import nftables-0.9.8-10.el9
This commit is contained in:
parent
cfe40e5371
commit
6ff30e8bde
@ -0,0 +1,53 @@
|
||||
From 4bd60613ea60da4bf9da226be352dd47f585e8d0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20N=C4=9Bmec?= <snemec@redhat.com>
|
||||
Date: Fri, 5 Nov 2021 12:39:11 +0100
|
||||
Subject: [PATCH] tests: shell: $NFT needs to be invoked unquoted
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The variable has to undergo word splitting, otherwise the shell tries
|
||||
to find the variable value as an executable, which breaks in cases that
|
||||
7c8a44b25c22 ("tests: shell: Allow wrappers to be passed as nft command")
|
||||
intends to support.
|
||||
|
||||
Mention this in the shell tests README.
|
||||
|
||||
Fixes: d8ccad2a2b73 ("tests: cover baecd1cf2685 ("segtree: Fix segfault when restoring a huge interval set")")
|
||||
Signed-off-by: Štěpán Němec <snemec@redhat.com>
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
(cherry picked from commit dad3338f1f76a4a5bd782bae9c6b48941dfb1e31)
|
||||
|
||||
Conflicts:
|
||||
tests/shell/README
|
||||
-> Context change due to missing other patches.
|
||||
---
|
||||
tests/shell/README | 3 +++
|
||||
tests/shell/testcases/sets/0068interval_stack_overflow_0 | 2 +-
|
||||
2 files changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tests/shell/README b/tests/shell/README
|
||||
index e0279bbdc30c3..aee50e3d668b1 100644
|
||||
--- a/tests/shell/README
|
||||
+++ b/tests/shell/README
|
||||
@@ -25,4 +25,7 @@ path to the nftables binary being tested.
|
||||
You can pass an arbitrary $NFT value as well:
|
||||
# NFT=/usr/local/sbin/nft ./run-tests.sh
|
||||
|
||||
+Note that, to support usage such as NFT='valgrind nft', tests must
|
||||
+invoke $NFT unquoted.
|
||||
+
|
||||
By default the tests are run with the nft binary at '../../src/nft'
|
||||
diff --git a/tests/shell/testcases/sets/0068interval_stack_overflow_0 b/tests/shell/testcases/sets/0068interval_stack_overflow_0
|
||||
index 134282de28268..6620572449c3c 100755
|
||||
--- a/tests/shell/testcases/sets/0068interval_stack_overflow_0
|
||||
+++ b/tests/shell/testcases/sets/0068interval_stack_overflow_0
|
||||
@@ -26,4 +26,4 @@ table inet test68_table {
|
||||
}
|
||||
EOF
|
||||
|
||||
-( ulimit -s 128 && "$NFT" -f "$ruleset_file" )
|
||||
+( ulimit -s 128 && $NFT -f "$ruleset_file" )
|
||||
--
|
||||
2.33.0
|
||||
|
@ -0,0 +1,51 @@
|
||||
From 0c34164a245bdd03085e906bc9b3327d559535a4 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20N=C4=9Bmec?= <snemec@redhat.com>
|
||||
Date: Wed, 1 Dec 2021 12:12:00 +0100
|
||||
Subject: [PATCH] tests: shell: better parameters for the interval stack
|
||||
overflow test
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Wider testing has shown that 128 kB stack is too low (e.g. for systems
|
||||
with 64 kB page size), leading to false failures in some environments.
|
||||
|
||||
Based on results from a matrix of RHEL 8 and RHEL 9 systems across
|
||||
x86_64, aarch64, ppc64le and s390x architectures as well as some
|
||||
anecdotal testing of other Linux distros on x86_64 machines, 400 kB
|
||||
seems safe: the normal nft stack (which should stay constant during
|
||||
this test) on all tested systems doesn't exceed 200 kB (stays around
|
||||
100 kB on typical systems with 4 kB page size), while always growing
|
||||
beyond 500 kB in the failing case (nftables before baecd1cf2685) with
|
||||
the increased set size.
|
||||
|
||||
Fixes: d8ccad2a2b73 ("tests: cover baecd1cf2685 ("segtree: Fix segfault when restoring a huge interval set")")
|
||||
Signed-off-by: Štěpán Němec <snemec@redhat.com>
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
(cherry picked from commit 7b81d9cb094ffa96ad821528cf19269dc348f617)
|
||||
---
|
||||
tests/shell/testcases/sets/0068interval_stack_overflow_0 | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/tests/shell/testcases/sets/0068interval_stack_overflow_0 b/tests/shell/testcases/sets/0068interval_stack_overflow_0
|
||||
index 6620572449c3c..2cbc986802644 100755
|
||||
--- a/tests/shell/testcases/sets/0068interval_stack_overflow_0
|
||||
+++ b/tests/shell/testcases/sets/0068interval_stack_overflow_0
|
||||
@@ -9,7 +9,7 @@ trap 'rm -f "$ruleset_file"' EXIT
|
||||
{
|
||||
echo 'define big_set = {'
|
||||
for ((i = 1; i < 255; i++)); do
|
||||
- for ((j = 1; j < 80; j++)); do
|
||||
+ for ((j = 1; j < 255; j++)); do
|
||||
echo "10.0.$i.$j,"
|
||||
done
|
||||
done
|
||||
@@ -26,4 +26,4 @@ table inet test68_table {
|
||||
}
|
||||
EOF
|
||||
|
||||
-( ulimit -s 128 && $NFT -f "$ruleset_file" )
|
||||
+( ulimit -s 400 && $NFT -f "$ruleset_file" )
|
||||
--
|
||||
2.33.0
|
||||
|
@ -1,6 +1,6 @@
|
||||
Name: nftables
|
||||
Version: 0.9.8
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
# Upstream released a 0.100 version, then 0.4. Need Epoch to get back on track.
|
||||
Epoch: 1
|
||||
Summary: Netfilter Tables userspace utillites
|
||||
@ -32,6 +32,8 @@ Patch15: 0015-json-init-parser-state-for-every-new-buffer-file.patch
|
||||
Patch16: 0016-segtree-Fix-segfault-when-restoring-a-huge-interval-.patch
|
||||
Patch17: 0017-tests-cover-baecd1cf2685-segtree-Fix-segfault-when-r.patch
|
||||
Patch18: 0018-doc-nft.8-Extend-monitor-description-by-trace.patch
|
||||
Patch19: 0019-tests-shell-NFT-needs-to-be-invoked-unquoted.patch
|
||||
Patch20: 0020-tests-shell-better-parameters-for-the-interval-stack.patch
|
||||
|
||||
#BuildRequires: autogen
|
||||
#BuildRequires: autoconf
|
||||
@ -141,6 +143,10 @@ sed -i -e 's/\(sofile=\)".*"/\1"'$sofile'"/' \
|
||||
%{python3_sitelib}/nftables/
|
||||
|
||||
%changelog
|
||||
* Wed Dec 08 2021 Phil Sutter <psutter@redhat.com> - 1:0.9.8-10
|
||||
- tests: shell: better parameters for the interval stack overflow test
|
||||
- tests: shell: $NFT needs to be invoked unquoted
|
||||
|
||||
* Thu Nov 11 2021 Phil Sutter <psutter@redhat.com> - 1:0.9.8-9
|
||||
- doc: nft.8: Extend monitor description by trace
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user