From 34f87e82f38adaefb1db617a5d618ca7ab140733 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 6 Sep 2023 13:52:19 +0200 Subject: tests/shell: skip test in rootless that hit socket buffer size limit The socket buffer limits like /proc/sys/net/core/{rmem_max,wmem_max} can cause tests to fail, when running rootless. That's because real-root can override those limits, rootless cannot. Add an environment variable NFT_TEST_HAS_SOCKET_LIMITS=*|n which is automatically set by "run-tests.sh". Certain tests will check for [ "$NFT_TEST_HAS_SOCKET_LIMITS" = y ] and skip the test. The user may manually bump those limits (requires root), and set NFT_TEST_HAS_SOCKET_LIMITS=n to get the tests to pass even as rootless. For example, the test passes with root: sudo ./tests/shell/run-tests.sh -- tests/shell/testcases/sets/automerge_0 Without root, it would fail. Skip it instead: ./tests/shell/run-tests.sh -- tests/shell/testcases/sets/automerge_0 ... I: [SKIPPED] tests/shell/testcases/sets/automerge_0 Or bump the limit: $ echo 3000000 | sudo tee /proc/sys/net/core/wmem_max $ NFT_TEST_HAS_SOCKET_LIMITS=n ./tests/shell/run-tests.sh -- tests/shell/testcases/sets/automerge_0 ... I: [OK] tests/shell/testcases/sets/automerge_0 Signed-off-by: Thomas Haller Signed-off-by: Florian Westphal --- tests/shell/run-tests.sh | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'tests/shell/run-tests.sh') diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh index 97c82991..423c5465 100755 --- a/tests/shell/run-tests.sh +++ b/tests/shell/run-tests.sh @@ -28,6 +28,17 @@ msg_info() { _msg I "$@" } +bool_n() { + case "$1" in + n|N|no|No|NO|0|false|False|FALSE) + printf n + ;; + *) + printf y + ;; + esac +} + bool_y() { case "$1" in y|Y|yes|Yes|YES|1|true|True|TRUE) @@ -78,6 +89,12 @@ usage() { echo " e.g. due to limited /proc/sys/net/core/{wmem_max,rmem_max}." echo " Checks that cannot pass in such environment should check for" echo " [ \"\$NFT_TEST_HAS_REALROOT\" != y ] and skip gracefully." + echo " NFT_TEST_HAS_SOCKET_LIMITS=*|n : some tests will fail if /proc/sys/net/core/{wmem_max,rmem_max} is" + echo " too small. When running as real root, then test can override those limits. However," + echo " with rootless the test would fail. Tests will check for [ "\$NFT_TEST_HAS_SOCKET_LIMITS" = y ]" + echo " and skip. You may set NFT_TEST_HAS_SOCKET_LIMITS=n if you ensure those limits are" + echo " suitable to run the test rootless. Otherwise will be autodetected." + echo " Set /proc/sys/net/core/{wmem_max,rmem_max} to at least 2MB to get them to pass automatically." echo " NFT_TEST_UNSHARE_CMD=cmd : when set, this is the command line for an unshare" echo " command, which is used to sandbox each test invocation. By" echo " setting it to empty, no unsharing is done." @@ -202,6 +219,20 @@ else fi export NFT_TEST_HAS_REALROOT +if [ "$NFT_TEST_HAS_SOCKET_LIMITS" = "" ] ; then + if [ "$NFT_TEST_HAS_REALROOT" = y ] ; then + NFT_TEST_HAS_SOCKET_LIMITS=n + elif [ "$(cat /proc/sys/net/core/wmem_max 2>/dev/null)" -ge $((2000*1024)) ] 2>/dev/null && \ + [ "$(cat /proc/sys/net/core/rmem_max 2>/dev/null)" -ge $((2000*1024)) ] 2>/dev/null ; then + NFT_TEST_HAS_SOCKET_LIMITS=n + else + NFT_TEST_HAS_SOCKET_LIMITS=y + fi +else + NFT_TEST_HAS_SOCKET_LIMITS="$(bool_n "$NFT_TEST_HAS_SOCKET_LIMITS")" +fi +export NFT_TEST_HAS_SOCKET_LIMITS + detect_unshare() { if ! $1 true &>/dev/null ; then return 1 @@ -316,6 +347,7 @@ msg_info "conf: DUMPGEN=$(printf '%q' "$DUMPGEN")" msg_info "conf: VALGRIND=$(printf '%q' "$VALGRIND")" msg_info "conf: KMEMLEAK=$(printf '%q' "$KMEMLEAK")" msg_info "conf: NFT_TEST_HAS_REALROOT=$(printf '%q' "$NFT_TEST_HAS_REALROOT")" +msg_info "conf: NFT_TEST_HAS_SOCKET_LIMITS=$(printf '%q' "$NFT_TEST_HAS_SOCKET_LIMITS")" msg_info "conf: NFT_TEST_UNSHARE_CMD=$(printf '%q' "$NFT_TEST_UNSHARE_CMD")" msg_info "conf: NFT_TEST_HAS_UNSHARED=$(printf '%q' "$NFT_TEST_HAS_UNSHARED")" msg_info "conf: NFT_TEST_HAS_UNSHARED_MOUNT=$(printf '%q' "$NFT_TEST_HAS_UNSHARED_MOUNT")" -- cgit v1.2.3