* [PATCH 1/4] selftests: netfilter: add cpu counter check
2020-10-07 0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
@ 2020-10-07 0:10 ` Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 2/4] selftests: netfilter: fix nft_meta.sh error reporting Pablo Neira Ayuso
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2020-10-07 0:10 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
From: Fabian Frederick <fabf@skynet.be>
run task on first CPU with netfilter counters reset and check
cpu meta after another ping
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tools/testing/selftests/netfilter/nft_meta.sh | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/tools/testing/selftests/netfilter/nft_meta.sh b/tools/testing/selftests/netfilter/nft_meta.sh
index d250b84dd5bc..17b2d6eaa204 100755
--- a/tools/testing/selftests/netfilter/nft_meta.sh
+++ b/tools/testing/selftests/netfilter/nft_meta.sh
@@ -33,6 +33,7 @@ table inet filter {
counter infproto4count {}
counter il4protocounter {}
counter imarkcounter {}
+ counter icpu0counter {}
counter oifcount {}
counter oifnamecount {}
@@ -54,6 +55,7 @@ table inet filter {
meta nfproto ipv4 counter name "infproto4count"
meta l4proto icmp counter name "il4protocounter"
meta mark 42 counter name "imarkcounter"
+ meta cpu 0 counter name "icpu0counter"
}
chain output {
@@ -119,6 +121,18 @@ check_one_counter omarkcounter "1" true
if [ $ret -eq 0 ];then
echo "OK: nftables meta iif/oif counters at expected values"
+else
+ exit $ret
+fi
+
+#First CPU execution and counter
+taskset -p 01 $$ > /dev/null
+ip netns exec "$ns0" nft reset counters > /dev/null
+ip netns exec "$ns0" ping -q -c 1 127.0.0.1 > /dev/null
+check_one_counter icpu0counter "2" true
+
+if [ $ret -eq 0 ];then
+ echo "OK: nftables meta cpu counter at expected values"
fi
exit $ret
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/4] selftests: netfilter: fix nft_meta.sh error reporting
2020-10-07 0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 1/4] selftests: netfilter: add cpu counter check Pablo Neira Ayuso
@ 2020-10-07 0:10 ` Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 3/4] selftests: netfilter: remove unused cnt and simplify command testing Pablo Neira Ayuso
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2020-10-07 0:10 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
From: Fabian Frederick <fabf@skynet.be>
When some test directly done with check_one_counter() fails,
counter variable is undefined. This patch calls ip with cname
which avoids errors like:
FAIL: oskuidcounter, want "packets 2", got
Error: syntax error, unexpected newline, expecting string
list counter inet filter
^
Error is now correctly rendered:
FAIL: oskuidcounter, want "packets 2", got
table inet filter {
counter oskuidcounter {
packets 1 bytes 84
}
}
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tools/testing/selftests/netfilter/nft_meta.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/netfilter/nft_meta.sh b/tools/testing/selftests/netfilter/nft_meta.sh
index 17b2d6eaa204..1f5b46542c14 100755
--- a/tools/testing/selftests/netfilter/nft_meta.sh
+++ b/tools/testing/selftests/netfilter/nft_meta.sh
@@ -90,7 +90,7 @@ check_one_counter()
if [ $? -ne 0 ];then
echo "FAIL: $cname, want \"$want\", got"
ret=1
- ip netns exec "$ns0" nft list counter inet filter $counter
+ ip netns exec "$ns0" nft list counter inet filter $cname
fi
}
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 3/4] selftests: netfilter: remove unused cnt and simplify command testing
2020-10-07 0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 1/4] selftests: netfilter: add cpu counter check Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 2/4] selftests: netfilter: fix nft_meta.sh error reporting Pablo Neira Ayuso
@ 2020-10-07 0:10 ` Pablo Neira Ayuso
2020-10-07 0:10 ` [PATCH 4/4] selftests: netfilter: add time counter check Pablo Neira Ayuso
2020-10-09 19:19 ` [PATCH 0/4] Netfilter fixes for net Jakub Kicinski
4 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2020-10-07 0:10 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
From: Fabian Frederick <fabf@skynet.be>
cnt was not used in nft_meta.sh
This patch also fixes 2 shellcheck SC2181 warnings:
"check exit code directly with e.g. 'if mycmd;', not indirectly with
$?."
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tools/testing/selftests/netfilter/nft_meta.sh | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/netfilter/nft_meta.sh b/tools/testing/selftests/netfilter/nft_meta.sh
index 1f5b46542c14..18a1abca3262 100755
--- a/tools/testing/selftests/netfilter/nft_meta.sh
+++ b/tools/testing/selftests/netfilter/nft_meta.sh
@@ -7,8 +7,7 @@ ksft_skip=4
sfx=$(mktemp -u "XXXXXXXX")
ns0="ns0-$sfx"
-nft --version > /dev/null 2>&1
-if [ $? -ne 0 ];then
+if ! nft --version > /dev/null 2>&1; then
echo "SKIP: Could not run test without nft tool"
exit $ksft_skip
fi
@@ -86,8 +85,7 @@ check_one_counter()
local want="packets $2"
local verbose="$3"
- cnt=$(ip netns exec "$ns0" nft list counter inet filter $cname | grep -q "$want")
- if [ $? -ne 0 ];then
+ if ! ip netns exec "$ns0" nft list counter inet filter $cname | grep -q "$want"; then
echo "FAIL: $cname, want \"$want\", got"
ret=1
ip netns exec "$ns0" nft list counter inet filter $cname
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 4/4] selftests: netfilter: add time counter check
2020-10-07 0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
` (2 preceding siblings ...)
2020-10-07 0:10 ` [PATCH 3/4] selftests: netfilter: remove unused cnt and simplify command testing Pablo Neira Ayuso
@ 2020-10-07 0:10 ` Pablo Neira Ayuso
2020-10-09 19:19 ` [PATCH 0/4] Netfilter fixes for net Jakub Kicinski
4 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2020-10-07 0:10 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
From: Fabian Frederick <fabf@skynet.be>
Check packets are correctly placed in current year.
Also do a NULL check for another one.
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tools/testing/selftests/netfilter/nft_meta.sh | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/netfilter/nft_meta.sh b/tools/testing/selftests/netfilter/nft_meta.sh
index 18a1abca3262..087f0e6e71ce 100755
--- a/tools/testing/selftests/netfilter/nft_meta.sh
+++ b/tools/testing/selftests/netfilter/nft_meta.sh
@@ -23,6 +23,8 @@ ip -net "$ns0" addr add 127.0.0.1 dev lo
trap cleanup EXIT
+currentyear=$(date +%G)
+lastyear=$((currentyear-1))
ip netns exec "$ns0" nft -f /dev/stdin <<EOF
table inet filter {
counter iifcount {}
@@ -33,6 +35,8 @@ table inet filter {
counter il4protocounter {}
counter imarkcounter {}
counter icpu0counter {}
+ counter ilastyearcounter {}
+ counter icurrentyearcounter {}
counter oifcount {}
counter oifnamecount {}
@@ -55,6 +59,8 @@ table inet filter {
meta l4proto icmp counter name "il4protocounter"
meta mark 42 counter name "imarkcounter"
meta cpu 0 counter name "icpu0counter"
+ meta time "$lastyear-01-01" - "$lastyear-12-31" counter name ilastyearcounter
+ meta time "$currentyear-01-01" - "$currentyear-12-31" counter name icurrentyearcounter
}
chain output {
@@ -100,8 +106,7 @@ check_lo_counters()
for counter in iifcount iifnamecount iifgroupcount iiftypecount infproto4count \
oifcount oifnamecount oifgroupcount oiftypecount onfproto4count \
- il4protocounter \
- ol4protocounter \
+ il4protocounter icurrentyearcounter ol4protocounter \
; do
check_one_counter "$counter" "$want" "$verbose"
done
@@ -116,6 +121,7 @@ check_one_counter oskuidcounter "1" true
check_one_counter oskgidcounter "1" true
check_one_counter imarkcounter "1" true
check_one_counter omarkcounter "1" true
+check_one_counter ilastyearcounter "0" true
if [ $ret -eq 0 ];then
echo "OK: nftables meta iif/oif counters at expected values"
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 0/4] Netfilter fixes for net
2020-10-07 0:10 [PATCH 0/4] Netfilter fixes for net Pablo Neira Ayuso
` (3 preceding siblings ...)
2020-10-07 0:10 ` [PATCH 4/4] selftests: netfilter: add time counter check Pablo Neira Ayuso
@ 2020-10-09 19:19 ` Jakub Kicinski
4 siblings, 0 replies; 6+ messages in thread
From: Jakub Kicinski @ 2020-10-09 19:19 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, davem, netdev
On Wed, 7 Oct 2020 02:10:23 +0200 Pablo Neira Ayuso wrote:
> The following patchset contains Netfilter selftests fixes from
> Fabian Frederick:
>
> 1) Extend selftest nft_meta.sh to check for meta cpu.
>
> 2) Fix selftest nft_meta.sh error reporting.
>
> 3) Fix shellcheck warnings in selftest nft_meta.sh.
>
> 4) Extend selftest nft_meta.sh to check for meta time.
>
> Please, pull these changes from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Pulled, thank you!
^ permalink raw reply [flat|nested] 6+ messages in thread