| From eda0cf1202acf1ef47f93d8f92d4839213431424 Mon Sep 17 00:00:00 2001 |
| From: Florian Westphal <fw@strlen.de> |
| Date: Wed, 26 Jan 2022 12:54:54 +0100 |
| Subject: selftests: nft_concat_range: add test for reload with no element add/del |
| |
| From: Florian Westphal <fw@strlen.de> |
| |
| commit eda0cf1202acf1ef47f93d8f92d4839213431424 upstream. |
| |
| Add a specific test for the reload issue fixed with |
| commit 23c54263efd7cb ("netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone"). |
| |
| Add to set, then flush set content + restore without other add/remove in |
| the transaction. |
| |
| On kernels before the fix, this test case fails: |
| net,mac with reload [FAIL] |
| |
| Signed-off-by: Florian Westphal <fw@strlen.de> |
| Reviewed-by: Stefano Brivio <sbrivio@redhat.com> |
| Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| tools/testing/selftests/netfilter/nft_concat_range.sh | 72 +++++++++++++++++- |
| 1 file changed, 71 insertions(+), 1 deletion(-) |
| |
| --- a/tools/testing/selftests/netfilter/nft_concat_range.sh |
| +++ b/tools/testing/selftests/netfilter/nft_concat_range.sh |
| @@ -27,7 +27,7 @@ TYPES="net_port port_net net6_port port_ |
| net_port_mac_proto_net" |
| |
| # Reported bugs, also described by TYPE_ variables below |
| -BUGS="flush_remove_add" |
| +BUGS="flush_remove_add reload" |
| |
| # List of possible paths to pktgen script from kernel tree for performance tests |
| PKTGEN_SCRIPT_PATHS=" |
| @@ -337,6 +337,23 @@ TYPE_flush_remove_add=" |
| display Add two elements, flush, re-add |
| " |
| |
| +TYPE_reload=" |
| +display net,mac with reload |
| +type_spec ipv4_addr . ether_addr |
| +chain_spec ip daddr . ether saddr |
| +dst addr4 |
| +src mac |
| +start 1 |
| +count 1 |
| +src_delta 2000 |
| +tools sendip nc bash |
| +proto udp |
| + |
| +race_repeat 0 |
| + |
| +perf_duration 0 |
| +" |
| + |
| # Set template for all tests, types and rules are filled in depending on test |
| set_template=' |
| flush ruleset |
| @@ -1455,6 +1472,59 @@ test_bug_flush_remove_add() { |
| nft flush ruleset |
| } |
| |
| +# - add ranged element, check that packets match it |
| +# - reload the set, check packets still match |
| +test_bug_reload() { |
| + setup veth send_"${proto}" set || return ${KSELFTEST_SKIP} |
| + rstart=${start} |
| + |
| + range_size=1 |
| + for i in $(seq "${start}" $((start + count))); do |
| + end=$((start + range_size)) |
| + |
| + # Avoid negative or zero-sized port ranges |
| + if [ $((end / 65534)) -gt $((start / 65534)) ]; then |
| + start=${end} |
| + end=$((end + 1)) |
| + fi |
| + srcstart=$((start + src_delta)) |
| + srcend=$((end + src_delta)) |
| + |
| + add "$(format)" || return 1 |
| + range_size=$((range_size + 1)) |
| + start=$((end + range_size)) |
| + done |
| + |
| + # check kernel does allocate pcpu sctrach map |
| + # for reload with no elemet add/delete |
| + ( echo flush set inet filter test ; |
| + nft list set inet filter test ) | nft -f - |
| + |
| + start=${rstart} |
| + range_size=1 |
| + |
| + for i in $(seq "${start}" $((start + count))); do |
| + end=$((start + range_size)) |
| + |
| + # Avoid negative or zero-sized port ranges |
| + if [ $((end / 65534)) -gt $((start / 65534)) ]; then |
| + start=${end} |
| + end=$((end + 1)) |
| + fi |
| + srcstart=$((start + src_delta)) |
| + srcend=$((end + src_delta)) |
| + |
| + for j in $(seq ${start} $((range_size / 2 + 1)) ${end}); do |
| + send_match "${j}" $((j + src_delta)) || return 1 |
| + done |
| + |
| + range_size=$((range_size + 1)) |
| + start=$((end + range_size)) |
| + done |
| + |
| + nft flush ruleset |
| +} |
| + |
| test_reported_issues() { |
| eval test_bug_"${subtest}" |
| } |