mirror of
https://github.com/moby/moby.git
synced 2026-01-11 18:51:37 +00:00
105b9834fb
Some newer distros such as RHEL 9 have stopped making the xt_u32 kernel module available with the kernels they ship. They do ship the xt_bpf kernel module, which can do everything xt_u32 can and more. Add an alternative implementation of the iptables match rule which uses xt_bpf to implement exactly the same logic as the u32 filter using a BPF program. Try programming the BPF-powered rules as a fallback when programming the u32-powered rules fails. Signed-off-by: Cory Snider <csnider@mirantis.com>
15 lines
263 B
Go
15 lines
263 B
Go
package overlay
|
|
|
|
import (
|
|
"testing"
|
|
)
|
|
|
|
func FuzzVNIMatchBPFDoesNotPanic(f *testing.F) {
|
|
for _, seed := range []uint32{0, 1, 42, 0xfffffe, 0xffffff, 0xfffffffe, 0xffffffff} {
|
|
f.Add(seed)
|
|
}
|
|
f.Fuzz(func(t *testing.T, vni uint32) {
|
|
_ = vniMatchBPF(vni)
|
|
})
|
|
}
|