf 1 > /proc/sys/net/ipv4/ip_forward'
[[ -e /proc/sys/net/netfilter/nf_conntrack_udp_timeout ]] || modprobe nf_conntrack
n0 bash -c 'printf 2 > /proc/sys/net/netfilter/nf_conntrack_udp_timeout'
n0 bash -c 'printf 2 > /proc/sys/net/netfilter/nf_conntrack_udp_timeout_stream'
-n0 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 10.0.0.0/24 -j SNAT --to 10.0.0.1
+n0 nft add chain ip wgtest POSTROUTING { type nat hook postrouting priority srcnat\; policy accept \; }
+n0 nft add rule ip wgtest POSTROUTING ip saddr 192.168.1.0/24 ip daddr 10.0.0.0/24 snat to 10.0.0.1
n1 wg set wg0 peer "$pub2" endpoint 10.0.0.100:2 persistent-keepalive 1
n1 ping -W 1 -c 1 192.168.241.2
@@ -349,10 +356,11 @@ n1 wg set wg0 peer "$pub2" persistent-keepalive 0
# Test that sk_bound_dev_if works
n1 ping -I wg0 -c 1 -W 1 192.168.241.2
# What about when the mark changes and the packet must be rerouted?
-n1 iptables -t mangle -I OUTPUT -j MARK --set-xmark 1
+n1 nft add chain ip wgtest OUTPUT { type route hook output priority mangle\; policy accept \; }
+n1 nft add rule ip wgtest OUTPUT meta mark set 0x1
n1 ping -c 1 -W 1 192.168.241.2 # First the boring case
n1 ping -I wg0 -c 1 -W 1 192.168.241.2 # Then the sk_bound_dev_if case
-n1 iptables -t mangle -D OUTPUT -j MARK --set-xmark 1
+n1 nft flush table ip wgtest
# Test that onion routing works, even when it loops
n1 wg set wg0 peer "$pub3" allowed-ips 192.168.242.2/32 endpoint 192.168.241.2:5
@@ -386,16 +394,17 @@ n1 ping -W 1 -c 100 -f 192.168.99.7
n1 ping -W 1 -c 100 -f abab::1111
# Have ns2 NAT into wg0 packets from ns0, but return an icmp error along the right route.
-n2 iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 192.168.241.0/24 -j SNAT --to 192.168.241.2
-n0 iptables -t filter -A INPUT \! -s 10.0.0.0/24 -i vethrs -j DROP # Manual rpfilter just to be explicit.
+n2 nft add chain ip wgtest POSTROUTING { type nat hook postrouting priority srcnat\; policy accept \; }
+n2 nft add rule ip wgtest POSTROUTING ip saddr 10.0.0.0/24 ip daddr 192.168.241.0/24 snat to 192.168.241.2
+n0 nft add chain ip wgtest INPUT { type filter hook input priority filter \; policy accept \; }
+n0 nft add rule ip wgtest INPUT iifname "vethrs" ip saddr != 10.0.0.0/24 drop
n2 bash -c 'printf 1 > /proc/sys/net/ipv4/ip_forward'
ip0 -4 route add 192.168.241.1 via 10.0.0.100
n2 wg set wg0 peer "$pub1" remove
[[ $(! n0 ping -W 1 -c 1 192.168.241.1 || false) == *"From 10.0.0.100 icmp_seq=1 Destination Host Unreachable"* ]]
-n0 iptables -t nat -F
-n0 iptables -t filter -F
-n2 iptables -t nat -F
+n0 nft flush table ip wgtest
+n2 nft flush table ip wgtest
ip0 link del vethrc
ip0 link del vethrs
ip1 link del wg0
--
2.46.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCHv6 net-next 2/2] wireguard: selftests: update to using nft for qemu test
2025-04-08 8:16 [PATCHv6 net-next 0/2] wireguard: selftests: use nftables for testing Hangbin Liu
2025-04-08 8:16 ` [PATCHv6 net-next 1/2] wireguard: selftests: convert iptables to nft Hangbin Liu
@ 2025-04-08 8:16 ` Hangbin Liu
2025-05-22 4:34 ` [PATCHv6 net-next 0/2] wireguard: selftests: use nftables for testing Hangbin Liu
2 siblings, 0 replies; 6+ messages in thread
From: Hangbin Liu @ 2025-04-08 8:16 UTC (permalink / raw)
To: netdev
Cc: Jason A. Donenfeld, Jakub Kicinski, Shuah Khan, David S. Miller,
Simon Horman, Phil Sutter, Florian Westphal, Petr Mladek,
Yoann Congal, wireguard, linux-kselftest, linux-kernel,
Hangbin Liu
Since we will replace iptables with nft for wireguard netns testing,
let's also convert the qemu test to use nft at the same time.
Co-developed-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
---
.../testing/selftests/wireguard/qemu/Makefile | 36 ++++++++++++++-----
.../selftests/wireguard/qemu/kernel.config | 7 ++--
2 files changed, 30 insertions(+), 13 deletions(-)
diff --git a/tools/testing/selftests/wireguard/qemu/Makefile b/tools/testing/selftests/wireguard/qemu/Makefile
index 35856b11c143..2442ae99f007 100644
--- a/tools/testing/selftests/wireguard/qemu/Makefile
+++ b/tools/testing/selftests/wireguard/qemu/Makefile
@@ -40,7 +40,9 @@ endef
$(eval $(call tar_download,IPERF,iperf,3.11,.tar.gz,https://downloads.es.net/pub/iperf/,de8cb409fad61a0574f4cb07eb19ce1159707403ac2dc01b5d175e91240b7e5f))
$(eval $(call tar_download,BASH,bash,5.1.16,.tar.gz,https://ftp.gnu.org/gnu/bash/,5bac17218d3911834520dad13cd1f85ab944e1c09ae1aba55906be1f8192f558))
$(eval $(call tar_download,IPROUTE2,iproute2,5.17.0,.tar.gz,https://www.kernel.org/pub/linux/utils/net/iproute2/,bda331d5c4606138892f23a565d78fca18919b4d508a0b7ca8391c2da2db68b9))
-$(eval $(call tar_download,IPTABLES,iptables,1.8.7,.tar.bz2,https://www.netfilter.org/projects/iptables/files/,c109c96bb04998cd44156622d36f8e04b140701ec60531a10668cfdff5e8d8f0))
+$(eval $(call tar_download,LIBMNL,libmnl,1.0.5,.tar.bz2,https://www.netfilter.org/projects/libmnl/files/,274b9b919ef3152bfb3da3a13c950dd60d6e2bcd54230ffeca298d03b40d0525))
+$(eval $(call tar_download,LIBNFTNL,libnftnl,1.2.8,.tar.xz,https://www.netfilter.org/projects/libnftnl/files/,37fea5d6b5c9b08de7920d298de3cdc942e7ae64b1a3e8b880b2d390ae67ad95))
+$(eval $(call tar_download,NFTABLES,nftables,1.1.1,.tar.xz,https://www.netfilter.org/projects/nftables/files/,6358830f3a64f31e39b0ad421d7dadcd240b72343ded48d8ef13b8faf204865a))
$(eval $(call tar_download,NMAP,nmap,7.92,.tgz,https://nmap.org/dist/,064183ea642dc4c12b1ab3b5358ce1cef7d2e7e11ffa2849f16d339f5b717117))
$(eval $(call tar_download,IPUTILS,iputils,s20190709,.tar.gz,https://github.com/iputils/iputils/archive/s20190709.tar.gz/#,a15720dd741d7538dd2645f9f516d193636ae4300ff7dbc8bfca757bf166490a))
$(eval $(call tar_download,WIREGUARD_TOOLS,wireguard-tools,1.0.20210914,.tar.xz,https://git.zx2c4.com/wireguard-tools/snapshot/,97ff31489217bb265b7ae850d3d0f335ab07d2652ba1feec88b734bc96bd05ac))
@@ -322,8 +324,7 @@ $(BUILD_PATH)/init-cpio-spec.txt: $(TOOLCHAIN_PATH)/.installed $(BUILD_PATH)/ini
echo "file /bin/ss $(IPROUTE2_PATH)/misc/ss 755 0 0" >> $@
echo "file /bin/ping $(IPUTILS_PATH)/ping 755 0 0" >> $@
echo "file /bin/ncat $(NMAP_PATH)/ncat/ncat 755 0 0" >> $@
- echo "file /bin/xtables-legacy-multi $(IPTABLES_PATH)/iptables/xtables-legacy-multi 755 0 0" >> $@
- echo "slink /bin/iptables xtables-legacy-multi 777 0 0" >> $@
+ echo "file /bin/nft $(NFTABLES_PATH)/src/nft 755 0 0" >> $@
echo "slink /bin/ping6 ping 777 0 0" >> $@
echo "dir /lib 755 0 0" >> $@
echo "file /lib/libc.so $(TOOLCHAIN_PATH)/$(CHOST)/lib/libc.so 755 0 0" >> $@
@@ -338,7 +339,7 @@ $(KERNEL_BUILD_PATH)/.config: $(TOOLCHAIN_PATH)/.installed kernel.config arch/$(
cd $(KERNEL_BUILD_PATH) && ARCH=$(KERNEL_ARCH) $(KERNEL_PATH)/scripts/kconfig/merge_config.sh -n $(KERNEL_BUILD_PATH)/.config $(KERNEL_BUILD_PATH)/minimal.config
$(if $(findstring yes,$(DEBUG_KERNEL)),cp debug.config $(KERNEL_BUILD_PATH) && cd $(KERNEL_BUILD_PATH) && ARCH=$(KERNEL_ARCH) $(KERNEL_PATH)/scripts/kconfig/merge_config.sh -n $(KERNEL_BUILD_PATH)/.config debug.config,)
-$(KERNEL_BZIMAGE): $(TOOLCHAIN_PATH)/.installed $(KERNEL_BUILD_PATH)/.config $(BUILD_PATH)/init-cpio-spec.txt $(IPERF_PATH)/src/iperf3 $(IPUTILS_PATH)/ping $(BASH_PATH)/bash $(IPROUTE2_PATH)/misc/ss $(IPROUTE2_PATH)/ip/ip $(IPTABLES_PATH)/iptables/xtables-legacy-multi $(NMAP_PATH)/ncat/ncat $(WIREGUARD_TOOLS_PATH)/src/wg $(BUILD_PATH)/init
+$(KERNEL_BZIMAGE): $(TOOLCHAIN_PATH)/.installed $(KERNEL_BUILD_PATH)/.config $(BUILD_PATH)/init-cpio-spec.txt $(IPERF_PATH)/src/iperf3 $(IPUTILS_PATH)/ping $(BASH_PATH)/bash $(IPROUTE2_PATH)/misc/ss $(IPROUTE2_PATH)/ip/ip $(LIBMNL_PATH)/libmnl $(LIBNFTNL_PATH)/libnftnl $(NFTABLES_PATH)/src/nft $(NMAP_PATH)/ncat/ncat $(WIREGUARD_TOOLS_PATH)/src/wg $(BUILD_PATH)/init
$(MAKE) -C $(KERNEL_PATH) O=$(KERNEL_BUILD_PATH) ARCH=$(KERNEL_ARCH) CROSS_COMPILE=$(CROSS_COMPILE)
.PHONY: $(KERNEL_BZIMAGE)
@@ -421,15 +422,32 @@ $(IPROUTE2_PATH)/misc/ss: | $(IPROUTE2_PATH)/.installed $(USERSPACE_DEPS)
$(MAKE) -C $(IPROUTE2_PATH) PREFIX=/ misc/ss
$(STRIP) -s $@
-$(IPTABLES_PATH)/.installed: $(IPTABLES_TAR)
+$(LIBMNL_PATH)/.installed: $(LIBMNL_TAR)
mkdir -p $(BUILD_PATH)
flock -s $<.lock tar -C $(BUILD_PATH) -xf $<
- sed -i -e "/nfnetlink=[01]/s:=[01]:=0:" -e "/nfconntrack=[01]/s:=[01]:=0:" $(IPTABLES_PATH)/configure
touch $@
-$(IPTABLES_PATH)/iptables/xtables-legacy-multi: | $(IPTABLES_PATH)/.installed $(USERSPACE_DEPS)
- cd $(IPTABLES_PATH) && ./configure --prefix=/ $(CROSS_COMPILE_FLAG) --enable-static --disable-shared --disable-nftables --disable-bpf-compiler --disable-nfsynproxy --disable-libipq --disable-connlabel --with-kernel=$(BUILD_PATH)/include
- $(MAKE) -C $(IPTABLES_PATH)
+$(LIBMNL_PATH)/libmnl: | $(LIBMNL_PATH)/.installed $(USERSPACE_DEPS)
+ cd $(LIBMNL_PATH) && ./configure --prefix=$(TOOLCHAIN_PATH) $(CROSS_COMPILE_FLAG) --enable-static --disable-shared
+ $(MAKE) -C $(LIBMNL_PATH) install
+
+$(LIBNFTNL_PATH)/.installed: $(LIBNFTNL_TAR)
+ mkdir -p $(BUILD_PATH)
+ flock -s $<.lock tar -C $(BUILD_PATH) -xf $<
+ touch $@
+
+$(LIBNFTNL_PATH)/libnftnl: | $(LIBNFTNL_PATH)/.installed $(USERSPACE_DEPS)
+ cd $(LIBNFTNL_PATH) && PKG_CONFIG_PATH="$(TOOLCHAIN_PATH)/lib/pkgconfig" ./configure --prefix=$(TOOLCHAIN_PATH) $(CROSS_COMPILE_FLAG) --enable-static --disable-shared
+ $(MAKE) -C $(LIBNFTNL_PATH) install
+
+$(NFTABLES_PATH)/.installed: $(NFTABLES_TAR)
+ mkdir -p $(BUILD_PATH)
+ flock -s $<.lock tar -C $(BUILD_PATH) -xf $<
+ touch $@
+
+$(NFTABLES_PATH)/src/nft: | $(NFTABLES_PATH)/.installed $(USERSPACE_DEPS)
+ cd $(NFTABLES_PATH) && PKG_CONFIG_PATH="$(TOOLCHAIN_PATH)/lib/pkgconfig" ./configure --prefix=/ $(CROSS_COMPILE_FLAG) --enable-static --disable-shared --disable-debug --disable-man-doc --with-mini-gmp --without-cli
+ $(MAKE) -C $(NFTABLES_PATH) PREFIX=/
$(STRIP) -s $@
$(NMAP_PATH)/.installed: $(NMAP_TAR)
diff --git a/tools/testing/selftests/wireguard/qemu/kernel.config b/tools/testing/selftests/wireguard/qemu/kernel.config
index f314d3789f17..9930116ecd81 100644
--- a/tools/testing/selftests/wireguard/qemu/kernel.config
+++ b/tools/testing/selftests/wireguard/qemu/kernel.config
@@ -19,10 +19,9 @@ CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_NAT=y
CONFIG_NETFILTER_XT_MATCH_LENGTH=y
CONFIG_NETFILTER_XT_MARK=y
-CONFIG_IP_NF_IPTABLES=y
-CONFIG_IP_NF_FILTER=y
-CONFIG_IP_NF_MANGLE=y
-CONFIG_IP_NF_NAT=y
+CONFIG_NF_TABLES=m
+CONFIG_NF_TABLES_INET=y
+CONFIG_NFT_NAT=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IPV6_MULTIPLE_TABLES=y
--
2.46.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCHv6 net-next 1/2] wireguard: selftests: convert iptables to nft
2025-04-08 8:16 ` [PATCHv6 net-next 1/2] wireguard: selftests: convert iptables to nft Hangbin Liu
@ 2025-04-08 9:38 ` Phil Sutter
2025-04-08 11:08 ` Phil Sutter
0 siblings, 1 reply; 6+ messages in thread
From: Phil Sutter @ 2025-04-08 9:38 UTC (permalink / raw)
To: Hangbin Liu
Cc: netdev, Jason A. Donenfeld, Jakub Kicinski, Shuah Khan,
David S. Miller, Simon Horman, Florian Westphal, Petr Mladek,
Yoann Congal, wireguard, linux-kselftest, linux-kernel
Hi,
On Tue, Apr 08, 2025 at 08:16:51AM +0000, Hangbin Liu wrote:
> Convert the selftest to nft as it is the replacement for iptables, which
> is used by default in most releases.
>
> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
What are the changes since v5, please?
Thanks, Phil
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCHv6 net-next 1/2] wireguard: selftests: convert iptables to nft
2025-04-08 9:38 ` Phil Sutter
@ 2025-04-08 11:08 ` Phil Sutter
0 siblings, 0 replies; 6+ messages in thread
From: Phil Sutter @ 2025-04-08 11:08 UTC (permalink / raw)
To: Hangbin Liu, netdev, Jason A. Donenfeld, Jakub Kicinski,
Shuah Khan, David S. Miller, Simon Horman, Florian Westphal,
Petr Mladek, Yoann Congal, wireguard, linux-kselftest,
linux-kernel
On Tue, Apr 08, 2025 at 11:38:31AM +0200, Phil Sutter wrote:
> On Tue, Apr 08, 2025 at 08:16:51AM +0000, Hangbin Liu wrote:
> > Convert the selftest to nft as it is the replacement for iptables, which
> > is used by default in most releases.
> >
> > Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
>
> What are the changes since v5, please?
Ah, nevermind - I missed the cover letter somehow.
Sorry for the noise!
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCHv6 net-next 0/2] wireguard: selftests: use nftables for testing
2025-04-08 8:16 [PATCHv6 net-next 0/2] wireguard: selftests: use nftables for testing Hangbin Liu
2025-04-08 8:16 ` [PATCHv6 net-next 1/2] wireguard: selftests: convert iptables to nft Hangbin Liu
2025-04-08 8:16 ` [PATCHv6 net-next 2/2] wireguard: selftests: update to using nft for qemu test Hangbin Liu
@ 2025-05-22 4:34 ` Hangbin Liu
2 siblings, 0 replies; 6+ messages in thread
From: Hangbin Liu @ 2025-05-22 4:34 UTC (permalink / raw)
To: Jason A. Donenfeld
Cc: netdev, Jakub Kicinski, Shuah Khan, David S. Miller, Simon Horman,
Phil Sutter, Florian Westphal, Petr Mladek, Yoann Congal,
wireguard, linux-kselftest, linux-kernel
Hi Jason,
I just saw this patch set is not applied to wireguard tree. Did I missed
any change request? Should I repost the patch?
BTW, what prefix should I use when the target is wireguard next?
[PATCH wireguard-next] ?
Thanks
Hangbin
On Tue, Apr 08, 2025 at 08:16:50AM +0000, Hangbin Liu wrote:
> This patch set convert the wireguard selftest to nftables, as iptables is
> deparated and nftables is the default framework of most releases.
>
> v6: fix typo in patch 1/2. Update the description (Phil Sutter)
> v5: remove the counter in nft rules and link nft statically (Jason A. Donenfeld)
> v4: no update, just re-send
> v3: drop iptables directly (Jason A. Donenfeld)
> Also convert to using nft for qemu testing (Jason A. Donenfeld)
> v2: use one nft table for testing (Phil Sutter)
>
> Hangbin Liu (2):
> wireguard: selftests: convert iptables to nft
> wireguard: selftests: update to using nft for qemu test
>
> tools/testing/selftests/wireguard/netns.sh | 29 +++++++++------
> .../testing/selftests/wireguard/qemu/Makefile | 36 ++++++++++++++-----
> .../selftests/wireguard/qemu/kernel.config | 7 ++--
> 3 files changed, 49 insertions(+), 23 deletions(-)
>
> --
> 2.46.0
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-05-22 4:34 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-08 8:16 [PATCHv6 net-next 0/2] wireguard: selftests: use nftables for testing Hangbin Liu
2025-04-08 8:16 ` [PATCHv6 net-next 1/2] wireguard: selftests: convert iptables to nft Hangbin Liu
2025-04-08 9:38 ` Phil Sutter
2025-04-08 11:08 ` Phil Sutter
2025-04-08 8:16 ` [PATCHv6 net-next 2/2] wireguard: selftests: update to using nft for qemu test Hangbin Liu
2025-05-22 4:34 ` [PATCHv6 net-next 0/2] wireguard: selftests: use nftables for testing Hangbin Liu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.