Public bug reported:
Starting with Impish I noticed that the kernel selftest xfrm_policy.sh
is always failing. Initially I thought it was a kernel issue, but
debugging further I found that the reason is that with Impish we're
using iptables-nft by default instead of iptables-legacy.
This test (./tools/testing/selftests/net/xfrm_policy.sh in the kernel
source directory) is creating a bunch of network namespaces and checking
the iptables counters for the defined policies, in particular this is
the interesting part:
check_ipt_policy_count()
{
ns=$1
ip netns exec $ns iptables-save -c |grep policy | ( read c rest
ip netns exec $ns iptables -Z
if [ x"$c" = x'[0:0]' ]; then
exit 0
elif [ x"$c" = x ]; then
echo "ERROR: No counters"
ret=1
exit 111
else
exit 1
fi
)
}
If I use iptables-nft the counters are never [0:0] as they should be, so
the test is failing. With iptables-legacy they are [0:0] and the test is
passing.
Any idea why this is happening and how I can debug this in iptables?
Thanks in advance.
** Affects: iptables (Ubuntu)
Importance: Undecided
Status: New
** Affects: iptables (Ubuntu Impish)
Importance: Undecided
Status: New
** Affects: iptables (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: iptables (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: iptables (Ubuntu Impish)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1949603
Title:
iptables-save -c shows incorrect counters with iptables-nft
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1949603/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
