From: William Lyu <william....@windriver.com> Backported from commit on branch "yocto-6.6": 70cabea69443e974db04d6dcbe73031d0d726bc1
Several nftables ptest testcases failed due to missing features. The following kernel configuration options are added as part of the missing features: - NFT_FIB_INET (tristate "Netfilter nf_tables fib inet support") This option allows using the FIB expression from the inet table. The lookup will be delegated to the IPv4 or IPv6 FIB depending on the protocol of the packet. - NFT_FIB_IPV4 (tristate "nf_tables fib / ip route lookup support") This module enables IPv4 FIB lookups, e.g. for reverse path filtering. It also allows query of the FIB for the route type, e.g. local, unicast, multicast or blackhole. - NFT_FIB_IPV6 (tristate "nf_tables fib / ipv6 route lookup support") This module enables IPv6 FIB lookups, e.g. for reverse path filtering. It also allows query of the FIB for the route type, e.g. local, unicast, multicast or blackhole. Adding those three kernel configuration options above pass the following ptest testcases: - tests/shell/testcases/parsing/large_rule_pipe Previously failed due to using rule: meta nfproto ipv6 fib saddr . iif oif missing drop - tests/shell/testcases/nft-f/sample-ruleset Previously failed due to using rules: fib saddr . iif oif eq 0 counter drop fib daddr type { broadcast, multicast, anycast } counter drop fib daddr type { broadcast, multicast, anycast } counter drop fib daddr type { broadcast, multicast, anycast } counter drop - tests/shell/testcases/optimizations/ruleset Previously failed due to using rule: fib daddr type broadcast drop Signed-off-by: William Lyu <william....@windriver.com> --- features/nf_tables/nft_test.cfg | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/features/nf_tables/nft_test.cfg b/features/nf_tables/nft_test.cfg index fbebbaba..45ca8e5d 100644 --- a/features/nf_tables/nft_test.cfg +++ b/features/nf_tables/nft_test.cfg @@ -1,10 +1,12 @@ CONFIG_NF_CONNTRACK_TIMEOUT=y CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m +CONFIG_NFT_FIB_INET=y +CONFIG_NFT_FIB_IPV4=y +CONFIG_NFT_FIB_IPV6=y CONFIG_NFT_FLOW_OFFLOAD=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_OSF=m CONFIG_NFT_QUOTA=m CONFIG_NFT_SYNPROXY=m CONFIG_NFT_XFRM=m - -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13764): https://lists.yoctoproject.org/g/linux-yocto/message/13764 Mute This Topic: https://lists.yoctoproject.org/mt/105291635/21656 Group Owner: linux-yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-