- Jun 22, 2021
-
-
Marcelo Ricardo Leitner authored
When this test fails, /proc/net/nf_conntrack gets only 1 entry: ipv4 2 tcp 6 119 SYN_SENT src=10.0.0.10 dst=10.0.0.10 sport=5000 dport=10 [UNREPLIED] src=20.0.0.1 dst=10.0.0.10 sport=10 dport=5000 mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2 When it works, it gets 2 entries: ipv4 2 tcp 6 119 SYN_SENT src=10.0.0.10 dst=10.0.0.20 sport=5000 dport=10 [UNREPLIED] src=20.0.0.1 dst=10.0.0.10 sport=10 dport=58203 mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2 ipv4 2 tcp 6 119 SYN_SENT src=10.0.0.10 dst=10.0.0.10 sport=5000 dport=10 [UNREPLIED] src=20.0.0.1 dst=10.0.0.10 sport=10 dport=5000 mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2 The missing entry is because the 2nd packet hits a tuple collusion and the conntrack entry doesn't get allocated. Signed-off-by:
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Marcelo Ricardo Leitner authored
It can be worth sending different scapy packets on a given test, as in the last patch of this series. For that, lets listify the scapy attribute and simply iterate over it. Signed-off-by:
-
Marcelo Ricardo Leitner authored
python lists don't have an 'add' method, but 'append'. Fixes: 14e5175e ("tc-testing: introduce scapyPlugin for basic traffic") Signed-off-by:
-
Matthieu Baerts authored
Without this modification, we were often displaying this error messages: FAIL: Could not even run loopback test But $ret could have been set to a non 0 value in many different cases: - net.mptcp.enabled=0 is not working as expected - setsockopt(..., TCP_ULP, "mptcp", ...) is allowed - ping between each netns are failing - tests between ns1 as a receiver and ns>1 are failing - other tests not involving ns1 as a receiver are failing So not only for the loopback test. Now a clearer message, including the time it took to run all tests, is displayed. Signed-off-by:
Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by:
Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by:
-
- Jun 21, 2021
-
-
Jakub Kicinski authored
ChaCha support did not adjust the bidirectional test. We need to set up KTLS in reverse direction correctly, otherwise these two cases will fail: tls.12_chacha.bidir tls.13_chacha.bidir Fixes: 4f336e88 ("selftests/tls: add CHACHA20-POLY1305 to tls selftests") Signed-off-by:
Jakub Kicinski <kuba@kernel.org> Acked-by:
Vadim Fedorenko <vfedorenko@novek.ru> Signed-off-by:
-
Jakub Kicinski authored
A bunch of tests uses uninitialized stack memory as random data to send. This is harmless but generates compiler warnings. Explicitly init the buffers with random data. Signed-off-by:
-
- Jun 18, 2021
-
-
Toke Høiland-Jørgensen authored
This adds a new icmp.sh selftest for testing that the kernel will respond correctly with an ICMP unreachable message with the dummy (192.0.0.8) source address when there are no IPv4 addresses configured to use as source addresses. Signed-off-by:
Toke Høiland-Jørgensen <toke@redhat.com> Reviewed-by:
David Ahern <dsahern@kernel.org> Signed-off-by:
-
Geliang Tang authored
This patch added a new argument "-C" for the mptcp_join.sh script to set the sysctl checksum_enabled to 1 in ns1 and ns2 to enable the data checksum. In chk_join_nr, check the counter of the mib for the data checksum. Also added a new argument "-S" for the mptcp_join.sh script to start the test cases that verify the checksum handshake: * Sender and listener both have checksums off * Sender and listener both have checksums on * Sender checksums off, listener checksums on * Sender checksums on, listener checksums off The output looks like this: 01 checksum test 0 0 sum[ ok ] - csum [ ok ] 02 checksum test 1 1 sum[ ok ] - csum [ ok ] 03 checksum test 0 1 sum[ ok ] - csum [ ok ] 04 checksum test 1 0 sum[ ok ] - csum [ ok ] 05 no JOIN syn[ ok ] - synack[ ok ] - ack[ ok ] sum[ ok ] - csum [ ok ] 06 single subflow, limited by client syn[ ok ] - synack[ ok ] - ack[ ok ] sum[ ok ] - csum [ ok ] Acked-by:Paolo Abeni <pabeni@redhat.com> Signed-off-by:
Geliang Tang <geliangtang@gmail.com> Signed-off-by:
-
Geliang Tang authored
This patch added a new argument "-C" for the mptcp_connect.sh script to set the sysctl checksum_enabled to 1 in ns1, ns2, ns3 and ns4 to enable the data checksum. Acked-by:
-
Andrea Mayer authored
this selftest is designed for evaluating the new SRv6 End.DT46 Behavior used, in this example, for implementing IPv4/IPv6 L3 VPN use cases. Signed-off-by:
Andrea Mayer <andrea.mayer@uniroma2.it> Signed-off-by:
Paolo Lungaroni <paolo.lungaroni@uniroma2.it> Acked-by:
-
- Jun 17, 2021
-
-
Fuad Tabba authored
KVM_CHECK_EXTENSION ioctl can return any negative value on error, and not necessarily -1. Change the assertion to reflect that. Signed-off-by:
Fuad Tabba <tabba@google.com> Message-Id: <20210615150443.1183365-1-tabba@google.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Andrii Nakryiko authored
migrate_reuseport.c selftest relies on having TCP_FASTOPEN_CONNECT defined in system-wide netinet/tcp.h. Selftests can use up-to-date uapi/linux/tcp.h, but that one doesn't have SOL_TCP. So instead of switching everything to uapi header, add #define for TCP_FASTOPEN_CONNECT to fix the build. Fixes: c9d0bdef ("bpf: Test BPF_SK_REUSEPORT_SELECT_OR_MIGRATE.") Signed-off-by:
Andrii Nakryiko <andrii@kernel.org> Signed-off-by:
Daniel Borkmann <daniel@iogearbox.net> Acked-by:
Kuniyuki Iwashima <kuniyu@amazon.co.jp> Link: https://lore.kernel.org/bpf/20210617041446.425283-1-andrii@kernel.org
-
Lorenz Bauer authored
bpf2go is the Go equivalent of libbpf skeleton. The convention is that the compiled BPF is checked into the repository to facilitate distributing BPF as part of Go packages. To make this portable, bpf2go by default generates both bpfel and bpfeb variants of the C. Using bpf_tracing.h is inherently non-portable since the fields of struct pt_regs differ between platforms, so CO-RE can't help us here. The only way of working around this is to compile for each target platform independently. bpf2go can't do this by default since there are too many platforms. Define the various PT_... macros when no target can be determined and turn them into compilation failures. This works because bpf2go always compiles for bpf targets, so the compiler fallback doesn't kick in. Conditionally define __BPF_MISSING_TARGET so that we can inject a more appropriate error message at build time. The user can then choose which platform to target explicitly. Signed-off-by:
Lorenz Bauer <lmb@cloudflare.com> Signed-off-by:
-
- Jun 16, 2021
-
-
Daniel Xu authored
Somehow test_progs.h was being included by the existing rule: /test_progs* This is bad because: 1) test_progs.h is a checked in file 2) grep-like tools like ripgrep[0] respect gitignore and test_progs.h was being hidden from searches [0]: https://github.com/BurntSushi/ripgrep Fixes: 74b5a596 ("selftests/bpf: Replace test_progs and test_maps w/ general rule") Signed-off-by:Daniel Xu <dxu@dxuuu.xyz> Signed-off-by:
-
Andrea Righi authored
udpgro_fwd.sh contains many bash specific operators ("[[", "local -r"), but it's using /bin/sh; in some distro /bin/sh is mapped to /bin/dash, that doesn't support such operators. Force the test to use /bin/bash explicitly and prevent false positive test failures. Signed-off-by:Andrea Righi <andrea.righi@canonical.com> Signed-off-by:
-
Andrea Righi authored
veth.sh is a shell script that uses /bin/sh; some distro (Ubuntu for example) use dash as /bin/sh and in this case the test reports the following error: # ./veth.sh: 21: local: -r: bad variable name # ./veth.sh: 21: local: -r: bad variable name This happens because dash doesn't support the option "-r" with local. Moreover, in case of missing bpf object, the script is exiting -1, that is an illegal number for dash: exit: Illegal number: -1 Change the script to be compatible both with bash and dash and prevent the errors above. Signed-off-by:
-
- Jun 15, 2021
-
-
Kuniyuki Iwashima authored
This patch adds a test for BPF_SK_REUSEPORT_SELECT_OR_MIGRATE and removes 'static' from settimeo() in network_helpers.c. Signed-off-by:
Eric Dumazet <edumazet@google.com> Acked-by:
Martin KaFai Lau <kafai@fb.com> Link: https://lore.kernel.org/bpf/20210612123224.12525-12-kuniyu@amazon.co.jp
-
Kuniyuki Iwashima authored
This commit introduces a new section (sk_reuseport/migrate) and sets expected_attach_type to two each section in BPF_PROG_TYPE_SK_REUSEPORT program. Signed-off-by:
-
Kuniyuki Iwashima authored
This patch introduces a new bpf_attach_type for BPF_PROG_TYPE_SK_REUSEPORT to check if the attached eBPF program is capable of migrating sockets. When the eBPF program is attached, we run it for socket migration if the expected_attach_type is BPF_SK_REUSEPORT_SELECT_OR_MIGRATE or net.ipv4.tcp_migrate_req is enabled. Currently, the expected_attach_type is not enforced for the BPF_PROG_TYPE_SK_REUSEPORT type of program. Thus, this commit follows the earlier idea in the commit aac3fc32 ("bpf: Post-hooks for sys_bind") to fix up the zero expected_attach_type in bpf_prog_load_fixup_attach_type(). Moreover, this patch adds a new field (migrating_sk) to sk_reuseport_md to select a new listener based on the child socket. migrating_sk varies depending on if it is migrating a request in the accept queue or during 3WHS. - accept_queue : sock (ESTABLISHED/SYN_RECV) - 3WHS : request_sock (NEW_SYN_RECV) In the eBPF program, we can select a new listener by BPF_FUNC_sk_select_reuseport(). Also, we can cancel migration by returning SK_DROP. This feature is useful when listeners have different settings at the socket API level or when we want to free resources as soon as possible. - SK_PASS with selected_sk, select it as a new listener - SK_PASS with selected_sk NULL, fallbacks to the random selection - SK_DROP, cancel the migration. There is a noteworthy point. We select a listening socket in three places, but we do not have struct skb at closing a listener or retransmitting a SYN+ACK. On the other hand, some helper functions do not expect skb is NULL (e.g. skb_header_pointer() in BPF_FUNC_skb_load_bytes(), skb_tail_pointer() in BPF_FUNC_skb_load_bytes_relative()). So we allocate an empty skb temporarily before running the eBPF program. Suggested-by:
-
Kuniyuki Iwashima authored
We will call sock_reuseport.prog for socket migration in the next commit, so the eBPF program has to know which listener is closing to select a new listener. We can currently get a unique ID of each listener in the userspace by calling bpf_map_lookup_elem() for BPF_MAP_TYPE_REUSEPORT_SOCKARRAY map. This patch makes the pointer of sk available in sk_reuseport_md so that we can get the ID by BPF_FUNC_get_socket_cookie() in the eBPF program. Suggested-by:
-
Kumar Kartikeya Dwivedi authored
This got lost during the refactoring across versions. We always use NLM_F_EXCL when creating some TC object, so reflect what the function says and set the flag. Fixes: 715c5ce4 ("libbpf: Add low level TC-BPF management API") Signed-off-by:
Kumar Kartikeya Dwivedi <memxor@gmail.com> Signed-off-by:
-
Kumar Kartikeya Dwivedi authored
Coverity complained about this being unreachable code. It is right because we already enforce flags to be unset, so a check validating the flag value is redundant. Fixes: 715c5ce4 ("libbpf: Add low level TC-BPF management API") Signed-off-by:
-
- Jun 14, 2021
-
-
Daniel Borkmann authored
In almost all cases from test_verifier that have been changed in here, we've had an unreachable path with a load from a register which has an invalid address on purpose. This was basically to make sure that we never walk this path and to have the verifier complain if it would otherwise. Change it to match on the right error for unprivileged given we now test these paths under speculative execution. There's one case where we match on exact # of insns_processed. Due to the extra path, this will of course mismatch on unprivileged. Thus, restrict the test->insn_processed check to privileged-only. In one other case, we result in a 'pointer comparison prohibited' error. This is similarly due to verifying an 'invalid' branch where we end up with a value pointer on one side of the comparison. Signed-off-by:
John Fastabend <john.fastabend@gmail.com> Acked-by:
Alexei Starovoitov <ast@kernel.org>
-
Oleksandr Mazur authored
Add hard drop counter check testcase, to make sure netdevsim driver properly handles the devlink hard drop counters get/set callbacks. Signed-off-by:
Oleksandr Mazur <oleksandr.mazur@plvision.eu> Signed-off-by:
-
Oleksandr Mazur authored
testing: selftests: net: forwarding: add devlink-required functionality to test (hard) dropped stats field Add devlink_trap_drop_packets_get function, as well as test that are used to verify devlink (hard) dropped stats functionality works. Signed-off-by:
-
David Ahern authored
Oliver reported a use case where deleting a VRF device can hang waiting for the refcnt to drop to 0. The root cause is that the dst is allocated against the VRF device but cached on the loopback device. The use case (added to the selftests) has an implicit VRF crossing due to the ordering of the FIB rules (lookup local is before the l3mdev rule, but the problem occurs even if the FIB rules are re-ordered with local after l3mdev because the VRF table does not have a default route to terminate the lookup). The end result is is that the FIB lookup returns the loopback device as the nexthop, but the ingress device is in a VRF. The mismatch causes the dst alloc against the VRF device but then cached on the loopback. The fix is to bring the trick used for IPv6 (see ip6_rt_get_dev_rcu): pick the dst alloc device based the fib lookup result but with checks that the result has a nexthop device (e.g., not an unreachable or prohibit entry). Fixes: f5a0aab8 ("net: ipv4: dst for local input routes should use l3mdev if relevant") Reported-by:
Oliver Herms <oliver.peter.herms@gmail.com> Signed-off-by:
-
David Ahern authored
Test cleanup path for routes usinig nexthop objects before the reference is taken on the nexthop. Specifically, bad metric for ipv4 and ipv6 and source routing for ipv6. Selftests that correspond to the recent bug fix: 821bbf79 ("ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions") Signed-off-by:
-
- Jun 11, 2021
-
-
Zhihao Cheng authored
Fix to return a negative error code from the error handling case instead of 0, as done elsewhere in this function. Fixes: 668da745 ("tools: bpftool: add support for quotations ...") Reported-by:
Hulk Robot <hulkci@huawei.com> Signed-off-by:
Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by:
Quentin Monnet <quentin@isovalent.com> Link: https://lore.kernel.org/bpf/20210609115916.2186872-1-chengzhihao1@huawei.com
-
Wang Hai authored
There is no need for special treatment of the 'ret == 0' case. This patch simplifies the return expression. Signed-off-by:
Wang Hai <wanghai38@huawei.com> Signed-off-by:
Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/bpf/20210609115651.3392580-1-wanghai38@huawei.com
-
Arseny Krasnov authored
Implement two tests of SOCK_SEQPACKET socket: first sends data by several 'write()'s and checks that number of 'read()' were same. Second test checks MSG_TRUNC flag. Cases for connect(), bind(), etc. are not tested, because it is same as for stream socket. Signed-off-by:
Arseny Krasnov <arseny.krasnov@kaspersky.com> Signed-off-by:
-
Arnaldo Carvalho de Melo authored
To pick the changes in: fb35d30f ("x86/cpufeatures: Assign dedicated feature word for CPUID_0x8000001F[EAX]") e7b6385b ("x86/cpufeatures: Add Intel SGX hardware bits") 1478b99a ("x86/cpufeatures: Mark ENQCMD as disabled when configured out") That don't cause any change in the tools, just silences this perf build warning: Warning: Kernel ABI header at 'tools/arch/x86/include/asm/disabled-features.h' differs from latest version at 'arch/x86/include/asm/disabled-features.h' diff -u tools/arch/x86/include/asm/disabled-features.h arch/x86/include/asm/disabled-features.h Cc: Borislav Petkov <bp@suse.de> Cc: Fenghua Yu <fenghua.yu@intel.com> Cc: Sean Christopherson <seanjc@google.com> Signed-off-by:
Arnaldo Carvalho de Melo <acme@redhat.com>
-
Leo Yan authored
When peeking an event, it has a short path and a long path. The short path uses the session pointer "one_mmap_addr" to directly fetch the event; and the long path needs to read out the event header and the following event data from file and fill into the buffer pointer passed through the argument "buf". The issue is in the long path that it copies the event header and event data into the same destination address which pointer "buf", this means the event header is overwritten. We are just lucky to run into the short path in most cases, so we don't hit the issue in the long path. This patch adds the offset "hdr_sz" to the pointer "buf" when copying the event data, so that it can reserve the event header which can be used properly by its caller. Fixes: 5a52f33a ("perf session: Add perf_session__peek_event()") Signed-off-by:
Leo Yan <leo.yan@linaro.org> Acked-by:
Adrian Hunter <adrian.hunter@intel.com> Acked-by:
Jiri Olsa <jolsa@redhat.com> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Kan Liang <kan.liang@linux.intel.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Link: http://lore.kernel.org/lkml/20210605052957.1070720-1-leo.yan@linaro.org Signed-off-by:
-
Peter Zijlstra authored
It turns out that the compilers generate conditional branches to the retpoline thunks like: 5d5: 0f 85 00 00 00 00 jne 5db <cpuidle_reflect+0x22> 5d7: R_X86_64_PLT32 __x86_indirect_thunk_r11-0x4 while the rewrite can only handle JMP/CALL to the thunks. The result is the alternative wrecking the code. Make sure to skip writing the alternatives for conditional branches. Fixes: 9bc0bb50 ("objtool/x86: Rewrite retpoline thunk calls") Reported-by:
Lukasz Majczak <lma@semihalf.com> Reported-by:
Nathan Chancellor <nathan@kernel.org> Signed-off-by:
Peter Zijlstra (Intel) <peterz@infradead.org> Tested-by:
-
- Jun 10, 2021
-
-
Paolo Abeni authored
Syncookie validation may fail for OoO packets, causing spurious resets and self-tests failures, so let's force syncookie only for tests iteration with no OoO. Fixes: fed61c4b ("selftests: mptcp: make 2nd net namespace use tcp syn cookies unconditionally") Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/198 Signed-off-by:
-
Yanan Wang authored
Errors like below were produced from test_util.c when compiling the KVM selftests on my local platform. lib/test_util.c: In function 'vm_mem_backing_src_alias': lib/test_util.c:177:12: error: initializer element is not constant .flag = anon_flags, ^~~~~~~~~~ lib/test_util.c:177:12: note: (near initialization for 'aliases[0].flag') The reason is that we are using non-const expressions to initialize the static structure, which will probably trigger a compiling error/warning on stricter GCC versions. Fix it by converting the two const variables "anon_flags" and "anon_huge_flags" into more stable macros. Fixes: b3784bc2 ("KVM: selftests: refactor vm_mem_backing_src_type flags") Reported-by:Zenghui Yu <yuzenghui@huawei.com> Signed-off-by:
Yanan Wang <wangyanan55@huawei.com> Message-Id: <20210610085418.35544-1-wangyanan55@huawei.com> Signed-off-by:
-
Peter Zijlstra authored
When an ELF object uses extended symbol section indexes (IOW it has a .symtab_shndx section), these must be kept in sync with the regular symbol table (.symtab). So for every new symbol we emit, make sure to also emit a .symtab_shndx value to keep the arrays of equal size. Note: since we're writing an UNDEF symbol, most GElf_Sym fields will be 0 and we can repurpose one (st_size) to host the 0 for the xshndx value. Fixes: 2f2f7e47 ("objtool: Add elf_create_undef_symbol()") Reported-by:
Nick Desaulniers <ndesaulniers@google.com> Suggested-by:
Fangrui Song <maskray@google.com> Signed-off-by:
-
- Jun 09, 2021
-
-
Florian Westphal authored
There is a bug report on netfilter.org bugzilla pointing to fib expression dropping ipv6 DAD packets. Add a test case that demonstrates this problem. Next patch excludes icmpv6 packets coming from any to linklocal. Signed-off-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org>
-
- Jun 08, 2021
-
-
Petr Machata authored
In the commit referenced below, a check was added to devlink_lib that asserts the existence of a devlink device referenced by $DEVLINK_DEV. Unfortunately, several netdevsim tests point DEVLINK_DEV at a device that does not exist at the time that devlink_lib is sourced. Thus these tests spuriously fail. Fix this by introducing an override. By setting DEVLINK_DEV to an empty string, the user declares their intention to handle DEVLINK_DEV management on their own. In all netdevsim tests that use devlink_lib and set DEVLINK_DEV, set instead an empty DEVLINK_DEV just before sourcing devlink_lib, and set it to the correct value right afterwards. Fixes: 557c4d2f ("selftests: devlink_lib: add check for devlink device existence") Signed-off-by:
Petr Machata <petrm@nvidia.com> Signed-off-by:
Ido Schimmel <idosch@nvidia.com> Signed-off-by:
-
Amit Cohen authored
Several tests do not set some ports down as part of their cleanup(), resulting in IPv6 link-local addresses and associated routes not being deleted. These leaks were found using a BPF tool that monitors ASIC resources. Solve this by setting the ports down at the end of the tests. Signed-off-by:
Amit Cohen <amcohen@nvidia.com> Reviewed-by:
-
Amit Cohen authored
To check how many routes are installed in hardware, the test runs "ip route" and greps for "offload", which includes routes with state "offload_failed". Till now, this wrong check was not found because after one failure in route insertion, the driver moved to "abort" mode, which means that user cannot try to add more routes. The previous patch removed the abort mechanism and now failed routes are counted as offloaded. Fix this by not considering routes with "offload_failed" flag as offloaded. Signed-off-by:
-
