* [PATCH] selftests: netfilter: avoid RULE_REPLACE error when zeroing rule counters
@ 2026-01-20 23:11 Aleksei Oladko
2026-01-20 23:20 ` Florian Westphal
0 siblings, 1 reply; 2+ messages in thread
From: Aleksei Oladko @ 2026-01-20 23:11 UTC (permalink / raw)
To: Pablo Neira Ayuso, Florian Westphal, Phil Sutter, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, Simon Horman,
Shuah Khan
Cc: Aleksei Oladko, Konstantin Khorenko, netfilter-devel, coreteam,
netdev, linux-kselftest, linux-kernel
The rpath.sh test fails on certain iptables versions when
attempting to zero all table counters at once via 'iptables -Z'.
The operation returns
RULE_REPLACE failed (Invalid argument): rule in chain PREROUTING
As a workaround, reset counters by iterating over rules and
zeroing them individually instead of using a single RULE_REPLACE
operation.
Signed-off-by: Aleksei Oladko <aleksey.oladko@virtuozzo.com>
Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
.../testing/selftests/net/netfilter/rpath.sh | 20 +++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/net/netfilter/rpath.sh b/tools/testing/selftests/net/netfilter/rpath.sh
index 24ad41d526d9..90cc21233235 100755
--- a/tools/testing/selftests/net/netfilter/rpath.sh
+++ b/tools/testing/selftests/net/netfilter/rpath.sh
@@ -125,8 +125,24 @@ netns_ping() { # (netns, args...)
}
clear_counters() {
- [ -n "$iptables" ] && ip netns exec "$ns2" "$iptables" -t raw -Z
- [ -n "$ip6tables" ] && ip netns exec "$ns2" "$ip6tables" -t raw -Z
+ if [ -n "$iptables" ]; then
+ if ! ip netns exec "$ns2" "$iptables" -t raw -Z 2>/dev/null; then
+ ip netns exec "$ns2" "$iptables" -L PREROUTING -t raw -n --line-numbers | \
+ awk '$1+0>0 {print $1}' | \
+ while read rulenum; do
+ ip netns exec "$ns2" "$iptables" -t raw -Z PREROUTING "$rulenum" 2>/dev/null
+ done
+ fi
+ fi
+ if [ -n "$ip6tables" ]; then
+ if ! ip netns exec "$ns2" "$ip6tables" -t raw -Z 2>/dev/null; then
+ ip netns exec "$ns2" "$ip6tables" -L PREROUTING -t raw -n --line-numbers | \
+ awk '$1+0>0 {print $1}' | \
+ while read rulenum; do
+ ip netns exec "$ns2" "$ip6tables" -t raw -Z PREROUTING "$rulenum" 2>/dev/null
+ done
+ fi
+ fi
if [ -n "$nft" ]; then
(
echo "delete table inet t";
--
2.43.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] selftests: netfilter: avoid RULE_REPLACE error when zeroing rule counters
2026-01-20 23:11 [PATCH] selftests: netfilter: avoid RULE_REPLACE error when zeroing rule counters Aleksei Oladko
@ 2026-01-20 23:20 ` Florian Westphal
0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2026-01-20 23:20 UTC (permalink / raw)
To: Aleksei Oladko
Cc: Pablo Neira Ayuso, Phil Sutter, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Simon Horman, Shuah Khan,
Konstantin Khorenko, netfilter-devel, coreteam, netdev,
linux-kselftest, linux-kernel
Aleksei Oladko <aleksey.oladko@virtuozzo.com> wrote:
> diff --git a/tools/testing/selftests/net/netfilter/rpath.sh b/tools/testing/selftests/net/netfilter/rpath.sh
> index 24ad41d526d9..90cc21233235 100755
> --- a/tools/testing/selftests/net/netfilter/rpath.sh
> +++ b/tools/testing/selftests/net/netfilter/rpath.sh
> @@ -125,8 +125,24 @@ netns_ping() { # (netns, args...)
> }
>
> clear_counters() {
> - [ -n "$iptables" ] && ip netns exec "$ns2" "$iptables" -t raw -Z
> - [ -n "$ip6tables" ] && ip netns exec "$ns2" "$ip6tables" -t raw -Z
> + if [ -n "$iptables" ]; then
> + if ! ip netns exec "$ns2" "$iptables" -t raw -Z 2>/dev/null; then
> + ip netns exec "$ns2" "$iptables" -L PREROUTING -t raw -n --line-numbers | \
I would prefer to SKIP in this case rather than working around
userspace bugs.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-01-20 23:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-20 23:11 [PATCH] selftests: netfilter: avoid RULE_REPLACE error when zeroing rule counters Aleksei Oladko
2026-01-20 23:20 ` Florian Westphal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox