[PATCH] selftests: netfilter: ensure conntrack is enabled for helper test

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] selftests: netfilter: ensure conntrack is enabled for helper test
@ 2026-01-20 22:01 Aleksei Oladko
  2026-01-20 22:36 ` Florian Westphal
  0 siblings, 1 reply; 2+ messages in thread
From: Aleksei Oladko @ 2026-01-20 22:01 UTC (permalink / raw)
  To: Pablo Neira Ayuso, Florian Westphal, Phil Sutter, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, Simon Horman,
	Shuah Khan
  Cc: Aleksei Oladko, netfilter-devel, coreteam, netdev,
	linux-kselftest, linux-kernel

The nft_conntrack_helper.sh assumes that conntrack entries are created
for the generated test traffic. This is not the case when only raw table
rules are installed, as conntrack is not required and remains disabled.

Add a stateful rule to force conntrack to be enabled, ensuring that
conntrack entries are created and the helper assignment can be verified.

Signed-off-by: Aleksei Oladko <aleksey.oladko@virtuozzo.com>
---
 .../testing/selftests/net/netfilter/nft_conntrack_helper.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh b/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
index abcaa7337197..43761f2eb3ec 100755
--- a/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
+++ b/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
@@ -60,6 +60,12 @@ table $family raw {
 		tcp dport 2121 ct helper set "ftp"
 	}
 }
+table $family filter {
+	chain forward {
+		type filter hook forward priority 0; policy accept;
+		ct state new,established,related accept
+	}
+}
 EOF
 	return $?
 }
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] selftests: netfilter: ensure conntrack is enabled for helper test
  2026-01-20 22:01 [PATCH] selftests: netfilter: ensure conntrack is enabled for helper test Aleksei Oladko
@ 2026-01-20 22:36 ` Florian Westphal
  0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2026-01-20 22:36 UTC (permalink / raw)
  To: Aleksei Oladko
  Cc: Pablo Neira Ayuso, Phil Sutter, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, Simon Horman, Shuah Khan,
	netfilter-devel, coreteam, netdev, linux-kselftest, linux-kernel

Aleksei Oladko <aleksey.oladko@virtuozzo.com> wrote:
> The nft_conntrack_helper.sh assumes that conntrack entries are created
> for the generated test traffic. This is not the case when only raw table
> rules are installed, as conntrack is not required and remains disabled.

If that were true the test should fail, it calls 'conntrack -L' to check for helper
presence.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-01-20 22:36 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-20 22:01 [PATCH] selftests: netfilter: ensure conntrack is enabled for helper test Aleksei Oladko
2026-01-20 22:36 ` Florian Westphal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox