From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
<netfilter-devel@vger.kernel.org>,
pablo@netfilter.org
Subject: [PATCH net-next 03/12] selftests: netfilter: nft_queue.sh: move to lib.sh infra
Date: Mon, 15 Apr 2024 00:57:15 +0200 [thread overview]
Message-ID: <20240414225729.18451-4-fw@strlen.de> (raw)
In-Reply-To: <20240414225729.18451-1-fw@strlen.de>
- switch to socat, like other tests
- use buswait helper to test once listener netns is ready
- do not generate multiple input test files, only generate
one and use cleanup hook to remove it, like other temporary files.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
.../selftests/net/netfilter/nft_queue.sh | 95 +++++++------------
1 file changed, 34 insertions(+), 61 deletions(-)
diff --git a/tools/testing/selftests/net/netfilter/nft_queue.sh b/tools/testing/selftests/net/netfilter/nft_queue.sh
index 2eb65887e570..9aee4169d198 100755
--- a/tools/testing/selftests/net/netfilter/nft_queue.sh
+++ b/tools/testing/selftests/net/netfilter/nft_queue.sh
@@ -3,16 +3,10 @@
# This tests nf_queue:
# 1. can process packets from all hooks
# 2. support running nfqueue from more than one base chain
-#
-# Kselftest framework requirement - SKIP code is 4.
-ksft_skip=4
-ret=0
-sfx=$(mktemp -u "XXXXXXXX")
-ns1="ns1-$sfx"
-ns2="ns2-$sfx"
-nsrouter="nsrouter-$sfx"
-timeout=4
+source lib.sh
+ret=0
+timeout=2
cleanup()
{
@@ -20,9 +14,9 @@ cleanup()
ip netns pids ${ns2} | xargs kill 2>/dev/null
ip netns pids ${nsrouter} | xargs kill 2>/dev/null
- ip netns del ${ns1}
- ip netns del ${ns2}
- ip netns del ${nsrouter}
+ cleanup_all_ns
+
+ rm -f "$TMPINPUT"
rm -f "$TMPFILE0"
rm -f "$TMPFILE1"
rm -f "$TMPFILE2" "$TMPFILE3"
@@ -34,26 +28,17 @@ if [ $? -ne 0 ];then
exit $ksft_skip
fi
-ip -Version > /dev/null 2>&1
-if [ $? -ne 0 ];then
- echo "SKIP: Could not run test without ip tool"
- exit $ksft_skip
-fi
+trap cleanup EXIT
-ip netns add ${nsrouter}
-if [ $? -ne 0 ];then
- echo "SKIP: Could not create net namespace"
- exit $ksft_skip
-fi
+setup_ns ns1 ns2 nsrouter
TMPFILE0=$(mktemp)
TMPFILE1=$(mktemp)
TMPFILE2=$(mktemp)
TMPFILE3=$(mktemp)
-trap cleanup EXIT
-ip netns add ${ns1}
-ip netns add ${ns2}
+TMPINPUT=$(mktemp)
+dd conv=sparse status=none if=/dev/zero bs=1M count=200 of=$TMPINPUT
ip link add veth0 netns ${nsrouter} type veth peer name eth0 netns ${ns1} > /dev/null 2>&1
if [ $? -ne 0 ];then
@@ -62,28 +47,24 @@ if [ $? -ne 0 ];then
fi
ip link add veth1 netns ${nsrouter} type veth peer name eth0 netns ${ns2}
-ip -net ${nsrouter} link set lo up
ip -net ${nsrouter} link set veth0 up
ip -net ${nsrouter} addr add 10.0.1.1/24 dev veth0
-ip -net ${nsrouter} addr add dead:1::1/64 dev veth0
+ip -net ${nsrouter} addr add dead:1::1/64 dev veth0 nodad
ip -net ${nsrouter} link set veth1 up
ip -net ${nsrouter} addr add 10.0.2.1/24 dev veth1
-ip -net ${nsrouter} addr add dead:2::1/64 dev veth1
+ip -net ${nsrouter} addr add dead:2::1/64 dev veth1 nodad
-ip -net ${ns1} link set lo up
ip -net ${ns1} link set eth0 up
-
-ip -net ${ns2} link set lo up
ip -net ${ns2} link set eth0 up
ip -net ${ns1} addr add 10.0.1.99/24 dev eth0
-ip -net ${ns1} addr add dead:1::99/64 dev eth0
+ip -net ${ns1} addr add dead:1::99/64 dev eth0 nodad
ip -net ${ns1} route add default via 10.0.1.1
ip -net ${ns1} route add default via dead:1::1
ip -net ${ns2} addr add 10.0.2.99/24 dev eth0
-ip -net ${ns2} addr add dead:2::99/64 dev eth0
+ip -net ${ns2} addr add dead:2::99/64 dev eth0 nodad
ip -net ${ns2} route add default via 10.0.2.1
ip -net ${ns2} route add default via dead:2::1
@@ -161,7 +142,7 @@ test_ping() {
ip netns exec ${ns1} ping -c 1 -q dead:2::99 > /dev/null
if [ $? -ne 0 ];then
- return 1
+ return 2
fi
return 0
@@ -170,12 +151,12 @@ test_ping() {
test_ping_router() {
ip netns exec ${ns1} ping -c 1 -q 10.0.2.1 > /dev/null
if [ $? -ne 0 ];then
- return 1
+ return 3
fi
ip netns exec ${ns1} ping -c 1 -q dead:2::1 > /dev/null
if [ $? -ne 0 ];then
- return 1
+ return 4
fi
return 0
@@ -257,40 +238,40 @@ test_queue()
echo "PASS: Expected and received $last"
}
+listener_ready()
+{
+ ss -N "$1" -lnt -o "sport = :12345" | grep -q 12345
+}
+
test_tcp_forward()
{
ip netns exec ${nsrouter} ./nf_queue -q 2 -t $timeout &
local nfqpid=$!
- tmpfile=$(mktemp) || exit 1
- dd conv=sparse status=none if=/dev/zero bs=1M count=200 of=$tmpfile
- ip netns exec ${ns2} nc -w 5 -l -p 12345 <"$tmpfile" >/dev/null &
+ timeout 5 ip netns exec ${ns2} socat -u TCP-LISTEN:12345 STDOUT >/dev/null &
local rpid=$!
- sleep 1
- ip netns exec ${ns1} nc -w 5 10.0.2.99 12345 <"$tmpfile" >/dev/null &
+ busywait $BUSYWAIT_TIMEOUT listener_ready ${ns2}
- rm -f "$tmpfile"
+ ip netns exec ${ns1} socat -u STDIN TCP:10.0.2.99:12345 <"$TMPINPUT" >/dev/null
wait $rpid
- wait $lpid
+
[ $? -eq 0 ] && echo "PASS: tcp and nfqueue in forward chain"
}
test_tcp_localhost()
{
- tmpfile=$(mktemp) || exit 1
-
- dd conv=sparse status=none if=/dev/zero bs=1M count=200 of=$tmpfile
- ip netns exec ${nsrouter} nc -w 5 -l -p 12345 <"$tmpfile" >/dev/null &
+ dd conv=sparse status=none if=/dev/zero bs=1M count=200 of=$TMPINPUT
+ timeout 5 ip netns exec ${nsrouter} socat -u TCP-LISTEN:12345 STDOUT >/dev/null &
local rpid=$!
ip netns exec ${nsrouter} ./nf_queue -q 3 -t $timeout &
local nfqpid=$!
- sleep 1
- ip netns exec ${nsrouter} nc -w 5 127.0.0.1 12345 <"$tmpfile" > /dev/null
- rm -f "$tmpfile"
+ busywait $BUSYWAIT_TIMEOUT listener_ready ${nsrouter}
+
+ ip netns exec ${nsrouter} socat -u STDIN TCP:127.0.0.1:12345 <"$TMPINPUT" >/dev/null
wait $rpid
[ $? -eq 0 ] && echo "PASS: tcp via loopback"
@@ -299,15 +280,12 @@ test_tcp_localhost()
test_tcp_localhost_connectclose()
{
- tmpfile=$(mktemp) || exit 1
-
ip netns exec ${nsrouter} ./connect_close -p 23456 -t $timeout &
ip netns exec ${nsrouter} ./nf_queue -q 3 -t $timeout &
local nfqpid=$!
sleep 1
- rm -f "$tmpfile"
wait $rpid
[ $? -eq 0 ] && echo "PASS: tcp via loopback with connect/close"
@@ -329,9 +307,7 @@ table inet filter {
}
}
EOF
- tmpfile=$(mktemp) || exit 1
- dd conv=sparse status=none if=/dev/zero bs=1M count=200 of=$tmpfile
- ip netns exec ${nsrouter} nc -w 5 -l -p 12345 <"$tmpfile" >/dev/null &
+ timeout 5 ip netns exec ${nsrouter} socat -u TCP-LISTEN:12345 STDOUT >/dev/null &
local rpid=$!
ip netns exec ${nsrouter} ./nf_queue -c -q 1 -t $timeout > "$TMPFILE2" &
@@ -340,9 +316,8 @@ EOF
# re-queue the packet to nfqueue program on queue 2.
ip netns exec ${nsrouter} ./nf_queue -G -d 150 -c -q 0 -Q 1 -t $timeout > "$TMPFILE3" &
- sleep 1
- ip netns exec ${nsrouter} nc -w 5 127.0.0.1 12345 <"$tmpfile" > /dev/null
- rm -f "$tmpfile"
+ busywait $BUSYWAIT_TIMEOUT listener_ready ${nsrouter}
+ ip netns exec ${nsrouter} socat -u STDIN TCP:127.0.0.1:12345 <"$TMPINPUT" > /dev/null
wait
@@ -409,8 +384,6 @@ ip netns exec ${nsrouter} sysctl net.ipv4.conf.veth1.forwarding=1 > /dev/null
load_ruleset "filter" 0
-sleep 3
-
test_ping
ret=$?
if [ $ret -eq 0 ];then
--
2.43.2
next prev parent reply other threads:[~2024-04-14 23:04 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-14 22:57 [PATCH net-next 00/12] selftests: netfilter: move to lib.sh infra Florian Westphal
2024-04-14 22:57 ` [PATCH net-next 01/12] selftests: netfilter: conntrack_icmp_related.sh: " Florian Westphal
2024-04-16 8:44 ` Matthieu Baerts
2024-04-16 9:57 ` Florian Westphal
2024-04-14 22:57 ` [PATCH net-next 02/12] selftests: netfilter: conntrack_tcp_unreplied.sh: " Florian Westphal
2024-04-14 22:57 ` Florian Westphal [this message]
2024-04-14 22:57 ` [PATCH net-next 04/12] selftests: netfilter: nft_synproxy.sh: " Florian Westphal
2024-04-14 22:57 ` [PATCH net-next 05/12] selftests: netfilter: nft_zones_many.sh: " Florian Westphal
2024-04-14 22:57 ` [PATCH net-next 06/12] selftests: netfilter: xt_string.sh: " Florian Westphal
2024-04-14 22:57 ` [PATCH net-next 07/12] selftests: netfilter: nft_nat_zones.sh: shellcheck cleanups Florian Westphal
2024-04-14 22:57 ` [PATCH net-next 08/12] selftests: netfilter: nft_queue.sh: " Florian Westphal
2024-04-14 22:57 ` [PATCH net-next 09/12] selftests: netfilter: conntrack_ipip_mtu.sh: " Florian Westphal
2024-04-14 22:57 ` [PATCH net-next 10/12] selftests: netfilter: nft_fib.sh: " Florian Westphal
2024-04-14 22:57 ` [PATCH net-next 11/12] selftests: netfilter: nft_audit.sh: skip if auditd is running Florian Westphal
2024-04-14 22:57 ` [PATCH net-next 12/12] selftests: netfilter: update makefiles and kernel config Florian Westphal
2024-04-15 14:02 ` Jakub Kicinski
2024-04-15 14:30 ` Florian Westphal
2024-04-15 17:46 ` Jakub Kicinski
2024-04-15 18:04 ` Florian Westphal
2024-04-15 8:48 ` [PATCH net-next 00/12] selftests: netfilter: move to lib.sh infra Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240414225729.18451-4-fw@strlen.de \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).