summaryrefslogtreecommitdiff
path: root/tools
diff options
context:
space:
mode:
Diffstat (limited to 'tools')
-rw-r--r--tools/include/uapi/linux/netdev.h2
-rw-r--r--tools/net/ynl/lib/.gitignore1
-rw-r--r--tools/net/ynl/lib/nlspec.py4
-rwxr-xr-xtools/net/ynl/ynl-gen-c.py2
-rwxr-xr-xtools/testing/selftests/net/fib_tests.sh96
-rwxr-xr-xtools/testing/selftests/netfilter/rpath.sh32
6 files changed, 125 insertions, 12 deletions
diff --git a/tools/include/uapi/linux/netdev.h b/tools/include/uapi/linux/netdev.h
index 9ee459872600..588391447bfb 100644
--- a/tools/include/uapi/linux/netdev.h
+++ b/tools/include/uapi/linux/netdev.h
@@ -19,7 +19,7 @@
* @NETDEV_XDP_ACT_XSK_ZEROCOPY: This feature informs if netdev supports AF_XDP
* in zero copy mode.
* @NETDEV_XDP_ACT_HW_OFFLOAD: This feature informs if netdev supports XDP hw
- * oflloading.
+ * offloading.
* @NETDEV_XDP_ACT_RX_SG: This feature informs if netdev implements non-linear
* XDP buffer support in the driver napi callback.
* @NETDEV_XDP_ACT_NDO_XMIT_SG: This feature informs if netdev implements
diff --git a/tools/net/ynl/lib/.gitignore b/tools/net/ynl/lib/.gitignore
new file mode 100644
index 000000000000..c18dd8d83cee
--- /dev/null
+++ b/tools/net/ynl/lib/.gitignore
@@ -0,0 +1 @@
+__pycache__/
diff --git a/tools/net/ynl/lib/nlspec.py b/tools/net/ynl/lib/nlspec.py
index e204679ad8b7..71da568e2c28 100644
--- a/tools/net/ynl/lib/nlspec.py
+++ b/tools/net/ynl/lib/nlspec.py
@@ -3,7 +3,6 @@
import collections
import importlib
import os
-import traceback
import yaml
@@ -234,8 +233,7 @@ class SpecFamily(SpecElement):
resolved.append(elem)
if len(resolved) == 0:
- traceback.print_exception(last_exception)
- raise Exception("Could not resolve any spec element, infinite loop?")
+ raise last_exception
def new_attr_set(self, elem):
return SpecAttrSet(self, elem)
diff --git a/tools/net/ynl/ynl-gen-c.py b/tools/net/ynl/ynl-gen-c.py
index 3942f24b9163..274e9c566f61 100755
--- a/tools/net/ynl/ynl-gen-c.py
+++ b/tools/net/ynl/ynl-gen-c.py
@@ -546,7 +546,7 @@ class Struct:
max_val = 0
self.attr_max_val = None
for name, attr in self.attr_list:
- if attr.value > max_val:
+ if attr.value >= max_val:
max_val = attr.value
self.attr_max_val = attr
self.attrs[name] = attr
diff --git a/tools/testing/selftests/net/fib_tests.sh b/tools/testing/selftests/net/fib_tests.sh
index 70ea8798b1f6..7da8ec838c63 100755
--- a/tools/testing/selftests/net/fib_tests.sh
+++ b/tools/testing/selftests/net/fib_tests.sh
@@ -9,7 +9,7 @@ ret=0
ksft_skip=4
# all tests in this script. Can be overridden with -t option
-TESTS="unregister down carrier nexthop suppress ipv6_rt ipv4_rt ipv6_addr_metric ipv4_addr_metric ipv6_route_metrics ipv4_route_metrics ipv4_route_v6_gw rp_filter ipv4_del_addr ipv4_mangle ipv6_mangle ipv4_bcast_neigh"
+TESTS="unregister down carrier nexthop suppress ipv6_notify ipv4_notify ipv6_rt ipv4_rt ipv6_addr_metric ipv4_addr_metric ipv6_route_metrics ipv4_route_metrics ipv4_route_v6_gw rp_filter ipv4_del_addr ipv4_mangle ipv6_mangle ipv4_bcast_neigh"
VERBOSE=0
PAUSE_ON_FAIL=no
@@ -655,6 +655,98 @@ fib_nexthop_test()
cleanup
}
+fib6_notify_test()
+{
+ setup
+
+ echo
+ echo "Fib6 info length calculation in route notify test"
+ set -e
+
+ for i in 10 20 30 40 50 60 70;
+ do
+ $IP link add dummy_$i type dummy
+ $IP link set dev dummy_$i up
+ $IP -6 address add 2001:$i::1/64 dev dummy_$i
+ done
+
+ $NS_EXEC ip monitor route &> errors.txt &
+ sleep 2
+
+ $IP -6 route add 2001::/64 \
+ nexthop via 2001:10::2 dev dummy_10 \
+ nexthop encap ip6 dst 2002::20 via 2001:20::2 dev dummy_20 \
+ nexthop encap ip6 dst 2002::30 via 2001:30::2 dev dummy_30 \
+ nexthop encap ip6 dst 2002::40 via 2001:40::2 dev dummy_40 \
+ nexthop encap ip6 dst 2002::50 via 2001:50::2 dev dummy_50 \
+ nexthop encap ip6 dst 2002::60 via 2001:60::2 dev dummy_60 \
+ nexthop encap ip6 dst 2002::70 via 2001:70::2 dev dummy_70
+
+ set +e
+
+ err=`cat errors.txt |grep "Message too long"`
+ if [ -z "$err" ];then
+ ret=0
+ else
+ ret=1
+ fi
+
+ log_test $ret 0 "ipv6 route add notify"
+
+ { kill %% && wait %%; } 2>/dev/null
+
+ #rm errors.txt
+
+ cleanup &> /dev/null
+}
+
+
+fib_notify_test()
+{
+ setup
+
+ echo
+ echo "Fib4 info length calculation in route notify test"
+
+ set -e
+
+ for i in 10 20 30 40 50 60 70;
+ do
+ $IP link add dummy_$i type dummy
+ $IP link set dev dummy_$i up
+ $IP address add 20.20.$i.2/24 dev dummy_$i
+ done
+
+ $NS_EXEC ip monitor route &> errors.txt &
+ sleep 2
+
+ $IP route add 10.0.0.0/24 \
+ nexthop via 20.20.10.1 dev dummy_10 \
+ nexthop encap ip dst 192.168.10.20 via 20.20.20.1 dev dummy_20 \
+ nexthop encap ip dst 192.168.10.30 via 20.20.30.1 dev dummy_30 \
+ nexthop encap ip dst 192.168.10.40 via 20.20.40.1 dev dummy_40 \
+ nexthop encap ip dst 192.168.10.50 via 20.20.50.1 dev dummy_50 \
+ nexthop encap ip dst 192.168.10.60 via 20.20.60.1 dev dummy_60 \
+ nexthop encap ip dst 192.168.10.70 via 20.20.70.1 dev dummy_70
+
+ set +e
+
+ err=`cat errors.txt |grep "Message too long"`
+ if [ -z "$err" ];then
+ ret=0
+ else
+ ret=1
+ fi
+
+ log_test $ret 0 "ipv4 route add notify"
+
+ { kill %% && wait %%; } 2>/dev/null
+
+ rm errors.txt
+
+ cleanup &> /dev/null
+}
+
fib_suppress_test()
{
echo
@@ -2111,6 +2203,8 @@ do
fib_carrier_test|carrier) fib_carrier_test;;
fib_rp_filter_test|rp_filter) fib_rp_filter_test;;
fib_nexthop_test|nexthop) fib_nexthop_test;;
+ fib_notify_test|ipv4_notify) fib_notify_test;;
+ fib6_notify_test|ipv6_notify) fib6_notify_test;;
fib_suppress_test|suppress) fib_suppress_test;;
ipv6_route_test|ipv6_rt) ipv6_route_test;;
ipv4_route_test|ipv4_rt) ipv4_route_test;;
diff --git a/tools/testing/selftests/netfilter/rpath.sh b/tools/testing/selftests/netfilter/rpath.sh
index f7311e66d219..5289c8447a41 100755
--- a/tools/testing/selftests/netfilter/rpath.sh
+++ b/tools/testing/selftests/netfilter/rpath.sh
@@ -62,10 +62,16 @@ ip -net "$ns1" a a fec0:42::2/64 dev v0 nodad
ip -net "$ns2" a a fec0:42::1/64 dev d0 nodad
# firewall matches to test
-[ -n "$iptables" ] && ip netns exec "$ns2" \
- "$iptables" -t raw -A PREROUTING -s 192.168.0.0/16 -m rpfilter
-[ -n "$ip6tables" ] && ip netns exec "$ns2" \
- "$ip6tables" -t raw -A PREROUTING -s fec0::/16 -m rpfilter
+[ -n "$iptables" ] && {
+ common='-t raw -A PREROUTING -s 192.168.0.0/16'
+ ip netns exec "$ns2" "$iptables" $common -m rpfilter
+ ip netns exec "$ns2" "$iptables" $common -m rpfilter --invert
+}
+[ -n "$ip6tables" ] && {
+ common='-t raw -A PREROUTING -s fec0::/16'
+ ip netns exec "$ns2" "$ip6tables" $common -m rpfilter
+ ip netns exec "$ns2" "$ip6tables" $common -m rpfilter --invert
+}
[ -n "$nft" ] && ip netns exec "$ns2" $nft -f - <<EOF
table inet t {
chain c {
@@ -89,6 +95,11 @@ ipt_zero_rule() { # (command)
[ -n "$1" ] || return 0
ip netns exec "$ns2" "$1" -t raw -vS | grep -q -- "-m rpfilter -c 0 0"
}
+ipt_zero_reverse_rule() { # (command)
+ [ -n "$1" ] || return 0
+ ip netns exec "$ns2" "$1" -t raw -vS | \
+ grep -q -- "-m rpfilter --invert -c 0 0"
+}
nft_zero_rule() { # (family)
[ -n "$nft" ] || return 0
ip netns exec "$ns2" "$nft" list chain inet t c | \
@@ -101,8 +112,7 @@ netns_ping() { # (netns, args...)
ip netns exec "$netns" ping -q -c 1 -W 1 "$@" >/dev/null
}
-testrun() {
- # clear counters first
+clear_counters() {
[ -n "$iptables" ] && ip netns exec "$ns2" "$iptables" -t raw -Z
[ -n "$ip6tables" ] && ip netns exec "$ns2" "$ip6tables" -t raw -Z
if [ -n "$nft" ]; then
@@ -111,6 +121,10 @@ testrun() {
ip netns exec "$ns2" $nft -s list table inet t;
) | ip netns exec "$ns2" $nft -f -
fi
+}
+
+testrun() {
+ clear_counters
# test 1: martian traffic should fail rpfilter matches
netns_ping "$ns1" -I v0 192.168.42.1 && \
@@ -120,9 +134,13 @@ testrun() {
ipt_zero_rule "$iptables" || die "iptables matched martian"
ipt_zero_rule "$ip6tables" || die "ip6tables matched martian"
+ ipt_zero_reverse_rule "$iptables" && die "iptables not matched martian"
+ ipt_zero_reverse_rule "$ip6tables" && die "ip6tables not matched martian"
nft_zero_rule ip || die "nft IPv4 matched martian"
nft_zero_rule ip6 || die "nft IPv6 matched martian"
+ clear_counters
+
# test 2: rpfilter match should pass for regular traffic
netns_ping "$ns1" 192.168.23.1 || \
die "regular ping 192.168.23.1 failed"
@@ -131,6 +149,8 @@ testrun() {
ipt_zero_rule "$iptables" && die "iptables match not effective"
ipt_zero_rule "$ip6tables" && die "ip6tables match not effective"
+ ipt_zero_reverse_rule "$iptables" || die "iptables match over-effective"
+ ipt_zero_reverse_rule "$ip6tables" || die "ip6tables match over-effective"
nft_zero_rule ip && die "nft IPv4 match not effective"
nft_zero_rule ip6 && die "nft IPv6 match not effective"
generated by cgit v1.2.3 (git 2.39.0) at 2025-01-03 11:31:37 +0300