Re: [Devel] [PATCH vz10] selftests: netfilter: avoid RULE_REPLACE error when zeroing rule counters

Mon, 05 Jan 2026 01:25:13 -0800 

Looks good. (presuming awk filtering / xargs work)

Reviewed-by: Pavel Tikhomirov <[email protected]>

p.s.: Do we know the iptables version where this problem does not happen? Do we 
want to ask devops to update iptables to this newer version?

On 1/4/26 09:47, Aleksei Oladko wrote:
> The rpath.sh test fails on certain iptables versions when
> attempting to zero all table counters at once via 'iptables -Z'.
> The operation returns
> 
>   RULE_REPLACE failed (Invalid argument): rule in chain PREROUTING
> 
> As a workaround, reset counters by iterating over rules and
> zeroing them individually instead of using a single RULE_REPLACE
> operation.
> 
> https://virtuozzo.atlassian.net/browse/VSTOR-121588
> 
> Signed-off-by: Aleksei Oladko <[email protected]>
> ---
>  tools/testing/selftests/net/netfilter/rpath.sh | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/tools/testing/selftests/net/netfilter/rpath.sh 
> b/tools/testing/selftests/net/netfilter/rpath.sh
> index 86ec4e68594d..1b15daa2e2da 100755
> --- a/tools/testing/selftests/net/netfilter/rpath.sh
> +++ b/tools/testing/selftests/net/netfilter/rpath.sh
> @@ -133,8 +133,12 @@ netns_ping() { # (netns, args...)
>  }
>  
>  clear_counters() {
> -     [ -n "$iptables" ] && ip netns exec "$ns2" "$iptables" -t raw -Z
> -     [ -n "$ip6tables" ] && ip netns exec "$ns2" "$ip6tables" -t raw -Z
> +     [ -n "$iptables" ] && ip netns exec "$ns2" "$iptables" -t raw -Z || \
> +     ip netns exec "$ns2" bash -c "'$iptables' -L PREROUTING -t raw -n 
> --line-numbers | \
> +     awk '\$1+0>0 {print \$1}' | xargs -rL1 '$iptables' -t raw -Z PREROUTING"
> +     [ -n "$ip6tables" ] && ip netns exec "$ns2" "$ip6tables" -t raw -Z || \
> +     ip netns exec "$ns2" bash -c "'$ip6tables' -L PREROUTING -t raw -n 
> --line-numbers | \
> +     awk '\$1+0>0 {print \$1}' | xargs -rL1 '$ip6tables' -t raw -Z 
> PREROUTING"
>       if [ -n "$nft" ]; then
>               (
>                       echo "delete table inet t";

-- 
Best regards, Pavel Tikhomirov
Senior Software Developer, Virtuozzo.

_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to