From: Florian Westphal <fw@strlen.de>
To: steffen.klassert@secunet.com
Cc: xiyou.wangcong@gmail.com, <netdev@vger.kernel.org>,
Florian Westphal <fw@strlen.de>
Subject: [PATCH ipsec 6/7] selftests: xfrm: alter htresh to trigger move of policies to hash table
Date: Fri, 4 Jan 2019 14:17:04 +0100 [thread overview]
Message-ID: <20190104131705.9550-7-fw@strlen.de> (raw)
In-Reply-To: <20190104131705.9550-1-fw@strlen.de>
... and back to inexact tree.
Repeat ping test after each htresh change: lookup results must not change.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
tools/testing/selftests/net/xfrm_policy.sh | 44 ++++++++++++++++++++--
1 file changed, 40 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/net/xfrm_policy.sh b/tools/testing/selftests/net/xfrm_policy.sh
index b5a1b565a7e6..8ce54600d4d1 100755
--- a/tools/testing/selftests/net/xfrm_policy.sh
+++ b/tools/testing/selftests/net/xfrm_policy.sh
@@ -28,6 +28,19 @@ KEY_AES=0x0123456789abcdef0123456789012345
SPI1=0x1
SPI2=0x2
+do_esp_policy() {
+ local ns=$1
+ local me=$2
+ local remote=$3
+ local lnet=$4
+ local rnet=$5
+
+ # to encrypt packets as they go out (includes forwarded packets that need encapsulation)
+ ip -net $ns xfrm policy add src $lnet dst $rnet dir out tmpl src $me dst $remote proto esp mode tunnel priority 100 action allow
+ # to fwd decrypted packets after esp processing:
+ ip -net $ns xfrm policy add src $rnet dst $lnet dir fwd tmpl src $remote dst $me proto esp mode tunnel priority 100 action allow
+}
+
do_esp() {
local ns=$1
local me=$2
@@ -40,10 +53,7 @@ do_esp() {
ip -net $ns xfrm state add src $remote dst $me proto esp spi $spi_in enc aes $KEY_AES auth sha1 $KEY_SHA mode tunnel sel src $rnet dst $lnet
ip -net $ns xfrm state add src $me dst $remote proto esp spi $spi_out enc aes $KEY_AES auth sha1 $KEY_SHA mode tunnel sel src $lnet dst $rnet
- # to encrypt packets as they go out (includes forwarded packets that need encapsulation)
- ip -net $ns xfrm policy add src $lnet dst $rnet dir out tmpl src $me dst $remote proto esp mode tunnel priority 100 action allow
- # to fwd decrypted packets after esp processing:
- ip -net $ns xfrm policy add src $rnet dst $lnet dir fwd tmpl src $remote dst $me proto esp mode tunnel priority 100 action allow
+ do_esp_policy $ns $me $remote $lnet $rnet
}
# add policies with different netmasks, to make sure kernel carries
@@ -370,6 +380,32 @@ if [ $? -ne 0 ]; then
ret=1
fi
+for n in ns3 ns4;do
+ ip -net $n xfrm policy set hthresh4 28 24 hthresh6 126 125
+ sleep $((RANDOM%5))
+done
+
+check_exceptions "exceptions and block policies after hresh changes"
+
+# full flush of policy db, check everything gets freed incl. internal meta data
+ip -net ns3 xfrm policy flush
+
+do_esp_policy ns3 10.0.3.1 10.0.3.10 10.0.1.0/24 10.0.2.0/24
+do_exception ns3 10.0.3.1 10.0.3.10 10.0.2.253 10.0.2.240/28
+
+# move inexact policies to hash table
+ip -net ns3 xfrm policy set hthresh4 16 16
+
+sleep $((RANDOM%5))
+check_exceptions "exceptions and block policies after hthresh change in ns3"
+
+# restore original hthresh settings -- move policies back to tables
+for n in ns3 ns4;do
+ ip -net $n xfrm policy set hthresh4 32 32 hthresh6 128 128
+ sleep $((RANDOM%5))
+done
+check_exceptions "exceptions and block policies after hresh change to normal"
+
for i in 1 2 3 4;do ip netns del ns$i;done
exit $ret
--
2.19.2
next prev parent reply other threads:[~2019-01-04 13:19 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-04 13:16 [PATCH ipsec 0/7] xfrm: policy: fix various bugs Florian Westphal
2019-01-04 13:16 ` [PATCH ipsec 1/7] selftests: xfrm: add block rules with adjacent/overlapping subnets Florian Westphal
2019-01-04 13:17 ` [PATCH ipsec 2/7] xfrm: policy: use hlist rcu variants on inexact insert, part 2 Florian Westphal
2019-01-04 13:17 ` [PATCH ipsec 3/7] xfrm: policy: increment xfrm_hash_generation on hash rebuild Florian Westphal
2019-01-04 13:17 ` [PATCH ipsec 4/7] xfrm: policy: delete inexact policies from inexact list " Florian Westphal
2019-01-05 4:46 ` Cong Wang
2019-01-05 9:53 ` Florian Westphal
2019-01-04 13:17 ` [PATCH ipsec 5/7] xfrm: policy: fix reinsertion on node merge Florian Westphal
2019-01-05 4:48 ` Cong Wang
2019-01-05 9:57 ` Florian Westphal
2019-01-04 13:17 ` Florian Westphal [this message]
2019-01-04 13:17 ` [PATCH ipsec 7/7] xfrm: policy: fix infinite loop when merging src-nodes Florian Westphal
2019-01-05 4:49 ` Cong Wang
2019-01-05 9:59 ` Florian Westphal
2019-01-09 13:03 ` Steffen Klassert
2019-01-10 8:09 ` [PATCH ipsec 0/7] xfrm: policy: fix various bugs Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190104131705.9550-7-fw@strlen.de \
--to=fw@strlen.de \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).