The commit is pushed to "branch-rh10-6.12.0-55.52.1.4.x.vz10-ovz" and will
appear at [email protected]:openvz/vzkernel.git
after rh10-6.12.0-55.52.1.4.10.vz10
------>
commit 108f7c958e73f3ab971f3a60456e675fed719f59
Author: Aleksei Oladko <[email protected]>
Date: Mon Mar 2 08:39:35 2026 +0000
ms/selftests: forwarding: fix pedit tests failure with br_netfilter enabled
The tests use the tc pedit action to modify the IPv4 source address
("pedit ex munge ip src set"), but the IP header checksum is not
recalculated after the modification. As a result, the modified packet
fails sanity checks in br_netfilter after bridging and is dropped,
which causes the test to fail.
Fix this by ensuring net.bridge.bridge-nf-call-iptables is set to 0
during the test execution. This prevents the bridge from passing
L2 traffic to netfilter, bypasing the checksum validation that
causes the test failure.
Fixes: 92ad3828944e ("selftests: forwarding: Add a test for pedit munge SIP
and DIP")
Fixes: 226657ba2389 ("selftests: forwarding: Add a forwarding test for
pedit munge dsfield")
Signed-off-by: Aleksei Oladko <[email protected]>
Reviewed-by: Ido Schimmel <[email protected]>
Link:
https://patch.msgid.link/[email protected]
Signed-off-by: Paolo Abeni <[email protected]>
(cherry picked from commit a8c198d16c64cdf57f481a4cd3e769502802369e)
https://virtuozzo.atlassian.net/browse/VSTOR-123249
Feature: fix ms/selftests
---
tools/testing/selftests/net/forwarding/pedit_dsfield.sh | 8 ++++++++
tools/testing/selftests/net/forwarding/pedit_ip.sh | 8 ++++++++
2 files changed, 16 insertions(+)
diff --git a/tools/testing/selftests/net/forwarding/pedit_dsfield.sh
b/tools/testing/selftests/net/forwarding/pedit_dsfield.sh
index af008fbf2725e..eb2d8034de9c7 100755
--- a/tools/testing/selftests/net/forwarding/pedit_dsfield.sh
+++ b/tools/testing/selftests/net/forwarding/pedit_dsfield.sh
@@ -98,12 +98,20 @@ setup_prepare()
h1_create
h2_create
switch_create
+
+ if [ -f /proc/sys/net/bridge/bridge-nf-call-iptables ]; then
+ sysctl_set net.bridge.bridge-nf-call-iptables 0
+ fi
}
cleanup()
{
pre_cleanup
+ if [ -f /proc/sys/net/bridge/bridge-nf-call-iptables ]; then
+ sysctl_restore net.bridge.bridge-nf-call-iptables
+ fi
+
switch_destroy
h2_destroy
h1_destroy
diff --git a/tools/testing/selftests/net/forwarding/pedit_ip.sh
b/tools/testing/selftests/net/forwarding/pedit_ip.sh
index d14efb2d23b2e..9235674627abd 100755
--- a/tools/testing/selftests/net/forwarding/pedit_ip.sh
+++ b/tools/testing/selftests/net/forwarding/pedit_ip.sh
@@ -91,12 +91,20 @@ setup_prepare()
h1_create
h2_create
switch_create
+
+ if [ -f /proc/sys/net/bridge/bridge-nf-call-iptables ]; then
+ sysctl_set net.bridge.bridge-nf-call-iptables 0
+ fi
}
cleanup()
{
pre_cleanup
+ if [ -f /proc/sys/net/bridge/bridge-nf-call-iptables ]; then
+ sysctl_restore net.bridge.bridge-nf-call-iptables
+ fi
+
switch_destroy
h2_destroy
h1_destroy
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
