On 8/12/25 9:50 AM, Paolo Abeni wrote: > the mentioned self test failed in the last 2 CI iterations, on both > metal and debug build, with the following output: > > # PASS: flow offload for ns1/ns2 with dnat and pmtu discovery ns1 <- ns2 > # Error: Requested AUTH algorithm not found. > # Error: Requested AUTH algorithm not found. > # Error: Requested AUTH algorithm not found. > # Error: Requested AUTH algorithm not found. > # FAIL: file mismatch for ns1 -> ns2 > # -rw------- 1 root root 2097152 Aug 11 20:23 /tmp/tmp.x1oVr3mu0P > # -rw------- 1 root root 0 Aug 11 20:23 /tmp/tmp.77gElv9oit > # FAIL: file mismatch for ns1 <- ns2 > # -rw------- 1 root root 2097152 Aug 11 20:23 /tmp/tmp.x1oVr3mu0P > # -rw------- 1 root root 0 Aug 11 20:23 /tmp/tmp.ogDiTh8ZXf > # FAIL: ipsec tunnel mode for ns1/ns2 > > see, i.e.: > https://netdev-3.bots.linux.dev/vmksft-nf/results/249461/14-nft-flowtable-sh/ > > I don't see relevant patches landing in the relevant builds, I suspect > the relevant kernel config knob (CONFIG_CRYPTO_SHA1 ?) was always > missing in the ST config, pulled in by NIPA due to some CI setup tweak > possibly changed recently (Jakub could possibly have a better idea/view > about the latter). Could you please have a look? > > NIPA generates the kernel config and the kernel build itself with > something alike: > > rm -f .config > vng --build --config tools/testing/selftests/net/forwarding/config Addendum: others (not nft-related) tests (vrf-xfrm-tests.sh, xfrm_policy.sh) are failing apparently due to the same root cause (missing sha1 knob), so I guess it's really a NIPA issue. /P
