** Changed in: iptables (Ubuntu Impish) Importance: Undecided => Medium
** Changed in: iptables (Ubuntu Jammy) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https://bugs.launchpad.net/bugs/1949603 Title: iptables-save -c shows incorrect counters with iptables-nft Status in iptables package in Ubuntu: New Status in iptables source package in Impish: New Status in iptables source package in Jammy: New Bug description: Starting with Impish I noticed that the kernel selftest xfrm_policy.sh is always failing. Initially I thought it was a kernel issue, but debugging further I found that the reason is that with Impish we're using iptables-nft by default instead of iptables-legacy. This test (./tools/testing/selftests/net/xfrm_policy.sh in the kernel source directory) is creating a bunch of network namespaces and checking the iptables counters for the defined policies, in particular this is the interesting part: check_ipt_policy_count() { ns=$1 ip netns exec $ns iptables-save -c |grep policy | ( read c rest ip netns exec $ns iptables -Z if [ x"$c" = x'[0:0]' ]; then exit 0 elif [ x"$c" = x ]; then echo "ERROR: No counters" ret=1 exit 111 else exit 1 fi ) } If I use iptables-nft the counters are never [0:0] as they should be, so the test is failing. With iptables-legacy they are [0:0] and the test is passing. Any idea why this is happening and how I can debug this in iptables? Thanks in advance. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1949603/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
