All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH nf-next v2] selftests: netfilter: flowtable vlan filtering bridge support
@ 2022-05-25  8:38 wenxu
  2022-05-26  6:33 ` wenxu
  0 siblings, 1 reply; 2+ messages in thread
From: wenxu @ 2022-05-25  8:38 UTC (permalink / raw)
  To: pablo; +Cc: netfilter-devel, wenxu

From: wenxu <wenxu@chinatelecom.cn>

Add vlan_filtering enabled bridge and vlan case.
Add a vlan_filtering bridge device to the Router1 (nsr1) container
and attach the veth0 device to the bridge. Set the IP address to
the bridge device to exercise the bridge forwarding path.
The veth0 add in the vlan 10 domain and the br0 also add in the
vlan 10 domain with untaged.

Signed-off-by: wenxu <wenxu@chinatelecom.cn>
---
v2: fix set up the br0
    change iif br0 to iifname br0 for br0 destroy
    All the test PASS
 
 tools/testing/selftests/netfilter/nft_flowtable.sh | 28 +++++++++++++++++++---
 1 file changed, 25 insertions(+), 3 deletions(-)

diff --git a/tools/testing/selftests/netfilter/nft_flowtable.sh b/tools/testing/selftests/netfilter/nft_flowtable.sh
index d4ffebb..13e03e3 100755
--- a/tools/testing/selftests/netfilter/nft_flowtable.sh
+++ b/tools/testing/selftests/netfilter/nft_flowtable.sh
@@ -37,6 +37,7 @@ checktool "nft --version" "run test without nft tool"
 checktool "ip -Version" "run test without ip tool"
 checktool "which nc" "run test without nc (netcat)"
 checktool "ip netns add nsr1" "create net namespace"
+checktool "bridge -Version" "run test without bridge tool"
 
 ip netns add ns1
 ip netns add ns2
@@ -388,7 +389,7 @@ flush table ip nat
 table ip nat {
    chain prerouting {
       type nat hook prerouting priority 0; policy accept;
-      meta iif "br0" ip daddr 10.6.6.6 tcp dport 1666 counter dnat ip to 10.0.2.99:12345
+      meta iifname "br0" ip daddr 10.6.6.6 tcp dport 1666 counter dnat ip to 10.0.2.99:12345
    }
 
    chain postrouting {
@@ -431,12 +432,33 @@ else
 	ret=1
 fi
 
-# restore test topology (remove bridge and VLAN)
-ip -net nsr1 link set veth0 nomaster
+# Another test:
+# Add vlan filtering bridge interface br0 to Router1, with NAT and VLAN.
+ip -net nsr1 link set veth0.10 nomaster
 ip -net nsr1 link set veth0 down
 ip -net nsr1 link set veth0.10 down
 ip -net nsr1 link delete veth0.10 type vlan
 ip -net nsr1 link delete br0 type bridge
+ip -net nsr1 link add name br0 type bridge vlan_filtering 1
+ip -net nsr1 link set up dev veth0
+ip -net nsr1 link set veth0 master br0
+ip -net nsr1 link set up dev br0
+ip -net nsr1 addr add 10.0.1.1/24 dev br0
+bridge -n nsr1 vlan add dev veth0 vid 10 pvid
+bridge -n nsr1 vlan add dev br0 vid 10 pvid untagged self
+
+if test_tcp_forwarding_nat ns1 ns2; then
+	echo "PASS: flow offloaded for ns1/ns2 with vlan filtering bridge NAT and VLAN"
+else
+	echo "FAIL: flow offload for ns1/ns2 with vlan filtering bridge NAT and VLAN" 1>&2
+	ip netns exec nsr1 nft list ruleset
+	ret=1
+fi
+
+# restore test topology (remove bridge and VLAN)
+ip -net nsr1 link set veth0 nomaster
+ip -net nsr1 link set veth0 down
+ip -net nsr1 link delete br0 type bridge
 ip -net ns1 addr flush dev eth0.10
 ip -net ns1 link set eth0.10 down
 ip -net ns1 link set eth0 down
-- 
1.8.3.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH nf-next v2] selftests: netfilter: flowtable vlan filtering bridge support
  2022-05-25  8:38 [PATCH nf-next v2] selftests: netfilter: flowtable vlan filtering bridge support wenxu
@ 2022-05-26  6:33 ` wenxu
  0 siblings, 0 replies; 2+ messages in thread
From: wenxu @ 2022-05-26  6:33 UTC (permalink / raw)
  To: pablo; +Cc: netfilter-devel

Hi Pablo,


Please drop this first. This test case should base on the vlan encap 
offload feature


BR

wenxu

在 2022/5/25 16:38, wenxu@chinatelecom.cn 写道:
> From: wenxu <wenxu@chinatelecom.cn>
>
> Add vlan_filtering enabled bridge and vlan case.
> Add a vlan_filtering bridge device to the Router1 (nsr1) container
> and attach the veth0 device to the bridge. Set the IP address to
> the bridge device to exercise the bridge forwarding path.
> The veth0 add in the vlan 10 domain and the br0 also add in the
> vlan 10 domain with untaged.
>
> Signed-off-by: wenxu <wenxu@chinatelecom.cn>
> ---
> v2: fix set up the br0
>      change iif br0 to iifname br0 for br0 destroy
>      All the test PASS
>   
>   tools/testing/selftests/netfilter/nft_flowtable.sh | 28 +++++++++++++++++++---
>   1 file changed, 25 insertions(+), 3 deletions(-)
>
> diff --git a/tools/testing/selftests/netfilter/nft_flowtable.sh b/tools/testing/selftests/netfilter/nft_flowtable.sh
> index d4ffebb..13e03e3 100755
> --- a/tools/testing/selftests/netfilter/nft_flowtable.sh
> +++ b/tools/testing/selftests/netfilter/nft_flowtable.sh
> @@ -37,6 +37,7 @@ checktool "nft --version" "run test without nft tool"
>   checktool "ip -Version" "run test without ip tool"
>   checktool "which nc" "run test without nc (netcat)"
>   checktool "ip netns add nsr1" "create net namespace"
> +checktool "bridge -Version" "run test without bridge tool"
>   
>   ip netns add ns1
>   ip netns add ns2
> @@ -388,7 +389,7 @@ flush table ip nat
>   table ip nat {
>      chain prerouting {
>         type nat hook prerouting priority 0; policy accept;
> -      meta iif "br0" ip daddr 10.6.6.6 tcp dport 1666 counter dnat ip to 10.0.2.99:12345
> +      meta iifname "br0" ip daddr 10.6.6.6 tcp dport 1666 counter dnat ip to 10.0.2.99:12345
>      }
>   
>      chain postrouting {
> @@ -431,12 +432,33 @@ else
>   	ret=1
>   fi
>   
> -# restore test topology (remove bridge and VLAN)
> -ip -net nsr1 link set veth0 nomaster
> +# Another test:
> +# Add vlan filtering bridge interface br0 to Router1, with NAT and VLAN.
> +ip -net nsr1 link set veth0.10 nomaster
>   ip -net nsr1 link set veth0 down
>   ip -net nsr1 link set veth0.10 down
>   ip -net nsr1 link delete veth0.10 type vlan
>   ip -net nsr1 link delete br0 type bridge
> +ip -net nsr1 link add name br0 type bridge vlan_filtering 1
> +ip -net nsr1 link set up dev veth0
> +ip -net nsr1 link set veth0 master br0
> +ip -net nsr1 link set up dev br0
> +ip -net nsr1 addr add 10.0.1.1/24 dev br0
> +bridge -n nsr1 vlan add dev veth0 vid 10 pvid
> +bridge -n nsr1 vlan add dev br0 vid 10 pvid untagged self
> +
> +if test_tcp_forwarding_nat ns1 ns2; then
> +	echo "PASS: flow offloaded for ns1/ns2 with vlan filtering bridge NAT and VLAN"
> +else
> +	echo "FAIL: flow offload for ns1/ns2 with vlan filtering bridge NAT and VLAN" 1>&2
> +	ip netns exec nsr1 nft list ruleset
> +	ret=1
> +fi
> +
> +# restore test topology (remove bridge and VLAN)
> +ip -net nsr1 link set veth0 nomaster
> +ip -net nsr1 link set veth0 down
> +ip -net nsr1 link delete br0 type bridge
>   ip -net ns1 addr flush dev eth0.10
>   ip -net ns1 link set eth0.10 down
>   ip -net ns1 link set eth0 down

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-05-26  6:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-25  8:38 [PATCH nf-next v2] selftests: netfilter: flowtable vlan filtering bridge support wenxu
2022-05-26  6:33 ` wenxu

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.