[Devel] [PATCH vz10 2/2] selftests: netfilter: ensure conntrack is enabled for helper test
Konstantin Khorenko
khorenko at virtuozzo.com
Fri Dec 19 16:27:26 MSK 2025
On 12/16/25 21:57, Aleksei Oladko wrote:
> The nft_conntrack_helper.sh assumes that conntrack entries are created
> for the generated test traffic. This is not the case when only raw table
> rules are installed, as conntrack is not required and remains disabled.
>
> Add a stateful rule to force conntrack to be enabled, ensuring that
> conntrack entries are created and the helper assignment can be verified.
>
> https://virtuozzo.atlassian.net/browse/VSTOR-120993
>
> Signed-off-by: Aleksei Oladko <aleksey.oladko at virtuozzo.com>
> ---
> .../testing/selftests/net/netfilter/nft_conntrack_helper.sh | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh b/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
> index abcaa7337197..8d01ce85c6a3 100755
> --- a/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
> +++ b/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
> @@ -60,6 +60,12 @@ table $family raw {
> tcp dport 2121 ct helper set "ftp"
> }
> }
> +table $family filter {
> + chain forward {
> + type filter hook forward priority 0; policy accept;
> + ct state established,related accept
ct state new,established,related accept
may be better to add "new" as well here?
> + }
> +}
> EOF
> return $?
> }
More information about the Devel
mailing list