[Devel] [PATCH RHEL10 COMMIT] selftests: netfilter: avoid RULE_REPLACE error when zeroing rule counters

Fri, 09 Jan 2026 06:37:49 -0800 

The commit is pushed to "branch-rh10-6.12.0-55.13.1.3.x.vz10-ovz" and will 
appear at [email protected]:openvz/vzkernel.git
after rh10-6.12.0-55.13.1.3.29.vz10
------>
commit 937f8fe6caa4f36f885b8fceb1e0d7a90795fd59
Author: Aleksei Oladko <[email protected]>
Date:   Sun Jan 4 01:47:25 2026 +0000

    selftests: netfilter: avoid RULE_REPLACE error when zeroing rule counters
    
    The rpath.sh test fails on certain iptables versions when
    attempting to zero all table counters at once via 'iptables -Z'.
    The operation returns
    
      RULE_REPLACE failed (Invalid argument): rule in chain PREROUTING
    
    As a workaround, reset counters by iterating over rules and
    zeroing them individually instead of using a single RULE_REPLACE
    operation.
    
    https://virtuozzo.atlassian.net/browse/VSTOR-121588
    
    Signed-off-by: Aleksei Oladko <[email protected]>
    Signed-off-by: Konstantin Khorenko <[email protected]>
    Reviewed-by: Pavel Tikhomirov <[email protected]>
    
    Feature: fix selftests
---
 tools/testing/selftests/net/netfilter/rpath.sh | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/net/netfilter/rpath.sh 
b/tools/testing/selftests/net/netfilter/rpath.sh
index 86ec4e68594dc..2272d0ba0f977 100755
--- a/tools/testing/selftests/net/netfilter/rpath.sh
+++ b/tools/testing/selftests/net/netfilter/rpath.sh
@@ -133,8 +133,24 @@ netns_ping() { # (netns, args...)
 }
 
 clear_counters() {
-       [ -n "$iptables" ] && ip netns exec "$ns2" "$iptables" -t raw -Z
-       [ -n "$ip6tables" ] && ip netns exec "$ns2" "$ip6tables" -t raw -Z
+       if [ -n "$iptables" ]; then
+               if ! ip netns exec "$ns2" "$iptables" -t raw -Z 2>/dev/null; 
then
+                       ip netns exec "$ns2" "$iptables" -L PREROUTING -t raw 
-n --line-numbers | \
+                       awk '$1+0>0 {print $1}' | \
+                       while read rulenum; do
+                               ip netns exec "$ns2" "$iptables" -t raw -Z 
PREROUTING "$rulenum" 2>/dev/null
+                       done
+               fi
+       fi
+       if [ -n "$ip6tables" ]; then
+               if ! ip netns exec "$ns2" "$ip6tables" -t raw -Z 2>/dev/null; 
then
+                       ip netns exec "$ns2" "$ip6tables" -L PREROUTING -t raw 
-n --line-numbers | \
+                       awk '$1+0>0 {print $1}' | \
+                       while read rulenum; do
+                               ip netns exec "$ns2" "$ip6tables" -t raw -Z 
PREROUTING "$rulenum" 2>/dev/null
+                       done
+               fi
+       fi
        if [ -n "$nft" ]; then
                (
                        echo "delete table inet t";
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to