* [PATCH 0/4] Netfilter fixes for net
@ 2020-10-07 0:10 Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 1/4] selftests: netfilter: add cpu counter check Pablo Neira Ayuso
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2020-10-07 0:10 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
Hi,
The following patchset contains Netfilter selftests fixes from
Fabian Frederick:
1) Extend selftest nft_meta.sh to check for meta cpu.
2) Fix selftest nft_meta.sh error reporting.
3) Fix shellcheck warnings in selftest nft_meta.sh.
4) Extend selftest nft_meta.sh to check for meta time.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thank you!
----------------------------------------------------------------
The following changes since commit 25b8ab916dd7a1f490b603d68c7765c06f9ed9e1:
Merge tag 'mac80211-for-net-2020-09-21' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 (2020-09-21 14:54:35 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 48d072c4e8cdb542ade06727c31d7851bcc40a89:
selftests: netfilter: add time counter check (2020-09-30 11:49:18 +0200)
----------------------------------------------------------------
Fabian Frederick (4):
selftests: netfilter: add cpu counter check
selftests: netfilter: fix nft_meta.sh error reporting
selftests: netfilter: remove unused cnt and simplify command testing
selftests: netfilter: add time counter check
tools/testing/selftests/netfilter/nft_meta.sh | 32 +++++++++++++++++++++------
1 file changed, 25 insertions(+), 7 deletions(-)
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/4] selftests: netfilter: add cpu counter check
2020-10-07 0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
@ 2020-10-07 0:10 ` Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 2/4] selftests: netfilter: fix nft_meta.sh error reporting Pablo Neira Ayuso
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2020-10-07 0:10 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
From: Fabian Frederick <fabf@skynet.be>
run task on first CPU with netfilter counters reset and check
cpu meta after another ping
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tools/testing/selftests/netfilter/nft_meta.sh | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/tools/testing/selftests/netfilter/nft_meta.sh b/tools/testing/selftests/netfilter/nft_meta.sh
index d250b84dd5bc..17b2d6eaa204 100755
--- a/tools/testing/selftests/netfilter/nft_meta.sh
+++ b/tools/testing/selftests/netfilter/nft_meta.sh
@@ -33,6 +33,7 @@ table inet filter {
counter infproto4count {}
counter il4protocounter {}
counter imarkcounter {}
+ counter icpu0counter {}
counter oifcount {}
counter oifnamecount {}
@@ -54,6 +55,7 @@ table inet filter {
meta nfproto ipv4 counter name "infproto4count"
meta l4proto icmp counter name "il4protocounter"
meta mark 42 counter name "imarkcounter"
+ meta cpu 0 counter name "icpu0counter"
}
chain output {
@@ -119,6 +121,18 @@ check_one_counter omarkcounter "1" true
if [ $ret -eq 0 ];then
echo "OK: nftables meta iif/oif counters at expected values"
+else
+ exit $ret
+fi
+
+#First CPU execution and counter
+taskset -p 01 $$ > /dev/null
+ip netns exec "$ns0" nft reset counters > /dev/null
+ip netns exec "$ns0" ping -q -c 1 127.0.0.1 > /dev/null
+check_one_counter icpu0counter "2" true
+
+if [ $ret -eq 0 ];then
+ echo "OK: nftables meta cpu counter at expected values"
fi
exit $ret
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/4] selftests: netfilter: fix nft_meta.sh error reporting
2020-10-07 0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 1/4] selftests: netfilter: add cpu counter check Pablo Neira Ayuso
@ 2020-10-07 0:10 ` Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 3/4] selftests: netfilter: remove unused cnt and simplify command testing Pablo Neira Ayuso
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2020-10-07 0:10 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
From: Fabian Frederick <fabf@skynet.be>
When some test directly done with check_one_counter() fails,
counter variable is undefined. This patch calls ip with cname
which avoids errors like:
FAIL: oskuidcounter, want "packets 2", got
Error: syntax error, unexpected newline, expecting string
list counter inet filter
^
Error is now correctly rendered:
FAIL: oskuidcounter, want "packets 2", got
table inet filter {
counter oskuidcounter {
packets 1 bytes 84
}
}
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tools/testing/selftests/netfilter/nft_meta.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/netfilter/nft_meta.sh b/tools/testing/selftests/netfilter/nft_meta.sh
index 17b2d6eaa204..1f5b46542c14 100755
--- a/tools/testing/selftests/netfilter/nft_meta.sh
+++ b/tools/testing/selftests/netfilter/nft_meta.sh
@@ -90,7 +90,7 @@ check_one_counter()
if [ $? -ne 0 ];then
echo "FAIL: $cname, want \"$want\", got"
ret=1
- ip netns exec "$ns0" nft list counter inet filter $counter
+ ip netns exec "$ns0" nft list counter inet filter $cname
fi
}
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 3/4] selftests: netfilter: remove unused cnt and simplify command testing
2020-10-07 0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 1/4] selftests: netfilter: add cpu counter check Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 2/4] selftests: netfilter: fix nft_meta.sh error reporting Pablo Neira Ayuso
@ 2020-10-07 0:10 ` Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 4/4] selftests: netfilter: add time counter check Pablo Neira Ayuso
2020-10-09 19:19 ` [PATCH 0/4] Netfilter fixes for net Jakub Kicinski
4 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2020-10-07 0:10 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
From: Fabian Frederick <fabf@skynet.be>
cnt was not used in nft_meta.sh
This patch also fixes 2 shellcheck SC2181 warnings:
"check exit code directly with e.g. 'if mycmd;', not indirectly with
$?."
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tools/testing/selftests/netfilter/nft_meta.sh | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/netfilter/nft_meta.sh b/tools/testing/selftests/netfilter/nft_meta.sh
index 1f5b46542c14..18a1abca3262 100755
--- a/tools/testing/selftests/netfilter/nft_meta.sh
+++ b/tools/testing/selftests/netfilter/nft_meta.sh
@@ -7,8 +7,7 @@ ksft_skip=4
sfx=$(mktemp -u "XXXXXXXX")
ns0="ns0-$sfx"
-nft --version > /dev/null 2>&1
-if [ $? -ne 0 ];then
+if ! nft --version > /dev/null 2>&1; then
echo "SKIP: Could not run test without nft tool"
exit $ksft_skip
fi
@@ -86,8 +85,7 @@ check_one_counter()
local want="packets $2"
local verbose="$3"
- cnt=$(ip netns exec "$ns0" nft list counter inet filter $cname | grep -q "$want")
- if [ $? -ne 0 ];then
+ if ! ip netns exec "$ns0" nft list counter inet filter $cname | grep -q "$want"; then
echo "FAIL: $cname, want \"$want\", got"
ret=1
ip netns exec "$ns0" nft list counter inet filter $cname
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 4/4] selftests: netfilter: add time counter check
2020-10-07 0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
` (2 preceding siblings ...)
2020-10-07 0:10 ` [PATCH 3/4] selftests: netfilter: remove unused cnt and simplify command testing Pablo Neira Ayuso
@ 2020-10-07 0:10 ` Pablo Neira Ayuso
2020-10-09 19:19 ` [PATCH 0/4] Netfilter fixes for net Jakub Kicinski
4 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2020-10-07 0:10 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
From: Fabian Frederick <fabf@skynet.be>
Check packets are correctly placed in current year.
Also do a NULL check for another one.
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tools/testing/selftests/netfilter/nft_meta.sh | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/netfilter/nft_meta.sh b/tools/testing/selftests/netfilter/nft_meta.sh
index 18a1abca3262..087f0e6e71ce 100755
--- a/tools/testing/selftests/netfilter/nft_meta.sh
+++ b/tools/testing/selftests/netfilter/nft_meta.sh
@@ -23,6 +23,8 @@ ip -net "$ns0" addr add 127.0.0.1 dev lo
trap cleanup EXIT
+currentyear=$(date +%G)
+lastyear=$((currentyear-1))
ip netns exec "$ns0" nft -f /dev/stdin <<EOF
table inet filter {
counter iifcount {}
@@ -33,6 +35,8 @@ table inet filter {
counter il4protocounter {}
counter imarkcounter {}
counter icpu0counter {}
+ counter ilastyearcounter {}
+ counter icurrentyearcounter {}
counter oifcount {}
counter oifnamecount {}
@@ -55,6 +59,8 @@ table inet filter {
meta l4proto icmp counter name "il4protocounter"
meta mark 42 counter name "imarkcounter"
meta cpu 0 counter name "icpu0counter"
+ meta time "$lastyear-01-01" - "$lastyear-12-31" counter name ilastyearcounter
+ meta time "$currentyear-01-01" - "$currentyear-12-31" counter name icurrentyearcounter
}
chain output {
@@ -100,8 +106,7 @@ check_lo_counters()
for counter in iifcount iifnamecount iifgroupcount iiftypecount infproto4count \
oifcount oifnamecount oifgroupcount oiftypecount onfproto4count \
- il4protocounter \
- ol4protocounter \
+ il4protocounter icurrentyearcounter ol4protocounter \
; do
check_one_counter "$counter" "$want" "$verbose"
done
@@ -116,6 +121,7 @@ check_one_counter oskuidcounter "1" true
check_one_counter oskgidcounter "1" true
check_one_counter imarkcounter "1" true
check_one_counter omarkcounter "1" true
+check_one_counter ilastyearcounter "0" true
if [ $ret -eq 0 ];then
echo "OK: nftables meta iif/oif counters at expected values"
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 0/4] Netfilter fixes for net
2020-10-07 0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
` (3 preceding siblings ...)
2020-10-07 0:10 ` [PATCH 4/4] selftests: netfilter: add time counter check Pablo Neira Ayuso
@ 2020-10-09 19:19 ` Jakub Kicinski
4 siblings, 0 replies; 6+ messages in thread
From: Jakub Kicinski @ 2020-10-09 19:19 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, davem, netdev
On Wed, 7 Oct 2020 02:10:23 +0200 Pablo Neira Ayuso wrote:
> The following patchset contains Netfilter selftests fixes from
> Fabian Frederick:
>
> 1) Extend selftest nft_meta.sh to check for meta cpu.
>
> 2) Fix selftest nft_meta.sh error reporting.
>
> 3) Fix shellcheck warnings in selftest nft_meta.sh.
>
> 4) Extend selftest nft_meta.sh to check for meta time.
>
> Please, pull these changes from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Pulled, thank you!
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-10-09 19:19 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-07 0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 1/4] selftests: netfilter: add cpu counter check Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 2/4] selftests: netfilter: fix nft_meta.sh error reporting Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 3/4] selftests: netfilter: remove unused cnt and simplify command testing Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 4/4] selftests: netfilter: add time counter check Pablo Neira Ayuso
2020-10-09 19:19 ` [PATCH 0/4] Netfilter fixes for net Jakub Kicinski
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.