Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 0/4] Netfilter fixes for net
@ 2020-10-07  0:10 Pablo Neira Ayuso
  2020-10-07  0:10 ` [PATCH 1/4] selftests: netfilter: add cpu counter check Pablo Neira Ayuso
                   ` (4 more replies)
  0 siblings, 5 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2020-10-07  0:10 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev, kuba

Hi,

The following patchset contains Netfilter selftests fixes from
Fabian Frederick:

1) Extend selftest nft_meta.sh to check for meta cpu.

2) Fix selftest nft_meta.sh error reporting.

3) Fix shellcheck warnings in selftest nft_meta.sh.

4) Extend selftest nft_meta.sh to check for meta time.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thank you!

----------------------------------------------------------------

The following changes since commit 25b8ab916dd7a1f490b603d68c7765c06f9ed9e1:

  Merge tag 'mac80211-for-net-2020-09-21' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 (2020-09-21 14:54:35 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to 48d072c4e8cdb542ade06727c31d7851bcc40a89:

  selftests: netfilter: add time counter check (2020-09-30 11:49:18 +0200)

----------------------------------------------------------------
Fabian Frederick (4):
      selftests: netfilter: add cpu counter check
      selftests: netfilter: fix nft_meta.sh error reporting
      selftests: netfilter: remove unused cnt and simplify command testing
      selftests: netfilter: add time counter check

 tools/testing/selftests/netfilter/nft_meta.sh | 32 +++++++++++++++++++++------
 1 file changed, 25 insertions(+), 7 deletions(-)

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH 1/4] selftests: netfilter: add cpu counter check
  2020-10-07  0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
@ 2020-10-07  0:10 ` Pablo Neira Ayuso
  2020-10-07  0:10 ` [PATCH 2/4] selftests: netfilter: fix nft_meta.sh error reporting Pablo Neira Ayuso
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2020-10-07  0:10 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev, kuba

From: Fabian Frederick <fabf@skynet.be>

run task on first CPU with netfilter counters reset and check
cpu meta after another ping

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tools/testing/selftests/netfilter/nft_meta.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/tools/testing/selftests/netfilter/nft_meta.sh b/tools/testing/selftests/netfilter/nft_meta.sh
index d250b84dd5bc..17b2d6eaa204 100755
--- a/tools/testing/selftests/netfilter/nft_meta.sh
+++ b/tools/testing/selftests/netfilter/nft_meta.sh
@@ -33,6 +33,7 @@ table inet filter {
 	counter infproto4count {}
 	counter il4protocounter {}
 	counter imarkcounter {}
+	counter icpu0counter {}
 
 	counter oifcount {}
 	counter oifnamecount {}
@@ -54,6 +55,7 @@ table inet filter {
 		meta nfproto ipv4 counter name "infproto4count"
 		meta l4proto icmp counter name "il4protocounter"
 		meta mark 42 counter name "imarkcounter"
+		meta cpu 0 counter name "icpu0counter"
 	}
 
 	chain output {
@@ -119,6 +121,18 @@ check_one_counter omarkcounter "1" true
 
 if [ $ret -eq 0 ];then
 	echo "OK: nftables meta iif/oif counters at expected values"
+else
+	exit $ret
+fi
+
+#First CPU execution and counter
+taskset -p 01 $$ > /dev/null
+ip netns exec "$ns0" nft reset counters > /dev/null
+ip netns exec "$ns0" ping -q -c 1 127.0.0.1 > /dev/null
+check_one_counter icpu0counter "2" true
+
+if [ $ret -eq 0 ];then
+	echo "OK: nftables meta cpu counter at expected values"
 fi
 
 exit $ret
-- 
2.20.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH 2/4] selftests: netfilter: fix nft_meta.sh error reporting
  2020-10-07  0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
  2020-10-07  0:10 ` [PATCH 1/4] selftests: netfilter: add cpu counter check Pablo Neira Ayuso
@ 2020-10-07  0:10 ` Pablo Neira Ayuso
  2020-10-07  0:10 ` [PATCH 3/4] selftests: netfilter: remove unused cnt and simplify command testing Pablo Neira Ayuso
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2020-10-07  0:10 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev, kuba

From: Fabian Frederick <fabf@skynet.be>

When some test directly done with check_one_counter() fails,
counter variable is undefined. This patch calls ip with cname
which avoids errors like:
FAIL: oskuidcounter, want "packets 2", got
Error: syntax error, unexpected newline, expecting string
list counter inet filter
                        ^
Error is now correctly rendered:
FAIL: oskuidcounter, want "packets 2", got
table inet filter {
	counter oskuidcounter {
		packets 1 bytes 84
	}
}

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tools/testing/selftests/netfilter/nft_meta.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/testing/selftests/netfilter/nft_meta.sh b/tools/testing/selftests/netfilter/nft_meta.sh
index 17b2d6eaa204..1f5b46542c14 100755
--- a/tools/testing/selftests/netfilter/nft_meta.sh
+++ b/tools/testing/selftests/netfilter/nft_meta.sh
@@ -90,7 +90,7 @@ check_one_counter()
 	if [ $? -ne 0 ];then
 		echo "FAIL: $cname, want \"$want\", got"
 		ret=1
-		ip netns exec "$ns0" nft list counter inet filter $counter
+		ip netns exec "$ns0" nft list counter inet filter $cname
 	fi
 }
 
-- 
2.20.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH 3/4] selftests: netfilter: remove unused cnt and simplify command testing
  2020-10-07  0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
  2020-10-07  0:10 ` [PATCH 1/4] selftests: netfilter: add cpu counter check Pablo Neira Ayuso
  2020-10-07  0:10 ` [PATCH 2/4] selftests: netfilter: fix nft_meta.sh error reporting Pablo Neira Ayuso
@ 2020-10-07  0:10 ` Pablo Neira Ayuso
  2020-10-07  0:10 ` [PATCH 4/4] selftests: netfilter: add time counter check Pablo Neira Ayuso
  2020-10-09 19:19 ` [PATCH 0/4] Netfilter fixes for net Jakub Kicinski
  4 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2020-10-07  0:10 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev, kuba

From: Fabian Frederick <fabf@skynet.be>

cnt was not used in nft_meta.sh
This patch also fixes 2 shellcheck SC2181 warnings:
"check exit code directly with e.g. 'if mycmd;', not indirectly with
$?."

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tools/testing/selftests/netfilter/nft_meta.sh | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/tools/testing/selftests/netfilter/nft_meta.sh b/tools/testing/selftests/netfilter/nft_meta.sh
index 1f5b46542c14..18a1abca3262 100755
--- a/tools/testing/selftests/netfilter/nft_meta.sh
+++ b/tools/testing/selftests/netfilter/nft_meta.sh
@@ -7,8 +7,7 @@ ksft_skip=4
 sfx=$(mktemp -u "XXXXXXXX")
 ns0="ns0-$sfx"
 
-nft --version > /dev/null 2>&1
-if [ $? -ne 0 ];then
+if ! nft --version > /dev/null 2>&1; then
 	echo "SKIP: Could not run test without nft tool"
 	exit $ksft_skip
 fi
@@ -86,8 +85,7 @@ check_one_counter()
 	local want="packets $2"
 	local verbose="$3"
 
-	cnt=$(ip netns exec "$ns0" nft list counter inet filter $cname | grep -q "$want")
-	if [ $? -ne 0 ];then
+	if ! ip netns exec "$ns0" nft list counter inet filter $cname | grep -q "$want"; then
 		echo "FAIL: $cname, want \"$want\", got"
 		ret=1
 		ip netns exec "$ns0" nft list counter inet filter $cname
-- 
2.20.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH 4/4] selftests: netfilter: add time counter check
  2020-10-07  0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
                   ` (2 preceding siblings ...)
  2020-10-07  0:10 ` [PATCH 3/4] selftests: netfilter: remove unused cnt and simplify command testing Pablo Neira Ayuso
@ 2020-10-07  0:10 ` Pablo Neira Ayuso
  2020-10-09 19:19 ` [PATCH 0/4] Netfilter fixes for net Jakub Kicinski
  4 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2020-10-07  0:10 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev, kuba

From: Fabian Frederick <fabf@skynet.be>

Check packets are correctly placed in current year.
Also do a NULL check for another one.

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tools/testing/selftests/netfilter/nft_meta.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/netfilter/nft_meta.sh b/tools/testing/selftests/netfilter/nft_meta.sh
index 18a1abca3262..087f0e6e71ce 100755
--- a/tools/testing/selftests/netfilter/nft_meta.sh
+++ b/tools/testing/selftests/netfilter/nft_meta.sh
@@ -23,6 +23,8 @@ ip -net "$ns0" addr add 127.0.0.1 dev lo
 
 trap cleanup EXIT
 
+currentyear=$(date +%G)
+lastyear=$((currentyear-1))
 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
 table inet filter {
 	counter iifcount {}
@@ -33,6 +35,8 @@ table inet filter {
 	counter il4protocounter {}
 	counter imarkcounter {}
 	counter icpu0counter {}
+	counter ilastyearcounter {}
+	counter icurrentyearcounter {}
 
 	counter oifcount {}
 	counter oifnamecount {}
@@ -55,6 +59,8 @@ table inet filter {
 		meta l4proto icmp counter name "il4protocounter"
 		meta mark 42 counter name "imarkcounter"
 		meta cpu 0 counter name "icpu0counter"
+		meta time "$lastyear-01-01" - "$lastyear-12-31" counter name ilastyearcounter
+		meta time "$currentyear-01-01" - "$currentyear-12-31" counter name icurrentyearcounter
 	}
 
 	chain output {
@@ -100,8 +106,7 @@ check_lo_counters()
 
 	for counter in iifcount iifnamecount iifgroupcount iiftypecount infproto4count \
 		       oifcount oifnamecount oifgroupcount oiftypecount onfproto4count \
-		       il4protocounter \
-		       ol4protocounter \
+		       il4protocounter icurrentyearcounter ol4protocounter \
 	     ; do
 		check_one_counter "$counter" "$want" "$verbose"
 	done
@@ -116,6 +121,7 @@ check_one_counter oskuidcounter "1" true
 check_one_counter oskgidcounter "1" true
 check_one_counter imarkcounter "1" true
 check_one_counter omarkcounter "1" true
+check_one_counter ilastyearcounter "0" true
 
 if [ $ret -eq 0 ];then
 	echo "OK: nftables meta iif/oif counters at expected values"
-- 
2.20.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH 0/4] Netfilter fixes for net
  2020-10-07  0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
                   ` (3 preceding siblings ...)
  2020-10-07  0:10 ` [PATCH 4/4] selftests: netfilter: add time counter check Pablo Neira Ayuso
@ 2020-10-09 19:19 ` Jakub Kicinski
  4 siblings, 0 replies; 6+ messages in thread
From: Jakub Kicinski @ 2020-10-09 19:19 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel, davem, netdev

On Wed,  7 Oct 2020 02:10:23 +0200 Pablo Neira Ayuso wrote:
> The following patchset contains Netfilter selftests fixes from
> Fabian Frederick:
> 
> 1) Extend selftest nft_meta.sh to check for meta cpu.
> 
> 2) Fix selftest nft_meta.sh error reporting.
> 
> 3) Fix shellcheck warnings in selftest nft_meta.sh.
> 
> 4) Extend selftest nft_meta.sh to check for meta time.
> 
> Please, pull these changes from:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Pulled, thank you!

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, back to index

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-07  0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
2020-10-07  0:10 ` [PATCH 1/4] selftests: netfilter: add cpu counter check Pablo Neira Ayuso
2020-10-07  0:10 ` [PATCH 2/4] selftests: netfilter: fix nft_meta.sh error reporting Pablo Neira Ayuso
2020-10-07  0:10 ` [PATCH 3/4] selftests: netfilter: remove unused cnt and simplify command testing Pablo Neira Ayuso
2020-10-07  0:10 ` [PATCH 4/4] selftests: netfilter: add time counter check Pablo Neira Ayuso
2020-10-09 19:19 ` [PATCH 0/4] Netfilter fixes for net Jakub Kicinski

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org
	public-inbox-index netfilter-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git