[Devel] [PATCH vz10 v2] selftests: netfilter: avoid RULE_REPLACE error when zeroing rule counters

Fri, 09 Jan 2026 06:37:22 -0800 

From: Aleksei Oladko <[email protected]>

The rpath.sh test fails on certain iptables versions when
attempting to zero all table counters at once via 'iptables -Z'.
The operation returns

  RULE_REPLACE failed (Invalid argument): rule in chain PREROUTING

As a workaround, reset counters by iterating over rules and
zeroing them individually instead of using a single RULE_REPLACE
operation.

https://virtuozzo.atlassian.net/browse/VSTOR-121588

Signed-off-by: Aleksei Oladko <[email protected]>
Signed-off-by: Konstantin Khorenko <[email protected]>
Reviewed-by: Pavel Tikhomirov <[email protected]>

Feature: fix selftests

---
Changes:
 v2: Replace bash -c with xargs approach with a simpler while read loop
     to avoid nested shell invocations and improve code readability.

     This also drops '$iptables' which really made me think this won't
     work as bash should not substitute variables in single quotes.

     And makes us able to drop "\$1" extra quoting as well.
---
 .../testing/selftests/net/netfilter/rpath.sh  | 20 +++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/net/netfilter/rpath.sh 
b/tools/testing/selftests/net/netfilter/rpath.sh
index 86ec4e68594dc..2272d0ba0f977 100755
--- a/tools/testing/selftests/net/netfilter/rpath.sh
+++ b/tools/testing/selftests/net/netfilter/rpath.sh
@@ -133,8 +133,24 @@ netns_ping() { # (netns, args...)
 }
 
 clear_counters() {
-       [ -n "$iptables" ] && ip netns exec "$ns2" "$iptables" -t raw -Z
-       [ -n "$ip6tables" ] && ip netns exec "$ns2" "$ip6tables" -t raw -Z
+       if [ -n "$iptables" ]; then
+               if ! ip netns exec "$ns2" "$iptables" -t raw -Z 2>/dev/null; 
then
+                       ip netns exec "$ns2" "$iptables" -L PREROUTING -t raw 
-n --line-numbers | \
+                       awk '$1+0>0 {print $1}' | \
+                       while read rulenum; do
+                               ip netns exec "$ns2" "$iptables" -t raw -Z 
PREROUTING "$rulenum" 2>/dev/null
+                       done
+               fi
+       fi
+       if [ -n "$ip6tables" ]; then
+               if ! ip netns exec "$ns2" "$ip6tables" -t raw -Z 2>/dev/null; 
then
+                       ip netns exec "$ns2" "$ip6tables" -L PREROUTING -t raw 
-n --line-numbers | \
+                       awk '$1+0>0 {print $1}' | \
+                       while read rulenum; do
+                               ip netns exec "$ns2" "$ip6tables" -t raw -Z 
PREROUTING "$rulenum" 2>/dev/null
+                       done
+               fi
+       fi
        if [ -n "$nft" ]; then
                (
                        echo "delete table inet t";
-- 
2.43.0

_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to