diff options
Diffstat (limited to '0063-testing-selftests-nft_flowtable.sh-use-random-netns-.patch')
-rw-r--r-- | 0063-testing-selftests-nft_flowtable.sh-use-random-netns-.patch | 428 |
1 files changed, 0 insertions, 428 deletions
diff --git a/0063-testing-selftests-nft_flowtable.sh-use-random-netns-.patch b/0063-testing-selftests-nft_flowtable.sh-use-random-netns-.patch deleted file mode 100644 index f8796362ab4c..000000000000 --- a/0063-testing-selftests-nft_flowtable.sh-use-random-netns-.patch +++ /dev/null @@ -1,428 +0,0 @@ -From 503728838bdf9b8fd50ff1f89d47668e922880aa Mon Sep 17 00:00:00 2001 -From: Florian Westphal <fw@strlen.de> -Date: Tue, 16 Aug 2022 14:15:21 +0200 -Subject: [PATCH 63/73] testing: selftests: nft_flowtable.sh: use random netns - names - -[ Upstream commit b71b7bfeac38c7a21c423ddafb29aa6258949df8 ] - -"ns1" is a too generic name, use a random suffix to avoid -errors when such a netns exists. Also allows to run multiple -instances of the script in parallel. - -Signed-off-by: Florian Westphal <fw@strlen.de> -Signed-off-by: Sasha Levin <sashal@kernel.org> ---- - .../selftests/netfilter/nft_flowtable.sh | 246 +++++++++--------- - 1 file changed, 128 insertions(+), 118 deletions(-) - -diff --git a/tools/testing/selftests/netfilter/nft_flowtable.sh b/tools/testing/selftests/netfilter/nft_flowtable.sh -index d4ffebb989f8..c336e6c148d1 100755 ---- a/tools/testing/selftests/netfilter/nft_flowtable.sh -+++ b/tools/testing/selftests/netfilter/nft_flowtable.sh -@@ -14,6 +14,11 @@ - # nft_flowtable.sh -o8000 -l1500 -r2000 - # - -+sfx=$(mktemp -u "XXXXXXXX") -+ns1="ns1-$sfx" -+ns2="ns2-$sfx" -+nsr1="nsr1-$sfx" -+nsr2="nsr2-$sfx" - - # Kselftest framework requirement - SKIP code is 4. - ksft_skip=4 -@@ -36,18 +41,17 @@ checktool (){ - checktool "nft --version" "run test without nft tool" - checktool "ip -Version" "run test without ip tool" - checktool "which nc" "run test without nc (netcat)" --checktool "ip netns add nsr1" "create net namespace" -+checktool "ip netns add $nsr1" "create net namespace $nsr1" - --ip netns add ns1 --ip netns add ns2 -- --ip netns add nsr2 -+ip netns add $ns1 -+ip netns add $ns2 -+ip netns add $nsr2 - - cleanup() { -- for i in 1 2; do -- ip netns del ns$i -- ip netns del nsr$i -- done -+ ip netns del $ns1 -+ ip netns del $ns2 -+ ip netns del $nsr1 -+ ip netns del $nsr2 - - rm -f "$ns1in" "$ns1out" - rm -f "$ns2in" "$ns2out" -@@ -59,22 +63,21 @@ trap cleanup EXIT - - sysctl -q net.netfilter.nf_log_all_netns=1 - --ip link add veth0 netns nsr1 type veth peer name eth0 netns ns1 --ip link add veth1 netns nsr1 type veth peer name veth0 netns nsr2 -+ip link add veth0 netns $nsr1 type veth peer name eth0 netns $ns1 -+ip link add veth1 netns $nsr1 type veth peer name veth0 netns $nsr2 - --ip link add veth1 netns nsr2 type veth peer name eth0 netns ns2 -+ip link add veth1 netns $nsr2 type veth peer name eth0 netns $ns2 - - for dev in lo veth0 veth1; do -- for i in 1 2; do -- ip -net nsr$i link set $dev up -- done -+ ip -net $nsr1 link set $dev up -+ ip -net $nsr2 link set $dev up - done - --ip -net nsr1 addr add 10.0.1.1/24 dev veth0 --ip -net nsr1 addr add dead:1::1/64 dev veth0 -+ip -net $nsr1 addr add 10.0.1.1/24 dev veth0 -+ip -net $nsr1 addr add dead:1::1/64 dev veth0 - --ip -net nsr2 addr add 10.0.2.1/24 dev veth1 --ip -net nsr2 addr add dead:2::1/64 dev veth1 -+ip -net $nsr2 addr add 10.0.2.1/24 dev veth1 -+ip -net $nsr2 addr add dead:2::1/64 dev veth1 - - # set different MTUs so we need to push packets coming from ns1 (large MTU) - # to ns2 (smaller MTU) to stack either to perform fragmentation (ip_no_pmtu_disc=1), -@@ -106,49 +109,56 @@ do - esac - done - --if ! ip -net nsr1 link set veth0 mtu $omtu; then -+if ! ip -net $nsr1 link set veth0 mtu $omtu; then - exit 1 - fi - --ip -net ns1 link set eth0 mtu $omtu -+ip -net $ns1 link set eth0 mtu $omtu - --if ! ip -net nsr2 link set veth1 mtu $rmtu; then -+if ! ip -net $nsr2 link set veth1 mtu $rmtu; then - exit 1 - fi - --ip -net ns2 link set eth0 mtu $rmtu -+ip -net $ns2 link set eth0 mtu $rmtu - - # transfer-net between nsr1 and nsr2. - # these addresses are not used for connections. --ip -net nsr1 addr add 192.168.10.1/24 dev veth1 --ip -net nsr1 addr add fee1:2::1/64 dev veth1 -- --ip -net nsr2 addr add 192.168.10.2/24 dev veth0 --ip -net nsr2 addr add fee1:2::2/64 dev veth0 -- --for i in 1 2; do -- ip netns exec nsr$i sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null -- ip netns exec nsr$i sysctl net.ipv4.conf.veth1.forwarding=1 > /dev/null -- -- ip -net ns$i link set lo up -- ip -net ns$i link set eth0 up -- ip -net ns$i addr add 10.0.$i.99/24 dev eth0 -- ip -net ns$i route add default via 10.0.$i.1 -- ip -net ns$i addr add dead:$i::99/64 dev eth0 -- ip -net ns$i route add default via dead:$i::1 -- if ! ip netns exec ns$i sysctl net.ipv4.tcp_no_metrics_save=1 > /dev/null; then -+ip -net $nsr1 addr add 192.168.10.1/24 dev veth1 -+ip -net $nsr1 addr add fee1:2::1/64 dev veth1 -+ -+ip -net $nsr2 addr add 192.168.10.2/24 dev veth0 -+ip -net $nsr2 addr add fee1:2::2/64 dev veth0 -+ -+for i in 0 1; do -+ ip netns exec $nsr1 sysctl net.ipv4.conf.veth$i.forwarding=1 > /dev/null -+ ip netns exec $nsr2 sysctl net.ipv4.conf.veth$i.forwarding=1 > /dev/null -+done -+ -+for ns in $ns1 $ns2;do -+ ip -net $ns link set lo up -+ ip -net $ns link set eth0 up -+ -+ if ! ip netns exec $ns sysctl net.ipv4.tcp_no_metrics_save=1 > /dev/null; then - echo "ERROR: Check Originator/Responder values (problem during address addition)" - exit 1 - fi -- - # don't set ip DF bit for first two tests -- ip netns exec ns$i sysctl net.ipv4.ip_no_pmtu_disc=1 > /dev/null -+ ip netns exec $ns sysctl net.ipv4.ip_no_pmtu_disc=1 > /dev/null - done - --ip -net nsr1 route add default via 192.168.10.2 --ip -net nsr2 route add default via 192.168.10.1 -+ip -net $ns1 addr add 10.0.1.99/24 dev eth0 -+ip -net $ns2 addr add 10.0.2.99/24 dev eth0 -+ip -net $ns1 route add default via 10.0.1.1 -+ip -net $ns2 route add default via 10.0.2.1 -+ip -net $ns1 addr add dead:1::99/64 dev eth0 -+ip -net $ns2 addr add dead:2::99/64 dev eth0 -+ip -net $ns1 route add default via dead:1::1 -+ip -net $ns2 route add default via dead:2::1 -+ -+ip -net $nsr1 route add default via 192.168.10.2 -+ip -net $nsr2 route add default via 192.168.10.1 - --ip netns exec nsr1 nft -f - <<EOF -+ip netns exec $nsr1 nft -f - <<EOF - table inet filter { - flowtable f1 { - hook ingress priority 0 -@@ -197,18 +207,18 @@ if [ $? -ne 0 ]; then - fi - - # test basic connectivity --if ! ip netns exec ns1 ping -c 1 -q 10.0.2.99 > /dev/null; then -- echo "ERROR: ns1 cannot reach ns2" 1>&2 -+if ! ip netns exec $ns1 ping -c 1 -q 10.0.2.99 > /dev/null; then -+ echo "ERROR: $ns1 cannot reach ns2" 1>&2 - exit 1 - fi - --if ! ip netns exec ns2 ping -c 1 -q 10.0.1.99 > /dev/null; then -- echo "ERROR: ns2 cannot reach ns1" 1>&2 -+if ! ip netns exec $ns2 ping -c 1 -q 10.0.1.99 > /dev/null; then -+ echo "ERROR: $ns2 cannot reach $ns1" 1>&2 - exit 1 - fi - - if [ $ret -eq 0 ];then -- echo "PASS: netns routing/connectivity: ns1 can reach ns2" -+ echo "PASS: netns routing/connectivity: $ns1 can reach $ns2" - fi - - ns1in=$(mktemp) -@@ -312,24 +322,24 @@ make_file "$ns2in" - - # First test: - # No PMTU discovery, nsr1 is expected to fragment packets from ns1 to ns2 as needed. --if test_tcp_forwarding ns1 ns2; then -+if test_tcp_forwarding $ns1 $ns2; then - echo "PASS: flow offloaded for ns1/ns2" - else - echo "FAIL: flow offload for ns1/ns2:" 1>&2 -- ip netns exec nsr1 nft list ruleset -+ ip netns exec $nsr1 nft list ruleset - ret=1 - fi - - # delete default route, i.e. ns2 won't be able to reach ns1 and - # will depend on ns1 being masqueraded in nsr1. - # expect ns1 has nsr1 address. --ip -net ns2 route del default via 10.0.2.1 --ip -net ns2 route del default via dead:2::1 --ip -net ns2 route add 192.168.10.1 via 10.0.2.1 -+ip -net $ns2 route del default via 10.0.2.1 -+ip -net $ns2 route del default via dead:2::1 -+ip -net $ns2 route add 192.168.10.1 via 10.0.2.1 - - # Second test: - # Same, but with NAT enabled. --ip netns exec nsr1 nft -f - <<EOF -+ip netns exec $nsr1 nft -f - <<EOF - table ip nat { - chain prerouting { - type nat hook prerouting priority 0; policy accept; -@@ -343,47 +353,47 @@ table ip nat { - } - EOF - --if test_tcp_forwarding_nat ns1 ns2; then -+if test_tcp_forwarding_nat $ns1 $ns2; then - echo "PASS: flow offloaded for ns1/ns2 with NAT" - else - echo "FAIL: flow offload for ns1/ns2 with NAT" 1>&2 -- ip netns exec nsr1 nft list ruleset -+ ip netns exec $nsr1 nft list ruleset - ret=1 - fi - - # Third test: - # Same as second test, but with PMTU discovery enabled. --handle=$(ip netns exec nsr1 nft -a list table inet filter | grep something-to-grep-for | cut -d \# -f 2) -+handle=$(ip netns exec $nsr1 nft -a list table inet filter | grep something-to-grep-for | cut -d \# -f 2) - --if ! ip netns exec nsr1 nft delete rule inet filter forward $handle; then -+if ! ip netns exec $nsr1 nft delete rule inet filter forward $handle; then - echo "FAIL: Could not delete large-packet accept rule" - exit 1 - fi - --ip netns exec ns1 sysctl net.ipv4.ip_no_pmtu_disc=0 > /dev/null --ip netns exec ns2 sysctl net.ipv4.ip_no_pmtu_disc=0 > /dev/null -+ip netns exec $ns1 sysctl net.ipv4.ip_no_pmtu_disc=0 > /dev/null -+ip netns exec $ns2 sysctl net.ipv4.ip_no_pmtu_disc=0 > /dev/null - --if test_tcp_forwarding_nat ns1 ns2; then -+if test_tcp_forwarding_nat $ns1 $ns2; then - echo "PASS: flow offloaded for ns1/ns2 with NAT and pmtu discovery" - else - echo "FAIL: flow offload for ns1/ns2 with NAT and pmtu discovery" 1>&2 -- ip netns exec nsr1 nft list ruleset -+ ip netns exec $nsr1 nft list ruleset - fi - - # Another test: - # Add bridge interface br0 to Router1, with NAT enabled. --ip -net nsr1 link add name br0 type bridge --ip -net nsr1 addr flush dev veth0 --ip -net nsr1 link set up dev veth0 --ip -net nsr1 link set veth0 master br0 --ip -net nsr1 addr add 10.0.1.1/24 dev br0 --ip -net nsr1 addr add dead:1::1/64 dev br0 --ip -net nsr1 link set up dev br0 -+ip -net $nsr1 link add name br0 type bridge -+ip -net $nsr1 addr flush dev veth0 -+ip -net $nsr1 link set up dev veth0 -+ip -net $nsr1 link set veth0 master br0 -+ip -net $nsr1 addr add 10.0.1.1/24 dev br0 -+ip -net $nsr1 addr add dead:1::1/64 dev br0 -+ip -net $nsr1 link set up dev br0 - --ip netns exec nsr1 sysctl net.ipv4.conf.br0.forwarding=1 > /dev/null -+ip netns exec $nsr1 sysctl net.ipv4.conf.br0.forwarding=1 > /dev/null - - # br0 with NAT enabled. --ip netns exec nsr1 nft -f - <<EOF -+ip netns exec $nsr1 nft -f - <<EOF - flush table ip nat - table ip nat { - chain prerouting { -@@ -398,59 +408,59 @@ table ip nat { - } - EOF - --if test_tcp_forwarding_nat ns1 ns2; then -+if test_tcp_forwarding_nat $ns1 $ns2; then - echo "PASS: flow offloaded for ns1/ns2 with bridge NAT" - else - echo "FAIL: flow offload for ns1/ns2 with bridge NAT" 1>&2 -- ip netns exec nsr1 nft list ruleset -+ ip netns exec $nsr1 nft list ruleset - ret=1 - fi - - # Another test: - # Add bridge interface br0 to Router1, with NAT and VLAN. --ip -net nsr1 link set veth0 nomaster --ip -net nsr1 link set down dev veth0 --ip -net nsr1 link add link veth0 name veth0.10 type vlan id 10 --ip -net nsr1 link set up dev veth0 --ip -net nsr1 link set up dev veth0.10 --ip -net nsr1 link set veth0.10 master br0 -- --ip -net ns1 addr flush dev eth0 --ip -net ns1 link add link eth0 name eth0.10 type vlan id 10 --ip -net ns1 link set eth0 up --ip -net ns1 link set eth0.10 up --ip -net ns1 addr add 10.0.1.99/24 dev eth0.10 --ip -net ns1 route add default via 10.0.1.1 --ip -net ns1 addr add dead:1::99/64 dev eth0.10 -- --if test_tcp_forwarding_nat ns1 ns2; then -+ip -net $nsr1 link set veth0 nomaster -+ip -net $nsr1 link set down dev veth0 -+ip -net $nsr1 link add link veth0 name veth0.10 type vlan id 10 -+ip -net $nsr1 link set up dev veth0 -+ip -net $nsr1 link set up dev veth0.10 -+ip -net $nsr1 link set veth0.10 master br0 -+ -+ip -net $ns1 addr flush dev eth0 -+ip -net $ns1 link add link eth0 name eth0.10 type vlan id 10 -+ip -net $ns1 link set eth0 up -+ip -net $ns1 link set eth0.10 up -+ip -net $ns1 addr add 10.0.1.99/24 dev eth0.10 -+ip -net $ns1 route add default via 10.0.1.1 -+ip -net $ns1 addr add dead:1::99/64 dev eth0.10 -+ -+if test_tcp_forwarding_nat $ns1 $ns2; then - echo "PASS: flow offloaded for ns1/ns2 with bridge NAT and VLAN" - else - echo "FAIL: flow offload for ns1/ns2 with bridge NAT and VLAN" 1>&2 -- ip netns exec nsr1 nft list ruleset -+ ip netns exec $nsr1 nft list ruleset - ret=1 - fi - - # restore test topology (remove bridge and VLAN) --ip -net nsr1 link set veth0 nomaster --ip -net nsr1 link set veth0 down --ip -net nsr1 link set veth0.10 down --ip -net nsr1 link delete veth0.10 type vlan --ip -net nsr1 link delete br0 type bridge --ip -net ns1 addr flush dev eth0.10 --ip -net ns1 link set eth0.10 down --ip -net ns1 link set eth0 down --ip -net ns1 link delete eth0.10 type vlan -+ip -net $nsr1 link set veth0 nomaster -+ip -net $nsr1 link set veth0 down -+ip -net $nsr1 link set veth0.10 down -+ip -net $nsr1 link delete veth0.10 type vlan -+ip -net $nsr1 link delete br0 type bridge -+ip -net $ns1 addr flush dev eth0.10 -+ip -net $ns1 link set eth0.10 down -+ip -net $ns1 link set eth0 down -+ip -net $ns1 link delete eth0.10 type vlan - - # restore address in ns1 and nsr1 --ip -net ns1 link set eth0 up --ip -net ns1 addr add 10.0.1.99/24 dev eth0 --ip -net ns1 route add default via 10.0.1.1 --ip -net ns1 addr add dead:1::99/64 dev eth0 --ip -net ns1 route add default via dead:1::1 --ip -net nsr1 addr add 10.0.1.1/24 dev veth0 --ip -net nsr1 addr add dead:1::1/64 dev veth0 --ip -net nsr1 link set up dev veth0 -+ip -net $ns1 link set eth0 up -+ip -net $ns1 addr add 10.0.1.99/24 dev eth0 -+ip -net $ns1 route add default via 10.0.1.1 -+ip -net $ns1 addr add dead:1::99/64 dev eth0 -+ip -net $ns1 route add default via dead:1::1 -+ip -net $nsr1 addr add 10.0.1.1/24 dev veth0 -+ip -net $nsr1 addr add dead:1::1/64 dev veth0 -+ip -net $nsr1 link set up dev veth0 - - KEY_SHA="0x"$(ps -xaf | sha1sum | cut -d " " -f 1) - KEY_AES="0x"$(ps -xaf | md5sum | cut -d " " -f 1) -@@ -480,23 +490,23 @@ do_esp() { - - } - --do_esp nsr1 192.168.10.1 192.168.10.2 10.0.1.0/24 10.0.2.0/24 $SPI1 $SPI2 -+do_esp $nsr1 192.168.10.1 192.168.10.2 10.0.1.0/24 10.0.2.0/24 $SPI1 $SPI2 - --do_esp nsr2 192.168.10.2 192.168.10.1 10.0.2.0/24 10.0.1.0/24 $SPI2 $SPI1 -+do_esp $nsr2 192.168.10.2 192.168.10.1 10.0.2.0/24 10.0.1.0/24 $SPI2 $SPI1 - --ip netns exec nsr1 nft delete table ip nat -+ip netns exec $nsr1 nft delete table ip nat - - # restore default routes --ip -net ns2 route del 192.168.10.1 via 10.0.2.1 --ip -net ns2 route add default via 10.0.2.1 --ip -net ns2 route add default via dead:2::1 -+ip -net $ns2 route del 192.168.10.1 via 10.0.2.1 -+ip -net $ns2 route add default via 10.0.2.1 -+ip -net $ns2 route add default via dead:2::1 - --if test_tcp_forwarding ns1 ns2; then -+if test_tcp_forwarding $ns1 $ns2; then - echo "PASS: ipsec tunnel mode for ns1/ns2" - else - echo "FAIL: ipsec tunnel mode for ns1/ns2" -- ip netns exec nsr1 nft list ruleset 1>&2 -- ip netns exec nsr1 cat /proc/net/xfrm_stat 1>&2 -+ ip netns exec $nsr1 nft list ruleset 1>&2 -+ ip netns exec $nsr1 cat /proc/net/xfrm_stat 1>&2 - fi - - exit $ret --- -2.37.3 - |