netfilter buglog - Feb 2024 - [Bug 1738] New: iptables unit test suite fails extensions/libip6t_mh.txlate

https://bugzilla.netfilter.org/show_bug.cgi?id=1738

            Bug ID: 1738
           Summary: iptables unit test suite fails
                    extensions/libip6t_mh.txlate
           Product: iptables
           Version: 1.8.x
          Hardware: All
                OS: Gentoo
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ip6tables
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: matoro_bugzilla_netfilter at matoro.tk

Created attachment 736
  --> https://bugzilla.netfilter.org/attachment.cgi?id=736&action=edit
sample system info, build log, test log

Hi, the iptables unit test suite has a failing test on all architectures. 
I'm
observing this behavior on both Gentoo and Arch kernels as well.

extensions/libip6t_mh.txlate: Fail
src: ip6tables-translate -A INPUT -p mh --mh-type 1 -j ACCEPT
exp: nft 'add rule ip6 filter INPUT meta l4proto mobility-header mh type 1
counter accept'
res: nft 'add rule ip6 filter INPUT meta l4proto 135 mh type 1 counter
accept'

extensions/libip6t_mh.txlate: Fail
src: ip6tables-translate -A INPUT -p mh --mh-type 1:3 -j ACCEPT
exp: nft 'add rule ip6 filter INPUT meta l4proto mobility-header mh type 1-3
counter accept'
res: nft 'add rule ip6 filter INPUT meta l4proto 135 mh type 1-3 counter
accept'


At first I thought this might be a bug in the test, however, in the following
commit, "mobility-header" and "135" were swapped in the
expected output, in the
opposite direction of what would be expected: 
https://git.netfilter.org/iptables/commit/?id=5839d7fe62ff667af7132fc7d589b386951f27b3

Tested on 1.8.10.

Downstream bug:  https://bugs.gentoo.org/890628

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240228/f361ddd5/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1738

matoro_bugzilla_netfilter at matoro.tk changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|                            |https://bugs.gentoo.org/890
                   |                            |628
                 CC|                            |matoro_bugzilla_netfilter at m
                   |                            |atoro.tk

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240228/501e72c6/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1738

Phil Sutter <phil at nwl.cc> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
                 CC|                            |phil at nwl.cc

--- Comment #1 from Phil Sutter <phil at nwl.cc> ---
Hi,

xtables-translate calls getprotobynumber() to translate protocol values into
names. Gentoo's /etc/protocols lacks an entry for protocol 135.

Looking at the regular rule printing which leverages an internal cache of
protocol names though, I guess the above should be changed to align behaviour.

Thanks, Phil

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240229/18ec6045/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1738

matoro_bugzilla_netfilter at matoro.tk changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |INVALID

--- Comment #2 from matoro_bugzilla_netfilter at matoro.tk ---
Thank you, that does the trick!  This is a distro mistake then, I will fix it
downstream.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240229/7a8fb76f/attachment.html>