The commit is pushed to "branch-rh10-6.12.0-55.13.1.3.x.vz10-ovz" and will
appear at [email protected]:openvz/vzkernel.git
after rh10-6.12.0-55.13.1.3.26.vz10
------>
commit cdcd663faae69ca184893e350e7dde646d8aa772
Author: Aleksei Oladko <[email protected]>
Date: Mon Dec 22 22:16:50 2025 +0000
selftests: netfilter: ensure conntrack is enabled for helper test
The nft_conntrack_helper.sh assumes that conntrack entries are created
for the generated test traffic. This is not the case when only raw table
rules are installed, as conntrack is not required and remains disabled.
Add a stateful rule to force conntrack to be enabled, ensuring that
conntrack entries are created and the helper assignment can be verified.
https://virtuozzo.atlassian.net/browse/VSTOR-120993
Signed-off-by: Aleksei Oladko <[email protected]>
Feature: fix selftests
---
tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
b/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
index abcaa73371975..43761f2eb3ec8 100755
--- a/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
+++ b/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
@@ -60,6 +60,12 @@ table $family raw {
tcp dport 2121 ct helper set "ftp"
}
}
+table $family filter {
+ chain forward {
+ type filter hook forward priority 0; policy accept;
+ ct state new,established,related accept
+ }
+}
EOF
return $?
}
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
