From: David Ahern <dsahern@kernel.org>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, David Ahern <dsahern@gmail.com>
Subject: [PATCH net-next 13/15] selftests: Add ipv4 netfilter tests to fcnal-test
Date: Thu, 1 Aug 2019 11:56:46 -0700 [thread overview]
Message-ID: <20190801185648.27653-14-dsahern@kernel.org> (raw)
In-Reply-To: <20190801185648.27653-1-dsahern@kernel.org>
From: David Ahern <dsahern@gmail.com>
Add netfilter tests to send tcp reset or icmp unreachable for a port.
Initial tests are VRF only.
Signed-off-by: David Ahern <dsahern@gmail.com>
---
tools/testing/selftests/net/fcnal-test.sh | 69 ++++++++++++++++++++++++++++++-
1 file changed, 68 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh
index dcfe0b13dfe9..6f56c91e2d66 100755
--- a/tools/testing/selftests/net/fcnal-test.sh
+++ b/tools/testing/selftests/net/fcnal-test.sh
@@ -3120,6 +3120,72 @@ ipv6_runtime()
}
################################################################################
+# netfilter blocking connections
+
+netfilter_tcp_reset()
+{
+ local a
+
+ for a in ${NSA_IP} ${VRF_IP}
+ do
+ log_start
+ run_cmd nettest -s &
+ sleep 1
+ run_cmd_nsb nettest -r ${a}
+ log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
+ done
+}
+
+netfilter_icmp()
+{
+ local stype="$1"
+ local arg
+ local a
+
+ [ "${stype}" = "UDP" ] && arg="-D"
+
+ for a in ${NSA_IP} ${VRF_IP}
+ do
+ log_start
+ run_cmd nettest ${arg} -s &
+ sleep 1
+ run_cmd_nsb nettest ${arg} -r ${a}
+ log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
+ done
+}
+
+ipv4_netfilter()
+{
+ which nettest >/dev/null
+ if [ $? -ne 0 ]; then
+ log_error "nettest not found; skipping tests"
+ return
+ fi
+
+ log_section "IPv4 Netfilter"
+ log_subsection "TCP reset"
+
+ setup "yes"
+ run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
+
+ netfilter_tcp_reset
+
+ log_start
+ log_subsection "ICMP unreachable"
+
+ log_start
+ run_cmd iptables -F
+ run_cmd iptables -A INPUT -p tcp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
+ run_cmd iptables -A INPUT -p udp --dport 12345 -j REJECT --reject-with icmp-port-unreachable
+
+ netfilter_icmp "TCP"
+ netfilter_icmp "UDP"
+
+ log_start
+ iptables -F
+}
+
+################################################################################
# usage
usage()
@@ -3139,7 +3205,7 @@ EOF
################################################################################
# main
-TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_addr_bind ipv4_runtime"
+TESTS_IPV4="ipv4_ping ipv4_tcp ipv4_udp ipv4_addr_bind ipv4_runtime ipv4_netfilter"
TESTS_IPV6="ipv6_ping ipv6_tcp ipv6_udp ipv6_addr_bind ipv6_runtime"
PAUSE_ON_FAIL=no
PAUSE=no
@@ -3183,6 +3249,7 @@ do
ipv4_udp|udp) ipv4_udp;;
ipv4_bind|bind) ipv4_addr_bind;;
ipv4_runtime) ipv4_runtime;;
+ ipv4_netfilter) ipv4_netfilter;;
ipv6_ping|ping6) ipv6_ping;;
ipv6_tcp|tcp6) ipv6_tcp;;
--
2.11.0
next prev parent reply other threads:[~2019-08-01 18:55 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-01 18:56 [PATCH net-next 00/15] net: Add functional tests for L3 and L4 David Ahern
2019-08-01 18:56 ` [PATCH net-next 01/15] selftests: Add nettest David Ahern
2019-08-01 18:56 ` [PATCH net-next 02/15] selftests: Setup for functional tests for fib and socket lookups David Ahern
2019-08-01 18:56 ` [PATCH net-next 03/15] selftests: Add ipv4 ping tests to fcnal-test David Ahern
2019-08-01 18:56 ` [PATCH net-next 04/15] selftests: Add ipv6 " David Ahern
2019-08-01 18:56 ` [PATCH net-next 05/15] selftests: Add ipv4 tcp " David Ahern
2019-08-01 18:56 ` [PATCH net-next 06/15] selftests: Add ipv6 " David Ahern
2019-08-01 18:56 ` [PATCH net-next 07/15] selftests: Add ipv4 udp " David Ahern
2019-08-01 18:56 ` [PATCH net-next 08/15] selftests: Add ipv6 " David Ahern
2019-08-01 18:56 ` [PATCH net-next 09/15] selftests: Add ipv4 address bind " David Ahern
2019-08-01 18:56 ` [PATCH net-next 10/15] selftests: Add ipv6 " David Ahern
2019-08-01 18:56 ` [PATCH net-next 11/15] selftests: Add ipv4 runtime " David Ahern
2019-08-01 18:56 ` [PATCH net-next 12/15] selftests: Add ipv6 " David Ahern
2019-08-01 18:56 ` David Ahern [this message]
2019-08-01 18:56 ` [PATCH net-next 14/15] selftests: Add ipv6 netfilter " David Ahern
2019-08-01 18:56 ` [PATCH net-next 15/15] selftests: Add use case section " David Ahern
2019-08-02 0:19 ` [PATCH net-next 00/15] net: Add functional tests for L3 and L4 Alexei Starovoitov
2019-08-02 4:04 ` David Ahern
2019-08-02 15:14 ` Alexei Starovoitov
2019-08-02 15:59 ` David Ahern
2019-08-02 4:11 ` David Ahern
2019-08-02 15:15 ` Alexei Starovoitov
2019-08-02 16:00 ` David Ahern
2019-08-03 17:42 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190801185648.27653-14-dsahern@kernel.org \
--to=dsahern@kernel.org \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.