selftests: netfilter: add test case for nf trace infrastructure

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Enable/disable tracing infrastructure while packets are in-flight.
This triggers KASAN splat after
e34b9ed96ce3 ("netfilter: nf_tables: avoid skb access on nf_stolen").

While at it, reduce script run time as well.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Florian Westphal and committed by

Jakub Kicinski 3 years ago fe9e420d 399a14ec

+76 -5

1 changed file

expand all

tools

testing

selftests

netfilter

nft_trans_stress.sh

+76 -5

tools/testing/selftests/netfilter/nft_trans_stress.sh

··· 9 9 # Kselftest framework requirement - SKIP code is 4. 10 10 ksft_skip=4 11 11 12 - testns=testns1 12 + testns=testns-$(mktemp -u "XXXXXXXX") 13 + 13 14 tables="foo bar baz quux" 15 + global_ret=0 16 + eret=0 17 + lret=0 18 + 19 + check_result() 20 + { 21 + local r=$1 22 + local OK="PASS" 23 + 24 + if [ $r -ne 0 ] ;then 25 + OK="FAIL" 26 + global_ret=$r 27 + fi 28 + 29 + echo "$OK: nft $2 test returned $r" 30 + 31 + eret=0 32 + } 14 33 15 34 nft --version > /dev/null 2>&1 16 35 if [ $? -ne 0 ];then ··· 78 59 79 60 sleep 1 80 61 62 + ip netns exec "$testns" nft -f "$tmp" 81 63 for i in $(seq 1 10) ; do ip netns exec "$testns" nft -f "$tmp" & done 82 64 83 65 for table in $tables;do 84 - randsleep=$((RANDOM%10)) 66 + randsleep=$((RANDOM%2)) 85 67 sleep $randsleep 86 - ip netns exec "$testns" nft delete table inet $table 2>/dev/null 68 + ip netns exec "$testns" nft delete table inet $table 69 + lret=$? 70 + if [ $lret -ne 0 ]; then 71 + eret=$lret 72 + fi 87 73 done 88 74 89 - randsleep=$((RANDOM%10)) 90 - sleep $randsleep 75 + check_result $eret "add/delete" 76 + 77 + for i in $(seq 1 10) ; do 78 + (echo "flush ruleset"; cat "$tmp") | ip netns exec "$testns" nft -f /dev/stdin 79 + 80 + lret=$? 81 + if [ $lret -ne 0 ]; then 82 + eret=$lret 83 + fi 84 + done 85 + 86 + check_result $eret "reload" 87 + 88 + for i in $(seq 1 10) ; do 89 + (echo "flush ruleset"; cat "$tmp" 90 + echo "insert rule inet foo INPUT meta nftrace set 1" 91 + echo "insert rule inet foo OUTPUT meta nftrace set 1" 92 + ) | ip netns exec "$testns" nft -f /dev/stdin 93 + lret=$? 94 + if [ $lret -ne 0 ]; then 95 + eret=$lret 96 + fi 97 + 98 + (echo "flush ruleset"; cat "$tmp" 99 + ) | ip netns exec "$testns" nft -f /dev/stdin 100 + 101 + lret=$? 102 + if [ $lret -ne 0 ]; then 103 + eret=$lret 104 + fi 105 + done 106 + 107 + check_result $eret "add/delete with nftrace enabled" 108 + 109 + echo "insert rule inet foo INPUT meta nftrace set 1" >> $tmp 110 + echo "insert rule inet foo OUTPUT meta nftrace set 1" >> $tmp 111 + 112 + for i in $(seq 1 10) ; do 113 + (echo "flush ruleset"; cat "$tmp") | ip netns exec "$testns" nft -f /dev/stdin 114 + 115 + lret=$? 116 + if [ $lret -ne 0 ]; then 117 + eret=1 118 + fi 119 + done 120 + 121 + check_result $lret "add/delete with nftrace enabled" 91 122 92 123 pkill -9 ping 93 124 ··· 145 76 146 77 rm -f "$tmp" 147 78 ip netns del "$testns" 79 + 80 + exit $global_ret