diff options
author | Björn Bidar | 2022-09-06 03:05:45 +0300 |
---|---|---|
committer | Björn Bidar | 2022-09-06 15:55:49 +0300 |
commit | dafa8d62d3f6493d66afc5d568273f5a7e7b8924 (patch) | |
tree | e41709bc271bbf6671ce34c491a455ff08547e34 /0063-testing-selftests-nft_flowtable.sh-use-random-netns-.patch | |
parent | 0c2ed81feac01240fdc5ed571ed3b563ec0dbec2 (diff) | |
download | aur-dafa8d62d3f6493d66afc5d568273f5a7e7b8924.tar.gz |
Update to 5.19.7.pf3-1
- New upstream release based on 5.19.6
- Add linux-5.19.7 stable patches
- Sync kernel config with Arch and Arch32
- Always package objtool, fixes #9.
- Remove patch for kernel#211005 as it commited upstream
Signed-off-by: Björn Bidar <bjorn.bidar@thaodan.de>
Diffstat (limited to '0063-testing-selftests-nft_flowtable.sh-use-random-netns-.patch')
-rw-r--r-- | 0063-testing-selftests-nft_flowtable.sh-use-random-netns-.patch | 428 |
1 files changed, 428 insertions, 0 deletions
diff --git a/0063-testing-selftests-nft_flowtable.sh-use-random-netns-.patch b/0063-testing-selftests-nft_flowtable.sh-use-random-netns-.patch new file mode 100644 index 000000000000..f8796362ab4c --- /dev/null +++ b/0063-testing-selftests-nft_flowtable.sh-use-random-netns-.patch @@ -0,0 +1,428 @@ +From 503728838bdf9b8fd50ff1f89d47668e922880aa Mon Sep 17 00:00:00 2001 +From: Florian Westphal <fw@strlen.de> +Date: Tue, 16 Aug 2022 14:15:21 +0200 +Subject: [PATCH 63/73] testing: selftests: nft_flowtable.sh: use random netns + names + +[ Upstream commit b71b7bfeac38c7a21c423ddafb29aa6258949df8 ] + +"ns1" is a too generic name, use a random suffix to avoid +errors when such a netns exists. Also allows to run multiple +instances of the script in parallel. + +Signed-off-by: Florian Westphal <fw@strlen.de> +Signed-off-by: Sasha Levin <sashal@kernel.org> +--- + .../selftests/netfilter/nft_flowtable.sh | 246 +++++++++--------- + 1 file changed, 128 insertions(+), 118 deletions(-) + +diff --git a/tools/testing/selftests/netfilter/nft_flowtable.sh b/tools/testing/selftests/netfilter/nft_flowtable.sh +index d4ffebb989f8..c336e6c148d1 100755 +--- a/tools/testing/selftests/netfilter/nft_flowtable.sh ++++ b/tools/testing/selftests/netfilter/nft_flowtable.sh +@@ -14,6 +14,11 @@ + # nft_flowtable.sh -o8000 -l1500 -r2000 + # + ++sfx=$(mktemp -u "XXXXXXXX") ++ns1="ns1-$sfx" ++ns2="ns2-$sfx" ++nsr1="nsr1-$sfx" ++nsr2="nsr2-$sfx" + + # Kselftest framework requirement - SKIP code is 4. + ksft_skip=4 +@@ -36,18 +41,17 @@ checktool (){ + checktool "nft --version" "run test without nft tool" + checktool "ip -Version" "run test without ip tool" + checktool "which nc" "run test without nc (netcat)" +-checktool "ip netns add nsr1" "create net namespace" ++checktool "ip netns add $nsr1" "create net namespace $nsr1" + +-ip netns add ns1 +-ip netns add ns2 +- +-ip netns add nsr2 ++ip netns add $ns1 ++ip netns add $ns2 ++ip netns add $nsr2 + + cleanup() { +- for i in 1 2; do +- ip netns del ns$i +- ip netns del nsr$i +- done ++ ip netns del $ns1 ++ ip netns del $ns2 ++ ip netns del $nsr1 ++ ip netns del $nsr2 + + rm -f "$ns1in" "$ns1out" + rm -f "$ns2in" "$ns2out" +@@ -59,22 +63,21 @@ trap cleanup EXIT + + sysctl -q net.netfilter.nf_log_all_netns=1 + +-ip link add veth0 netns nsr1 type veth peer name eth0 netns ns1 +-ip link add veth1 netns nsr1 type veth peer name veth0 netns nsr2 ++ip link add veth0 netns $nsr1 type veth peer name eth0 netns $ns1 ++ip link add veth1 netns $nsr1 type veth peer name veth0 netns $nsr2 + +-ip link add veth1 netns nsr2 type veth peer name eth0 netns ns2 ++ip link add veth1 netns $nsr2 type veth peer name eth0 netns $ns2 + + for dev in lo veth0 veth1; do +- for i in 1 2; do +- ip -net nsr$i link set $dev up +- done ++ ip -net $nsr1 link set $dev up ++ ip -net $nsr2 link set $dev up + done + +-ip -net nsr1 addr add 10.0.1.1/24 dev veth0 +-ip -net nsr1 addr add dead:1::1/64 dev veth0 ++ip -net $nsr1 addr add 10.0.1.1/24 dev veth0 ++ip -net $nsr1 addr add dead:1::1/64 dev veth0 + +-ip -net nsr2 addr add 10.0.2.1/24 dev veth1 +-ip -net nsr2 addr add dead:2::1/64 dev veth1 ++ip -net $nsr2 addr add 10.0.2.1/24 dev veth1 ++ip -net $nsr2 addr add dead:2::1/64 dev veth1 + + # set different MTUs so we need to push packets coming from ns1 (large MTU) + # to ns2 (smaller MTU) to stack either to perform fragmentation (ip_no_pmtu_disc=1), +@@ -106,49 +109,56 @@ do + esac + done + +-if ! ip -net nsr1 link set veth0 mtu $omtu; then ++if ! ip -net $nsr1 link set veth0 mtu $omtu; then + exit 1 + fi + +-ip -net ns1 link set eth0 mtu $omtu ++ip -net $ns1 link set eth0 mtu $omtu + +-if ! ip -net nsr2 link set veth1 mtu $rmtu; then ++if ! ip -net $nsr2 link set veth1 mtu $rmtu; then + exit 1 + fi + +-ip -net ns2 link set eth0 mtu $rmtu ++ip -net $ns2 link set eth0 mtu $rmtu + + # transfer-net between nsr1 and nsr2. + # these addresses are not used for connections. +-ip -net nsr1 addr add 192.168.10.1/24 dev veth1 +-ip -net nsr1 addr add fee1:2::1/64 dev veth1 +- +-ip -net nsr2 addr add 192.168.10.2/24 dev veth0 +-ip -net nsr2 addr add fee1:2::2/64 dev veth0 +- +-for i in 1 2; do +- ip netns exec nsr$i sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null +- ip netns exec nsr$i sysctl net.ipv4.conf.veth1.forwarding=1 > /dev/null +- +- ip -net ns$i link set lo up +- ip -net ns$i link set eth0 up +- ip -net ns$i addr add 10.0.$i.99/24 dev eth0 +- ip -net ns$i route add default via 10.0.$i.1 +- ip -net ns$i addr add dead:$i::99/64 dev eth0 +- ip -net ns$i route add default via dead:$i::1 +- if ! ip netns exec ns$i sysctl net.ipv4.tcp_no_metrics_save=1 > /dev/null; then ++ip -net $nsr1 addr add 192.168.10.1/24 dev veth1 ++ip -net $nsr1 addr add fee1:2::1/64 dev veth1 ++ ++ip -net $nsr2 addr add 192.168.10.2/24 dev veth0 ++ip -net $nsr2 addr add fee1:2::2/64 dev veth0 ++ ++for i in 0 1; do ++ ip netns exec $nsr1 sysctl net.ipv4.conf.veth$i.forwarding=1 > /dev/null ++ ip netns exec $nsr2 sysctl net.ipv4.conf.veth$i.forwarding=1 > /dev/null ++done ++ ++for ns in $ns1 $ns2;do ++ ip -net $ns link set lo up ++ ip -net $ns link set eth0 up ++ ++ if ! ip netns exec $ns sysctl net.ipv4.tcp_no_metrics_save=1 > /dev/null; then + echo "ERROR: Check Originator/Responder values (problem during address addition)" + exit 1 + fi +- + # don't set ip DF bit for first two tests +- ip netns exec ns$i sysctl net.ipv4.ip_no_pmtu_disc=1 > /dev/null ++ ip netns exec $ns sysctl net.ipv4.ip_no_pmtu_disc=1 > /dev/null + done + +-ip -net nsr1 route add default via 192.168.10.2 +-ip -net nsr2 route add default via 192.168.10.1 ++ip -net $ns1 addr add 10.0.1.99/24 dev eth0 ++ip -net $ns2 addr add 10.0.2.99/24 dev eth0 ++ip -net $ns1 route add default via 10.0.1.1 ++ip -net $ns2 route add default via 10.0.2.1 ++ip -net $ns1 addr add dead:1::99/64 dev eth0 ++ip -net $ns2 addr add dead:2::99/64 dev eth0 ++ip -net $ns1 route add default via dead:1::1 ++ip -net $ns2 route add default via dead:2::1 ++ ++ip -net $nsr1 route add default via 192.168.10.2 ++ip -net $nsr2 route add default via 192.168.10.1 + +-ip netns exec nsr1 nft -f - <<EOF ++ip netns exec $nsr1 nft -f - <<EOF + table inet filter { + flowtable f1 { + hook ingress priority 0 +@@ -197,18 +207,18 @@ if [ $? -ne 0 ]; then + fi + + # test basic connectivity +-if ! ip netns exec ns1 ping -c 1 -q 10.0.2.99 > /dev/null; then +- echo "ERROR: ns1 cannot reach ns2" 1>&2 ++if ! ip netns exec $ns1 ping -c 1 -q 10.0.2.99 > /dev/null; then ++ echo "ERROR: $ns1 cannot reach ns2" 1>&2 + exit 1 + fi + +-if ! ip netns exec ns2 ping -c 1 -q 10.0.1.99 > /dev/null; then +- echo "ERROR: ns2 cannot reach ns1" 1>&2 ++if ! ip netns exec $ns2 ping -c 1 -q 10.0.1.99 > /dev/null; then ++ echo "ERROR: $ns2 cannot reach $ns1" 1>&2 + exit 1 + fi + + if [ $ret -eq 0 ];then +- echo "PASS: netns routing/connectivity: ns1 can reach ns2" ++ echo "PASS: netns routing/connectivity: $ns1 can reach $ns2" + fi + + ns1in=$(mktemp) +@@ -312,24 +322,24 @@ make_file "$ns2in" + + # First test: + # No PMTU discovery, nsr1 is expected to fragment packets from ns1 to ns2 as needed. +-if test_tcp_forwarding ns1 ns2; then ++if test_tcp_forwarding $ns1 $ns2; then + echo "PASS: flow offloaded for ns1/ns2" + else + echo "FAIL: flow offload for ns1/ns2:" 1>&2 +- ip netns exec nsr1 nft list ruleset ++ ip netns exec $nsr1 nft list ruleset + ret=1 + fi + + # delete default route, i.e. ns2 won't be able to reach ns1 and + # will depend on ns1 being masqueraded in nsr1. + # expect ns1 has nsr1 address. +-ip -net ns2 route del default via 10.0.2.1 +-ip -net ns2 route del default via dead:2::1 +-ip -net ns2 route add 192.168.10.1 via 10.0.2.1 ++ip -net $ns2 route del default via 10.0.2.1 ++ip -net $ns2 route del default via dead:2::1 ++ip -net $ns2 route add 192.168.10.1 via 10.0.2.1 + + # Second test: + # Same, but with NAT enabled. +-ip netns exec nsr1 nft -f - <<EOF ++ip netns exec $nsr1 nft -f - <<EOF + table ip nat { + chain prerouting { + type nat hook prerouting priority 0; policy accept; +@@ -343,47 +353,47 @@ table ip nat { + } + EOF + +-if test_tcp_forwarding_nat ns1 ns2; then ++if test_tcp_forwarding_nat $ns1 $ns2; then + echo "PASS: flow offloaded for ns1/ns2 with NAT" + else + echo "FAIL: flow offload for ns1/ns2 with NAT" 1>&2 +- ip netns exec nsr1 nft list ruleset ++ ip netns exec $nsr1 nft list ruleset + ret=1 + fi + + # Third test: + # Same as second test, but with PMTU discovery enabled. +-handle=$(ip netns exec nsr1 nft -a list table inet filter | grep something-to-grep-for | cut -d \# -f 2) ++handle=$(ip netns exec $nsr1 nft -a list table inet filter | grep something-to-grep-for | cut -d \# -f 2) + +-if ! ip netns exec nsr1 nft delete rule inet filter forward $handle; then ++if ! ip netns exec $nsr1 nft delete rule inet filter forward $handle; then + echo "FAIL: Could not delete large-packet accept rule" + exit 1 + fi + +-ip netns exec ns1 sysctl net.ipv4.ip_no_pmtu_disc=0 > /dev/null +-ip netns exec ns2 sysctl net.ipv4.ip_no_pmtu_disc=0 > /dev/null ++ip netns exec $ns1 sysctl net.ipv4.ip_no_pmtu_disc=0 > /dev/null ++ip netns exec $ns2 sysctl net.ipv4.ip_no_pmtu_disc=0 > /dev/null + +-if test_tcp_forwarding_nat ns1 ns2; then ++if test_tcp_forwarding_nat $ns1 $ns2; then + echo "PASS: flow offloaded for ns1/ns2 with NAT and pmtu discovery" + else + echo "FAIL: flow offload for ns1/ns2 with NAT and pmtu discovery" 1>&2 +- ip netns exec nsr1 nft list ruleset ++ ip netns exec $nsr1 nft list ruleset + fi + + # Another test: + # Add bridge interface br0 to Router1, with NAT enabled. +-ip -net nsr1 link add name br0 type bridge +-ip -net nsr1 addr flush dev veth0 +-ip -net nsr1 link set up dev veth0 +-ip -net nsr1 link set veth0 master br0 +-ip -net nsr1 addr add 10.0.1.1/24 dev br0 +-ip -net nsr1 addr add dead:1::1/64 dev br0 +-ip -net nsr1 link set up dev br0 ++ip -net $nsr1 link add name br0 type bridge ++ip -net $nsr1 addr flush dev veth0 ++ip -net $nsr1 link set up dev veth0 ++ip -net $nsr1 link set veth0 master br0 ++ip -net $nsr1 addr add 10.0.1.1/24 dev br0 ++ip -net $nsr1 addr add dead:1::1/64 dev br0 ++ip -net $nsr1 link set up dev br0 + +-ip netns exec nsr1 sysctl net.ipv4.conf.br0.forwarding=1 > /dev/null ++ip netns exec $nsr1 sysctl net.ipv4.conf.br0.forwarding=1 > /dev/null + + # br0 with NAT enabled. +-ip netns exec nsr1 nft -f - <<EOF ++ip netns exec $nsr1 nft -f - <<EOF + flush table ip nat + table ip nat { + chain prerouting { +@@ -398,59 +408,59 @@ table ip nat { + } + EOF + +-if test_tcp_forwarding_nat ns1 ns2; then ++if test_tcp_forwarding_nat $ns1 $ns2; then + echo "PASS: flow offloaded for ns1/ns2 with bridge NAT" + else + echo "FAIL: flow offload for ns1/ns2 with bridge NAT" 1>&2 +- ip netns exec nsr1 nft list ruleset ++ ip netns exec $nsr1 nft list ruleset + ret=1 + fi + + # Another test: + # Add bridge interface br0 to Router1, with NAT and VLAN. +-ip -net nsr1 link set veth0 nomaster +-ip -net nsr1 link set down dev veth0 +-ip -net nsr1 link add link veth0 name veth0.10 type vlan id 10 +-ip -net nsr1 link set up dev veth0 +-ip -net nsr1 link set up dev veth0.10 +-ip -net nsr1 link set veth0.10 master br0 +- +-ip -net ns1 addr flush dev eth0 +-ip -net ns1 link add link eth0 name eth0.10 type vlan id 10 +-ip -net ns1 link set eth0 up +-ip -net ns1 link set eth0.10 up +-ip -net ns1 addr add 10.0.1.99/24 dev eth0.10 +-ip -net ns1 route add default via 10.0.1.1 +-ip -net ns1 addr add dead:1::99/64 dev eth0.10 +- +-if test_tcp_forwarding_nat ns1 ns2; then ++ip -net $nsr1 link set veth0 nomaster ++ip -net $nsr1 link set down dev veth0 ++ip -net $nsr1 link add link veth0 name veth0.10 type vlan id 10 ++ip -net $nsr1 link set up dev veth0 ++ip -net $nsr1 link set up dev veth0.10 ++ip -net $nsr1 link set veth0.10 master br0 ++ ++ip -net $ns1 addr flush dev eth0 ++ip -net $ns1 link add link eth0 name eth0.10 type vlan id 10 ++ip -net $ns1 link set eth0 up ++ip -net $ns1 link set eth0.10 up ++ip -net $ns1 addr add 10.0.1.99/24 dev eth0.10 ++ip -net $ns1 route add default via 10.0.1.1 ++ip -net $ns1 addr add dead:1::99/64 dev eth0.10 ++ ++if test_tcp_forwarding_nat $ns1 $ns2; then + echo "PASS: flow offloaded for ns1/ns2 with bridge NAT and VLAN" + else + echo "FAIL: flow offload for ns1/ns2 with bridge NAT and VLAN" 1>&2 +- ip netns exec nsr1 nft list ruleset ++ ip netns exec $nsr1 nft list ruleset + ret=1 + fi + + # restore test topology (remove bridge and VLAN) +-ip -net nsr1 link set veth0 nomaster +-ip -net nsr1 link set veth0 down +-ip -net nsr1 link set veth0.10 down +-ip -net nsr1 link delete veth0.10 type vlan +-ip -net nsr1 link delete br0 type bridge +-ip -net ns1 addr flush dev eth0.10 +-ip -net ns1 link set eth0.10 down +-ip -net ns1 link set eth0 down +-ip -net ns1 link delete eth0.10 type vlan ++ip -net $nsr1 link set veth0 nomaster ++ip -net $nsr1 link set veth0 down ++ip -net $nsr1 link set veth0.10 down ++ip -net $nsr1 link delete veth0.10 type vlan ++ip -net $nsr1 link delete br0 type bridge ++ip -net $ns1 addr flush dev eth0.10 ++ip -net $ns1 link set eth0.10 down ++ip -net $ns1 link set eth0 down ++ip -net $ns1 link delete eth0.10 type vlan + + # restore address in ns1 and nsr1 +-ip -net ns1 link set eth0 up +-ip -net ns1 addr add 10.0.1.99/24 dev eth0 +-ip -net ns1 route add default via 10.0.1.1 +-ip -net ns1 addr add dead:1::99/64 dev eth0 +-ip -net ns1 route add default via dead:1::1 +-ip -net nsr1 addr add 10.0.1.1/24 dev veth0 +-ip -net nsr1 addr add dead:1::1/64 dev veth0 +-ip -net nsr1 link set up dev veth0 ++ip -net $ns1 link set eth0 up ++ip -net $ns1 addr add 10.0.1.99/24 dev eth0 ++ip -net $ns1 route add default via 10.0.1.1 ++ip -net $ns1 addr add dead:1::99/64 dev eth0 ++ip -net $ns1 route add default via dead:1::1 ++ip -net $nsr1 addr add 10.0.1.1/24 dev veth0 ++ip -net $nsr1 addr add dead:1::1/64 dev veth0 ++ip -net $nsr1 link set up dev veth0 + + KEY_SHA="0x"$(ps -xaf | sha1sum | cut -d " " -f 1) + KEY_AES="0x"$(ps -xaf | md5sum | cut -d " " -f 1) +@@ -480,23 +490,23 @@ do_esp() { + + } + +-do_esp nsr1 192.168.10.1 192.168.10.2 10.0.1.0/24 10.0.2.0/24 $SPI1 $SPI2 ++do_esp $nsr1 192.168.10.1 192.168.10.2 10.0.1.0/24 10.0.2.0/24 $SPI1 $SPI2 + +-do_esp nsr2 192.168.10.2 192.168.10.1 10.0.2.0/24 10.0.1.0/24 $SPI2 $SPI1 ++do_esp $nsr2 192.168.10.2 192.168.10.1 10.0.2.0/24 10.0.1.0/24 $SPI2 $SPI1 + +-ip netns exec nsr1 nft delete table ip nat ++ip netns exec $nsr1 nft delete table ip nat + + # restore default routes +-ip -net ns2 route del 192.168.10.1 via 10.0.2.1 +-ip -net ns2 route add default via 10.0.2.1 +-ip -net ns2 route add default via dead:2::1 ++ip -net $ns2 route del 192.168.10.1 via 10.0.2.1 ++ip -net $ns2 route add default via 10.0.2.1 ++ip -net $ns2 route add default via dead:2::1 + +-if test_tcp_forwarding ns1 ns2; then ++if test_tcp_forwarding $ns1 $ns2; then + echo "PASS: ipsec tunnel mode for ns1/ns2" + else + echo "FAIL: ipsec tunnel mode for ns1/ns2" +- ip netns exec nsr1 nft list ruleset 1>&2 +- ip netns exec nsr1 cat /proc/net/xfrm_stat 1>&2 ++ ip netns exec $nsr1 nft list ruleset 1>&2 ++ ip netns exec $nsr1 cat /proc/net/xfrm_stat 1>&2 + fi + + exit $ret +-- +2.37.3 + |