[PATCH net v2] selftests: netfilter: ipvs.sh: Explicity disable rp_filter on interface tunl0

[PATCH net v2] selftests: netfilter: ipvs.sh: Explicity disable rp_filter on interface tunl0

[Yi Chen]

Although setup_ns() set net.ipv4.conf.default.rp_filter=0,
loading certain module such as ipip will automatically create a tunl0 interface
in all netns including new created ones. In the script, this is before than
default.rp_filter=0 applied, as a result tunl0.rp_filter remains set to 1
which causes the test report FAIL when ipip module is preloaded.

Before fix:
Testing DR mode...
Testing NAT mode...
Testing Tunnel mode...
ipvs.sh: FAIL

After fix:
Testing DR mode...
Testing NAT mode...
Testing Tunnel mode...
ipvs.sh: PASS

Fixes: 7c8b89ec506e ("selftests: netfilter: remove rp_filter configuration")

v2: Fixed the format of Fixes tag.
Signed-off-by: Yi Chen <yiche@redhat.com>
---
 tools/testing/selftests/net/netfilter/ipvs.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/net/netfilter/ipvs.sh b/tools/testing/selftests/net/netfilter/ipvs.sh
index 6af2ea3ad6b8..9c9d5b38ab71 100755
--- a/tools/testing/selftests/net/netfilter/ipvs.sh
+++ b/tools/testing/selftests/net/netfilter/ipvs.sh
@@ -151,7 +151,7 @@ test_nat() {
 test_tun() {
 	ip netns exec "${ns0}" ip route add "${vip_v4}" via "${gip_v4}" dev br0
 
-	ip netns exec "${ns1}" modprobe -q ipip
+	modprobe -q ipip
 	ip netns exec "${ns1}" ip link set tunl0 up
 	ip netns exec "${ns1}" sysctl -qw net.ipv4.ip_forward=0
 	ip netns exec "${ns1}" sysctl -qw net.ipv4.conf.all.send_redirects=0
@@ -160,10 +160,10 @@ test_tun() {
 	ip netns exec "${ns1}" ipvsadm -a -i -t "${vip_v4}:${port}" -r ${rip_v4}:${port}
 	ip netns exec "${ns1}" ip addr add ${vip_v4}/32 dev lo:1
 
-	ip netns exec "${ns2}" modprobe -q ipip
 	ip netns exec "${ns2}" ip link set tunl0 up
 	ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.all.arp_ignore=1
 	ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.all.arp_announce=2
+	ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.tunl0.rp_filter=0
 	ip netns exec "${ns2}" ip addr add "${vip_v4}/32" dev lo:1
 
 	test_service
-- 
2.50.1

Re: [PATCH net v2] selftests: netfilter: ipvs.sh: Explicity disable rp_filter on interface tunl0

[Simon Horman]

+ Hangbin

On Thu, Jul 24, 2025 at 04:06:53PM +0800, Yi Chen wrote:
> Although setup_ns() set net.ipv4.conf.default.rp_filter=0,
> loading certain module such as ipip will automatically create a tunl0 interface
> in all netns including new created ones. In the script, this is before than
> default.rp_filter=0 applied, as a result tunl0.rp_filter remains set to 1
> which causes the test report FAIL when ipip module is preloaded.
> 
> Before fix:
> Testing DR mode...
> Testing NAT mode...
> Testing Tunnel mode...
> ipvs.sh: FAIL
> 
> After fix:
> Testing DR mode...
> Testing NAT mode...
> Testing Tunnel mode...
> ipvs.sh: PASS
> 
> Fixes: 7c8b89ec506e ("selftests: netfilter: remove rp_filter configuration")
> 
> v2: Fixed the format of Fixes tag.
> Signed-off-by: Yi Chen <yiche@redhat.com>
> ---
>  tools/testing/selftests/net/netfilter/ipvs.sh | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

For future reference, there should be no blank line between
the Fixes and other tags. And, version information should go
below the scissors ('---').

Something like this:

Fixes: ...
Signed-off-by: ...
--- 
 diffstat goes here

v2: Fixed the format of Fixes tag.

And it is ok to have multiple scissors ('---'), sometimes tooling does that.
The main point is that what is above the first scissors will, generally,
show up in Git history, while what is below won't. While everything ends
up in mailing list archives and so on.

Also, if you do end up posting a v3 for some reason.
Please consider correcting the spelling of Explicitly in the subject.
This is flagged by checkpatch.pl --codespell

And, please generate the CC list for patches using
get_maintainer.pl this.patch. Which will include people
involved in the commit cited in the Fixes tag.
I've CCed Hangbin, to follow that pattern.

The above notwithstanding, this looks good to me.

Reviewed-by: Simon Horman <horms@kernel.org>

> 
> diff --git a/tools/testing/selftests/net/netfilter/ipvs.sh b/tools/testing/selftests/net/netfilter/ipvs.sh
> index 6af2ea3ad6b8..9c9d5b38ab71 100755
> --- a/tools/testing/selftests/net/netfilter/ipvs.sh
> +++ b/tools/testing/selftests/net/netfilter/ipvs.sh
> @@ -151,7 +151,7 @@ test_nat() {
>  test_tun() {
>  	ip netns exec "${ns0}" ip route add "${vip_v4}" via "${gip_v4}" dev br0
>  
> -	ip netns exec "${ns1}" modprobe -q ipip
> +	modprobe -q ipip
>  	ip netns exec "${ns1}" ip link set tunl0 up
>  	ip netns exec "${ns1}" sysctl -qw net.ipv4.ip_forward=0
>  	ip netns exec "${ns1}" sysctl -qw net.ipv4.conf.all.send_redirects=0
> @@ -160,10 +160,10 @@ test_tun() {
>  	ip netns exec "${ns1}" ipvsadm -a -i -t "${vip_v4}:${port}" -r ${rip_v4}:${port}
>  	ip netns exec "${ns1}" ip addr add ${vip_v4}/32 dev lo:1
>  
> -	ip netns exec "${ns2}" modprobe -q ipip
>  	ip netns exec "${ns2}" ip link set tunl0 up
>  	ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.all.arp_ignore=1
>  	ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.all.arp_announce=2
> +	ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.tunl0.rp_filter=0
>  	ip netns exec "${ns2}" ip addr add "${vip_v4}/32" dev lo:1
>  
>  	test_service
> -- 
> 2.50.1
>