1. 01 Jul, 2024 16 commits
  2. 29 Jun, 2024 18 commits
  3. 28 Jun, 2024 6 commits
    • Phil Sutter's avatar
      netfilter: xt_recent: Lift restrictions on max hitcount value · f4ebd034
      Phil Sutter authored
      Support tracking of up to 65535 packets per table entry instead of just
      255 to better facilitate longer term tracking or higher throughput
      scenarios.
      
      Note how this aligns sizes of struct recent_entry's 'nstamps' and
      'index' fields when 'nstamps' was larger before. This is unnecessary as
      the value of 'nstamps' grows along with that of 'index' after being
      initialized to 1 (see recent_entry_update()). Its value will thus never
      exceed that of 'index' and therefore does not need to provide space for
      larger values.
      Requested-by: default avatarFabio <pedretti.fabio@gmail.com>
      Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1745Signed-off-by: default avatarPhil Sutter <phil@nwl.cc>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      f4ebd034
    • Florian Westphal's avatar
      selftests: netfilter: nft_queue.sh: add test for disappearing listener · 742ad979
      Florian Westphal authored
      If userspace program exits while the queue its subscribed to has packets
      those need to be discarded.
      
      commit dc21c6cc ("netfilter: nfnetlink_queue: acquire rcu_read_lock()
      in instance_destroy_rcu()") fixed a (harmless) rcu splat that could be
      triggered in this case.
      
      Add a test case to cover this.
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      742ad979
    • David S. Miller's avatar
      Merge branch 'net-selftests-mirroring-cleanup' into main · 748e3bbf
      David S. Miller authored
      Petr Machata says:
      
      ====================
      selftest: Clean-up and stabilize mirroring tests
      
      The mirroring selftests work by sending ICMP traffic between two hosts.
      Along the way, this traffic is mirrored to a gretap netdevice, and counter
      taps are then installed strategically along the path of the mirrored
      traffic to verify the mirroring took place.
      
      The problem with this is that besides mirroring the primary traffic, any
      other service traffic is mirrored as well. At the same time, because the
      tests need to work in HW-offloaded scenarios, the ability of the device to
      do arbitrary packet inspection should not be taken for granted. Most tests
      therefore simply use matchall, one uses flower to match on IP address.
      As a result, the selftests are noisy.
      
      mirror_test() accommodated this noisiness by giving the counters an
      allowance of several packets. But that only works up to a point, and on
      busy systems won't be always enough.
      
      In this patch set, clean up and stabilize the mirroring selftests. The
      original intention was to port the tests over to UDP, but the logic of
      ICMP ends up being so entangled in the mirroring selftests that the
      changes feel overly invasive. Instead, ICMP is kept, but where possible,
      we match on ICMP message type, thus filtering out hits by other ICMP
      messages.
      
      Where this is not practical (where the counter tap is put on a device
      that carries encapsulated packets), switch the counter condition to _at
      least_ X observed packets. This is less robust, but barely so --
      probably the only scenario that this would not catch is something like
      erroneous packet duplication, which would hopefully get caught by the
      numerous other tests in this extensive suite.
      
      - Patches #1 to #3 clean up parameters at various helpers.
      
      - Patches #4 to #6 stabilize the mirroring selftests as described above.
      
      - Mirroring tests currently allow testing SW datapath even on HW
        netdevices by trapping traffic to the SW datapath. This complicates
        the tests a bit without a good reason: to test SW datapath, just run
        the selftests on the veth topology. Thus in patch #7, drop support for
        this dual SW/HW testing.
      
      - At this point, some cleanups were either made possible by the previous
        patches, or were always possible. In patches #8 to #11, realize these
        cleanups.
      
      - In patch #12, fix mlxsw mirror_gre selftest to respect setting TESTS.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      748e3bbf
    • Petr Machata's avatar
      selftests: mlxsw: mirror_gre: Obey TESTS · 098ba97d
      Petr Machata authored
      This test is unusual in that overriding TESTS does not change the tests to
      be run. Split the individual tests into several functions and invoke them
      through tests_run() as appropriate.
      Signed-off-by: default avatarPetr Machata <petrm@nvidia.com>
      Reviewed-by: default avatarDanielle Ratson <danieller@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      098ba97d
    • Petr Machata's avatar
      selftests: libs: Drop unused functions · 06704a0d
      Petr Machata authored
      Nothing calls these.
      Signed-off-by: default avatarPetr Machata <petrm@nvidia.com>
      Reviewed-by: default avatarDanielle Ratson <danieller@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      06704a0d
    • Petr Machata's avatar
      selftests: libs: Drop slow_path_trap_install()/_uninstall() · 4e9cd3d0
      Petr Machata authored
      These functions are not used anymore.
      Signed-off-by: default avatarPetr Machata <petrm@nvidia.com>
      Reviewed-by: default avatarDanielle Ratson <danieller@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4e9cd3d0