* How to test the kernel netfilter logic?
@ 2020-05-25 8:37 Konstantin Khorenko
2020-05-25 12:50 ` Stefano Brivio
0 siblings, 1 reply; 5+ messages in thread
From: Konstantin Khorenko @ 2020-05-25 8:37 UTC (permalink / raw)
To: netfilter-devel
Hello,
are there any tests for netfilter kernel logic?
i've taken a look at iptables and nftables repo,
there are a lot of tests, but all of them (if i see correctly)
are about loading/unloading rules, chains, etc,
but not actually checking that those rules work properly.
i mean i did not find tests which configure some rules,
then send traffic and check if the traffic is changed by the rule
in the expected way.
i understand that this is not userspace's work to process the traffic,
so i'd expect the tests somehow are bound to the kernel,
but did not find netfilter tests in kernel git repo as well.
Can you please help me?
Thank you in advance!
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: How to test the kernel netfilter logic?
2020-05-25 8:37 How to test the kernel netfilter logic? Konstantin Khorenko
@ 2020-05-25 12:50 ` Stefano Brivio
2020-05-25 14:00 ` Konstantin Khorenko
0 siblings, 1 reply; 5+ messages in thread
From: Stefano Brivio @ 2020-05-25 12:50 UTC (permalink / raw)
To: Konstantin Khorenko; +Cc: netfilter-devel
Hi Konstantin,
On Mon, 25 May 2020 11:37:57 +0300
Konstantin Khorenko <khorenko@virtuozzo.com> wrote:
> but did not find netfilter tests in kernel git repo as well.
Have a look at tools/testing/selftests/netfilter/, some of the tests
there actually send traffic and check the outcome.
--
Stefano
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: How to test the kernel netfilter logic?
2020-05-25 12:50 ` Stefano Brivio
@ 2020-05-25 14:00 ` Konstantin Khorenko
2020-05-25 23:12 ` Stefano Brivio
0 siblings, 1 reply; 5+ messages in thread
From: Konstantin Khorenko @ 2020-05-25 14:00 UTC (permalink / raw)
To: Stefano Brivio; +Cc: netfilter-devel
On 05/25/2020 03:50 PM, Stefano Brivio wrote:
> Hi Konstantin,
>
> On Mon, 25 May 2020 11:37:57 +0300
> Konstantin Khorenko <khorenko@virtuozzo.com> wrote:
>
>> but did not find netfilter tests in kernel git repo as well.
>
> Have a look at tools/testing/selftests/netfilter/, some of the tests
> there actually send traffic and check the outcome.
Hi Stefano,
thank you very much for the answer!
Yes, you are right, i know about that place, i just thought it's just for "smoke" testing:
"iptables" and "nftables" repos have many more testcases (for add/del rules),
so i thought there is some additional place with similar very detailed tests for kernel part.
If not, well, it's great we have a least those! :)
Have a nice day!
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: How to test the kernel netfilter logic?
2020-05-25 14:00 ` Konstantin Khorenko
@ 2020-05-25 23:12 ` Stefano Brivio
2020-05-26 9:03 ` Konstantin Khorenko
0 siblings, 1 reply; 5+ messages in thread
From: Stefano Brivio @ 2020-05-25 23:12 UTC (permalink / raw)
To: Konstantin Khorenko; +Cc: netfilter-devel
On Mon, 25 May 2020 17:00:24 +0300
Konstantin Khorenko <khorenko@virtuozzo.com> wrote:
> On 05/25/2020 03:50 PM, Stefano Brivio wrote:
> > Hi Konstantin,
> >
> > On Mon, 25 May 2020 11:37:57 +0300
> > Konstantin Khorenko <khorenko@virtuozzo.com> wrote:
> >
> >> but did not find netfilter tests in kernel git repo as well.
> >
> > Have a look at tools/testing/selftests/netfilter/, some of the tests
> > there actually send traffic and check the outcome.
>
> Hi Stefano,
>
> thank you very much for the answer!
>
> Yes, you are right, i know about that place, i just thought it's just
> for "smoke" testing:
Well, I'd say it's a bit more than that, some tests there cover
specific functionalities rather extensively. Still:
> "iptables" and "nftables" repos have many more testcases (for add/del
> rules), so i thought there is some additional place with similar very
> detailed tests for kernel part.
...I'm not aware of any (except for ipset cases that actually test both
sides with packets, see http://git.netfilter.org/ipset/tree/tests).
Sure, I think it would be great to have something with actual traffic
at the same level of detail as nft tests, though.
--
Stefano
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: How to test the kernel netfilter logic?
2020-05-25 23:12 ` Stefano Brivio
@ 2020-05-26 9:03 ` Konstantin Khorenko
0 siblings, 0 replies; 5+ messages in thread
From: Konstantin Khorenko @ 2020-05-26 9:03 UTC (permalink / raw)
To: Stefano Brivio; +Cc: netfilter-devel
On 05/26/2020 02:12 AM, Stefano Brivio wrote:
>> Yes, you are right, i know about that place, i just thought it's just
>> for "smoke" testing:
>
> Well, I'd say it's a bit more than that, some tests there cover
> specific functionalities rather extensively.
Yes, i take it back, taking more closer look reveals those tests
are quite big in size and perform deep testing.
Not for all functionality surely, but still - very good! :)
Thank you once again!
--
Best regards,
Konstantin Khorenko
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-05-26 9:03 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-05-25 8:37 How to test the kernel netfilter logic? Konstantin Khorenko
2020-05-25 12:50 ` Stefano Brivio
2020-05-25 14:00 ` Konstantin Khorenko
2020-05-25 23:12 ` Stefano Brivio
2020-05-26 9:03 ` Konstantin Khorenko
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.