diff options
| author | Florian Westphal <fw@strlen.de> | 2024-12-07 12:17:02 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2025-01-02 18:13:56 +0100 |
| commit | 02dbf86f39410900d8f2e3e9cbac0b5f14dbd871 (patch) | |
| tree | 499ed9d17b567673cb28dd5855e39b102d5df1d1 /tests | |
| parent | 54bfc38c522babe709e951f1fd128ff725b36704 (diff) | |
tests: shell: add a test case for netdev ruleset flush + parallel link down
Test for bug added with kernel commit
c03d278fdf35 ("netfilter: nf_tables: wait for rcu grace period on net_device removal")
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/shell/testcases/chains/dumps/netdev_chain_dev_addremove.nodump | 0 | ||||
| -rwxr-xr-x | tests/shell/testcases/chains/netdev_chain_dev_addremove | 48 |
2 files changed, 48 insertions, 0 deletions
diff --git a/tests/shell/testcases/chains/dumps/netdev_chain_dev_addremove.nodump b/tests/shell/testcases/chains/dumps/netdev_chain_dev_addremove.nodump new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/shell/testcases/chains/dumps/netdev_chain_dev_addremove.nodump diff --git a/tests/shell/testcases/chains/netdev_chain_dev_addremove b/tests/shell/testcases/chains/netdev_chain_dev_addremove new file mode 100755 index 00000000..14260d54 --- /dev/null +++ b/tests/shell/testcases/chains/netdev_chain_dev_addremove @@ -0,0 +1,48 @@ +#!/bin/bash + +# NFT_TEST_REQUIRES(NFT_TEST_HAVE_inet_ingress) + +set -e + +iface_cleanup() { + ip link del d0 &>/dev/null || : +} +trap 'iface_cleanup' EXIT + +load_rules() +{ +$NFT -f - <<EOF +add table netdev nm-mlag-dummy0 +add set netdev nm-mlag-dummy0 macset-tagged { typeof ether saddr . vlan id; size 65535; flags dynamic,timeout; } +add set netdev nm-mlag-dummy0 macset-untagged { typeof ether saddr; size 65535; flags dynamic,timeout; } +add chain netdev nm-mlag-dummy0 tx-snoop-source-mac { type filter hook egress devices = { dummy0 } priority filter; policy accept; } +add rule netdev nm-mlag-dummy0 tx-snoop-source-mac update @macset-tagged { ether saddr . vlan id timeout 5s } return +add rule netdev nm-mlag-dummy0 tx-snoop-source-mac update @macset-untagged { ether saddr timeout 5s } +add chain netdev nm-mlag-dummy0 rx-drop-looped-packets { type filter hook ingress devices = { dummy0 } priority filter; policy accept; } +add rule netdev nm-mlag-dummy0 rx-drop-looped-packets ether saddr . vlan id @macset-tagged drop +add rule netdev nm-mlag-dummy0 rx-drop-looped-packets ether type 8021q return +add rule netdev nm-mlag-dummy0 rx-drop-looped-packets ether saddr @macset-untagged drop +EOF +} + +for i in $(seq 1 500);do + read taint < /proc/sys/kernel/tainted + if [ "$taint" -ne 0 ]; then + exit 1 + fi + ip link add dummy0 type dummy + load_rules + + # zap ruleset and down device at same time + $NFT flush ruleset & + ip link del dummy0 & + wait +done + +read taint < /proc/sys/kernel/tainted + +if [ "$taint" -ne 0 ]; then + exit 1 +fi + +exit 0 |