selftests: netfilter: nft_flowtable.sh: Add IPIP flowtable selftest

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Introduce specific selftest for IPIP flowtable SW acceleration in
nft_flowtable.sh

Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Lorenzo Bianconi and committed by

Pablo Neira Ayuso 4 months ago fe831331 d30301ba

+69

1 changed file

expand all

tools

testing

selftests

net

netfilter

nft_flowtable.sh

+69

tools/testing/selftests/net/netfilter/nft_flowtable.sh

··· 558 558 ip netns exec "$nsr1" nft list ruleset 559 559 fi 560 560 561 + # IPIP tunnel test: 562 + # Add IPIP tunnel interfaces and check flowtable acceleration. 563 + test_ipip() { 564 + if ! ip -net "$nsr1" link add name tun0 type ipip \ 565 + local 192.168.10.1 remote 192.168.10.2 >/dev/null;then 566 + echo "SKIP: could not add ipip tunnel" 567 + [ "$ret" -eq 0 ] && ret=$ksft_skip 568 + return 569 + fi 570 + ip -net "$nsr1" link set tun0 up 571 + ip -net "$nsr1" addr add 192.168.100.1/24 dev tun0 572 + ip netns exec "$nsr1" sysctl net.ipv4.conf.tun0.forwarding=1 > /dev/null 573 + 574 + ip -net "$nsr2" link add name tun0 type ipip local 192.168.10.2 remote 192.168.10.1 575 + ip -net "$nsr2" link set tun0 up 576 + ip -net "$nsr2" addr add 192.168.100.2/24 dev tun0 577 + ip netns exec "$nsr2" sysctl net.ipv4.conf.tun0.forwarding=1 > /dev/null 578 + 579 + ip -net "$nsr1" route change default via 192.168.100.2 580 + ip -net "$nsr2" route change default via 192.168.100.1 581 + ip -net "$ns2" route add default via 10.0.2.1 582 + 583 + ip netns exec "$nsr1" nft -a insert rule inet filter forward 'meta oif tun0 accept' 584 + ip netns exec "$nsr1" nft -a insert rule inet filter forward \ 585 + 'meta oif "veth0" tcp sport 12345 ct mark set 1 flow add @f1 counter name routed_repl accept' 586 + 587 + if ! test_tcp_forwarding_nat "$ns1" "$ns2" 1 "IPIP tunnel"; then 588 + echo "FAIL: flow offload for ns1/ns2 with IPIP tunnel" 1>&2 589 + ip netns exec "$nsr1" nft list ruleset 590 + ret=1 591 + fi 592 + 593 + # Create vlan tagged devices for IPIP traffic. 594 + ip -net "$nsr1" link add link veth1 name veth1.10 type vlan id 10 595 + ip -net "$nsr1" link set veth1.10 up 596 + ip -net "$nsr1" addr add 192.168.20.1/24 dev veth1.10 597 + ip netns exec "$nsr1" sysctl net.ipv4.conf.veth1/10.forwarding=1 > /dev/null 598 + ip netns exec "$nsr1" nft -a insert rule inet filter forward 'meta oif veth1.10 accept' 599 + ip -net "$nsr1" link add name tun1 type ipip local 192.168.20.1 remote 192.168.20.2 600 + ip -net "$nsr1" link set tun1 up 601 + ip -net "$nsr1" addr add 192.168.200.1/24 dev tun1 602 + ip -net "$nsr1" route change default via 192.168.200.2 603 + ip netns exec "$nsr1" sysctl net.ipv4.conf.tun1.forwarding=1 > /dev/null 604 + ip netns exec "$nsr1" nft -a insert rule inet filter forward 'meta oif tun1 accept' 605 + 606 + ip -net "$nsr2" link add link veth0 name veth0.10 type vlan id 10 607 + ip -net "$nsr2" link set veth0.10 up 608 + ip -net "$nsr2" addr add 192.168.20.2/24 dev veth0.10 609 + ip netns exec "$nsr2" sysctl net.ipv4.conf.veth0/10.forwarding=1 > /dev/null 610 + ip -net "$nsr2" link add name tun1 type ipip local 192.168.20.2 remote 192.168.20.1 611 + ip -net "$nsr2" link set tun1 up 612 + ip -net "$nsr2" addr add 192.168.200.2/24 dev tun1 613 + ip -net "$nsr2" route change default via 192.168.200.1 614 + ip netns exec "$nsr2" sysctl net.ipv4.conf.tun1.forwarding=1 > /dev/null 615 + 616 + if ! test_tcp_forwarding_nat "$ns1" "$ns2" 1 "IPIP tunnel over vlan"; then 617 + echo "FAIL: flow offload for ns1/ns2 with IPIP tunnel over vlan" 1>&2 618 + ip netns exec "$nsr1" nft list ruleset 619 + ret=1 620 + fi 621 + 622 + # Restore the previous configuration 623 + ip -net "$nsr1" route change default via 192.168.10.2 624 + ip -net "$nsr2" route change default via 192.168.10.1 625 + ip -net "$ns2" route del default via 10.0.2.1 626 + } 627 + 561 628 # Another test: 562 629 # Add bridge interface br0 to Router1, with NAT enabled. 563 630 test_bridge() { ··· 709 642 ip -net "$nsr1" addr add dead:1::1/64 dev veth0 nodad 710 643 ip -net "$nsr1" link set up dev veth0 711 644 } 645 + 646 + test_ipip 712 647 713 648 test_bridge 714 649