[Devel] [PATCH RHEL10 COMMIT] selftests: netfilter: ensure conntrack is enabled for helper test
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Dec 23 12:35:35 MSK 2025
The commit is pushed to "branch-rh10-6.12.0-55.13.1.2.x.vz10-ovz" and will appear at git at bitbucket.org:openvz/vzkernel.git
after rh10-6.12.0-55.13.1.2.27.vz10
------>
commit abd48f6f685cb930b90ed39ad196b465303ed41c
Author: Aleksei Oladko <aleksey.oladko at virtuozzo.com>
Date: Mon Dec 22 22:16:50 2025 +0000
selftests: netfilter: ensure conntrack is enabled for helper test
The nft_conntrack_helper.sh assumes that conntrack entries are created
for the generated test traffic. This is not the case when only raw table
rules are installed, as conntrack is not required and remains disabled.
Add a stateful rule to force conntrack to be enabled, ensuring that
conntrack entries are created and the helper assignment can be verified.
https://virtuozzo.atlassian.net/browse/VSTOR-120993
Signed-off-by: Aleksei Oladko <aleksey.oladko at virtuozzo.com>
Feature: fix selftests
---
tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh b/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
index abcaa73371975..43761f2eb3ec8 100755
--- a/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
+++ b/tools/testing/selftests/net/netfilter/nft_conntrack_helper.sh
@@ -60,6 +60,12 @@ table $family raw {
tcp dport 2121 ct helper set "ftp"
}
}
+table $family filter {
+ chain forward {
+ type filter hook forward priority 0; policy accept;
+ ct state new,established,related accept
+ }
+}
EOF
return $?
}
More information about the Devel
mailing list