From f6305ba58c95ab1a58cc7e3dfd6bcfb6258b22b1 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Wed, 10 Apr 2024 15:49:13 -0700 Subject: [PATCH] nftables: Fix ptest runs It gets OOMs with memory < 2G on x86_64 qemu Export NFT variable in run-ptest script its used by few tests Add required runtime dependencies for ptests to pass This also requires changes to kernel config features/nf_tables/nft_test.scc and CONFIG_VETH Signed-off-by: Khem Raj --- .../images/meta-networking-image-ptest.bb | 1 + .../nftables/nftables/run-ptest | 1 + .../recipes-filter/nftables/nftables_1.0.9.bb | 26 ++++++++++++++++--- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/meta-networking/recipes-core/images/meta-networking-image-ptest.bb b/meta-networking/recipes-core/images/meta-networking-image-ptest.bb index f458b761f2e..295da982ec8 100644 --- a/meta-networking/recipes-core/images/meta-networking-image-ptest.bb +++ b/meta-networking/recipes-core/images/meta-networking-image-ptest.bb @@ -27,6 +27,7 @@ IMAGE_ROOTFS_EXTRA_SPACE = "324288" QB_MEM = "-m 1024" # If a particular ptest needs more memroy, it can be customized: #QB_MEM:virtclass-mcextend- = "-m 4096" +QB_MEM:virtclass-mcextend-nftables = "-m 2048" TEST_SUITES = "ping ssh parselogs ptest" diff --git a/meta-networking/recipes-filter/nftables/nftables/run-ptest b/meta-networking/recipes-filter/nftables/nftables/run-ptest index 363a1ee25af..32ddf9f455a 100644 --- a/meta-networking/recipes-filter/nftables/nftables/run-ptest +++ b/meta-networking/recipes-filter/nftables/nftables/run-ptest @@ -4,6 +4,7 @@ NFTABLESLIB=@libdir@/nftables cd ${NFTABLESLIB}/ptest || exit 1 LOG="${NFTABLESLIB}/ptest/nftables_ptest_$(date +%Y%m%d-%H%M%S).log" +NFT=nft tests/shell/run-tests.sh -v | sed -E '/I: \[OK\]/ s/^/PASS: / ; /W: \[(CHK DUMP|VALGRIND|TAINTED|DUMP FAIL|FAILED)\]/ s/^/FAIL: /' | sed "s,\x1B\[[0-9;]*[a-zA-Z],,g" | tee -a "${LOG}" passed=$(grep -c PASS: "${LOG}") diff --git a/meta-networking/recipes-filter/nftables/nftables_1.0.9.bb b/meta-networking/recipes-filter/nftables/nftables_1.0.9.bb index ad99a80a6df..77189227425 100644 --- a/meta-networking/recipes-filter/nftables/nftables_1.0.9.bb +++ b/meta-networking/recipes-filter/nftables/nftables_1.0.9.bb @@ -37,8 +37,6 @@ SETUPTOOLS_SETUP_PATH = "${S}/py" inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'setuptools3', '', d)} -RRECOMMENDS:${PN} += "kernel-module-nf-tables" - PACKAGES =+ "${PN}-python" FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}" RDEPENDS:${PN}-python = "python3-core python3-json ${PN}" @@ -66,7 +64,29 @@ do_install() { fi } -RDEPENDS:${PN}-ptest += " ${PN}-python bash make iproute2 iputils-ping procps python3-core python3-ctypes python3-json python3-misc sed util-linux" +RDEPENDS:${PN}-ptest += " ${PN}-python bash coreutils make iproute2 iputils-ping procps python3-core python3-ctypes python3-json python3-misc sed util-linux" + +RRECOMMENDS:${PN}-ptest += "\ +kernel-module-nft-chain-nat kernel-module-nft-queue \ +kernel-module-nft-compat kernel-module-nft-quota \ +kernel-module-nft-connlimit kernel-module-nft-redir \ +kernel-module-nft-ct kernel-module-nft-reject \ +kernel-module-nft-flow-offload kernel-module-nft-reject-inet \ +kernel-module-nft-hash kernel-module-nft-reject-ipv4 \ +kernel-module-nft-limit kernel-module-nft-reject-ipv6 \ +kernel-module-nft-log kernel-module-nft-socket \ +kernel-module-nft-masq kernel-module-nft-synproxy \ +kernel-module-nft-nat kernel-module-nft-tunnel \ +kernel-module-nft-numgen kernel-module-nft-xfrm \ +kernel-module-nft-osf \ +kernel-module-nf-flow-table \ +kernel-module-nf-flow-table-inet \ +kernel-module-nf-nat \ +kernel-module-nf-log-syslog \ +kernel-module-nf-nat-ftp \ +kernel-module-nf-nat-sip \ +kernel-module-8021q \ +kernel-module-dummy" TESTDIR = "tests"