On Mon, Jun 10, 2024 at 11:51:53PM +0530, Harshit Mogalapalli wrote:
Hello netfilter developers,
Do we have any tests that we could run before sending a stable backport in netfilter/ subsystem to stable@vger ?
Let us say we have a CVE fix which is only backported till 5.10.y but it is needed is 5.4.y and 4.19.y, the backport might need to easy to make, just fixing some conflicts due to contextual changes or missing commits.
Which one in particular is missing?
One question that comes in my mind is did I test that particular code, often testing that particular code is tough unless the reproducer is public. So I thought it would be good to learn about any netfilter test suite(set of tests) to run before sending a backport to stable kernel which might ensure we don't introduce regressions.
There is tests/shell under the nftables userspace tree, it also detected the features that are available in your kernel.