From 5927206081e08a9b7ba176f2abebfa65cb42dc59 Mon Sep 17 00:00:00 2001
From: Simon Deziel <simon.deziel@canonical.com>
Date: Thu, 10 Oct 2024 09:52:32 -0400
Subject: [PATCH] github: unload br_netfilter module

This modules is not normally loaded on stock Ubuntu installs but it is on GHA
runners.

Fixes https://github.com/canonical/lxd/issues/13069

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
---
 .github/workflows/tests.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 22a3b756..d0710d4c 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -237,6 +237,15 @@ jobs:
           sudo ip link delete docker0
           sudo nft flush ruleset || sudo iptables -I DOCKER-USER -j ACCEPT
 
+      - name: "Disable br_netfilter"
+        run: |
+          set -eux
+          # XXX: br_netfilter causes subtle issues by subjecting internal
+          #      bridge traffic to NAT/MASQUERADING and IP filtering. This
+          #      modules is not normally loaded on stock Ubuntu installs but it
+          #      is on GHA runners.
+          lsmod | grep -qw ^br_netfilter && sudo modprobe -r br_netfilter
+
       - name: Checkout
         uses: actions/checkout@v4