Re: [PATCH net v4 2/5] selftests: net: run reuseport in an isolated netns

[Stefano Brivio <sbrivio@redhat.com>]

Sorry for the late review, just one hint here (no changes requested):

On Mon,  9 Mar 2026 15:20:10 +0000
Aleksei Oladko <aleksey.oladko@virtuozzo.com> wrote:

> The reuseport_* tests (bpf, bpf_cpu, bpf_numa, dualstack) currently use
> a fixed port range. This can cause intermittent test failures when the
> ports are already in use by other services:
> 
>   failed to bind receive socket: Address already in use
> 
> To avoid conflicts, run these tests in separate network namespaces using
> unshare. Each test now has its own isolated network stack, preventing
> port collisions with the host services.
> 
> Signed-off-by: Aleksei Oladko <aleksey.oladko@virtuozzo.com>
> ---
>  tools/testing/selftests/net/reuseport_bpf.c       | 11 +++++++++++
>  tools/testing/selftests/net/reuseport_bpf_cpu.c   | 10 ++++++++++
>  tools/testing/selftests/net/reuseport_bpf_numa.c  | 10 ++++++++++
>  tools/testing/selftests/net/reuseport_dualstack.c | 11 +++++++++++
>  4 files changed, 42 insertions(+)
> 
> diff --git a/tools/testing/selftests/net/reuseport_bpf.c b/tools/testing/selftests/net/reuseport_bpf.c
> index b6634d6da3d6..12e48b97b862 100644
> --- a/tools/testing/selftests/net/reuseport_bpf.c
> +++ b/tools/testing/selftests/net/reuseport_bpf.c
> @@ -23,6 +23,7 @@
>  #include <sys/socket.h>
>  #include <sys/resource.h>
>  #include <unistd.h>
> +#include <sched.h>
>  
>  #include "kselftest.h"
>  
> @@ -455,8 +456,18 @@ static __attribute__((destructor)) void main_dtor(void)
>  	setrlimit(RLIMIT_MEMLOCK, &rlim_old);
>  }
>  
> +static void setup_netns(void)
> +{
> +	if (unshare(CLONE_NEWNET))
> +		error(1, errno, "failed to unshare netns");
> +	if (system("ip link set lo up"))
> +		error(1, 0, "failed to bring up lo interface in netns");

I don't have much against this approach, except that it needs root /
UID 0 (but these are BPF tests anyway, and that was also the case for
3/5 before), and that it's a bit ugly to invoke ip-link like that.

Anyway, should you or somebody else ever need a snippet that does this
as unprivileged user (giving CLONE_NEWUSER at the same time) and without
external tools or libraries, I made this a while ago:

  https://archives.passt.top/passt-dev/20231206160808.3d312733@elisabeth/

It detaches the network namespace, brings up 'lo' with a minimalistic
netlink implementation, and lets you do whatever you need there.

I guess ideally it could live under selftests/net/lib/ and be used from
C programs or as stand-alone tool for shell scripts as well.

I don't see myself polishing things up and proposing that in the
foreseeable future, but I thought maybe you're interested in it.

> +}
> +
>  int main(void)
>  {
> +	setup_netns();
> +
>  	fprintf(stderr, "---- IPv4 UDP ----\n");
>  	/* NOTE: UDP socket lookups traverse a different code path when there
>  	 * are > 10 sockets in a group.  Run the bpf test through both paths.
> diff --git a/tools/testing/selftests/net/reuseport_bpf_cpu.c b/tools/testing/selftests/net/reuseport_bpf_cpu.c
> index 2d646174729f..ddfe92f6597a 100644
> --- a/tools/testing/selftests/net/reuseport_bpf_cpu.c
> +++ b/tools/testing/selftests/net/reuseport_bpf_cpu.c
> @@ -228,10 +228,20 @@ static void test(int *rcv_fd, int len, int family, int proto)
>  		close(rcv_fd[cpu]);
>  }
>  
> +static void setup_netns(void)
> +{
> +	if (unshare(CLONE_NEWNET))
> +		error(1, errno, "failed to unshare netns");
> +	if (system("ip link set lo up"))
> +		error(1, 0, "failed to bring up lo interface in netns");
> +}
> +
>  int main(void)
>  {
>  	int *rcv_fd, cpus;
>  
> +	setup_netns();
> +
>  	cpus = sysconf(_SC_NPROCESSORS_ONLN);
>  	if (cpus <= 0)
>  		error(1, errno, "failed counting cpus");
> diff --git a/tools/testing/selftests/net/reuseport_bpf_numa.c b/tools/testing/selftests/net/reuseport_bpf_numa.c
> index 2ffd957ffb15..8ec52fc5ef41 100644
> --- a/tools/testing/selftests/net/reuseport_bpf_numa.c
> +++ b/tools/testing/selftests/net/reuseport_bpf_numa.c
> @@ -230,10 +230,20 @@ static void test(int *rcv_fd, int len, int family, int proto)
>  		close(rcv_fd[node]);
>  }
>  
> +static void setup_netns(void)
> +{
> +	if (unshare(CLONE_NEWNET))
> +		error(1, errno, "failed to unshare netns");
> +	if (system("ip link set lo up"))
> +		error(1, 0, "failed to bring up lo interface in netns");
> +}
> +
>  int main(void)
>  {
>  	int *rcv_fd, nodes;
>  
> +	setup_netns();
> +
>  	if (numa_available() < 0)
>  		ksft_exit_skip("no numa api support\n");
>  
> diff --git a/tools/testing/selftests/net/reuseport_dualstack.c b/tools/testing/selftests/net/reuseport_dualstack.c
> index fb7a59ed759e..0eaf739d0c85 100644
> --- a/tools/testing/selftests/net/reuseport_dualstack.c
> +++ b/tools/testing/selftests/net/reuseport_dualstack.c
> @@ -25,6 +25,7 @@
>  #include <sys/types.h>
>  #include <sys/socket.h>
>  #include <unistd.h>
> +#include <sched.h>
>  
>  static const int PORT = 8888;
>  
> @@ -156,10 +157,20 @@ static void test(int *rcv_fds, int count, int proto)
>  	close(epfd);
>  }
>  
> +static void setup_netns(void)
> +{
> +	if (unshare(CLONE_NEWNET))
> +		error(1, errno, "failed to unshare netns");
> +	if (system("ip link set lo up"))
> +		error(1, 0, "failed to bring up lo interface in netns");
> +}
> +
>  int main(void)
>  {
>  	int rcv_fds[32], i;
>  
> +	setup_netns();
> +
>  	fprintf(stderr, "---- UDP IPv4 created before IPv6 ----\n");
>  	build_rcv_fd(AF_INET, SOCK_DGRAM, rcv_fds, 5);
>  	build_rcv_fd(AF_INET6, SOCK_DGRAM, &(rcv_fds[5]), 5);

-- 
Stefano