From: Phil Sutter <phil@nwl.cc>
To: Hangbin Liu <liuhangbin@gmail.com>
Cc: netdev@vger.kernel.org, "Jason A. Donenfeld" <Jason@zx2c4.com>,
Jakub Kicinski <kuba@kernel.org>, Shuah Khan <shuah@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Simon Horman <horms@kernel.org>, Florian Westphal <fw@strlen.de>,
Petr Mladek <pmladek@suse.com>,
Yoann Congal <yoann.congal@smile.fr>,
wireguard@lists.zx2c4.com, linux-kselftest@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCHv5 net-next 1/2] wireguard: selftests: convert iptables to nft
Date: Sun, 23 Mar 2025 22:10:33 +0100 [thread overview]
Message-ID: <Z-B4yfBvm2aXW_Ar@orbyte.nwl.cc> (raw)
In-Reply-To: <20250322093016.16631-2-liuhangbin@gmail.com>
On Sat, Mar 22, 2025 at 09:30:15AM +0000, Hangbin Liu wrote:
> Convert iptabels to nft as it is the replacement for iptables, which is used
~~~~~~~~
Typo, but I would write "Convert the selftest to nft ..." instead since
that is what you're converting, iptables is just replaced. :)
> by default in most releases.
>
> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
> ---
> tools/testing/selftests/wireguard/netns.sh | 29 ++++++++++++++--------
> 1 file changed, 19 insertions(+), 10 deletions(-)
>
> diff --git a/tools/testing/selftests/wireguard/netns.sh b/tools/testing/selftests/wireguard/netns.sh
> index 55500f901fbc..8b840fef90af 100755
> --- a/tools/testing/selftests/wireguard/netns.sh
> +++ b/tools/testing/selftests/wireguard/netns.sh
> @@ -75,6 +75,11 @@ pp ip netns add $netns1
> pp ip netns add $netns2
> ip0 link set up dev lo
>
> +# init nft tables
> +n0 nft add table ip wgtest
> +n1 nft add table ip wgtest
> +n2 nft add table ip wgtest
> +
> ip0 link add dev wg0 type wireguard
> ip0 link set wg0 netns $netns1
> ip0 link add dev wg0 type wireguard
> @@ -196,13 +201,14 @@ ip1 link set wg0 mtu 1300
> ip2 link set wg0 mtu 1300
> n1 wg set wg0 peer "$pub2" endpoint 127.0.0.1:2
> n2 wg set wg0 peer "$pub1" endpoint 127.0.0.1:1
> -n0 iptables -A INPUT -m length --length 1360 -j DROP
> +n0 nft add chain ip wgtest INPUT { type filter hook input priority filter \; policy accept \; }
You may skip the 'policy accept \;' part in all 'add chain' commands as
this is the default for all chains. Unless you prefer to explicitly
state the chain policy, of course.
Cheers, Phil
next prev parent reply other threads:[~2025-05-20 21:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-22 9:30 [PATCHv5 net-next 0/2] wireguard: selftests: use nftables for testing Hangbin Liu
[not found] ` <20250322093016.16631-2-liuhangbin@gmail.com>
2025-03-23 21:10 ` Phil Sutter [this message]
2025-03-26 6:25 ` [PATCHv5 net-next 1/2] wireguard: selftests: convert iptables to nft Hangbin Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z-B4yfBvm2aXW_Ar@orbyte.nwl.cc \
--to=phil@nwl.cc \
--cc=Jason@zx2c4.com \
--cc=davem@davemloft.net \
--cc=fw@strlen.de \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=liuhangbin@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=pmladek@suse.com \
--cc=shuah@kernel.org \
--cc=wireguard@lists.zx2c4.com \
--cc=yoann.congal@smile.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).