tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

selftests: netfilter: nft_flowtable.sh: Add the capability to send IPv6 TCP traffic

Introduce the capability to send TCP traffic over IPv6 to
nft_flowtable netfilter selftest.

Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Lorenzo Bianconi and committed by
Pablo Neira Ayuso c0bd2168 c4cbe4a4

+43 -14
+43 -14
tools/testing/selftests/net/netfilter/nft_flowtable.sh
··· 127 127 ip -net "$nsr2" addr add 192.168.10.2/24 dev veth0 128 128 ip -net "$nsr2" addr add fee1:2::2/64 dev veth0 nodad 129 129 130 + ip netns exec "$nsr1" sysctl net.ipv6.conf.all.forwarding=1 > /dev/null 131 + ip netns exec "$nsr2" sysctl net.ipv6.conf.all.forwarding=1 > /dev/null 130 132 for i in 0 1; do 131 133 ip netns exec "$nsr1" sysctl net.ipv4.conf.veth$i.forwarding=1 > /dev/null 132 134 ip netns exec "$nsr2" sysctl net.ipv4.conf.veth$i.forwarding=1 > /dev/null ··· 155 153 ip -net "$ns2" route add default via dead:2::1 156 154 157 155 ip -net "$nsr1" route add default via 192.168.10.2 156 + ip -6 -net "$nsr1" route add default via fee1:2::2 158 157 ip -net "$nsr2" route add default via 192.168.10.1 158 + ip -6 -net "$nsr2" route add default via fee1:2::1 159 159 160 160 ip netns exec "$nsr1" nft -f - <<EOF 161 161 table inet filter { ··· 356 352 local nsa=$1 357 353 local nsb=$2 358 354 local pmtu=$3 359 - local dstip=$4 360 - local dstport=$5 355 + local proto=$4 356 + local dstip=$5 357 + local dstport=$6 361 358 local lret=0 362 359 local socatc 363 360 local socatl ··· 368 363 infile="$nsin_small" 369 364 fi 370 365 371 - timeout "$SOCAT_TIMEOUT" ip netns exec "$nsb" socat -4 TCP-LISTEN:12345,reuseaddr STDIO < "$infile" > "$ns2out" & 366 + timeout "$SOCAT_TIMEOUT" ip netns exec "$nsb" socat -${proto} \ 367 + TCP"${proto}"-LISTEN:12345,reuseaddr STDIO < "$infile" > "$ns2out" & 372 368 lpid=$! 373 369 374 370 busywait 1000 listener_ready 375 371 376 - timeout "$SOCAT_TIMEOUT" ip netns exec "$nsa" socat -4 TCP:"$dstip":"$dstport" STDIO < "$infile" > "$ns1out" 372 + timeout "$SOCAT_TIMEOUT" ip netns exec "$nsa" socat -${proto} \ 373 + TCP"${proto}":"$dstip":"$dstport" STDIO < "$infile" > "$ns1out" 377 374 socatc=$? 378 375 379 376 wait $lpid ··· 401 394 test_tcp_forwarding() 402 395 { 403 396 local pmtu="$3" 397 + local proto="$4" 398 + local dstip="$5" 399 + local dstport="$6" 404 400 405 - test_tcp_forwarding_ip "$1" "$2" "$pmtu" 10.0.2.99 12345 401 + test_tcp_forwarding_ip "$1" "$2" "$pmtu" "$proto" "$dstip" "$dstport" 406 402 407 403 return $? 408 404 } ··· 413 403 test_tcp_forwarding_set_dscp() 414 404 { 415 405 local pmtu="$3" 406 + local proto="$4" 407 + local dstip="$5" 408 + local dstport="$6" 416 409 417 410 ip netns exec "$nsr1" nft -f - <<EOF 418 411 table netdev dscpmangle { ··· 426 413 } 427 414 EOF 428 415 if [ $? -eq 0 ]; then 429 - test_tcp_forwarding_ip "$1" "$2" "$3" 10.0.2.99 12345 416 + test_tcp_forwarding_ip "$1" "$2" "$pmtu" "$proto" "$dstip" "$dstport" 430 417 check_dscp "dscp_ingress" "$pmtu" 431 418 432 419 ip netns exec "$nsr1" nft delete table netdev dscpmangle ··· 443 430 } 444 431 EOF 445 432 if [ $? -eq 0 ]; then 446 - test_tcp_forwarding_ip "$1" "$2" "$pmtu" 10.0.2.99 12345 433 + test_tcp_forwarding_ip "$1" "$2" "$pmtu" "$proto" "$dstip" "$dstport" 447 434 check_dscp "dscp_egress" "$pmtu" 448 435 449 436 ip netns exec "$nsr1" nft delete table netdev dscpmangle ··· 454 441 # partial. If flowtable really works, then both dscp-is-0 and dscp-is-cs3 455 442 # counters should have seen packets (before and after ft offload kicks in). 456 443 ip netns exec "$nsr1" nft -a insert rule inet filter forward ip dscp set cs3 457 - test_tcp_forwarding_ip "$1" "$2" "$pmtu" 10.0.2.99 12345 444 + test_tcp_forwarding_ip "$1" "$2" "$pmtu" "$proto" "$dstip" "$dstport" 458 445 check_dscp "dscp_fwd" "$pmtu" 459 446 } 460 447 ··· 468 455 469 456 [ "$pmtu" -eq 0 ] && what="$what (pmtu disabled)" 470 457 471 - test_tcp_forwarding_ip "$nsa" "$nsb" "$pmtu" 10.0.2.99 12345 458 + test_tcp_forwarding_ip "$nsa" "$nsb" "$pmtu" 4 10.0.2.99 12345 472 459 lret=$? 473 460 474 461 if [ "$lret" -eq 0 ] ; then ··· 478 465 echo "PASS: flow offload for ns1/ns2 with masquerade $what" 479 466 fi 480 467 481 - test_tcp_forwarding_ip "$1" "$2" "$pmtu" 10.6.6.6 1666 468 + test_tcp_forwarding_ip "$1" "$2" "$pmtu" 4 10.6.6.6 1666 482 469 lret=$? 483 470 if [ "$pmtu" -eq 1 ] ;then 484 471 check_counters "flow offload for ns1/ns2 with dnat $what" ··· 500 487 # Due to MTU mismatch in both directions, all packets (except small packets like pure 501 488 # acks) have to be handled by normal forwarding path. Therefore, packet counters 502 489 # are not checked. 503 - if test_tcp_forwarding "$ns1" "$ns2" 0; then 490 + if test_tcp_forwarding "$ns1" "$ns2" 0 4 10.0.2.99 12345; then 504 491 echo "PASS: flow offloaded for ns1/ns2" 505 492 else 506 493 echo "FAIL: flow offload for ns1/ns2:" 1>&2 494 + ip netns exec "$nsr1" nft list ruleset 495 + ret=1 496 + fi 497 + 498 + if test_tcp_forwarding "$ns1" "$ns2" 0 6 "[dead:2::99]" 12345; then 499 + echo "PASS: IPv6 flow offloaded for ns1/ns2" 500 + else 501 + echo "FAIL: IPv6 flow offload for ns1/ns2:" 1>&2 507 502 ip netns exec "$nsr1" nft list ruleset 508 503 ret=1 509 504 fi ··· 541 520 EOF 542 521 543 522 check_dscp "dscp_none" "0" 544 - if ! test_tcp_forwarding_set_dscp "$ns1" "$ns2" 0 ""; then 523 + if ! test_tcp_forwarding_set_dscp "$ns1" "$ns2" 0 4 10.0.2.99 12345; then 545 524 echo "FAIL: flow offload for ns1/ns2 with dscp update and no pmtu discovery" 1>&2 546 525 exit 0 547 526 fi ··· 567 546 ip netns exec "$nsr1" nft reset counters table inet filter >/dev/null 568 547 ip netns exec "$ns2" nft reset counters table inet filter >/dev/null 569 548 570 - if ! test_tcp_forwarding_set_dscp "$ns1" "$ns2" 1 ""; then 549 + if ! test_tcp_forwarding_set_dscp "$ns1" "$ns2" 1 4 10.0.2.99 12345; then 571 550 echo "FAIL: flow offload for ns1/ns2 with dscp update and pmtu discovery" 1>&2 572 551 exit 0 573 552 fi ··· 773 752 ip -net "$ns2" route add default via 10.0.2.1 774 753 ip -net "$ns2" route add default via dead:2::1 775 754 776 - if test_tcp_forwarding "$ns1" "$ns2" 1; then 755 + if test_tcp_forwarding "$ns1" "$ns2" 1 4 10.0.2.99 12345; then 777 756 check_counters "ipsec tunnel mode for ns1/ns2" 778 757 else 779 758 echo "FAIL: ipsec tunnel mode for ns1/ns2" 759 + ip netns exec "$nsr1" nft list ruleset 1>&2 760 + ip netns exec "$nsr1" cat /proc/net/xfrm_stat 1>&2 761 + fi 762 + 763 + if test_tcp_forwarding "$ns1" "$ns2" 1 6 "[dead:2::99]" 12345; then 764 + check_counters "IPv6 ipsec tunnel mode for ns1/ns2" 765 + else 766 + echo "FAIL: IPv6 ipsec tunnel mode for ns1/ns2" 780 767 ip netns exec "$nsr1" nft list ruleset 1>&2 781 768 ip netns exec "$nsr1" cat /proc/net/xfrm_stat 1>&2 782 769 fi