From 0a11073e8e3362d715255d28d294aa7350c1c01f Mon Sep 17 00:00:00 2001 From: Boris Sukholitko Date: Thu, 4 May 2023 11:48:11 +0300 Subject: selftests: nft_flowtable.sh: use /proc for pid checking Some ps commands (e.g. busybox derived) have no -p option. Use /proc for pid existence check. Signed-off-by: Boris Sukholitko Signed-off-by: Pablo Neira Ayuso --- tools/testing/selftests/netfilter/nft_flowtable.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tools') diff --git a/tools/testing/selftests/netfilter/nft_flowtable.sh b/tools/testing/selftests/netfilter/nft_flowtable.sh index 7060bae04ec8..4d8bc51b7a7b 100755 --- a/tools/testing/selftests/netfilter/nft_flowtable.sh +++ b/tools/testing/selftests/netfilter/nft_flowtable.sh @@ -288,11 +288,11 @@ test_tcp_forwarding_ip() sleep 3 - if ps -p $lpid > /dev/null;then + if test -d /proc/"$lpid"/; then kill $lpid fi - if ps -p $cpid > /dev/null;then + if test -d /proc/"$cpid"/; then kill $cpid fi -- cgit v1.2.3 From 0749d670d758099970c52ef70f4bbcfa5a15b3d3 Mon Sep 17 00:00:00 2001 From: Boris Sukholitko Date: Thu, 4 May 2023 11:48:12 +0300 Subject: selftests: nft_flowtable.sh: no need for ps -x option Some ps commands (e.g. busybox derived) have no -x option. For the purposes of hash calculation of the list of processes this option is inessential. Signed-off-by: Boris Sukholitko Signed-off-by: Pablo Neira Ayuso --- tools/testing/selftests/netfilter/nft_flowtable.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tools') diff --git a/tools/testing/selftests/netfilter/nft_flowtable.sh b/tools/testing/selftests/netfilter/nft_flowtable.sh index 4d8bc51b7a7b..3cf20e9bd3a6 100755 --- a/tools/testing/selftests/netfilter/nft_flowtable.sh +++ b/tools/testing/selftests/netfilter/nft_flowtable.sh @@ -489,8 +489,8 @@ ip -net $nsr1 addr add 10.0.1.1/24 dev veth0 ip -net $nsr1 addr add dead:1::1/64 dev veth0 ip -net $nsr1 link set up dev veth0 -KEY_SHA="0x"$(ps -xaf | sha1sum | cut -d " " -f 1) -KEY_AES="0x"$(ps -xaf | md5sum | cut -d " " -f 1) +KEY_SHA="0x"$(ps -af | sha1sum | cut -d " " -f 1) +KEY_AES="0x"$(ps -af | md5sum | cut -d " " -f 1) SPI1=$RANDOM SPI2=$RANDOM -- cgit v1.2.3 From 1114803c2da974526ecbc0bd81e6c637bf257de5 Mon Sep 17 00:00:00 2001 From: Boris Sukholitko Date: Thu, 4 May 2023 11:48:13 +0300 Subject: selftests: nft_flowtable.sh: wait for specific nc pids Doing wait with no parameters may interfere with some of the tests having their own background processes. Although no such test is currently present, the cleanup is useful to rely on the nft_flowtable.sh for local development (e.g. running background tcpdump command during the tests). Signed-off-by: Boris Sukholitko Signed-off-by: Pablo Neira Ayuso --- tools/testing/selftests/netfilter/nft_flowtable.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'tools') diff --git a/tools/testing/selftests/netfilter/nft_flowtable.sh b/tools/testing/selftests/netfilter/nft_flowtable.sh index 3cf20e9bd3a6..92bc308bf168 100755 --- a/tools/testing/selftests/netfilter/nft_flowtable.sh +++ b/tools/testing/selftests/netfilter/nft_flowtable.sh @@ -296,7 +296,8 @@ test_tcp_forwarding_ip() kill $cpid fi - wait + wait $lpid + wait $cpid if ! check_transfer "$nsin" "$ns2out" "ns1 -> ns2"; then lret=1 -- cgit v1.2.3 From 90ab51226d52ad61e5ff175b572e08046b1b0a99 Mon Sep 17 00:00:00 2001 From: Boris Sukholitko Date: Thu, 4 May 2023 11:48:14 +0300 Subject: selftests: nft_flowtable.sh: monitor result file sizes When running nft_flowtable.sh in VM on a busy server we've found that the time of the netcat file transfers vary wildly. Therefore replace hardcoded 3 second sleep with the loop checking for a change in the file sizes. Once no change in detected we test the results. Nice side effect is that we shave 1 second sleep in the fast case (hard-coded 3 second sleep vs two 1 second sleeps). Acked-by: Florian Westphal Signed-off-by: Boris Sukholitko Signed-off-by: Pablo Neira Ayuso --- tools/testing/selftests/netfilter/nft_flowtable.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'tools') diff --git a/tools/testing/selftests/netfilter/nft_flowtable.sh b/tools/testing/selftests/netfilter/nft_flowtable.sh index 92bc308bf168..51f986f19fee 100755 --- a/tools/testing/selftests/netfilter/nft_flowtable.sh +++ b/tools/testing/selftests/netfilter/nft_flowtable.sh @@ -286,7 +286,15 @@ test_tcp_forwarding_ip() ip netns exec $nsa nc -w 4 "$dstip" "$dstport" < "$nsin" > "$ns1out" & cpid=$! - sleep 3 + sleep 1 + + prev="$(ls -l $ns1out $ns2out)" + sleep 1 + + while [[ "$prev" != "$(ls -l $ns1out $ns2out)" ]]; do + sleep 1; + prev="$(ls -l $ns1out $ns2out)" + done if test -d /proc/"$lpid"/; then kill $lpid -- cgit v1.2.3 From 3acf8f6c14d0e42b889738d63b6d9cb63348fc94 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Tue, 9 May 2023 16:47:24 +0200 Subject: selftests: nft_flowtable.sh: check ingress/egress chain too Make sure flowtable interacts correctly with ingress and egress chains, i.e. those get handled before and after flow table respectively. Adds three more tests: 1. repeat flowtable test, but with 'ip dscp set cs3' done in inet forward chain. Expect that some packets have been mangled (before flowtable offload became effective) while some pass without mangling (after offload succeeds). 2. repeat flowtable test, but with 'ip dscp set cs3' done in veth0:ingress. Expect that all packets pass with cs3 dscp field. 3. same as 2, but use veth1:egress. Expect the same outcome. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- tools/testing/selftests/netfilter/nft_flowtable.sh | 124 +++++++++++++++++++++ 1 file changed, 124 insertions(+) (limited to 'tools') diff --git a/tools/testing/selftests/netfilter/nft_flowtable.sh b/tools/testing/selftests/netfilter/nft_flowtable.sh index 51f986f19fee..a32f490f7539 100755 --- a/tools/testing/selftests/netfilter/nft_flowtable.sh +++ b/tools/testing/selftests/netfilter/nft_flowtable.sh @@ -188,6 +188,26 @@ if [ $? -ne 0 ]; then exit $ksft_skip fi +ip netns exec $ns2 nft -f - < /dev/null; then echo "ERROR: $ns1 cannot reach ns2" 1>&2 @@ -255,6 +275,60 @@ check_counters() fi } +check_dscp() +{ + local what=$1 + local ok=1 + + local counter=$(ip netns exec $ns2 nft reset counter inet filter ip4dscp3 | grep packets) + + local pc4=${counter%*bytes*} + local pc4=${pc4#*packets} + + local counter=$(ip netns exec $ns2 nft reset counter inet filter ip4dscp0 | grep packets) + local pc4z=${counter%*bytes*} + local pc4z=${pc4z#*packets} + + case "$what" in + "dscp_none") + if [ $pc4 -gt 0 ] || [ $pc4z -eq 0 ]; then + echo "FAIL: dscp counters do not match, expected dscp3 == 0, dscp0 > 0, but got $pc4,$pc4z" 1>&2 + ret=1 + ok=0 + fi + ;; + "dscp_fwd") + if [ $pc4 -eq 0 ] || [ $pc4z -eq 0 ]; then + echo "FAIL: dscp counters do not match, expected dscp3 and dscp0 > 0 but got $pc4,$pc4z" 1>&2 + ret=1 + ok=0 + fi + ;; + "dscp_ingress") + if [ $pc4 -eq 0 ] || [ $pc4z -gt 0 ]; then + echo "FAIL: dscp counters do not match, expected dscp3 > 0, dscp0 == 0 but got $pc4,$pc4z" 1>&2 + ret=1 + ok=0 + fi + ;; + "dscp_egress") + if [ $pc4 -eq 0 ] || [ $pc4z -gt 0 ]; then + echo "FAIL: dscp counters do not match, expected dscp3 > 0, dscp0 == 0 but got $pc4,$pc4z" 1>&2 + ret=1 + ok=0 + fi + ;; + *) + echo "FAIL: Unknown DSCP check" 1>&2 + ret=1 + ok=0 + esac + + if [ $ok -eq 1 ] ;then + echo "PASS: $what: dscp packet counters match" + fi +} + check_transfer() { in=$1 @@ -325,6 +399,51 @@ test_tcp_forwarding() return $? } +test_tcp_forwarding_set_dscp() +{ + check_dscp "dscp_none" + +ip netns exec $nsr1 nft -f - <&2 + exit 0 +fi + if ! test_tcp_forwarding_nat $ns1 $ns2 0 ""; then echo "FAIL: flow offload for ns1/ns2 with NAT" 1>&2 ip netns exec $nsr1 nft list ruleset -- cgit v1.2.3 From b6d1599f8c282bfbc4d291af750436d93005b9ea Mon Sep 17 00:00:00 2001 From: Hangbin Liu Date: Tue, 9 May 2023 11:11:59 +0800 Subject: selftests: forwarding: lib: add netns support for tc rule handle stats get When run the test in netns, it's not easy to get the tc stats via tc_rule_handle_stats_get(). With the new netns parameter, we can get stats from specific netns like num=$(tc_rule_handle_stats_get "dev eth0 ingress" 101 ".packets" "-n ns") Signed-off-by: Hangbin Liu Signed-off-by: David S. Miller --- tools/testing/selftests/net/forwarding/lib.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'tools') diff --git a/tools/testing/selftests/net/forwarding/lib.sh b/tools/testing/selftests/net/forwarding/lib.sh index 057c3d0ad620..9ddb68dd6a08 100755 --- a/tools/testing/selftests/net/forwarding/lib.sh +++ b/tools/testing/selftests/net/forwarding/lib.sh @@ -791,8 +791,9 @@ tc_rule_handle_stats_get() local id=$1; shift local handle=$1; shift local selector=${1:-.packets}; shift + local netns=${1:-""}; shift - tc -j -s filter show $id \ + tc $netns -j -s filter show $id \ | jq ".[] | select(.options.handle == $handle) | \ .options.actions[0].stats$selector" } -- cgit v1.2.3 From 6cbe791c0f4ed7310db212791e69c7ffedd4f4b6 Mon Sep 17 00:00:00 2001 From: Hangbin Liu Date: Tue, 9 May 2023 11:12:00 +0800 Subject: kselftest: bonding: add num_grat_arp test TEST: num_grat_arp (active-backup miimon num_grat_arp 10) [ OK ] TEST: num_grat_arp (active-backup miimon num_grat_arp 20) [ OK ] TEST: num_grat_arp (active-backup miimon num_grat_arp 30) [ OK ] TEST: num_grat_arp (active-backup miimon num_grat_arp 50) [ OK ] Signed-off-by: Hangbin Liu Signed-off-by: David S. Miller --- .../selftests/drivers/net/bonding/bond_options.sh | 50 ++++++++++++++++++++++ .../drivers/net/bonding/bond_topo_3d1c.sh | 2 + 2 files changed, 52 insertions(+) (limited to 'tools') diff --git a/tools/testing/selftests/drivers/net/bonding/bond_options.sh b/tools/testing/selftests/drivers/net/bonding/bond_options.sh index db29a3146a86..607ba5c38977 100755 --- a/tools/testing/selftests/drivers/net/bonding/bond_options.sh +++ b/tools/testing/selftests/drivers/net/bonding/bond_options.sh @@ -6,6 +6,7 @@ ALL_TESTS=" prio arp_validate + num_grat_arp " REQUIRE_MZ=no @@ -255,6 +256,55 @@ arp_validate() arp_validate_ns "active-backup" } +garp_test() +{ + local param="$1" + local active_slave exp_num real_num i + RET=0 + + # create bond + bond_reset "${param}" + + bond_check_connection + [ $RET -ne 0 ] && log_test "num_grat_arp" "$retmsg" + + + # Add tc rules to count GARP number + for i in $(seq 0 2); do + tc -n ${g_ns} filter add dev s$i ingress protocol arp pref 1 handle 101 \ + flower skip_hw arp_op request arp_sip ${s_ip4} arp_tip ${s_ip4} action pass + done + + # Do failover + active_slave=$(cmd_jq "ip -n ${s_ns} -d -j link show bond0" ".[].linkinfo.info_data.active_slave") + ip -n ${s_ns} link set ${active_slave} down + + exp_num=$(echo "${param}" | cut -f6 -d ' ') + sleep $((exp_num + 2)) + + active_slave=$(cmd_jq "ip -n ${s_ns} -d -j link show bond0" ".[].linkinfo.info_data.active_slave") + + # check result + real_num=$(tc_rule_handle_stats_get "dev s${active_slave#eth} ingress" 101 ".packets" "-n ${g_ns}") + if [ "${real_num}" -ne "${exp_num}" ]; then + echo "$real_num garp packets sent on active slave ${active_slave}" + RET=1 + fi + + for i in $(seq 0 2); do + tc -n ${g_ns} filter del dev s$i ingress + done +} + +num_grat_arp() +{ + local val + for val in 10 20 30 50; do + garp_test "mode active-backup miimon 100 num_grat_arp $val peer_notify_delay 1000" + log_test "num_grat_arp" "active-backup miimon num_grat_arp $val" + done +} + trap cleanup EXIT setup_prepare diff --git a/tools/testing/selftests/drivers/net/bonding/bond_topo_3d1c.sh b/tools/testing/selftests/drivers/net/bonding/bond_topo_3d1c.sh index 4045ca97fb22..69ab99a56043 100644 --- a/tools/testing/selftests/drivers/net/bonding/bond_topo_3d1c.sh +++ b/tools/testing/selftests/drivers/net/bonding/bond_topo_3d1c.sh @@ -61,6 +61,8 @@ server_create() ip -n ${g_ns} link set s${i} up ip -n ${g_ns} link set s${i} master br0 ip -n ${s_ns} link set eth${i} master bond0 + + tc -n ${g_ns} qdisc add dev s${i} clsact done ip -n ${s_ns} link set bond0 up -- cgit v1.2.3