Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 890628 - net-firewall/iptables-1.8.9 fails tests: FAIL: xlate-test.py
Summary: net-firewall/iptables-1.8.9 fails tests: FAIL: xlate-test.py
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal with 1 vote (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords: PullRequest, TESTFAILURE
Depends on:
Blocks:
 
Reported: 2023-01-13 09:19 UTC by Agostino Sarubbo
Modified: 2024-02-29 19:08 UTC (History)
7 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
build.log (build.log,150.39 KB, text/plain)
2023-01-13 09:19 UTC, Agostino Sarubbo
Details
1-test-suite.log (1-test-suite.log,2.34 KB, text/plain)
2023-01-13 09:19 UTC, Agostino Sarubbo
Details
iptables-1.8.9:20230703-102630.log.gz (iptables-1.8.9:20230703-102630.log.gz,17.57 KB, application/gzip)
2023-07-03 10:37 UTC, Paolo Pedroni
Details
Test-suite with enabled nftables (test-suite.log,59.23 KB, text/plain)
2023-09-18 22:57 UTC, Andy
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2023-01-13 09:19:50 UTC
https://blogs.gentoo.org/ago/2020/07/04/gentoo-tinderbox/

Issue: net-firewall/iptables-1.8.9 fails tests.
Discovered on: amd64 (internal ref: ci)
Comment 1 Agostino Sarubbo gentoo-dev 2023-01-13 09:19:52 UTC
Created attachment 848340 [details]
build.log

build log and emerge --info
Comment 2 Agostino Sarubbo gentoo-dev 2023-01-13 09:19:53 UTC
Created attachment 848342 [details]
1-test-suite.log

1-test-suite.log
Comment 3 Agostino Sarubbo gentoo-dev 2023-01-13 09:19:54 UTC
Error(s) that match a know pattern in addition to what has been reported in the summary:


FAIL: xlate-test.py
WARNING: libnetfilter_conntrack not found, connlabel match will not be built
Comment 4 tka 2023-01-14 15:13:57 UTC
From test-suite.log:

FileNotFoundError: [Errno 2] No such file or directory: '/var/tmp/portage/net-firewall/iptables-1.8.9/work/iptables-1.8.9/iptables/xtables-nft-multi'

It looks like the test only works when USE=nftables is set. The test suite should skip the test if xtables-nft-multi is not available.
Comment 5 Paolo Pedroni 2023-07-03 10:37:07 UTC
Created attachment 865089 [details]
iptables-1.8.9:20230703-102630.log.gz

It fails with USE=nftables as well.

SKIP: iptables/tests/shell/run-tests.sh
SKIP: iptables-test.py
FAIL: xlate-test.py
============================================================================
Testsuite summary for iptables 1.8.9
============================================================================
# TOTAL: 3
# PASS:  0
# SKIP:  2
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0
============================================================================
See ./test-suite.log
============================================================================
make[3]: *** [Makefile:798: test-suite.log] Error 1
make[3]: Leaving directory '/var/tmp/portage/net-firewall/iptables-1.8.9/work/iptables-1.8.9'
make[2]: *** [Makefile:906: check-TESTS] Error 2
make[2]: Leaving directory '/var/tmp/portage/net-firewall/iptables-1.8.9/work/iptables-1.8.9'
make[1]: *** [Makefile:1155: check-am] Error 2
make[1]: Leaving directory '/var/tmp/portage/net-firewall/iptables-1.8.9/work/iptables-1.8.9'
make: *** [Makefile:683: check-recursive] Error 1
 * ERROR: net-firewall/iptables-1.8.9::gentoo failed (test phase):
 *   Make check failed. See above for details.

From test-suite.log:
FAIL: xlate-test.py
===================

extensions/libip6t_mh.txlate: Fail
src: ip6tables-translate -A INPUT -p mh --mh-type 1 -j ACCEPT
exp: nft 'add rule ip6 filter INPUT meta l4proto mobility-header mh type 1 counter accept'
res: nft 'add rule ip6 filter INPUT meta l4proto 135 mh type 1 counter accept'

extensions/libip6t_mh.txlate: Fail
src: ip6tables-translate -A INPUT -p mh --mh-type 1:3 -j ACCEPT
exp: nft 'add rule ip6 filter INPUT meta l4proto mobility-header mh type 1-3 counter accept'
res: nft 'add rule ip6 filter INPUT meta l4proto 135 mh type 1-3 counter accept'
extensions/generic.txlate: OK
extensions/libebt_dnat.txlate: OK
[...]
extensions/libxt_udp.txlate: OK
81 test files, 397 tests, 395 tests passed, 0 tests failed, 2 errors
FAIL xlate-test.py (exit status: 254)

# emerge --info =net-firewall/iptables-1.8.9
Portage 3.0.46 (python 3.11.4-final-0, default/linux/amd64/17.1/desktop/plasma/systemd/merged-usr, gcc-12, glibc-2.37-r3, 6.1.31-gentoo x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-6.1.31-gentoo-x86_64-AMD_Ryzen_7_5700G_with_Radeon_Graphics-with-glibc2.37
KiB Mem:    65120640 total,  10262164 free
KiB Swap:   67108860 total,  66749180 free
Timestamp of repository gentoo: Mon, 03 Jul 2023 07:15:01 +0000
Head commit of repository gentoo: a1c2c472e62207ae8bb106afa0d2fce954332244
sh dash 0.5.12
ld GNU ld (Gentoo 2.40 p5) 2.40.0
distcc 3.4 x86_64-pc-linux-gnu [disabled]
ccache version 4.8.2 [disabled]
app-misc/pax-utils:        1.3.5::gentoo
app-shells/bash:           5.1_p16-r6::gentoo
dev-java/java-config:      2.3.1-r1::gentoo
dev-lang/perl:             5.36.1-r2::gentoo
dev-lang/python:           3.11.4::gentoo
dev-lang/rust:             1.69.0-r1::gentoo
dev-util/ccache:           4.8.2::gentoo
dev-util/cmake:            3.26.4-r1::gentoo
dev-util/meson:            1.1.1::gentoo
sys-apps/baselayout:       2.13-r1::gentoo
sys-apps/sandbox:          2.32::gentoo
sys-apps/systemd:          253.3-r1::gentoo
sys-devel/autoconf:        2.71-r6::gentoo
sys-devel/automake:        1.16.5::gentoo
sys-devel/binutils:        2.40-r5::gentoo
sys-devel/binutils-config: 5.5::gentoo
sys-devel/clang:           15.0.7-r1::gentoo, 16.0.5::gentoo
sys-devel/gcc:             12.3.1_p20230526::gentoo
sys-devel/gcc-config:      2.11::gentoo
sys-devel/libtool:         2.4.7-r1::gentoo
sys-devel/lld:             15.0.7::gentoo, 16.0.5::gentoo
sys-devel/llvm:            15.0.7-r3::gentoo, 16.0.5::gentoo
sys-devel/make:            4.4.1-r1::gentoo
sys-kernel/linux-headers:  6.1::gentoo (virtual/os-headers)
sys-libs/glibc:            2.37-r3::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: rsync
    sync-uri: rsync://rsync.europe.gentoo.org/gentoo-portage
    priority: -1000
    volatile: True
    sync-rsync-extra-opts: 
    sync-rsync-verify-max-age: 24
    sync-rsync-verify-jobs: 1
    sync-rsync-verify-metamanifest: yes

x-portage
    location: /usr/local/portage
    masters: gentoo
    priority: 0
    volatile: True

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="@FREE"
AR="/usr/bin/gcc-ar"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -frecord-gcc-switches -march=znver3 -ftree-vectorize -flto=8"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/easy-rsa /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d"
CXXFLAGS="-O2 -pipe -frecord-gcc-switches -march=znver3 -ftree-vectorize -flto=8"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS="--keep-going y --with-bdeps y"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-O2 -pipe -frecord-gcc-switches -march=znver3 -ftree-vectorize -flto=8"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg-live cgroup compress-build-logs config-protect-if-modified distlocks ebuild-locks ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms sign split-elog split-log strict test unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe -frecord-gcc-switches -march=znver3 -ftree-vectorize -flto=8"
GENTOO_MIRRORS="http://ftp.tu-ilmenau.de/mirror/gentoo/ https://ftp.tu-ilmenau.de/mirror/gentoo/ http://mirror.init7.net/gentoo/ https://mirror.init7.net/gentoo/ntoo/"
LANG="it_IT.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu -Wl,--sort-common -ftree-vectorize -flto=8"
LEX="flex"
LINGUAS="it it_IT"
MAKEOPTS="-j16 -l16"
NM="/usr/bin/gcc-nm"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
RANLIB="/usr/bin/gcc-ranlib"
SHELL="/bin/bash"
USE="X a52 aac aalib acl acpi activities adns alsa amd64 ao audiofile bash-completion bluetooth branding brotli bzip2 cairo caps cdda cddb cdparanoia cdr cli crypt css cups curl dbus declarative dga djvu dri dts dvd dvdr encode exif expat fbcon ffmpeg fftw flac fontconfig foomaticdb fortran ftp gd gdbm geoip gif gimp gmp gnutls gphoto2 gpm graphviz gstreamer gtk gui guile handbook iconv icu idn imagemagick imlib introspection ipv6 java javascript jbig jemalloc jpeg jpeg2k kde kwallet lame lcms libass libnotify libsamplerate libtirpc lm-sensors lua lz4 lzma lzo mad magic mhash mmap mng mp3 mp4 mpeg multilib musicbrainz ncurses nls nptl offensive ogg openal opengl openmp opus pam pango pcre pdf pipewire plasma png policykit postscript ppds pulseaudio qml qt5 rdesktop readline recode samba screencast sctp sdl seccomp sndfile sockets sound speex spell sqlite ssl startup-notification svg symlink syslog systemd sysvipc taglib telemetry test test-rust theora threads tidy tiff truetype udev udisks unicode upower usb v4l vaapi vala verify-sig vim-syntax vnc vorbis vulkan wavpack wayland webp widgets win32codecs wmf wxwidgets x264 xattr xcb xft xinerama xml xpm xscreensaver xv xvid yahoo zip zlib zstd" ABI_X86="64" ADA_TARGET="gnat_2021" ALSA_CARDS="hda-intel virmidi" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" CURL_SSL="gnutls" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput" KERNEL="linux" L10N="it en" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LLVM_TARGETS="AMDGPU" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-1" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_11" PYTHON_TARGETS="python3_11" RUBY_TARGETS="ruby31" VIDEO_CARDS="amdgpu radeon radeonsi" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS

=================================================================
                        Package Settings
=================================================================

net-firewall/iptables-1.8.9::gentoo was built with the following:
USE="conntrack netlink nftables pcap (-split-usr) -static-libs" ABI_X86="(64)"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg-live cgroup compress-build-logs config-protect-if-modified distlocks ebuild-locks ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms sign split-elog split-log strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"

# emerge -1pqv =net-firewall/iptables-1.8.9
[ebuild   R   ] net-firewall/iptables-1.8.9  USE="conntrack netlink nftables pcap (-split-usr) -static-libs"
Comment 6 Andy 2023-09-18 22:45:59 UTC
(In reply to tka from comment #4)
> From test-suite.log:
> 
> FileNotFoundError: [Errno 2] No such file or directory:
> '/var/tmp/portage/net-firewall/iptables-1.8.9/work/iptables-1.8.9/iptables/
> xtables-nft-multi'
> 
> It looks like the test only works when USE=nftables is set. The test suite
> should skip the test if xtables-nft-multi is not available.

Test also fails with active nftables USE flag
Comment 7 Andy 2023-09-18 22:57:55 UTC
Created attachment 870901 [details]
Test-suite with enabled nftables

The tests also fails, now with the information "(nf_tables) Failed to initialize nft: Protocol not supported"
But nftables modules are enabled in the kernel, so interface should be present.
Comment 8 A. Wilcox (awilfox) 2023-11-28 06:09:54 UTC
There seem to be multiple failures here.  Some with nft not being available, and the one in comment 5 appears to be that 'mobility-header' is not known as an l4proto so it gives the numeric value instead (which causes the output to not match).

My system on amd64/glibc stable failed with the same as comment 4: USE=-nftables, so xtables-nft-multi was not found.
Comment 9 matoro archtester 2023-12-08 01:21:16 UTC
Should probably start by setting REQUIRED_USE="test? ( nftables )" and then proceed from there.
Comment 10 Larry the Git Cow gentoo-dev 2024-01-30 09:18:16 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19afa78e9acb241201c7beb58587c1b5fa4919b3

commit 19afa78e9acb241201c7beb58587c1b5fa4919b3
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-01-30 09:16:26 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-01-30 09:18:00 +0000

    net-firewall/iptables: tests need nftables
    
    Bug: https://bugs.gentoo.org/890628
    Signed-off-by: Sam James <sam@gentoo.org>

 net-firewall/iptables/iptables-1.8.10.ebuild   | 5 ++++-
 net-firewall/iptables/iptables-1.8.9-r1.ebuild | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)
Comment 11 matoro archtester 2024-01-30 16:26:08 UTC
Last issue, this also needs to force USE=conntrack, but then the test itself fails!

FAIL: xlate-test.py
===================
 
extensions/libip6t_mh.txlate: Fail
src: ip6tables-translate -A INPUT -p mh --mh-type 1 -j ACCEPT
exp: nft 'add rule ip6 filter INPUT meta l4proto mobility-header mh type 1 counter accept'
res: nft 'add rule ip6 filter INPUT meta l4proto 135 mh type 1 counter accept'
 
extensions/libip6t_mh.txlate: Fail
src: ip6tables-translate -A INPUT -p mh --mh-type 1:3 -j ACCEPT
exp: nft 'add rule ip6 filter INPUT meta l4proto mobility-header mh type 1-3 counter accept'
res: nft 'add rule ip6 filter INPUT meta l4proto 135 mh type 1-3 counter accept'


This still seems to be broken upstream, I can see about sending a patch.
Comment 12 matoro archtester 2024-01-30 16:36:42 UTC
Actually this might not be so simple, there was actually a patch upstream but BACKWARDS:  https://git.netfilter.org/iptables/commit/?id=5839d7fe62ff667af7132fc7d589b386951f27b3
Comment 13 Larry the Git Cow gentoo-dev 2024-02-02 04:44:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=752b636d41ea576684ca61923c016c818cbb7b45

commit 752b636d41ea576684ca61923c016c818cbb7b45
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-02-02 04:41:00 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-02-02 04:41:00 +0000

    net-firewall/iptables: require conntrack for tests too
    
    Bug: https://bugs.gentoo.org/890628
    Signed-off-by: Sam James <sam@gentoo.org>

 net-firewall/iptables/iptables-1.8.10.ebuild   | 2 +-
 net-firewall/iptables/iptables-1.8.9-r1.ebuild | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
Comment 14 matoro archtester 2024-02-28 21:36:10 UTC
I've submitted https://bugzilla.netfilter.org/show_bug.cgi?id=1738 upstream.
Comment 15 Larry the Git Cow gentoo-dev 2024-02-29 19:08:06 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/baselayout.git/commit/?id=d50f1cd0f995b6d8837032cf48a443b21bb62c75

commit d50f1cd0f995b6d8837032cf48a443b21bb62c75
Author:     Matoro Mahri <matoro_gentoo@matoro.tk>
AuthorDate: 2024-02-29 15:57:31 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2024-02-29 19:07:44 +0000

    etc/protocols: add mobility-header (135)
    
    Missing this makes net-firewall/iptables tests fail.
    
    See: https://bugzilla.netfilter.org/show_bug.cgi?id=1738
    Bug: https://bugs.gentoo.org/890628
    Closes: https://github.com/gentoo/baselayout/pull/6
    Signed-off-by: Matoro Mahri <matoro_gentoo@matoro.tk>
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 etc/protocols | 1 +
 1 file changed, 1 insertion(+)