1. Patchew
  2. linux
  3. View series

[PATCH] selftests: netfilter: avoid RULE_REPLACE error when zeroing rule counters

Aleksei Oladko posted 1 patch 2 weeks, 5 days ago 
.../testing/selftests/net/netfilter/rpath.sh  | 20 +++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
[PATCH] selftests: netfilter: avoid RULE_REPLACE error when zeroing rule counters
Posted by Aleksei Oladko 2 weeks, 5 days ago 
The rpath.sh test fails on certain iptables versions when
attempting to zero all table counters at once via 'iptables -Z'.
The operation returns

  RULE_REPLACE failed (Invalid argument): rule in chain PREROUTING

As a workaround, reset counters by iterating over rules and
zeroing them individually instead of using a single RULE_REPLACE
operation.

Signed-off-by: Aleksei Oladko <aleksey.oladko@virtuozzo.com>
Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
 .../testing/selftests/net/netfilter/rpath.sh  | 20 +++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/net/netfilter/rpath.sh b/tools/testing/selftests/net/netfilter/rpath.sh
index 24ad41d526d9..90cc21233235 100755
--- a/tools/testing/selftests/net/netfilter/rpath.sh
+++ b/tools/testing/selftests/net/netfilter/rpath.sh
@@ -125,8 +125,24 @@ netns_ping() { # (netns, args...)
 }
 
 clear_counters() {
-	[ -n "$iptables" ] && ip netns exec "$ns2" "$iptables" -t raw -Z
-	[ -n "$ip6tables" ] && ip netns exec "$ns2" "$ip6tables" -t raw -Z
+	if [ -n "$iptables" ]; then
+		if ! ip netns exec "$ns2" "$iptables" -t raw -Z 2>/dev/null; then
+			ip netns exec "$ns2" "$iptables" -L PREROUTING -t raw -n --line-numbers | \
+			awk '$1+0>0 {print $1}' | \
+			while read rulenum; do
+				ip netns exec "$ns2" "$iptables" -t raw -Z PREROUTING "$rulenum" 2>/dev/null
+			done
+		fi
+	fi
+	if [ -n "$ip6tables" ]; then
+		if ! ip netns exec "$ns2" "$ip6tables" -t raw -Z 2>/dev/null; then
+			ip netns exec "$ns2" "$ip6tables" -L PREROUTING -t raw -n --line-numbers | \
+			awk '$1+0>0 {print $1}' | \
+			while read rulenum; do
+				ip netns exec "$ns2" "$ip6tables" -t raw -Z PREROUTING "$rulenum" 2>/dev/null
+			done
+		fi
+	fi
 	if [ -n "$nft" ]; then
 		(
 			echo "delete table inet t";
-- 
2.43.0
Re: [PATCH] selftests: netfilter: avoid RULE_REPLACE error when zeroing rule counters
Posted by Florian Westphal 2 weeks, 5 days ago 
Aleksei Oladko <aleksey.oladko@virtuozzo.com> wrote:
> diff --git a/tools/testing/selftests/net/netfilter/rpath.sh b/tools/testing/selftests/net/netfilter/rpath.sh
> index 24ad41d526d9..90cc21233235 100755
> --- a/tools/testing/selftests/net/netfilter/rpath.sh
> +++ b/tools/testing/selftests/net/netfilter/rpath.sh
> @@ -125,8 +125,24 @@ netns_ping() { # (netns, args...)
>  }
>  
>  clear_counters() {
> -	[ -n "$iptables" ] && ip netns exec "$ns2" "$iptables" -t raw -Z
> -	[ -n "$ip6tables" ] && ip netns exec "$ns2" "$ip6tables" -t raw -Z
> +	if [ -n "$iptables" ]; then
> +		if ! ip netns exec "$ns2" "$iptables" -t raw -Z 2>/dev/null; then
> +			ip netns exec "$ns2" "$iptables" -L PREROUTING -t raw -n --line-numbers | \

I would prefer to SKIP in this case rather than working around
userspace bugs.

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.