From 3a0f0a4e6b2260ec084b8be7a2c23404821d8759 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 1 Aug 2023 09:42:49 +0200 Subject: [PATCH] 5.15-stable patches added patches: selftests-mptcp-sockopt-use-iptables-legacy-if-available.patch --- ...opt-use-iptables-legacy-if-available.patch | 82 +++++++++++++++++++ queue-5.15/series | 1 + 2 files changed, 83 insertions(+) create mode 100644 queue-5.15/selftests-mptcp-sockopt-use-iptables-legacy-if-available.patch diff --git a/queue-5.15/selftests-mptcp-sockopt-use-iptables-legacy-if-available.patch b/queue-5.15/selftests-mptcp-sockopt-use-iptables-legacy-if-available.patch new file mode 100644 index 00000000000..9d67f88afd7 --- /dev/null +++ b/queue-5.15/selftests-mptcp-sockopt-use-iptables-legacy-if-available.patch @@ -0,0 +1,82 @@ +From a5a5990c099dd354e05e89ee77cd2dbf6655d4a1 Mon Sep 17 00:00:00 2001 +From: Matthieu Baerts +Date: Tue, 4 Jul 2023 22:44:36 +0200 +Subject: selftests: mptcp: sockopt: use 'iptables-legacy' if available + +From: Matthieu Baerts + +commit a5a5990c099dd354e05e89ee77cd2dbf6655d4a1 upstream. + +IPTables commands using 'iptables-nft' fail on old kernels, at least +on v5.15 because it doesn't see the default IPTables chains: + + $ iptables -L + iptables/1.8.2 Failed to initialize nft: Protocol not supported + +As a first step before switching to NFTables, we can use iptables-legacy +if available. + +Link: https://github.com/multipath-tcp/mptcp_net-next/issues/368 +Fixes: dc65fe82fb07 ("selftests: mptcp: add packet mark test case") +Cc: stable@vger.kernel.org +Acked-by: Paolo Abeni +Signed-off-by: Matthieu Baerts +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +--- a/tools/testing/selftests/net/mptcp/mptcp_sockopt.sh ++++ b/tools/testing/selftests/net/mptcp/mptcp_sockopt.sh +@@ -13,13 +13,15 @@ timeout_poll=30 + timeout_test=$((timeout_poll * 2 + 1)) + mptcp_connect="" + do_all_tests=1 ++iptables="iptables" ++ip6tables="ip6tables" + + add_mark_rules() + { + local ns=$1 + local m=$2 + +- for t in iptables ip6tables; do ++ for t in ${iptables} ${ip6tables}; do + # just to debug: check we have multiple subflows connection requests + ip netns exec $ns $t -A OUTPUT -p tcp --syn -m mark --mark $m -j ACCEPT + +@@ -90,14 +92,14 @@ if [ $? -ne 0 ];then + exit $ksft_skip + fi + +-iptables -V > /dev/null 2>&1 +-if [ $? -ne 0 ];then ++# Use the legacy version if available to support old kernel versions ++if iptables-legacy -V &> /dev/null; then ++ iptables="iptables-legacy" ++ ip6tables="ip6tables-legacy" ++elif ! iptables -V &> /dev/null; then + echo "SKIP: Could not run all tests without iptables tool" + exit $ksft_skip +-fi +- +-ip6tables -V > /dev/null 2>&1 +-if [ $? -ne 0 ];then ++elif ! ip6tables -V &> /dev/null; then + echo "SKIP: Could not run all tests without ip6tables tool" + exit $ksft_skip + fi +@@ -107,10 +109,10 @@ check_mark() + local ns=$1 + local af=$2 + +- tables=iptables ++ tables=${iptables} + + if [ $af -eq 6 ];then +- tables=ip6tables ++ tables=${ip6tables} + fi + + counters=$(ip netns exec $ns $tables -v -L OUTPUT | grep DROP) diff --git a/queue-5.15/series b/queue-5.15/series index 19aad76107d..02d98952114 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -149,3 +149,4 @@ tracing-fix-trace_event_raw_event_synth-if-else-statement.patch acpi-processor-perflib-use-the-no-limit-frequency-qos.patch acpi-processor-perflib-avoid-updating-frequency-qos-unnecessarily.patch cpufreq-intel_pstate-drop-acpi-_pss-states-table-patching.patch +selftests-mptcp-sockopt-use-iptables-legacy-if-available.patch -- 2.47.3