From: Ido Schimmel <idosch@nvidia.com>
To: Aleksei Oladko <aleksey.oladko@virtuozzo.com>
Cc: "David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>, Shuah Khan <shuah@kernel.org>,
Petr Machata <petrm@nvidia.com>, Amit Cohen <amcohen@nvidia.com>,
netdev@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/3] selftests: forwarding: fix pedit tests failure with br_netfilter enabled
Date: Wed, 11 Feb 2026 10:11:29 +0200 [thread overview]
Message-ID: <20260211081129.GA475567@shredder> (raw)
In-Reply-To: <20260210185129.480015-4-aleksey.oladko@virtuozzo.com>
On Tue, Feb 10, 2026 at 06:51:29PM +0000, Aleksei Oladko wrote:
> The tests use the tc pedit action to modify the IPv4 source address
> ("pedit ex munge ip src set"), but the IP header checksum is not
> recalculated after the modification. As a result, the modified packet
> fails sanity checks in br_netfilter after bridging and is dropped,
> which causes the test to fail.
>
> Fix this by adding an explicit checksum recalculation using the
> "csum ip" action, so the modified packet contains a valid IPv4
> checksum.
>
> Note on IPv6:
> The tests in pedit_ip.sh also cover IPv6 (test_ip6_src, test_ip6_dst).
> The csum ip action is harmless for IPv6 packets since IPv6 has no
> header checksum — it will be a no-op.
>
> Signed-off-by: Aleksei Oladko <aleksey.oladko@virtuozzo.com>
> ---
> tools/testing/selftests/net/forwarding/pedit_dsfield.sh | 5 +++--
> tools/testing/selftests/net/forwarding/pedit_ip.sh | 2 +-
> 2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/tools/testing/selftests/net/forwarding/pedit_dsfield.sh b/tools/testing/selftests/net/forwarding/pedit_dsfield.sh
> index af008fbf2725..310f96fb2274 100755
> --- a/tools/testing/selftests/net/forwarding/pedit_dsfield.sh
> +++ b/tools/testing/selftests/net/forwarding/pedit_dsfield.sh
> @@ -156,7 +156,7 @@ do_test_pedit_dsfield()
> local daddr=$1; shift
>
> tc filter add $pedit_locus handle 101 pref 1 \
> - flower action pedit ex munge $pedit_action
> + flower action pedit ex munge $pedit_action pipe action csum ip
I believe that this is going to be a problem when running the test over
a device that does not support "action csum" offload.
Can you instead set "net.bridge.bridge-nf-call-iptables" to "0"
(assuming it exists) and restore its original value at the end?
> tc filter add dev $h2 ingress handle 101 pref 1 prot $match_prot \
> flower skip_hw $match_flower action pass
>
> @@ -229,7 +229,8 @@ do_test_ip_dscp_ecn()
>
> tc filter add $locus handle 101 pref 1 \
> flower action pedit ex munge ip dsfield set 124 retain 0xfc \
> - action pedit ex munge ip dsfield set 1 retain 0x03
> + action pedit ex munge ip dsfield set 1 retain 0x03 \
> + pipe action csum ip
> tc filter add dev $h2 ingress handle 101 pref 1 prot ip \
> flower skip_hw ip_tos 125 action pass
>
> diff --git a/tools/testing/selftests/net/forwarding/pedit_ip.sh b/tools/testing/selftests/net/forwarding/pedit_ip.sh
> index d14efb2d23b2..a53ee3b1ef67 100755
> --- a/tools/testing/selftests/net/forwarding/pedit_ip.sh
> +++ b/tools/testing/selftests/net/forwarding/pedit_ip.sh
> @@ -122,7 +122,7 @@ do_test_pedit_ip()
> local mz_flags=$1; shift
>
> tc filter add $pedit_locus handle 101 pref 1 \
> - flower action pedit ex munge $pedit_action
> + flower action pedit ex munge $pedit_action pipe action csum ip
> tc filter add dev $h2 ingress handle 101 pref 1 prot $match_prot \
> flower skip_hw $match_flower action pass
>
> --
> 2.43.0
>
prev parent reply other threads:[~2026-02-11 8:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-10 18:51 [PATCH 0/3] selftests: forwarding: fix br_netfilter related test failures Aleksei Oladko
2026-02-10 18:51 ` [PATCH 1/3] selftests: forwarding: vxlan_bridge_1d: fix test failure with br_netfilter enabled Aleksei Oladko
2026-02-11 8:29 ` Ido Schimmel
2026-02-10 18:51 ` [PATCH 2/3] selftests: forwarding: vxlan_bridge_1d_ipv6: " Aleksei Oladko
2026-02-10 18:51 ` [PATCH 3/3] selftests: forwarding: fix pedit tests " Aleksei Oladko
2026-02-10 23:34 ` Jakub Kicinski
2026-02-11 8:11 ` Ido Schimmel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260211081129.GA475567@shredder \
--to=idosch@nvidia.com \
--cc=aleksey.oladko@virtuozzo.com \
--cc=amcohen@nvidia.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=petrm@nvidia.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.