[PATCH net-next v2] selftests: forwarding: Reorder arguments to obey POSIX getopt
by David Yang
Quoted from musl wiki:
GNU getopt permutes argv to pull options to the front, ahead of
non-option arguments. musl and the POSIX standard getopt stop
processing options at the first non-option argument with no
permutation.
Thus these scripts stop working on musl since non-option arguments do
not always come last. Fix it by reordering arguments.
Signed-off-by: David Yang <mmyangfl(a)gmail.com>
v1: https://lore.kernel.org/r/20250905173947.3164807-1-mmyangfl@gmail.com
- fix CI errors
---
.../selftests/net/forwarding/bridge_igmp.sh | 26 ++---
.../net/forwarding/bridge_locked_port.sh | 10 +-
.../selftests/net/forwarding/bridge_mdb.sh | 54 ++++-----
.../net/forwarding/bridge_mdb_max.sh | 16 +--
.../selftests/net/forwarding/bridge_mld.sh | 26 ++---
.../net/forwarding/bridge_sticky_fdb.sh | 2 +-
.../net/forwarding/bridge_vlan_aware.sh | 8 +-
.../net/forwarding/bridge_vlan_mcast.sh | 4 +-
.../net/forwarding/custom_multipath_hash.sh | 34 +++---
.../forwarding/gre_custom_multipath_hash.sh | 34 +++---
.../net/forwarding/gre_inner_v4_multipath.sh | 4 +-
.../net/forwarding/gre_inner_v6_multipath.sh | 4 +-
.../selftests/net/forwarding/gre_multipath.sh | 4 +-
.../net/forwarding/gre_multipath_nh.sh | 8 +-
.../net/forwarding/gre_multipath_nh_res.sh | 8 +-
.../net/forwarding/ip6_forward_instats_vrf.sh | 6 +-
.../ip6gre_custom_multipath_hash.sh | 34 +++---
.../forwarding/ip6gre_inner_v4_multipath.sh | 4 +-
.../forwarding/ip6gre_inner_v6_multipath.sh | 4 +-
.../selftests/net/forwarding/ip6gre_lib.sh | 8 +-
tools/testing/selftests/net/forwarding/lib.sh | 24 ++--
.../forwarding/mirror_gre_bridge_1q_lag.sh | 2 +-
.../forwarding/mirror_gre_vlan_bridge_1q.sh | 4 +-
.../selftests/net/forwarding/mirror_lib.sh | 11 +-
.../selftests/net/forwarding/pedit_dsfield.sh | 4 +-
.../selftests/net/forwarding/pedit_ip.sh | 2 +-
.../selftests/net/forwarding/pedit_l4port.sh | 4 +-
.../selftests/net/forwarding/router.sh | 18 +--
.../net/forwarding/router_broadcast.sh | 2 +-
.../net/forwarding/router_mpath_nh.sh | 8 +-
.../net/forwarding/router_mpath_nh_lib.sh | 4 +-
.../net/forwarding/router_mpath_nh_res.sh | 8 +-
.../net/forwarding/router_mpath_seed.sh | 16 +--
.../net/forwarding/router_multicast.sh | 48 ++++----
.../net/forwarding/router_multipath.sh | 8 +-
.../selftests/net/forwarding/sch_red.sh | 22 ++--
.../net/forwarding/skbedit_priority.sh | 4 +-
.../selftests/net/forwarding/tc_actions.sh | 40 +++----
.../selftests/net/forwarding/tc_chains.sh | 8 +-
.../selftests/net/forwarding/tc_flower.sh | 108 +++++++++---------
.../selftests/net/forwarding/tc_flower_cfm.sh | 22 ++--
.../net/forwarding/tc_flower_l2_miss.sh | 16 +--
.../net/forwarding/tc_flower_port_range.sh | 52 ++++-----
.../net/forwarding/tc_flower_router.sh | 8 +-
.../selftests/net/forwarding/tc_police.sh | 24 ++--
.../selftests/net/forwarding/tc_shblocks.sh | 16 +--
.../selftests/net/forwarding/tc_tunnel_key.sh | 6 +-
.../net/forwarding/vxlan_bridge_1d.sh | 24 ++--
.../net/forwarding/vxlan_bridge_1d_ipv6.sh | 6 +-
.../net/forwarding/vxlan_bridge_1q.sh | 18 +--
.../net/forwarding/vxlan_bridge_1q_ipv6.sh | 2 +-
.../net/forwarding/vxlan_bridge_1q_mc_ul.sh | 8 +-
.../net/forwarding/vxlan_reserved.sh | 4 +-
53 files changed, 426 insertions(+), 423 deletions(-)
diff --git a/tools/testing/selftests/net/forwarding/bridge_igmp.sh b/tools/testing/selftests/net/forwarding/bridge_igmp.sh
index d4e7dd659354..dd2e46488c51 100755
--- a/tools/testing/selftests/net/forwarding/bridge_igmp.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_igmp.sh
@@ -158,7 +158,7 @@ v3include_prepare()
ip link set dev br0 type bridge mcast_igmp_version 3
check_err $? "Could not change bridge IGMP version to 3"
- $MZ $host1_if -b $mac -c 1 -B $group -t ip "proto=2,p=$MZPKT_IS_INC" -q
+ $MZ -b $mac -c 1 -B $group -t ip -q $host1_if "proto=2,p=$MZPKT_IS_INC"
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -183,7 +183,7 @@ v3exclude_prepare()
v3include_prepare $host1_if $mac $group
- $MZ $host1_if -c 1 -b $mac -B $group -t ip "proto=2,p=$MZPKT_IS_EXC" -q
+ $MZ -c 1 -b $mac -B $group -t ip -q $host1_if "proto=2,p=$MZPKT_IS_EXC"
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -237,7 +237,7 @@ v3inc_allow_test()
v3include_prepare $h1 $ALL_MAC $ALL_GROUP
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_ALLOW" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip -q $h1 "proto=2,p=$MZPKT_ALLOW"
sleep 1
brmcast_check_sg_entries "allow" "${X[@]}"
@@ -258,7 +258,7 @@ v3inc_is_include_test()
v3include_prepare $h1 $ALL_MAC $ALL_GROUP
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_IS_INC2" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip -q $h1 "proto=2,p=$MZPKT_IS_INC2"
sleep 1
brmcast_check_sg_entries "is_include" "${X[@]}"
@@ -297,7 +297,7 @@ v3inc_to_exclude_test()
ip link set dev br0 type bridge mcast_last_member_interval 500
check_err $? "Could not change mcast_last_member_interval to 5s"
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_TO_EXC" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip -q $h1 "proto=2,p=$MZPKT_TO_EXC"
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -341,7 +341,7 @@ v3exc_allow_test()
v3exclude_prepare $h1 $ALL_MAC $ALL_GROUP
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_ALLOW2" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip -q $h1 "proto=2,p=$MZPKT_ALLOW2"
sleep 1
brmcast_check_sg_entries "allow" "${X[@]}" "${Y[@]}"
@@ -364,7 +364,7 @@ v3exc_is_include_test()
v3exclude_prepare $h1 $ALL_MAC $ALL_GROUP
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_IS_INC3" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip -q $h1 "proto=2,p=$MZPKT_IS_INC3"
sleep 1
brmcast_check_sg_entries "is_include" "${X[@]}" "${Y[@]}"
@@ -387,7 +387,7 @@ v3exc_is_exclude_test()
v3exclude_prepare $h1 $ALL_MAC $ALL_GROUP
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_IS_EXC2" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip -q $h1 "proto=2,p=$MZPKT_IS_EXC2"
sleep 1
brmcast_check_sg_entries "is_exclude" "${X[@]}" "${Y[@]}"
@@ -413,7 +413,7 @@ v3exc_to_exclude_test()
ip link set dev br0 type bridge mcast_last_member_interval 500
check_err $? "Could not change mcast_last_member_interval to 5s"
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_TO_EXC" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip -q $h1 "proto=2,p=$MZPKT_TO_EXC"
sleep 1
brmcast_check_sg_entries "to_exclude" "${X[@]}" "${Y[@]}"
@@ -437,7 +437,7 @@ v3inc_block_test()
v3include_prepare $h1 $ALL_MAC $ALL_GROUP
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_BLOCK" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip -q $h1 "proto=2,p=$MZPKT_BLOCK"
# make sure the lowered timers have expired (by default 2 seconds)
sleep 3
brmcast_check_sg_entries "block" "${X[@]}"
@@ -470,7 +470,7 @@ v3exc_block_test()
ip link set dev br0 type bridge mcast_last_member_interval 500
check_err $? "Could not change mcast_last_member_interval to 5s"
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_BLOCK" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip -q $h1 "proto=2,p=$MZPKT_BLOCK"
sleep 1
brmcast_check_sg_entries "block" "${X[@]}" "${Y[@]}"
@@ -502,7 +502,7 @@ v3exc_timeout_test()
mcast_query_response_interval 500 \
mcast_membership_interval 1500
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_ALLOW2" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip -q $h1 "proto=2,p=$MZPKT_ALLOW2"
sleep 5
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -545,7 +545,7 @@ v3star_ex_auto_add_test()
v3exclude_prepare $h1 $ALL_MAC $ALL_GROUP
- $MZ $h2 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_IS_INC" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip -q $h2 "proto=2,p=$MZPKT_IS_INC"
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
diff --git a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
index c62331b2e006..93d2261be6e3 100755
--- a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
@@ -225,18 +225,18 @@ locked_port_mab_roam()
bridge link set dev $swp1 learning on locked on mab on
- $MZ $h1 -q -c 5 -d 100msec -t udp -a $mac -b rand
+ $MZ -q -c 5 -d 100msec -t udp -a $mac -b rand $h1
bridge fdb get $mac br br0 vlan 1 | grep "dev $swp1" | grep -q "locked"
check_err $? "No locked entry on first injection"
- $MZ $h2 -q -c 5 -d 100msec -t udp -a $mac -b rand
+ $MZ -q -c 5 -d 100msec -t udp -a $mac -b rand $h2
bridge fdb get $mac br br0 vlan 1 | grep -q "dev $swp2"
check_err $? "Entry did not roam to an unlocked port"
bridge fdb get $mac br br0 vlan 1 | grep -q "locked"
check_fail $? "Entry roamed with locked flag on"
- $MZ $h1 -q -c 5 -d 100msec -t udp -a $mac -b rand
+ $MZ -q -c 5 -d 100msec -t udp -a $mac -b rand $h1
bridge fdb get $mac br br0 vlan 1 | grep -q "dev $swp1"
check_fail $? "Entry roamed back to locked port"
@@ -285,12 +285,12 @@ locked_port_mab_flush()
bridge fdb add $unlocked_mac1 dev $swp1 vlan 1 master static
bridge fdb add $unlocked_mac2 dev $swp2 vlan 1 master static
- $MZ $h1 -q -c 5 -d 100msec -t udp -a $locked_mac1 -b rand
+ $MZ -q -c 5 -d 100msec -t udp -a $locked_mac1 -b rand $h1
bridge fdb get $locked_mac1 br br0 vlan 1 | grep "dev $swp1" | \
grep -q "locked"
check_err $? "Failed to create locked FDB entry on first port"
- $MZ $h2 -q -c 5 -d 100msec -t udp -a $locked_mac2 -b rand
+ $MZ -q -c 5 -d 100msec -t udp -a $locked_mac2 -b rand $h2
bridge fdb get $locked_mac2 br br0 vlan 1 | grep "dev $swp2" | \
grep -q "locked"
check_err $? "Failed to create locked FDB entry on second port"
diff --git a/tools/testing/selftests/net/forwarding/bridge_mdb.sh b/tools/testing/selftests/net/forwarding/bridge_mdb.sh
index 8c1597ebc2d3..3218cf1ffae1 100755
--- a/tools/testing/selftests/net/forwarding/bridge_mdb.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_mdb.sh
@@ -1023,27 +1023,27 @@ __fwd_test_host_ip()
# Packet should only be flooded to multicast router ports when there is
# no matching MDB entry. The bridge is not configured as a multicast
# router port.
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q $h1.10
tc_check_packets "dev br0 ingress" 1 0
check_err $? "Packet locally received after flood"
# Install a regular port group entry and expect the packet to not be
# locally received.
bridge mdb add dev br0 port $swp2 grp $grp temp vid 10
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q $h1.10
tc_check_packets "dev br0 ingress" 1 0
check_err $? "Packet locally received after installing a regular entry"
# Add a host entry and expect the packet to be locally received.
bridge mdb add dev br0 port br0 grp $grp temp vid 10
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q $h1.10
tc_check_packets "dev br0 ingress" 1 1
check_err $? "Packet not locally received after adding a host entry"
# Remove the host entry and expect the packet to not be locally
# received.
bridge mdb del dev br0 port br0 grp $grp vid 10
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q $h1.10
tc_check_packets "dev br0 ingress" 1 1
check_err $? "Packet locally received after removing a host entry"
@@ -1071,27 +1071,27 @@ fwd_test_host_l2()
# Packet should be flooded and locally received when there is no
# matching MDB entry.
- $MZ $h1.10 -c 1 -p 128 -a own -b $dmac -q
+ $MZ -c 1 -p 128 -a own -b $dmac -q $h1.10
tc_check_packets "dev br0 ingress" 1 1
check_err $? "Packet not locally received after flood"
# Install a regular port group entry and expect the packet to not be
# locally received.
bridge mdb add dev br0 port $swp2 grp $dmac permanent vid 10
- $MZ $h1.10 -c 1 -p 128 -a own -b $dmac -q
+ $MZ -c 1 -p 128 -a own -b $dmac -q $h1.10
tc_check_packets "dev br0 ingress" 1 1
check_err $? "Packet locally received after installing a regular entry"
# Add a host entry and expect the packet to be locally received.
bridge mdb add dev br0 port br0 grp $dmac permanent vid 10
- $MZ $h1.10 -c 1 -p 128 -a own -b $dmac -q
+ $MZ -c 1 -p 128 -a own -b $dmac -q $h1.10
tc_check_packets "dev br0 ingress" 1 2
check_err $? "Packet not locally received after adding a host entry"
# Remove the host entry and expect the packet to not be locally
# received.
bridge mdb del dev br0 port br0 grp $dmac permanent vid 10
- $MZ $h1.10 -c 1 -p 128 -a own -b $dmac -q
+ $MZ -c 1 -p 128 -a own -b $dmac -q $h1.10
tc_check_packets "dev br0 ingress" 1 2
check_err $? "Packet locally received after removing a host entry"
@@ -1151,43 +1151,43 @@ __fwd_test_port_ip()
vlan_ethtype $eth_type vlan_id 10 dst_ip $grp \
src_ip $invalid_src action drop
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 1 0
check_err $? "Packet from valid source received on H2 before adding entry"
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 2 0
check_err $? "Packet from invalid source received on H2 before adding entry"
bridge mdb add dev br0 port $swp2 grp $grp vid 10 \
filter_mode $filter_mode source_list $src_list
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 1 1
check_err $? "Packet from valid source not received on H2 after adding entry"
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 2 0
check_err $? "Packet from invalid source received on H2 after adding entry"
bridge mdb replace dev br0 port $swp2 grp $grp vid 10 \
filter_mode exclude
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 1 2
check_err $? "Packet from valid source not received on H2 after allowing all sources"
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 2 1
check_err $? "Packet from invalid source not received on H2 after allowing all sources"
bridge mdb del dev br0 port $swp2 grp $grp vid 10
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 1 2
check_err $? "Packet from valid source received on H2 after deleting entry"
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 2 1
check_err $? "Packet from invalid source received on H2 after deleting entry"
@@ -1216,17 +1216,17 @@ fwd_test_port_l2()
tc filter add dev $h2 ingress protocol all pref 1 handle 1 flower \
dst_mac $dmac action drop
- $MZ $h1.10 -c 1 -p 128 -a own -b $dmac -q
+ $MZ -c 1 -p 128 -a own -b $dmac -q $h1.10
tc_check_packets "dev $h2 ingress" 1 0
check_err $? "Packet received on H2 before adding entry"
bridge mdb add dev br0 port $swp2 grp $dmac permanent vid 10
- $MZ $h1.10 -c 1 -p 128 -a own -b $dmac -q
+ $MZ -c 1 -p 128 -a own -b $dmac -q $h1.10
tc_check_packets "dev $h2 ingress" 1 1
check_err $? "Packet not received on H2 after adding entry"
bridge mdb del dev br0 port $swp2 grp $dmac permanent vid 10
- $MZ $h1.10 -c 1 -p 128 -a own -b $dmac -q
+ $MZ -c 1 -p 128 -a own -b $dmac -q $h1.10
tc_check_packets "dev $h2 ingress" 1 1
check_err $? "Packet received on H2 after deleting entry"
@@ -1283,8 +1283,8 @@ ctrl_igmpv3_is_in_test()
filter_mode include source_list 192.0.2.1
# IS_IN ( 192.0.2.2 )
- $MZ $h1.10 -c 1 -a own -b 01:00:5e:01:01:01 -A 192.0.2.1 -B 239.1.1.1 \
- -t ip proto=2,p=$(igmpv3_is_in_get 239.1.1.1 192.0.2.2) -q
+ $MZ -c 1 -a own -b 01:00:5e:01:01:01 -A 192.0.2.1 -B 239.1.1.1 \
+ -t ip -q $h1.10 proto=2,p=$(igmpv3_is_in_get 239.1.1.1 192.0.2.2)
bridge mdb get dev br0 grp 239.1.1.1 src 192.0.2.2 vid 10 &> /dev/null
check_fail $? "Permanent entry affected by IGMP packet"
@@ -1296,8 +1296,8 @@ ctrl_igmpv3_is_in_test()
filter_mode include source_list 192.0.2.1
# IS_IN ( 192.0.2.2 )
- $MZ $h1.10 -a own -b 01:00:5e:01:01:01 -c 1 -A 192.0.2.1 -B 239.1.1.1 \
- -t ip proto=2,p=$(igmpv3_is_in_get 239.1.1.1 192.0.2.2) -q
+ $MZ -a own -b 01:00:5e:01:01:01 -c 1 -A 192.0.2.1 -B 239.1.1.1 \
+ -t ip -q $h1.10 proto=2,p=$(igmpv3_is_in_get 239.1.1.1 192.0.2.2)
bridge -d mdb get dev br0 grp 239.1.1.1 vid 10 | grep -q 192.0.2.2
check_err $? "Source not add to source list"
@@ -1321,8 +1321,8 @@ ctrl_mldv2_is_in_test()
# IS_IN ( 2001:db8:1::2 )
local p=$(mldv2_is_in_get fe80::1 ff0e::1 2001:db8:1::2)
- $MZ -6 $h1.10 -a own -b 33:33:00:00:00:01 -c 1 -A fe80::1 -B ff0e::1 \
- -t ip hop=1,next=0,p="$p" -q
+ $MZ -6 -a own -b 33:33:00:00:00:01 -c 1 -A fe80::1 -B ff0e::1 \
+ -t ip -q $h1.10 hop=1,next=0,p="$p"
bridge mdb get dev br0 grp ff0e::1 src 2001:db8:1::2 vid 10 &> /dev/null
check_fail $? "Permanent entry affected by MLD packet"
@@ -1334,8 +1334,8 @@ ctrl_mldv2_is_in_test()
filter_mode include source_list 2001:db8:1::1
# IS_IN ( 2001:db8:1::2 )
- $MZ -6 $h1.10 -a own -b 33:33:00:00:00:01 -c 1 -A fe80::1 -B ff0e::1 \
- -t ip hop=1,next=0,p="$p" -q
+ $MZ -6 -a own -b 33:33:00:00:00:01 -c 1 -A fe80::1 -B ff0e::1 \
+ -t ip -q $h1.10 hop=1,next=0,p="$p"
bridge -d mdb get dev br0 grp ff0e::1 vid 10 | grep -q 2001:db8:1::2
check_err $? "Source not add to source list"
diff --git a/tools/testing/selftests/net/forwarding/bridge_mdb_max.sh b/tools/testing/selftests/net/forwarding/bridge_mdb_max.sh
index 3da9d93ab36f..efe24eadc2c6 100755
--- a/tools/testing/selftests/net/forwarding/bridge_mdb_max.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_mdb_max.sh
@@ -253,8 +253,8 @@ ctl4_entries_add()
local peer=$(locus_dev_peer $locus)
local GRP=239.1.1.${grp}
local dmac=01:00:5e:01:01:$(printf "%02x" $grp)
- $MZ $peer -a own -b $dmac -c 1 -A 192.0.2.1 -B $GRP \
- -t ip proto=2,p=$(igmpv3_is_in_get $GRP $IPs) -q
+ $MZ -a own -b $dmac -c 1 -A 192.0.2.1 -B $GRP \
+ -t ip -q $peer proto=2,p=$(igmpv3_is_in_get $GRP $IPs)
sleep 1
local nn=$(bridge mdb show dev br0 | grep $GRP | wc -l)
@@ -274,8 +274,8 @@ ctl4_entries_del()
local peer=$(locus_dev_peer $locus)
local GRP=239.1.1.${grp}
local dmac=01:00:5e:00:00:02
- $MZ $peer -a own -b $dmac -c 1 -A 192.0.2.1 -B 224.0.0.2 \
- -t ip proto=2,p=$(igmpv2_leave_get $GRP) -q
+ $MZ -a own -b $dmac -c 1 -A 192.0.2.1 -B 224.0.0.2 \
+ -t ip -q $peer proto=2,p=$(igmpv2_leave_get $GRP)
sleep 1
! bridge mdb show dev br0 | grep -q $GRP
}
@@ -293,8 +293,8 @@ ctl6_entries_add()
local GRP=ff0e::${grp}
local dmac=33:33:00:00:00:$(printf "%02x" $grp)
local p=$(mldv2_is_in_get $SIP $GRP $IPs)
- $MZ -6 $peer -a own -b $dmac -c 1 -A $SIP -B $GRP \
- -t ip hop=1,next=0,p="$p" -q
+ $MZ -6 -a own -b $dmac -c 1 -A $SIP -B $GRP \
+ -t ip -q $peer hop=1,next=0,p="$p"
sleep 1
local nn=$(bridge mdb show dev br0 | grep $GRP | wc -l)
@@ -316,8 +316,8 @@ ctl6_entries_del()
local GRP=ff0e::${grp}
local dmac=33:33:00:00:00:$(printf "%02x" $grp)
local p=$(mldv1_done_get $SIP $GRP)
- $MZ -6 $peer -a own -b $dmac -c 1 -A $SIP -B $GRP \
- -t ip hop=1,next=0,p="$p" -q
+ $MZ -6 -a own -b $dmac -c 1 -A $SIP -B $GRP \
+ -t ip -q $peer hop=1,next=0,p="$p"
sleep 1
! bridge mdb show dev br0 | grep -q $GRP
}
diff --git a/tools/testing/selftests/net/forwarding/bridge_mld.sh b/tools/testing/selftests/net/forwarding/bridge_mld.sh
index 4cacef5a813a..b4f6a81e8bf0 100755
--- a/tools/testing/selftests/net/forwarding/bridge_mld.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_mld.sh
@@ -158,7 +158,7 @@ mldv2include_prepare()
ip link set dev br0 type bridge mcast_mld_version 2
check_err $? "Could not change bridge MLD version to 2"
- $MZ $host1_if $MZPKT_IS_INC -q
+ $MZ -q $host1_if $MZPKT_IS_INC
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -183,7 +183,7 @@ mldv2exclude_prepare()
mldv2include_prepare $h1
- $MZ $host1_if -c 1 $MZPKT_IS_EXC -q
+ $MZ -c 1 -q $host1_if $MZPKT_IS_EXC
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -236,7 +236,7 @@ mldv2inc_allow_test()
mldv2include_prepare $h1
- $MZ $h1 -c 1 $MZPKT_ALLOW -q
+ $MZ -c 1 -q $h1 $MZPKT_ALLOW
sleep 1
brmcast_check_sg_entries "allow" "${X[@]}"
@@ -257,7 +257,7 @@ mldv2inc_is_include_test()
mldv2include_prepare $h1
- $MZ $h1 -c 1 $MZPKT_IS_INC2 -q
+ $MZ -c 1 -q $h1 $MZPKT_IS_INC2
sleep 1
brmcast_check_sg_entries "is_include" "${X[@]}"
@@ -296,7 +296,7 @@ mldv2inc_to_exclude_test()
ip link set dev br0 type bridge mcast_last_member_interval 500
check_err $? "Could not change mcast_last_member_interval to 5s"
- $MZ $h1 -c 1 $MZPKT_TO_EXC -q
+ $MZ -c 1 -q $h1 $MZPKT_TO_EXC
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -340,7 +340,7 @@ mldv2exc_allow_test()
mldv2exclude_prepare $h1
- $MZ $h1 -c 1 $MZPKT_ALLOW2 -q
+ $MZ -c 1 -q $h1 $MZPKT_ALLOW2
sleep 1
brmcast_check_sg_entries "allow" "${X[@]}" "${Y[@]}"
@@ -363,7 +363,7 @@ mldv2exc_is_include_test()
mldv2exclude_prepare $h1
- $MZ $h1 -c 1 $MZPKT_IS_INC3 -q
+ $MZ -c 1 -q $h1 $MZPKT_IS_INC3
sleep 1
brmcast_check_sg_entries "is_include" "${X[@]}" "${Y[@]}"
@@ -386,7 +386,7 @@ mldv2exc_is_exclude_test()
mldv2exclude_prepare $h1
- $MZ $h1 -c 1 $MZPKT_IS_EXC2 -q
+ $MZ -c 1 -q $h1 $MZPKT_IS_EXC2
sleep 1
brmcast_check_sg_entries "is_exclude" "${X[@]}" "${Y[@]}"
@@ -412,7 +412,7 @@ mldv2exc_to_exclude_test()
ip link set dev br0 type bridge mcast_last_member_interval 500
check_err $? "Could not change mcast_last_member_interval to 5s"
- $MZ $h1 -c 1 $MZPKT_TO_EXC -q
+ $MZ -c 1 -q $h1 $MZPKT_TO_EXC
sleep 1
brmcast_check_sg_entries "to_exclude" "${X[@]}" "${Y[@]}"
@@ -436,7 +436,7 @@ mldv2inc_block_test()
mldv2include_prepare $h1
- $MZ $h1 -c 1 $MZPKT_BLOCK -q
+ $MZ -c 1 -q $h1 $MZPKT_BLOCK
# make sure the lowered timers have expired (by default 2 seconds)
sleep 3
brmcast_check_sg_entries "block" "${X[@]}"
@@ -469,7 +469,7 @@ mldv2exc_block_test()
ip link set dev br0 type bridge mcast_last_member_interval 500
check_err $? "Could not change mcast_last_member_interval to 5s"
- $MZ $h1 -c 1 $MZPKT_BLOCK -q
+ $MZ -c 1 -q $h1 $MZPKT_BLOCK
sleep 1
brmcast_check_sg_entries "block" "${X[@]}" "${Y[@]}"
@@ -501,7 +501,7 @@ mldv2exc_timeout_test()
mcast_query_response_interval 500 \
mcast_membership_interval 1500
- $MZ $h1 -c 1 $MZPKT_ALLOW2 -q
+ $MZ -c 1 -q $h1 $MZPKT_ALLOW2
sleep 5
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -544,7 +544,7 @@ mldv2star_ex_auto_add_test()
mldv2exclude_prepare $h1
- $MZ $h2 -c 1 $MZPKT_IS_INC -q
+ $MZ -c 1 -q $h2 $MZPKT_IS_INC
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
diff --git a/tools/testing/selftests/net/forwarding/bridge_sticky_fdb.sh b/tools/testing/selftests/net/forwarding/bridge_sticky_fdb.sh
index 1f8ef0eff862..cbc9a9f3c6de 100755
--- a/tools/testing/selftests/net/forwarding/bridge_sticky_fdb.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_sticky_fdb.sh
@@ -51,7 +51,7 @@ sticky()
bridge fdb add $TEST_MAC dev $swp1 master static sticky
check_err $? "Could not add fdb entry"
bridge fdb del $TEST_MAC dev $swp1 vlan 1 master static sticky
- $MZ $h2 -c 1 -a $TEST_MAC -t arp "request" -q
+ $MZ -c 1 -a $TEST_MAC -t arp -q $h2 "request"
bridge -j fdb show br br0 brport $swp1\
| jq -e ".[] | select(.mac == \"$TEST_MAC\")" &> /dev/null
check_err $? "Did not find FDB record when should"
diff --git a/tools/testing/selftests/net/forwarding/bridge_vlan_aware.sh b/tools/testing/selftests/net/forwarding/bridge_vlan_aware.sh
index e59fba366a0a..88525294e410 100755
--- a/tools/testing/selftests/net/forwarding/bridge_vlan_aware.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_vlan_aware.sh
@@ -131,7 +131,7 @@ extern_learn()
bridge fdb show brport $swp1 | grep -q de:ad:be:ef:13:37
check_err $? "FDB entry was aged out when should not"
- $MZ $h2 -c 1 -p 64 -a $mac -t ip -q
+ $MZ -c 1 -p 64 -a $mac -t ip -q $h2
bridge fdb show brport $swp2 | grep -q de:ad:be:ef:13:37
check_err $? "FDB entry did not roam when should"
@@ -158,7 +158,7 @@ other_tpid()
ip link set $h2 promisc on
ethtool -K $h2 rx-vlan-filter off rx-vlan-stag-filter off
- $MZ -q $h1 -c 1 -b $mac -a own "88:a8 00:03 81:00 00:05 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
+ $MZ -q -c 1 -b $mac -a own $h1 "88:a8 00:03 81:00 00:05 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
sleep 1
# Match on 'self' addresses as well, for those drivers which
@@ -179,7 +179,7 @@ other_tpid()
bridge vlan del dev $swp1 vid 1
- $MZ -q $h1 -c 1 -b $mac -a own "88:a8 00:03 81:00 00:05 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
+ $MZ -q -c 1 -b $mac -a own $h1 "88:a8 00:03 81:00 00:05 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
sleep 1
RET=0
@@ -202,7 +202,7 @@ other_tpid()
tc filter add dev $h2 ingress protocol all pref 1 handle 101 \
flower dst_mac $mac action drop
- $MZ -q $h1 -c 1 -b $mac -a own "81:00 00:00 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
+ $MZ -q -c 1 -b $mac -a own $h1 "81:00 00:00 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
sleep 1
tc -j -s filter show dev $h2 ingress \
diff --git a/tools/testing/selftests/net/forwarding/bridge_vlan_mcast.sh b/tools/testing/selftests/net/forwarding/bridge_vlan_mcast.sh
index 72dfbeaf56b9..9efff89b3bfd 100755
--- a/tools/testing/selftests/net/forwarding/bridge_vlan_mcast.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_vlan_mcast.sh
@@ -508,8 +508,8 @@ vlmc_router_port_test()
mcast_query_response_interval 0
bridge vlan add vid 10 dev br0 self
sleep 1
- mausezahn br0 -Q 10 -c 10 -p 128 -b 01:00:5e:01:01:01 -B 239.1.1.1 \
- -t udp "dp=1024" &>/dev/null
+ $MZ -Q 10 -c 10 -p 128 -b 01:00:5e:01:01:01 -B 239.1.1.1 \
+ -t udp br0 "dp=1024" &>/dev/null
local swp1_tcstats=$(tc_rule_stats_get $swp1 10 egress)
if [[ $swp1_tcstats != 10 ]]; then
check_err 1 "Wrong number of vlan 10 multicast packets flooded"
diff --git a/tools/testing/selftests/net/forwarding/custom_multipath_hash.sh b/tools/testing/selftests/net/forwarding/custom_multipath_hash.sh
index 7d531f7091e6..de9086f4c724 100755
--- a/tools/testing/selftests/net/forwarding/custom_multipath_hash.sh
+++ b/tools/testing/selftests/net/forwarding/custom_multipath_hash.sh
@@ -181,44 +181,44 @@ ping_ipv6()
send_src_ipv4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A "198.51.100.2-198.51.100.253" -B 203.0.113.2 \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_dst_ipv4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B "203.0.113.2-203.0.113.253" \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_src_udp4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B 203.0.113.2 \
- -d $MZ_DELAY -t udp "sp=0-32768,dp=30000"
+ -d $MZ_DELAY -t udp $h1 "sp=0-32768,dp=30000"
}
send_dst_udp4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B 203.0.113.2 \
- -d $MZ_DELAY -t udp "sp=20000,dp=0-32768"
+ -d $MZ_DELAY -t udp $h1 "sp=20000,dp=0-32768"
}
send_src_ipv6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A "2001:db8:1::2-2001:db8:1::fd" -B 2001:db8:4::2 \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_dst_ipv6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B "2001:db8:4::2-2001:db8:4::fd" \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_flowlabel()
@@ -226,22 +226,22 @@ send_flowlabel()
# Generate 16384 echo requests, each with a random flow label.
ip vrf exec v$h1 sh -c \
"for _ in {1..16384}; do \
- $PING6 2001:db8:4::2 -F 0 -c 1 -q >/dev/null 2>&1; \
+ $PING6 -F 0 -c 1 -q 2001:db8:4::2 >/dev/null 2>&1; \
done"
}
send_src_udp6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B 2001:db8:4::2 \
- -d $MZ_DELAY -t udp "sp=0-32768,dp=30000"
+ -d $MZ_DELAY -t udp $h1 "sp=0-32768,dp=30000"
}
send_dst_udp6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B 2001:db8:4::2 \
- -d $MZ_DELAY -t udp "sp=20000,dp=0-32768"
+ -d $MZ_DELAY -t udp $h1 "sp=20000,dp=0-32768"
}
custom_hash_test()
diff --git a/tools/testing/selftests/net/forwarding/gre_custom_multipath_hash.sh b/tools/testing/selftests/net/forwarding/gre_custom_multipath_hash.sh
index dda11a4a9450..24e74fa35392 100755
--- a/tools/testing/selftests/net/forwarding/gre_custom_multipath_hash.sh
+++ b/tools/testing/selftests/net/forwarding/gre_custom_multipath_hash.sh
@@ -276,44 +276,44 @@ ping_ipv6()
send_src_ipv4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A "198.51.100.2-198.51.100.253" -B 203.0.113.2 \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_dst_ipv4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B "203.0.113.2-203.0.113.253" \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_src_udp4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B 203.0.113.2 \
- -d $MZ_DELAY -t udp "sp=0-32768,dp=30000"
+ -d $MZ_DELAY -t udp $h1 "sp=0-32768,dp=30000"
}
send_dst_udp4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B 203.0.113.2 \
- -d $MZ_DELAY -t udp "sp=20000,dp=0-32768"
+ -d $MZ_DELAY -t udp $h1 "sp=20000,dp=0-32768"
}
send_src_ipv6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A "2001:db8:1::2-2001:db8:1::fd" -B 2001:db8:2::2 \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_dst_ipv6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B "2001:db8:2::2-2001:db8:2::fd" \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_flowlabel()
@@ -321,22 +321,22 @@ send_flowlabel()
# Generate 16384 echo requests, each with a random flow label.
ip vrf exec v$h1 sh -c \
"for _ in {1..16384}; do \
- $PING6 2001:db8:2::2 -F 0 -c 1 -q >/dev/null 2>&1; \
+ $PING6 -F 0 -c 1 -q 2001:db8:2::2 >/dev/null 2>&1; \
done"
}
send_src_udp6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "sp=0-32768,dp=30000"
+ -d $MZ_DELAY -t udp $h1 "sp=0-32768,dp=30000"
}
send_dst_udp6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "sp=20000,dp=0-32768"
+ -d $MZ_DELAY -t udp $h1 "sp=20000,dp=0-32768"
}
custom_hash_test()
diff --git a/tools/testing/selftests/net/forwarding/gre_inner_v4_multipath.sh b/tools/testing/selftests/net/forwarding/gre_inner_v4_multipath.sh
index efca6114a3ce..3e1694c9773b 100755
--- a/tools/testing/selftests/net/forwarding/gre_inner_v4_multipath.sh
+++ b/tools/testing/selftests/net/forwarding/gre_inner_v4_multipath.sh
@@ -266,8 +266,8 @@ multipath4_test()
local t0_222=$(tc_rule_stats_get $ul32 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -q -p 64 -A "192.0.3.2-192.0.3.62" -B "192.0.4.2-192.0.4.62" \
- -d $MZ_DELAY -c 50 -t udp "sp=1024,dp=1024"
+ $MZ -q -p 64 -A "192.0.3.2-192.0.3.62" -B "192.0.4.2-192.0.4.62" \
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=1024,dp=1024"
sleep 1
local t1_111=$(tc_rule_stats_get $ul32 111 ingress)
diff --git a/tools/testing/selftests/net/forwarding/gre_inner_v6_multipath.sh b/tools/testing/selftests/net/forwarding/gre_inner_v6_multipath.sh
index a71ad39fc0c3..fb2707a97f59 100755
--- a/tools/testing/selftests/net/forwarding/gre_inner_v6_multipath.sh
+++ b/tools/testing/selftests/net/forwarding/gre_inner_v6_multipath.sh
@@ -266,9 +266,9 @@ multipath6_test()
local t0_222=$(tc_rule_stats_get $ul32 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -6 -q -p 64 -A "2001:db8:1::2-2001:db8:1::3e" \
+ $MZ -6 -q -p 64 -A "2001:db8:1::2-2001:db8:1::3e" \
-B "2001:db8:2::2-2001:db8:2::3e" \
- -d $MZ_DELAY -c 50 -t udp "sp=1024,dp=1024"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=1024,dp=1024"
sleep 1
local t1_111=$(tc_rule_stats_get $ul32 111 ingress)
diff --git a/tools/testing/selftests/net/forwarding/gre_multipath.sh b/tools/testing/selftests/net/forwarding/gre_multipath.sh
index 57531c1d884d..6ed8b8f1ac22 100755
--- a/tools/testing/selftests/net/forwarding/gre_multipath.sh
+++ b/tools/testing/selftests/net/forwarding/gre_multipath.sh
@@ -219,8 +219,8 @@ multipath4_test()
local t0_222=$(tc_rule_stats_get $ul2 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -q -p 64 -A 192.0.2.1 -B 192.0.2.18 \
- -d $MZ_DELAY -t udp "sp=1024,dp=0-32768"
+ $MZ -q -p 64 -A 192.0.2.1 -B 192.0.2.18 \
+ -d $MZ_DELAY -t udp $h1 "sp=1024,dp=0-32768"
local t1_111=$(tc_rule_stats_get $ul2 111 ingress)
local t1_222=$(tc_rule_stats_get $ul2 222 ingress)
diff --git a/tools/testing/selftests/net/forwarding/gre_multipath_nh.sh b/tools/testing/selftests/net/forwarding/gre_multipath_nh.sh
index 7d5b2b9cc133..d207b5518843 100755
--- a/tools/testing/selftests/net/forwarding/gre_multipath_nh.sh
+++ b/tools/testing/selftests/net/forwarding/gre_multipath_nh.sh
@@ -243,8 +243,8 @@ multipath4_test()
local t0_222=$(tc_rule_stats_get $ul2 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -q -p 64 -A 192.0.2.1 -B 192.0.2.18 \
- -d $MZ_DELAY -t udp "sp=1024,dp=0-32768"
+ $MZ -q -p 64 -A 192.0.2.1 -B 192.0.2.18 \
+ -d $MZ_DELAY -t udp $h1 "sp=1024,dp=0-32768"
local t1_111=$(tc_rule_stats_get $ul2 111 ingress)
local t1_222=$(tc_rule_stats_get $ul2 222 ingress)
@@ -270,8 +270,8 @@ multipath6_test()
local t0_222=$(tc_rule_stats_get $ul2 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -6 -q -p 64 -A 2001:db8:1::1 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "sp=1024,dp=0-32768"
+ $MZ -6 -q -p 64 -A 2001:db8:1::1 -B 2001:db8:2::2 \
+ -d $MZ_DELAY -t udp $h1 "sp=1024,dp=0-32768"
local t1_111=$(tc_rule_stats_get $ul2 111 ingress)
local t1_222=$(tc_rule_stats_get $ul2 222 ingress)
diff --git a/tools/testing/selftests/net/forwarding/gre_multipath_nh_res.sh b/tools/testing/selftests/net/forwarding/gre_multipath_nh_res.sh
index 370f9925302d..f1d8a6b17d6f 100755
--- a/tools/testing/selftests/net/forwarding/gre_multipath_nh_res.sh
+++ b/tools/testing/selftests/net/forwarding/gre_multipath_nh_res.sh
@@ -246,8 +246,8 @@ multipath4_test()
local t0_222=$(tc_rule_stats_get $ul2 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -q -p 64 -A 192.0.2.1 -B 192.0.2.18 \
- -d $MZ_DELAY -t udp "sp=1024,dp=0-32768"
+ $MZ -q -p 64 -A 192.0.2.1 -B 192.0.2.18 \
+ -d $MZ_DELAY -t udp $h1 "sp=1024,dp=0-32768"
local t1_111=$(tc_rule_stats_get $ul2 111 ingress)
local t1_222=$(tc_rule_stats_get $ul2 222 ingress)
@@ -274,8 +274,8 @@ multipath6_test()
local t0_222=$(tc_rule_stats_get $ul2 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -6 -q -p 64 -A 2001:db8:1::1 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "sp=1024,dp=0-32768"
+ $MZ -6 -q -p 64 -A 2001:db8:1::1 -B 2001:db8:2::2 \
+ -d $MZ_DELAY -t udp $h1 "sp=1024,dp=0-32768"
local t1_111=$(tc_rule_stats_get $ul2 111 ingress)
local t1_222=$(tc_rule_stats_get $ul2 222 ingress)
diff --git a/tools/testing/selftests/net/forwarding/ip6_forward_instats_vrf.sh b/tools/testing/selftests/net/forwarding/ip6_forward_instats_vrf.sh
index 49fa94b53a1c..25036e38043c 100755
--- a/tools/testing/selftests/net/forwarding/ip6_forward_instats_vrf.sh
+++ b/tools/testing/selftests/net/forwarding/ip6_forward_instats_vrf.sh
@@ -95,7 +95,7 @@ ipv6_in_too_big_err()
# Send too big packets
ip vrf exec $vrf_name \
- $PING6 -s 1300 2001:1:2::2 -c 1 -w $PING_TIMEOUT &> /dev/null
+ $PING6 -s 1300 -c 1 -w $PING_TIMEOUT 2001:1:2::2 &> /dev/null
local t1=$(ipv6_stats_get $rtr1 Ip6InTooBigErrors)
test "$((t1 - t0))" -ne 0
@@ -131,7 +131,7 @@ ipv6_in_addr_err()
# Disable forwarding temporary while sending the packet
sysctl -qw net.ipv6.conf.all.forwarding=0
ip vrf exec $vrf_name \
- $PING6 2001:1:2::2 -c 1 -w $PING_TIMEOUT &> /dev/null
+ $PING6 -c 1 -w $PING_TIMEOUT 2001:1:2::2 &> /dev/null
sysctl -qw net.ipv6.conf.all.forwarding=1
local t1=$(ipv6_stats_get $rtr1 Ip6InAddrErrors)
@@ -150,7 +150,7 @@ ipv6_in_discard()
# Add a policy to discard
ip xfrm policy add dst 2001:1:2::2/128 dir fwd action block
ip vrf exec $vrf_name \
- $PING6 2001:1:2::2 -c 1 -w $PING_TIMEOUT &> /dev/null
+ $PING6 -c 1 -w $PING_TIMEOUT 2001:1:2::2 &> /dev/null
ip xfrm policy del dst 2001:1:2::2/128 dir fwd
local t1=$(ipv6_stats_get $rtr1 Ip6InDiscards)
diff --git a/tools/testing/selftests/net/forwarding/ip6gre_custom_multipath_hash.sh b/tools/testing/selftests/net/forwarding/ip6gre_custom_multipath_hash.sh
index e28b4a079e52..38cf24158929 100755
--- a/tools/testing/selftests/net/forwarding/ip6gre_custom_multipath_hash.sh
+++ b/tools/testing/selftests/net/forwarding/ip6gre_custom_multipath_hash.sh
@@ -278,44 +278,44 @@ ping_ipv6()
send_src_ipv4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A "198.51.100.2-198.51.100.253" -B 203.0.113.2 \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_dst_ipv4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B "203.0.113.2-203.0.113.253" \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_src_udp4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B 203.0.113.2 \
- -d $MZ_DELAY -t udp "sp=0-32768,dp=30000"
+ -d $MZ_DELAY -t udp $h1 "sp=0-32768,dp=30000"
}
send_dst_udp4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B 203.0.113.2 \
- -d $MZ_DELAY -t udp "sp=20000,dp=0-32768"
+ -d $MZ_DELAY -t udp $h1 "sp=20000,dp=0-32768"
}
send_src_ipv6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A "2001:db8:1::2-2001:db8:1::fd" -B 2001:db8:2::2 \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_dst_ipv6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B "2001:db8:2::2-2001:db8:2::fd" \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_flowlabel()
@@ -323,22 +323,22 @@ send_flowlabel()
# Generate 16384 echo requests, each with a random flow label.
ip vrf exec v$h1 sh -c \
"for _ in {1..16384}; do \
- $PING6 2001:db8:2::2 -F 0 -c 1 -q >/dev/null 2>&1; \
+ $PING6 -F 0 -c 1 -q 2001:db8:2::2 >/dev/null 2>&1; \
done"
}
send_src_udp6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "sp=0-32768,dp=30000"
+ -d $MZ_DELAY -t udp $h1 "sp=0-32768,dp=30000"
}
send_dst_udp6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "sp=20000,dp=0-32768"
+ -d $MZ_DELAY -t udp $h1 "sp=20000,dp=0-32768"
}
custom_hash_test()
diff --git a/tools/testing/selftests/net/forwarding/ip6gre_inner_v4_multipath.sh b/tools/testing/selftests/net/forwarding/ip6gre_inner_v4_multipath.sh
index 32d1461f37b7..21a2deb577ef 100755
--- a/tools/testing/selftests/net/forwarding/ip6gre_inner_v4_multipath.sh
+++ b/tools/testing/selftests/net/forwarding/ip6gre_inner_v4_multipath.sh
@@ -265,8 +265,8 @@ multipath4_test()
local t0_222=$(tc_rule_stats_get $ul32 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -q -p 64 -A "192.0.3.2-192.0.3.62" -B "192.0.4.2-192.0.4.62" \
- -d $MZ_DELAY -c 50 -t udp "sp=1024,dp=1024"
+ $MZ -q -p 64 -A "192.0.3.2-192.0.3.62" -B "192.0.4.2-192.0.4.62" \
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=1024,dp=1024"
sleep 1
local t1_111=$(tc_rule_stats_get $ul32 111 ingress)
diff --git a/tools/testing/selftests/net/forwarding/ip6gre_inner_v6_multipath.sh b/tools/testing/selftests/net/forwarding/ip6gre_inner_v6_multipath.sh
index e1a4b50505f5..f2fd82017f21 100755
--- a/tools/testing/selftests/net/forwarding/ip6gre_inner_v6_multipath.sh
+++ b/tools/testing/selftests/net/forwarding/ip6gre_inner_v6_multipath.sh
@@ -265,9 +265,9 @@ multipath6_test()
local t0_222=$(tc_rule_stats_get $ul32 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -6 -q -p 64 -A "2001:db8:1::2-2001:db8:1::3e" \
+ $MZ -6 -q -p 64 -A "2001:db8:1::2-2001:db8:1::3e" \
-B "2001:db8:2::2-2001:db8:2::3e" \
- -d $MZ_DELAY -c 50 -t udp "sp=1024,dp=1024"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=1024,dp=1024"
sleep 1
local t1_111=$(tc_rule_stats_get $ul32 111 ingress)
diff --git a/tools/testing/selftests/net/forwarding/ip6gre_lib.sh b/tools/testing/selftests/net/forwarding/ip6gre_lib.sh
index 2d91281dc5b7..4ebb8a1c758a 100644
--- a/tools/testing/selftests/net/forwarding/ip6gre_lib.sh
+++ b/tools/testing/selftests/net/forwarding/ip6gre_lib.sh
@@ -355,8 +355,8 @@ test_traffic_ip4ip6()
tc filter add dev $ol2 egress protocol ipv4 pref 1 handle 101 \
flower $TC_FLAG dst_ip 203.0.113.1 action pass
- $MZ $h1 -c 1000 -p 64 -a $h1mac -b $ol1mac -A 198.51.100.1 \
- -B 203.0.113.1 -t ip -q -d $MZ_DELAY
+ $MZ -c 1000 -p 64 -a $h1mac -b $ol1mac -A 198.51.100.1 \
+ -B 203.0.113.1 -t ip -q -d $MZ_DELAY $h1
# Check ports after encap and after decap.
tc_check_at_least_x_packets "dev $ul1 egress" 101 1000
@@ -388,8 +388,8 @@ test_traffic_ip6ip6()
tc filter add dev $ol2 egress protocol ipv6 pref 1 handle 101 \
flower $TC_FLAG dst_ip 2001:db8:2::1 action pass
- $MZ -6 $h1 -c 1000 -p 64 -a $h1mac -b $ol1mac -A 2001:db8:1::1 \
- -B 2001:db8:2::1 -t ip -q -d $MZ_DELAY
+ $MZ -6 -c 1000 -p 64 -a $h1mac -b $ol1mac -A 2001:db8:1::1 \
+ -B 2001:db8:2::1 -t ip -q -d $MZ_DELAY $h1
# Check ports after encap and after decap.
tc_check_at_least_x_packets "dev $ul1 egress" 101 1000
diff --git a/tools/testing/selftests/net/forwarding/lib.sh b/tools/testing/selftests/net/forwarding/lib.sh
index 890b3374dacd..d1a06dbfe2ae 100644
--- a/tools/testing/selftests/net/forwarding/lib.sh
+++ b/tools/testing/selftests/net/forwarding/lib.sh
@@ -1291,8 +1291,8 @@ ping_do()
vrf_name=$(master_name_get $if_name)
ip vrf exec $vrf_name \
- $PING $args $dip -c $PING_COUNT -i 0.1 \
- -w $PING_TIMEOUT &> /dev/null
+ $PING $args -c $PING_COUNT -i 0.1 \
+ -w $PING_TIMEOUT $dip &> /dev/null
}
ping_test()
@@ -1322,8 +1322,8 @@ ping6_do()
vrf_name=$(master_name_get $if_name)
ip vrf exec $vrf_name \
- $PING6 $args $dip -c $PING_COUNT -i 0.1 \
- -w $PING_TIMEOUT &> /dev/null
+ $PING6 $args -c $PING_COUNT -i 0.1 \
+ -w $PING_TIMEOUT $dip &> /dev/null
}
ping6_test()
@@ -1369,7 +1369,7 @@ learning_test()
tc filter add dev $host1_if ingress protocol ip pref 1 handle 101 \
flower dst_mac $mac action drop
- $MZ $host2_if -c 1 -p 64 -b $mac -t ip -q
+ $MZ -c 1 -p 64 -b $mac -t ip -q $host2_if
sleep 1
tc -j -s filter show dev $host1_if ingress \
@@ -1377,14 +1377,14 @@ learning_test()
| select(.options.actions[0].stats.packets == 1)" &> /dev/null
check_fail $? "Packet reached first host when should not"
- $MZ $host1_if -c 1 -p 64 -a $mac -t ip -q
+ $MZ -c 1 -p 64 -a $mac -t ip -q $host1_if
sleep 1
bridge -j fdb show br $bridge brport $br_port1 \
| jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null
check_err $? "Did not find FDB record when should"
- $MZ $host2_if -c 1 -p 64 -b $mac -t ip -q
+ $MZ -c 1 -p 64 -b $mac -t ip -q $host2_if
sleep 1
tc -j -s filter show dev $host1_if ingress \
@@ -1403,7 +1403,7 @@ learning_test()
bridge link set dev $br_port1 learning off
- $MZ $host1_if -c 1 -p 64 -a $mac -t ip -q
+ $MZ -c 1 -p 64 -a $mac -t ip -q $host1_if
sleep 1
bridge -j fdb show br $bridge brport $br_port1 \
@@ -1437,7 +1437,7 @@ flood_test_do()
tc filter add dev $host2_if ingress protocol ip pref 1 handle 101 \
flower dst_mac $mac action drop
- $MZ $host1_if -c 1 -p 64 -b $mac -B $ip -t ip -q
+ $MZ -c 1 -p 64 -b $mac -B $ip -t ip -q $host1_if
sleep 1
tc -j -s filter show dev $host2_if ingress \
@@ -1522,8 +1522,8 @@ __start_traffic()
local dmac=$1; shift
local -a mz_args=("$@")
- $MZ $h_in -p $pktsize -A $sip -B $dip -c 0 \
- -a own -b $dmac -t "$proto" -q "${mz_args[@]}" &
+ $MZ -p $pktsize -A $sip -B $dip -c 0 \
+ -a own -b $dmac -t "$proto" -q $h_in "${mz_args[@]}" &
sleep 1
}
@@ -1663,7 +1663,7 @@ mcast_packet_test()
tc filter add dev $host2_if ingress protocol $tc_proto pref 1 handle 101 \
flower ip_proto udp dst_mac $mac action drop
- $MZ $host1_if $mz_v6arg -c 1 -p 64 -b $mac -A $src_ip -B $ip -t udp "dp=4096,sp=2048" -q
+ $MZ $mz_v6arg -c 1 -p 64 -b $mac -A $src_ip -B $ip -t udp -q $host1_if "dp=4096,sp=2048"
sleep 1
tc -j -s filter show dev $host2_if ingress \
diff --git a/tools/testing/selftests/net/forwarding/mirror_gre_bridge_1q_lag.sh b/tools/testing/selftests/net/forwarding/mirror_gre_bridge_1q_lag.sh
index a20d22d1df36..8d4ae6c952a1 100755
--- a/tools/testing/selftests/net/forwarding/mirror_gre_bridge_1q_lag.sh
+++ b/tools/testing/selftests/net/forwarding/mirror_gre_bridge_1q_lag.sh
@@ -238,7 +238,7 @@ test_lag_slave()
ip neigh flush dev br1
setup_wait_dev $up_dev
setup_wait_dev $host_dev
- $ARPING -I br1 192.0.2.130 -qfc 1
+ $ARPING -I br1 -qfc 1 192.0.2.130
sleep 2
mirror_test vrf-h1 192.0.2.1 192.0.2.18 $host_dev 1 ">= 10"
diff --git a/tools/testing/selftests/net/forwarding/mirror_gre_vlan_bridge_1q.sh b/tools/testing/selftests/net/forwarding/mirror_gre_vlan_bridge_1q.sh
index 1b902cc579f6..a21c771908b3 100755
--- a/tools/testing/selftests/net/forwarding/mirror_gre_vlan_bridge_1q.sh
+++ b/tools/testing/selftests/net/forwarding/mirror_gre_vlan_bridge_1q.sh
@@ -196,7 +196,7 @@ test_span_gre_forbidden_egress()
bridge vlan add dev $swp3 vid 555
# Re-prime FDB
- $ARPING -I br1.555 192.0.2.130 -fqc 1
+ $ARPING -I br1.555 -fqc 1 192.0.2.130
sleep 1
quick_test_span_gre_dir $tundev
@@ -290,7 +290,7 @@ test_span_gre_fdb_roaming()
bridge fdb del dev $swp2 $h3mac vlan 555 master 2>/dev/null
# Re-prime FDB
- $ARPING -I br1.555 192.0.2.130 -fqc 1
+ $ARPING -I br1.555 -fqc 1 192.0.2.130
sleep 1
quick_test_span_gre_dir $tundev
diff --git a/tools/testing/selftests/net/forwarding/mirror_lib.sh b/tools/testing/selftests/net/forwarding/mirror_lib.sh
index 6bf9d5ae933c..9a538b1391ed 100644
--- a/tools/testing/selftests/net/forwarding/mirror_lib.sh
+++ b/tools/testing/selftests/net/forwarding/mirror_lib.sh
@@ -36,12 +36,15 @@ mirror_test()
local pref=$1; shift
local expect=$1; shift
+ # getopt permutation is a non-POSIX GNU extension
if is_ipv6 $dip; then
local proto=-6
- local type="icmp6 type=128" # Echo request.
+ local type="icmp6"
+ local typespec="type=128" # Echo request.
else
local proto=
- local type="icmp echoreq"
+ local type="icmp"
+ local typespec="echoreq"
fi
if [[ -z ${expect//[[:digit:]]/} ]]; then
@@ -49,8 +52,8 @@ mirror_test()
fi
local t0=$(tc_rule_stats_get $dev $pref)
- $MZ $proto $vrf_name ${sip:+-A $sip} -B $dip -a own -b bc -q \
- -c 10 -d 100msec -t $type
+ $MZ $proto ${sip:+-A $sip} -B $dip -a own -b bc -q \
+ -c 10 -d 100msec -t $type $vrf_name $typespec
sleep 0.5
local t1=$(tc_rule_stats_get $dev $pref)
local delta=$((t1 - t0))
diff --git a/tools/testing/selftests/net/forwarding/pedit_dsfield.sh b/tools/testing/selftests/net/forwarding/pedit_dsfield.sh
index af008fbf2725..3e8804ccb721 100755
--- a/tools/testing/selftests/net/forwarding/pedit_dsfield.sh
+++ b/tools/testing/selftests/net/forwarding/pedit_dsfield.sh
@@ -130,8 +130,8 @@ do_test_pedit_dsfield_common()
# TOS 125: DSCP 31, ECN 1. Used for testing that the relevant part is
# overwritten when zero is selected.
- $MZ $mz_flags $h1 -c 10 -d 20msec -p 100 \
- -a own -b $h2mac -q -t tcp tos=0x7d,sp=54321,dp=12345
+ $MZ $mz_flags -c 10 -d 20msec -p 100 \
+ -a own -b $h2mac -q -t tcp $h1 tos=0x7d,sp=54321,dp=12345
local pkts
pkts=$(busywait "$TC_HIT_TIMEOUT" until_counter_is ">= 10" \
diff --git a/tools/testing/selftests/net/forwarding/pedit_ip.sh b/tools/testing/selftests/net/forwarding/pedit_ip.sh
index d14efb2d23b2..48aab7f4cc49 100755
--- a/tools/testing/selftests/net/forwarding/pedit_ip.sh
+++ b/tools/testing/selftests/net/forwarding/pedit_ip.sh
@@ -128,7 +128,7 @@ do_test_pedit_ip()
RET=0
- $MZ $mz_flags $h1 -c 10 -d 20msec -p 100 -a own -b $h2mac -q -t ip
+ $MZ $mz_flags -c 10 -d 20msec -p 100 -a own -b $h2mac -q -t ip $h1
local pkts
pkts=$(busywait "$TC_HIT_TIMEOUT" until_counter_is ">= 10" \
diff --git a/tools/testing/selftests/net/forwarding/pedit_l4port.sh b/tools/testing/selftests/net/forwarding/pedit_l4port.sh
index 10e594c55117..d9846703d6cc 100755
--- a/tools/testing/selftests/net/forwarding/pedit_l4port.sh
+++ b/tools/testing/selftests/net/forwarding/pedit_l4port.sh
@@ -132,8 +132,8 @@ do_test_pedit_l4port_one()
RET=0
- $MZ $mz_flags $h1 -c 10 -d 20msec -p 100 \
- -a own -b $h2mac -q -t $pedit_prot sp=54321,dp=12345
+ $MZ $mz_flags -c 10 -d 20msec -p 100 \
+ -a own -b $h2mac -q -t $pedit_prot $h1 sp=54321,dp=12345
local pkts
pkts=$(busywait "$TC_HIT_TIMEOUT" until_counter_is ">= 10" \
diff --git a/tools/testing/selftests/net/forwarding/router.sh b/tools/testing/selftests/net/forwarding/router.sh
index b98ea9449b8b..2560ad760a66 100755
--- a/tools/testing/selftests/net/forwarding/router.sh
+++ b/tools/testing/selftests/net/forwarding/router.sh
@@ -197,8 +197,8 @@ sip_in_class_e()
tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
flower src_ip 240.0.0.1 ip_proto udp action pass
- $MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
- -A 240.0.0.1 -b $rp1mac -B 198.51.100.2 -q
+ $MZ -t udp -c 5 -d 1msec \
+ -A 240.0.0.1 -b $rp1mac -B 198.51.100.2 -q $h1 "sp=54321,dp=12345"
tc_check_packets "dev $rp2 egress" 101 5
check_err $? "Packets were dropped"
@@ -246,8 +246,8 @@ __mc_mac_mismatch()
create_mcast_sg $rp1 $sip $dip $rp2
- $MZ $flags $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec -b $dmac \
- -B $dip -q
+ $MZ $flags -t udp -c 5 -d 1msec -b $dmac \
+ -B $dip -q $h1 "sp=54321,dp=12345"
tc_check_packets "dev $rp2 egress" 101 5
check_err $? "Packets were dropped"
@@ -275,8 +275,8 @@ ipv4_sip_equal_dip()
tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
flower src_ip 198.51.100.2 action pass
- $MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
- -A 198.51.100.2 -b $rp1mac -B 198.51.100.2 -q
+ $MZ -t udp -c 5 -d 1msec \
+ -A 198.51.100.2 -b $rp1mac -B 198.51.100.2 -q $h1 "sp=54321,dp=12345"
tc_check_packets "dev $rp2 egress" 101 5
check_err $? "Packets were dropped"
@@ -295,8 +295,8 @@ ipv6_sip_equal_dip()
tc filter add dev $rp2 egress protocol ipv6 pref 1 handle 101 \
flower src_ip 2001:db8:2::2 action pass
- $MZ -6 $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
- -A 2001:db8:2::2 -b $rp1mac -B 2001:db8:2::2 -q
+ $MZ -6 -t udp -c 5 -d 1msec \
+ -A 2001:db8:2::2 -b $rp1mac -B 2001:db8:2::2 -q $h1 "sp=54321,dp=12345"
tc_check_packets "dev $rp2 egress" 101 5
check_err $? "Packets were dropped"
@@ -318,7 +318,7 @@ ipv4_dip_link_local()
ip neigh add 169.254.1.1 lladdr 00:11:22:33:44:55 dev $rp2
ip route add 169.254.1.0/24 dev $rp2
- $MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec -b $rp1mac -B $dip -q
+ $MZ -t udp -c 5 -d 1msec -b $rp1mac -B $dip -q $h1 "sp=54321,dp=12345"
tc_check_packets "dev $rp2 egress" 101 5
check_err $? "Packets were dropped"
diff --git a/tools/testing/selftests/net/forwarding/router_broadcast.sh b/tools/testing/selftests/net/forwarding/router_broadcast.sh
index 4eac0a06f451..e13569d96cd7 100755
--- a/tools/testing/selftests/net/forwarding/router_broadcast.sh
+++ b/tools/testing/selftests/net/forwarding/router_broadcast.sh
@@ -173,7 +173,7 @@ ping_test_from()
log_info "ping $dip, expected reply from $from"
ip vrf exec $(master_name_get $oif) \
- $PING -I $oif $dip -c 10 -i 0.1 -w $PING_TIMEOUT -b 2>&1 \
+ $PING -I $oif -c 10 -i 0.1 -w $PING_TIMEOUT -b $dip 2>&1 \
| grep "bytes from $from" > /dev/null
check_err_fail $fail $?
}
diff --git a/tools/testing/selftests/net/forwarding/router_mpath_nh.sh b/tools/testing/selftests/net/forwarding/router_mpath_nh.sh
index a7d8399c8d4f..f0cded6b7bcf 100755
--- a/tools/testing/selftests/net/forwarding/router_mpath_nh.sh
+++ b/tools/testing/selftests/net/forwarding/router_mpath_nh.sh
@@ -244,8 +244,8 @@ multipath4_test()
t0_rp12=$(link_stats_tx_packets_get $rp12)
t0_rp13=$(link_stats_tx_packets_get $rp13)
- ip vrf exec vrf-h1 $MZ $h1 -q -p 64 -A 192.0.2.2 -B 198.51.100.2 \
- -d $MZ_DELAY -t udp "$ports"
+ ip vrf exec vrf-h1 $MZ -q -p 64 -A 192.0.2.2 -B 198.51.100.2 \
+ -d $MZ_DELAY -t udp $h1 "$ports"
sleep 1
t1_rp12=$(link_stats_tx_packets_get $rp12)
@@ -280,8 +280,8 @@ multipath6_test()
t0_rp12=$(link_stats_tx_packets_get $rp12)
t0_rp13=$(link_stats_tx_packets_get $rp13)
- $MZ $h1 -6 -q -p 64 -A 2001:db8:1::2 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "$ports"
+ $MZ -6 -q -p 64 -A 2001:db8:1::2 -B 2001:db8:2::2 \
+ -d $MZ_DELAY -t udp $h1 "$ports"
sleep 1
t1_rp12=$(link_stats_tx_packets_get $rp12)
diff --git a/tools/testing/selftests/net/forwarding/router_mpath_nh_lib.sh b/tools/testing/selftests/net/forwarding/router_mpath_nh_lib.sh
index 507b2852dabe..d8ba304ec9ff 100644
--- a/tools/testing/selftests/net/forwarding/router_mpath_nh_lib.sh
+++ b/tools/testing/selftests/net/forwarding/router_mpath_nh_lib.sh
@@ -104,7 +104,7 @@ __nh_stats_test_v4()
sysctl_set net.ipv4.fib_multipath_hash_policy 1
nh_stats_test_dispatch $nhgtype "IPv4" 101 102 103 \
- $MZ $h1 -A 192.0.2.2 -B 198.51.100.2
+ $MZ -A 192.0.2.2 -B 198.51.100.2 $h1
sysctl_restore net.ipv4.fib_multipath_hash_policy
}
@@ -114,7 +114,7 @@ __nh_stats_test_v6()
sysctl_set net.ipv6.fib_multipath_hash_policy 1
nh_stats_test_dispatch $nhgtype "IPv6" 104 105 106 \
- $MZ -6 $h1 -A 2001:db8:1::2 -B 2001:db8:2::2
+ $MZ -6 -A 2001:db8:1::2 -B 2001:db8:2::2 $h1
sysctl_restore net.ipv6.fib_multipath_hash_policy
}
diff --git a/tools/testing/selftests/net/forwarding/router_mpath_nh_res.sh b/tools/testing/selftests/net/forwarding/router_mpath_nh_res.sh
index 88ddae05b39d..1db64b8beab2 100755
--- a/tools/testing/selftests/net/forwarding/router_mpath_nh_res.sh
+++ b/tools/testing/selftests/net/forwarding/router_mpath_nh_res.sh
@@ -245,8 +245,8 @@ multipath4_test()
t0_rp12=$(link_stats_tx_packets_get $rp12)
t0_rp13=$(link_stats_tx_packets_get $rp13)
- ip vrf exec vrf-h1 $MZ $h1 -q -p 64 -A 192.0.2.2 -B 198.51.100.2 \
- -d $MZ_DELAY -t udp "$ports"
+ ip vrf exec vrf-h1 $MZ -q -p 64 -A 192.0.2.2 -B 198.51.100.2 \
+ -d $MZ_DELAY -t udp $h1 "$ports"
sleep 1
t1_rp12=$(link_stats_tx_packets_get $rp12)
@@ -278,8 +278,8 @@ multipath6_l4_test()
t0_rp12=$(link_stats_tx_packets_get $rp12)
t0_rp13=$(link_stats_tx_packets_get $rp13)
- $MZ $h1 -6 -q -p 64 -A 2001:db8:1::2 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "$ports"
+ $MZ -6 -q -p 64 -A 2001:db8:1::2 -B 2001:db8:2::2 \
+ -d $MZ_DELAY -t udp $h1 "$ports"
sleep 1
t1_rp12=$(link_stats_tx_packets_get $rp12)
diff --git a/tools/testing/selftests/net/forwarding/router_mpath_seed.sh b/tools/testing/selftests/net/forwarding/router_mpath_seed.sh
index 314cb906c1eb..d6a2a24da423 100755
--- a/tools/testing/selftests/net/forwarding/router_mpath_seed.sh
+++ b/tools/testing/selftests/net/forwarding/router_mpath_seed.sh
@@ -255,15 +255,15 @@ test_mpath_seed()
test_mpath_seed_ipv4()
{
test_mpath_seed 1000 IPv4 \
- $MZ $h1 -A 192.0.2.1 -B 192.0.2.34 -q \
- -p 64 -d 0 -c 10 -t udp
+ $MZ -A 192.0.2.1 -B 192.0.2.34 -q \
+ -p 64 -d 0 -c 10 -t udp $h1
}
test_mpath_seed_ipv6()
{
test_mpath_seed 2000 IPv6 \
- $MZ -6 $h1 -A 2001:db8:1::1 -B 2001:db8:3::2 -q \
- -p 64 -d 0 -c 10 -t udp
+ $MZ -6 -A 2001:db8:1::1 -B 2001:db8:3::2 -q \
+ -p 64 -d 0 -c 10 -t udp $h1
}
check_mpath_seed_stability()
@@ -311,15 +311,15 @@ test_mpath_seed_stability()
test_mpath_seed_stability_ipv4()
{
test_mpath_seed_stability 1000 IPv4 \
- $MZ $h1 -A 192.0.2.1 -B 192.0.2.34 -q \
- -p 64 -d 0 -c 10 -t udp
+ $MZ -A 192.0.2.1 -B 192.0.2.34 -q \
+ -p 64 -d 0 -c 10 -t udp $h1
}
test_mpath_seed_stability_ipv6()
{
test_mpath_seed_stability 2000 IPv6 \
- $MZ -6 $h1 -A 2001:db8:1::1 -B 2001:db8:3::2 -q \
- -p 64 -d 0 -c 10 -t udp
+ $MZ -6 -A 2001:db8:1::1 -B 2001:db8:3::2 -q \
+ -p 64 -d 0 -c 10 -t udp $h1
}
trap cleanup EXIT
diff --git a/tools/testing/selftests/net/forwarding/router_multicast.sh b/tools/testing/selftests/net/forwarding/router_multicast.sh
index 83e52abdbc2e..c30b176ac954 100755
--- a/tools/testing/selftests/net/forwarding/router_multicast.sh
+++ b/tools/testing/selftests/net/forwarding/router_multicast.sh
@@ -222,8 +222,8 @@ mcast_v4()
create_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3
# Send frames with the corresponding L2 destination address.
- $MZ $h1 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
- -A 198.51.100.2 -B 225.1.2.3 -q
+ $MZ -c 5 -p 128 -t udp -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
+ -A 198.51.100.2 -B 225.1.2.3 -q $h1
tc_check_packets "dev $h2 ingress" 122 5
check_err $? "Multicast not received on first host"
@@ -232,8 +232,8 @@ mcast_v4()
delete_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3
- $MZ $h1 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
- -A 198.51.100.2 -B 225.1.2.3 -q
+ $MZ -c 5 -p 128 -t udp -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
+ -A 198.51.100.2 -B 225.1.2.3 -q $h1
tc_check_packets "dev $h2 ingress" 122 5
check_err $? "Multicast received on host although deleted"
@@ -262,8 +262,8 @@ mcast_v6()
create_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3
# Send frames with the corresponding L2 destination address.
- $MZ $h1 -6 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 \
- -b 33:33:00:00:00:03 -A 2001:db8:1::2 -B ff0e::3 -q
+ $MZ -6 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 \
+ -b 33:33:00:00:00:03 -A 2001:db8:1::2 -B ff0e::3 -q $h1
tc_check_packets "dev $h2 ingress" 122 5
check_err $? "Multicast not received on first host"
@@ -272,8 +272,8 @@ mcast_v6()
delete_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3
- $MZ $h1 -6 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 \
- -b 33:33:00:00:00:03 -A 2001:db8:1::2 -B ff0e::3 -q
+ $MZ -6 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 \
+ -b 33:33:00:00:00:03 -A 2001:db8:1::2 -B ff0e::3 -q $h1
tc_check_packets "dev $h2 ingress" 122 5
check_err $? "Multicast received on first host although deleted"
@@ -308,18 +308,18 @@ rpf_v4()
create_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3
- $MZ $h1 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -c 5 -p 128 -t udp \
-a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
- -A 198.51.100.2 -B 225.1.2.3 -q
+ -A 198.51.100.2 -B 225.1.2.3 -q $h1 "ttl=10,sp=54321,dp=12345"
tc_check_packets "dev $h2 ingress" 1 5
check_err $? "Multicast not received on first host"
tc_check_packets "dev $h3 ingress" 1 5
check_err $? "Multicast not received on second host"
- $MZ $h3 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -c 5 -p 128 -t udp \
-a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
- -A 198.51.100.2 -B 225.1.2.3 -q
+ -A 198.51.100.2 -B 225.1.2.3 -q $h3 "ttl=10,sp=54321,dp=12345"
tc_check_packets "dev $h1 ingress" 1 0
check_err $? "Multicast received on first host when should not"
@@ -353,18 +353,18 @@ rpf_v6()
create_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3
- $MZ $h1 -6 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -6 -c 5 -p 128 -t udp \
-a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
- -A 2001:db8:1::2 -B ff0e::3 -q
+ -A 2001:db8:1::2 -B ff0e::3 -q $h1 "ttl=10,sp=54321,dp=12345"
tc_check_packets "dev $h2 ingress" 1 5
check_err $? "Multicast not received on first host"
tc_check_packets "dev $h3 ingress" 1 5
check_err $? "Multicast not received on second host"
- $MZ $h3 -6 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -6 -c 5 -p 128 -t udp \
-a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
- -A 2001:db8:1::2 -B ff0e::3 -q
+ -A 2001:db8:1::2 -B ff0e::3 -q $h3 "ttl=10,sp=54321,dp=12345"
tc_check_packets "dev $h1 ingress" 1 0
check_err $? "Multicast received on first host when should not"
@@ -399,9 +399,9 @@ unres_v4()
dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action drop
# Forwarding should fail before installing a matching (*, G).
- $MZ $h1 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -c 1 -p 128 -t udp \
-a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
- -A 198.51.100.2 -B 225.1.2.3 -q
+ -A 198.51.100.2 -B 225.1.2.3 -q $h1 "ttl=10,sp=54321,dp=12345"
tc_check_packets "dev $h2 ingress" 1 0
check_err $? "Multicast received on first host when should not"
@@ -411,9 +411,9 @@ unres_v4()
# Create (*, G). Will not be installed in the kernel.
create_mcast_sg $rp1 0.0.0.0 225.1.2.3 $rp2 $rp3
- $MZ $h1 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -c 1 -p 128 -t udp \
-a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
- -A 198.51.100.2 -B 225.1.2.3 -q
+ -A 198.51.100.2 -B 225.1.2.3 -q $h1 "ttl=10,sp=54321,dp=12345"
tc_check_packets "dev $h2 ingress" 1 1
check_err $? "Multicast not received on first host"
@@ -444,9 +444,9 @@ unres_v6()
dst_ip ff0e::3 ip_proto udp dst_port 12345 action drop
# Forwarding should fail before installing a matching (*, G).
- $MZ $h1 -6 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -6 -c 1 -p 128 -t udp \
-a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
- -A 2001:db8:1::2 -B ff0e::3 -q
+ -A 2001:db8:1::2 -B ff0e::3 -q $h1 "ttl=10,sp=54321,dp=12345"
tc_check_packets "dev $h2 ingress" 1 0
check_err $? "Multicast received on first host when should not"
@@ -456,9 +456,9 @@ unres_v6()
# Create (*, G). Will not be installed in the kernel.
create_mcast_sg $rp1 :: ff0e::3 $rp2 $rp3
- $MZ $h1 -6 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -6 -c 1 -p 128 -t udp \
-a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
- -A 2001:db8:1::2 -B ff0e::3 -q
+ -A 2001:db8:1::2 -B ff0e::3 -q $h1 "ttl=10,sp=54321,dp=12345"
tc_check_packets "dev $h2 ingress" 1 1
check_err $? "Multicast not received on first host"
diff --git a/tools/testing/selftests/net/forwarding/router_multipath.sh b/tools/testing/selftests/net/forwarding/router_multipath.sh
index 46f365b557b7..e71f09e7827e 100755
--- a/tools/testing/selftests/net/forwarding/router_multipath.sh
+++ b/tools/testing/selftests/net/forwarding/router_multipath.sh
@@ -178,8 +178,8 @@ multipath4_test()
t0_rp12=$(link_stats_tx_packets_get $rp12)
t0_rp13=$(link_stats_tx_packets_get $rp13)
- ip vrf exec vrf-h1 $MZ $h1 -q -p 64 -A 192.0.2.2 -B 198.51.100.2 \
- -d $MZ_DELAY -t udp "sp=1024,dp=0-32768"
+ ip vrf exec vrf-h1 $MZ -q -p 64 -A 192.0.2.2 -B 198.51.100.2 \
+ -d $MZ_DELAY -t udp $h1 "sp=1024,dp=0-32768"
sleep 1
t1_rp12=$(link_stats_tx_packets_get $rp12)
@@ -216,8 +216,8 @@ multipath6_test()
t0_rp12=$(link_stats_tx_packets_get $rp12)
t0_rp13=$(link_stats_tx_packets_get $rp13)
- $MZ $h1 -6 -q -p 64 -A 2001:db8:1::2 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "sp=1024,dp=0-32768"
+ $MZ -6 -q -p 64 -A 2001:db8:1::2 -B 2001:db8:2::2 \
+ -d $MZ_DELAY -t udp $h1 "sp=1024,dp=0-32768"
sleep 1
t1_rp12=$(link_stats_tx_packets_get $rp12)
diff --git a/tools/testing/selftests/net/forwarding/sch_red.sh b/tools/testing/selftests/net/forwarding/sch_red.sh
index af166662b78a..934ff436889e 100755
--- a/tools/testing/selftests/net/forwarding/sch_red.sh
+++ b/tools/testing/selftests/net/forwarding/sch_red.sh
@@ -165,7 +165,7 @@ send_packets()
local proto=$1; shift
local pkts=$1; shift
- $MZ $h2 -p $PKTSZ -a own -b $h3_mac -A 192.0.2.2 -B 192.0.2.3 -t $proto -q -c $pkts "$@"
+ $MZ -p $PKTSZ -a own -b $h3_mac -A 192.0.2.2 -B 192.0.2.3 -t $proto -q -c $pkts $h2 "$@"
}
# This sends traffic in an attempt to build a backlog of $size. Returns 0 on
@@ -266,8 +266,8 @@ do_ecn_test()
local limit=$1; shift
local name=ECN
- $MZ $h1 -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
- -a own -b $h3_mac -t tcp -q tos=0x01 &
+ $MZ -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
+ -a own -b $h3_mac -t tcp -q $h1 tos=0x01 &
defer stop_traffic $!
sleep 1
@@ -287,8 +287,8 @@ do_ecn_nodrop_test()
local limit=$1; shift
local name="ECN nodrop"
- $MZ $h1 -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
- -a own -b $h3_mac -t tcp -q tos=0x01 &
+ $MZ -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
+ -a own -b $h3_mac -t tcp -q $h1 tos=0x01 &
defer stop_traffic $!
sleep 1
@@ -311,8 +311,8 @@ do_red_test()
# Use ECN-capable TCP to verify there's no marking even though the queue
# is above limit.
- $MZ $h1 -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
- -a own -b $h3_mac -t tcp -q tos=0x01 &
+ $MZ -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
+ -a own -b $h3_mac -t tcp -q $h1 tos=0x01 &
defer stop_traffic $!
# Pushing below the queue limit should work.
@@ -342,8 +342,8 @@ do_red_qevent_test()
RET=0
- $MZ $h1 -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
- -a own -b $h3_mac -t udp -q &
+ $MZ -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
+ -a own -b $h3_mac -t udp -q $h1 &
defer stop_traffic $!
sleep 1
@@ -381,8 +381,8 @@ do_ecn_qevent_test()
RET=0
- $MZ $h1 -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
- -a own -b $h3_mac -t tcp -q tos=0x01 &
+ $MZ -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
+ -a own -b $h3_mac -t tcp -q $h1 tos=0x01 &
defer stop_traffic $!
sleep 1
diff --git a/tools/testing/selftests/net/forwarding/skbedit_priority.sh b/tools/testing/selftests/net/forwarding/skbedit_priority.sh
index 3dd5fcbd3eaa..06e8b9e21b94 100755
--- a/tools/testing/selftests/net/forwarding/skbedit_priority.sh
+++ b/tools/testing/selftests/net/forwarding/skbedit_priority.sh
@@ -125,8 +125,8 @@ test_skbedit_priority_one()
local pkt0=$(qdisc_parent_stats_get $swp2 $classid .packets)
local pkt2=$(tc_rule_handle_stats_get "$locus" 101)
- $MZ $h1 -t udp "sp=54321,dp=12345" -c 10 -d 20msec -p 100 \
- -a own -b $h2mac -A 192.0.2.1 -B 192.0.2.2 -q
+ $MZ -t udp -c 10 -d 20msec -p 100 \
+ -a own -b $h2mac -A 192.0.2.1 -B 192.0.2.2 -q $h1 "sp=54321,dp=12345"
local pkt1
pkt1=$(busywait "$HIT_TIMEOUT" until_counter_is ">= $((pkt0 + 10))" \
diff --git a/tools/testing/selftests/net/forwarding/tc_actions.sh b/tools/testing/selftests/net/forwarding/tc_actions.sh
index ea89e558672d..580aaa42ed31 100755
--- a/tools/testing/selftests/net/forwarding/tc_actions.sh
+++ b/tools/testing/selftests/net/forwarding/tc_actions.sh
@@ -66,8 +66,8 @@ mirred_egress_test()
tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
dst_ip 192.0.2.2 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched without redirect rule inserted"
@@ -76,8 +76,8 @@ mirred_egress_test()
$classifier $tcflags $classifier_args \
action mirred egress $action dev $swp2
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Did not match incoming $action packet"
@@ -96,8 +96,8 @@ gact_drop_and_ok_test()
tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \
$tcflags dst_ip 192.0.2.2 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $swp1 ingress" 102 1
check_err $? "Packet was not dropped"
@@ -105,8 +105,8 @@ gact_drop_and_ok_test()
tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \
$tcflags dst_ip 192.0.2.2 action ok
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $swp1 ingress" 101 1
check_err $? "Did not see passed packet"
@@ -134,8 +134,8 @@ gact_trap_test()
$tcflags dst_ip 192.0.2.2 action mirred egress redirect \
dev $swp2
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $swp1 ingress" 101 1
check_fail $? "Saw packet without trap rule inserted"
@@ -143,8 +143,8 @@ gact_trap_test()
tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \
$tcflags dst_ip 192.0.2.2 action trap
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $swp1 ingress" 102 1
check_err $? "Packet was not trapped"
@@ -175,8 +175,8 @@ mirred_egress_to_ingress_test()
tc filter add dev $swp1 protocol ip pref 12 handle 112 ingress flower \
ip_proto icmp src_ip 192.0.2.1 dst_ip 192.0.2.2 type 0 action pass
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t icmp "ping,id=42,seq=10" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t icmp -q $h1 "ping,id=42,seq=10"
tc_check_packets "dev $h1 egress" 100 1
check_err $? "didn't mirror first packet"
@@ -230,8 +230,8 @@ mirred_egress_to_ingress_tcp_test()
cmp -s $mirred_e2i_tf1 $mirred_e2i_tf2
check_err $? "server output check failed"
- $MZ $h1 -c 10 -p 64 -a $h1mac -b $h1mac -A 192.0.2.1 -B 192.0.2.1 \
- -t icmp "ping,id=42,seq=5" -q
+ $MZ -c 10 -p 64 -a $h1mac -b $h1mac -A 192.0.2.1 -B 192.0.2.1 \
+ -t icmp -q $h1 "ping,id=42,seq=5"
tc_check_packets "dev $h1 egress" 101 10
check_err $? "didn't mirred redirect ICMP"
tc_check_packets "dev $h1 ingress" 102 10
@@ -254,8 +254,8 @@ ingress_2nd_vlan_push()
$tcflags num_of_vlans 2 \
cvlan_ethtype 0x800 action pass
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -Q 10 -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -Q 10 -q $h1
tc_check_packets "dev $swp1 ingress" 30 1
check_err $? "No double-vlan packets received"
@@ -276,8 +276,8 @@ egress_2nd_vlan_push()
$tcflags num_of_vlans 2 \
cvlan_ethtype 0x800 action pass
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h1 egress" 30 1
check_err $? "No double-vlan packets received"
diff --git a/tools/testing/selftests/net/forwarding/tc_chains.sh b/tools/testing/selftests/net/forwarding/tc_chains.sh
index b95de0463ebd..95b194b5e092 100755
--- a/tools/testing/selftests/net/forwarding/tc_chains.sh
+++ b/tools/testing/selftests/net/forwarding/tc_chains.sh
@@ -38,8 +38,8 @@ unreachable_chain_test()
tc filter add dev $h2 ingress chain 1 protocol ip pref 1 handle 1101 \
flower $tcflags dst_mac $h2mac action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 1101 1
check_fail $? "matched on filter in unreachable chain"
@@ -61,8 +61,8 @@ gact_goto_chain_test()
tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
$tcflags dst_mac $h2mac action goto chain 1
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 102 1
check_fail $? "Matched on a wrong filter"
diff --git a/tools/testing/selftests/net/forwarding/tc_flower.sh b/tools/testing/selftests/net/forwarding/tc_flower.sh
index b58909a93112..2b327b46be55 100755
--- a/tools/testing/selftests/net/forwarding/tc_flower.sh
+++ b/tools/testing/selftests/net/forwarding/tc_flower.sh
@@ -46,8 +46,8 @@ match_dst_mac_test()
tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
$tcflags dst_mac $h2mac action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter"
@@ -72,8 +72,8 @@ match_src_mac_test()
tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
$tcflags src_mac $h1mac action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter"
@@ -98,8 +98,8 @@ match_dst_ip_test()
tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
$tcflags dst_ip 192.0.2.0/24 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter"
@@ -109,8 +109,8 @@ match_dst_ip_test()
tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 103 1
check_err $? "Did not match on correct filter with mask"
@@ -132,8 +132,8 @@ match_src_ip_test()
tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
$tcflags src_ip 192.0.2.0/24 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter"
@@ -143,8 +143,8 @@ match_src_ip_test()
tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 103 1
check_err $? "Did not match on correct filter with mask"
@@ -168,8 +168,8 @@ match_ip_flags_test()
tc filter add dev $h2 ingress protocol ip pref 4 handle 104 flower \
$tcflags ip_flags nofrag action drop
- $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip "frag=0" -q
+ $MZ -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 "frag=0"
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on wrong frag filter (nofrag)"
@@ -183,8 +183,8 @@ match_ip_flags_test()
tc_check_packets "dev $h2 ingress" 104 1
check_err $? "Did not match on nofrag filter (nofrag)"
- $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip "frag=0,mf" -q
+ $MZ -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 "frag=0,mf"
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Did not match on frag filter (1stfrag)"
@@ -198,10 +198,10 @@ match_ip_flags_test()
tc_check_packets "dev $h2 ingress" 104 1
check_err $? "Match on wrong nofrag filter (1stfrag)"
- $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip "frag=256,mf" -q
- $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip "frag=256" -q
+ $MZ -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 "frag=256,mf"
+ $MZ -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 "frag=256"
tc_check_packets "dev $h2 ingress" 101 3
check_err $? "Did not match on frag filter (no1stfrag)"
@@ -234,8 +234,8 @@ match_pcp_test()
tc filter add dev $h2 ingress protocol 802.1q pref 2 handle 102 \
flower vlan_prio 7 $tcflags dst_mac $h2mac action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 7:85 -t ip -q
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 0:85 -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 7:85 -t ip -q $h1
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 0:85 -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 0
check_err $? "Matched on specified PCP when should not"
@@ -263,7 +263,7 @@ match_vlan_test()
tc filter add dev $h2 ingress protocol 802.1q pref 2 handle 102 \
flower vlan_id 85 $tcflags action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 0:85 -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 0:85 -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 0
check_err $? "Matched on specified VLAN when should not"
@@ -289,8 +289,8 @@ match_ip_tos_test()
tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
$tcflags dst_ip 192.0.2.2 ip_tos 0x18 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip tos=18 -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 tos=18
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter (0x18)"
@@ -298,8 +298,8 @@ match_ip_tos_test()
tc_check_packets "dev $h2 ingress" 102 1
check_err $? "Did not match on correct filter (0x18)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip tos=20 -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 tos=20
tc_check_packets "dev $h2 ingress" 102 2
check_fail $? "Matched on a wrong filter (0x20)"
@@ -322,11 +322,11 @@ match_ip_ttl_test()
tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
$tcflags dst_ip 192.0.2.2 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip "ttl=63" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 "ttl=63"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip "ttl=63,mf,frag=256" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 "ttl=63,mf,frag=256"
tc_check_packets "dev $h2 ingress" 102 1
check_fail $? "Matched on the wrong filter (no check on ttl)"
@@ -334,8 +334,8 @@ match_ip_ttl_test()
tc_check_packets "dev $h2 ingress" 101 2
check_err $? "Did not match on correct filter (ttl=63)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip "ttl=255" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 "ttl=255"
tc_check_packets "dev $h2 ingress" 101 3
check_fail $? "Matched on a wrong filter (ttl=63)"
@@ -358,8 +358,8 @@ match_indev_test()
tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
$tcflags indev $h2 dst_mac $h2mac action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter"
@@ -404,7 +404,7 @@ match_mpls_label_test()
flower $tcflags mpls_label 1048575 action drop
pkt="$ethtype $(mpls_lse 1048575 0 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter (1048575)"
@@ -413,7 +413,7 @@ match_mpls_label_test()
check_err $? "Did not match on correct filter (1048575)"
pkt="$ethtype $(mpls_lse 0 0 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 102 2
check_fail $? "Matched on a wrong filter (0)"
@@ -442,7 +442,7 @@ match_mpls_tc_test()
flower $tcflags mpls_tc 7 action drop
pkt="$ethtype $(mpls_lse 0 7 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter (7)"
@@ -451,7 +451,7 @@ match_mpls_tc_test()
check_err $? "Did not match on correct filter (7)"
pkt="$ethtype $(mpls_lse 0 0 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 102 2
check_fail $? "Matched on a wrong filter (0)"
@@ -480,7 +480,7 @@ match_mpls_bos_test()
flower $tcflags mpls_bos 1 action drop
pkt="$ethtype $(mpls_lse 0 0 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter (1)"
@@ -490,7 +490,7 @@ match_mpls_bos_test()
# Need to add a second label to properly mark the Bottom of Stack
pkt="$ethtype $(mpls_lse 0 0 0 255) $(mpls_lse 0 0 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 102 2
check_fail $? "Matched on a wrong filter (0)"
@@ -519,7 +519,7 @@ match_mpls_ttl_test()
flower $tcflags mpls_ttl 255 action drop
pkt="$ethtype $(mpls_lse 0 0 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter (255)"
@@ -528,7 +528,7 @@ match_mpls_ttl_test()
check_err $? "Did not match on correct filter (255)"
pkt="$ethtype $(mpls_lse 0 0 1 0)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 102 2
check_fail $? "Matched on a wrong filter (0)"
@@ -581,45 +581,45 @@ match_mpls_lse_test()
# Base packet, matched by all filters (except for stack depth 3)
pkt="$ethtype $(mpls_lse 0 0 0 0) $(mpls_lse 1048575 7 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Make a variant of the above packet, with a non-matching value
# for each LSE field
# Wrong label at depth 1
pkt="$ethtype $(mpls_lse 1 0 0 0) $(mpls_lse 1048575 7 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Wrong TC at depth 1
pkt="$ethtype $(mpls_lse 0 1 0 0) $(mpls_lse 1048575 7 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Wrong BOS at depth 1 (not adding a second LSE here since BOS is set
# in the first label, so anything that'd follow wouldn't be considered)
pkt="$ethtype $(mpls_lse 0 0 1 0)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Wrong TTL at depth 1
pkt="$ethtype $(mpls_lse 0 0 0 1) $(mpls_lse 1048575 7 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Wrong label at depth 2
pkt="$ethtype $(mpls_lse 0 0 0 0) $(mpls_lse 1048574 7 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Wrong TC at depth 2
pkt="$ethtype $(mpls_lse 0 0 0 0) $(mpls_lse 1048575 6 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Wrong BOS at depth 2 (adding a third LSE here since BOS isn't set in
# the second label)
pkt="$ethtype $(mpls_lse 0 0 0 0) $(mpls_lse 1048575 7 0 255)"
pkt="$pkt $(mpls_lse 0 0 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Wrong TTL at depth 2
pkt="$ethtype $(mpls_lse 0 0 0 0) $(mpls_lse 1048575 7 1 254)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Filters working at depth 1 should match all packets but one
@@ -707,12 +707,12 @@ match_erspan_opts_test()
enc_key_id 1002 erspan_opts 2:0:1:63 action drop
ep1mac=$(mac_get erspan1)
- $MZ erspan1 -c 1 -p 64 -a $ep1mac -b $h2mac -t ip -q
+ $MZ -c 1 -p 64 -a $ep1mac -b $h2mac -t ip -q erspan1
tc_check_packets "dev ep-ex ingress" 101 1
check_err $? "ERSPAN Type II"
ep2mac=$(mac_get erspan2)
- $MZ erspan2 -c 1 -p 64 -a $ep1mac -b $h2mac -t ip -q
+ $MZ -c 1 -p 64 -a $ep1mac -b $h2mac -t ip -q erspan2
tc_check_packets "dev ep-ex ingress" 102 1
check_err $? "ERSPAN Type III"
diff --git a/tools/testing/selftests/net/forwarding/tc_flower_cfm.sh b/tools/testing/selftests/net/forwarding/tc_flower_cfm.sh
index 3ca20df952eb..e2988d3b855f 100755
--- a/tools/testing/selftests/net/forwarding/tc_flower_cfm.sh
+++ b/tools/testing/selftests/net/forwarding/tc_flower_cfm.sh
@@ -63,9 +63,9 @@ match_cfm_opcode()
flower cfm op 43 action drop
pkt="$ethtype $(generate_cfm_hdr 7 47 0 32)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
pkt="$ethtype $(generate_cfm_hdr 6 5 0 4)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Did not match on correct opcode"
@@ -74,7 +74,7 @@ match_cfm_opcode()
check_err $? "Matched on the wrong opcode"
pkt="$ethtype $(generate_cfm_hdr 0 43 0 12)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Matched on the wrong opcode"
@@ -101,11 +101,11 @@ match_cfm_level()
flower cfm mdl 0 action drop
pkt="$ethtype $(generate_cfm_hdr 5 42 0 12)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
pkt="$ethtype $(generate_cfm_hdr 6 1 0 70)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
pkt="$ethtype $(generate_cfm_hdr 0 1 0 70)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Did not match on correct level"
@@ -117,7 +117,7 @@ match_cfm_level()
check_err $? "Did not match on correct level"
pkt="$ethtype $(generate_cfm_hdr 3 0 0 4)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Matched on the wrong level"
@@ -146,11 +146,11 @@ match_cfm_level_and_opcode()
flower cfm mdl 7 op 42 action drop
pkt="$ethtype $(generate_cfm_hdr 5 41 0 4)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
pkt="$ethtype $(generate_cfm_hdr 7 3 0 4)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
pkt="$ethtype $(generate_cfm_hdr 3 42 0 12)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Did not match on correct level and opcode"
@@ -159,7 +159,7 @@ match_cfm_level_and_opcode()
check_err $? "Matched on the wrong level and opcode"
pkt="$ethtype $(generate_cfm_hdr 7 42 0 12)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Matched on the wrong level and opcode"
diff --git a/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh b/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh
index c2420bb72c12..73ceb27a4d5a 100755
--- a/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh
+++ b/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh
@@ -86,7 +86,7 @@ test_l2_miss_unicast()
dst_ip $dip action pass
# Before adding FDB entry.
- $MZ $h1 -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q
+ $MZ -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 1
check_err $? "Unknown unicast filter was not hit before adding FDB entry"
@@ -97,7 +97,7 @@ test_l2_miss_unicast()
# Adding FDB entry.
bridge fdb replace $dmac dev $swp2 master static
- $MZ $h1 -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q
+ $MZ -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 1
check_err $? "Unknown unicast filter was hit after adding FDB entry"
@@ -108,7 +108,7 @@ test_l2_miss_unicast()
# Deleting FDB entry.
bridge fdb del $dmac dev $swp2 master static
- $MZ $h1 -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q
+ $MZ -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 2
check_err $? "Unknown unicast filter was not hit after deleting FDB entry"
@@ -143,7 +143,7 @@ test_l2_miss_multicast_common()
action pass
# Before adding MDB entry.
- $MZ $mode $h1 -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q
+ $MZ $mode -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 1
check_err $? "Unregistered multicast filter was not hit before adding MDB entry"
@@ -154,7 +154,7 @@ test_l2_miss_multicast_common()
# Adding MDB entry.
bridge mdb replace dev br1 port $swp2 grp $dip permanent
- $MZ $mode $h1 -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q
+ $MZ $mode -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 1
check_err $? "Unregistered multicast filter was hit after adding MDB entry"
@@ -165,7 +165,7 @@ test_l2_miss_multicast_common()
# Deleting MDB entry.
bridge mdb del dev br1 port $swp2 grp $dip
- $MZ $mode $h1 -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q
+ $MZ $mode -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 2
check_err $? "Unregistered multicast filter was not hit after deleting MDB entry"
@@ -255,7 +255,7 @@ test_l2_miss_ll_multicast_common()
flower indev $swp1 l2_miss 1 dst_mac $dmac src_ip $sip \
dst_ip $dip action pass
- $MZ $mode $h1 -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q
+ $MZ $mode -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 1
check_err $? "Filter was not hit"
@@ -309,7 +309,7 @@ test_l2_miss_broadcast()
flower l2_miss 0 dst_mac $dmac src_mac $smac \
action pass
- $MZ $h1 -a $smac -b $dmac -c 1 -p 100 -q
+ $MZ -a $smac -b $dmac -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 0
check_err $? "L2 miss filter was hit when should not"
diff --git a/tools/testing/selftests/net/forwarding/tc_flower_port_range.sh b/tools/testing/selftests/net/forwarding/tc_flower_port_range.sh
index baed5e380dae..6323567ca2fb 100755
--- a/tools/testing/selftests/net/forwarding/tc_flower_port_range.sh
+++ b/tools/testing/selftests/net/forwarding/tc_flower_port_range.sh
@@ -103,22 +103,22 @@ __test_port_range()
dst_port $dport_min-$dport_max \
action drop
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_min,dp=$dport_min"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_min,dp=$dport_min"
tc_check_packets "dev $swp1 ingress" 101 1
check_err $? "Ingress filter not hit with minimum ports"
tc_check_packets "dev $swp2 egress" 101 1
check_err $? "Egress filter not hit with minimum ports"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_mid,dp=$dport_mid"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_mid,dp=$dport_mid"
tc_check_packets "dev $swp1 ingress" 101 2
check_err $? "Ingress filter not hit with middle ports"
tc_check_packets "dev $swp2 egress" 101 2
check_err $? "Egress filter not hit with middle ports"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_max,dp=$dport_max"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_max,dp=$dport_max"
tc_check_packets "dev $swp1 ingress" 101 3
check_err $? "Ingress filter not hit with maximum ports"
tc_check_packets "dev $swp2 egress" 101 3
@@ -126,16 +126,16 @@ __test_port_range()
# Send traffic when both ports are out of range and when only one port
# is out of range.
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$((sport_min - 1)),dp=$dport_min"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$((sport_max + 1)),dp=$dport_min"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_min,dp=$((dport_min - 1))"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_min,dp=$((dport_max + 1))"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$((sport_max + 1)),dp=$((dport_max + 1))"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$((sport_min - 1)),dp=$dport_min"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$((sport_max + 1)),dp=$dport_min"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_min,dp=$((dport_min - 1))"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_min,dp=$((dport_max + 1))"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$((sport_max + 1)),dp=$((dport_max + 1))"
tc_check_packets "dev $swp1 ingress" 101 3
check_err $? "Ingress filter was hit when should not"
tc_check_packets "dev $swp2 egress" 101 3
@@ -219,18 +219,18 @@ test_port_range_ipv4_udp_drop()
action drop
# Test ports outside range - should pass
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$((sport_min - 1)),dp=$dport"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$((sport_max + 1)),dp=$dport"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$((sport_min - 1)),dp=$dport"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$((sport_max + 1)),dp=$dport"
# Test ports inside range - should be dropped
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_min,dp=$dport"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_mid,dp=$dport"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_max,dp=$dport"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_min,dp=$dport"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_mid,dp=$dport"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_max,dp=$dport"
tc_check_packets "dev $swp1 ingress" 101 3
check_err $? "Filter did not drop the expected number of packets"
diff --git a/tools/testing/selftests/net/forwarding/tc_flower_router.sh b/tools/testing/selftests/net/forwarding/tc_flower_router.sh
index 4aee9c9e69f6..e0af18844581 100755
--- a/tools/testing/selftests/net/forwarding/tc_flower_router.sh
+++ b/tools/testing/selftests/net/forwarding/tc_flower_router.sh
@@ -90,8 +90,8 @@ match_indev_egress_test()
tc filter add dev $rp3 egress protocol ip pref 2 handle 102 flower \
$tcflags indev $rp2 dst_ip 192.0.3.1 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $rp1mac -A 192.0.1.1 -B 192.0.3.1 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $rp1mac -A 192.0.1.1 -B 192.0.3.1 \
+ -t ip -q $h1
tc_check_packets "dev $rp3 egress" 102 1
check_fail $? "Matched on a wrong filter"
@@ -99,8 +99,8 @@ match_indev_egress_test()
tc_check_packets "dev $rp3 egress" 101 1
check_err $? "Did not match on correct filter"
- $MZ $h2 -c 1 -p 64 -a $h2mac -b $rp2mac -A 192.0.2.1 -B 192.0.3.1 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h2mac -b $rp2mac -A 192.0.2.1 -B 192.0.3.1 \
+ -t ip -q $h2
tc_check_packets "dev $rp3 egress" 101 2
check_fail $? "Matched on a wrong filter"
diff --git a/tools/testing/selftests/net/forwarding/tc_police.sh b/tools/testing/selftests/net/forwarding/tc_police.sh
index 509fdedfcfa1..5a5b13e0fc9e 100755
--- a/tools/testing/selftests/net/forwarding/tc_police.sh
+++ b/tools/testing/selftests/net/forwarding/tc_police.sh
@@ -133,8 +133,8 @@ police_common_test()
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
action drop
- mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
- -t udp sp=12345,dp=54321 -p 1000 -c 0 -q &
+ $MZ -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
+ -t udp -p 1000 -c 0 -q $h1 sp=12345,dp=54321 &
local t0=$(tc_rule_stats_get $h2 1 ingress .bytes)
sleep 10
@@ -183,8 +183,8 @@ police_shared_common_test()
RET=0
- mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
- -t udp sp=12345,dp=$dport -p 1000 -c 0 -q &
+ $MZ -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
+ -t udp -p 1000 -c 0 -q $h1 sp=12345,dp=$dport &
local t0=$(tc_rule_stats_get $h2 1 ingress .bytes)
sleep 10
@@ -253,8 +253,8 @@ police_mirror_common_test()
action police rate 10mbit burst 16k conform-exceed drop/pipe \
action mirred egress mirror dev $rp3
- mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
- -t udp sp=12345,dp=54321 -p 1000 -c 0 -q &
+ $MZ -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
+ -t udp -p 1000 -c 0 -q $h1 sp=12345,dp=54321 &
local t0=$(tc_rule_stats_get $h2 1 ingress .bytes)
sleep 10
@@ -305,8 +305,8 @@ police_pps_common_test()
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
action drop
- mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
- -t udp sp=12345,dp=54321 -p 1000 -c 0 -q &
+ $MZ -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
+ -t udp -p 1000 -c 0 -q $h1 sp=12345,dp=54321 &
local t0=$(tc_rule_stats_get $h2 1 ingress .packets)
sleep 10
@@ -364,11 +364,11 @@ police_mtu_common_test() {
dst_ip 198.51.100.1 ip_proto udp dst_port 54321 \
action drop
- mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
- -t udp sp=12345,dp=54321 -p 1001 -c 10 -q
+ $MZ -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
+ -t udp -p 1001 -c 10 -q $h1 sp=12345,dp=54321
- mausezahn $h1 -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
- -t udp sp=12345,dp=54321 -p 1000 -c 3 -q
+ $MZ -a own -b $(mac_get $rp1) -A 192.0.2.1 -B 198.51.100.1 \
+ -t udp -p 1000 -c 3 -q $h1 sp=12345,dp=54321
tc_check_packets "dev $dev $direction" 101 13
check_err $? "wrong packet counter"
diff --git a/tools/testing/selftests/net/forwarding/tc_shblocks.sh b/tools/testing/selftests/net/forwarding/tc_shblocks.sh
index 772e00ac3230..37517e4b5df6 100755
--- a/tools/testing/selftests/net/forwarding/tc_shblocks.sh
+++ b/tools/testing/selftests/net/forwarding/tc_shblocks.sh
@@ -53,14 +53,14 @@ shared_block_test()
tc filter add block 22 protocol ip pref 1 handle 101 flower \
$tcflags dst_ip 192.0.2.2 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "block 22" 101 1
check_err $? "Did not match first incoming packet on a block"
- $MZ $h2 -c 1 -p 64 -a $h2mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h2mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h2
tc_check_packets "block 22" 101 2
check_err $? "Did not match second incoming packet on a block"
@@ -79,14 +79,14 @@ match_indev_test()
tc filter add block 22 protocol ip pref 2 handle 102 flower \
$tcflags indev $swp2 dst_mac $swmac action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "block 22" 101 1
check_err $? "Did not match first incoming packet on a block"
- $MZ $h2 -c 1 -p 64 -a $h2mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h2mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h2
tc_check_packets "block 22" 102 1
check_err $? "Did not match second incoming packet on a block"
diff --git a/tools/testing/selftests/net/forwarding/tc_tunnel_key.sh b/tools/testing/selftests/net/forwarding/tc_tunnel_key.sh
index 79775b10b99f..8c5205502827 100755
--- a/tools/testing/selftests/net/forwarding/tc_tunnel_key.sh
+++ b/tools/testing/selftests/net/forwarding/tc_tunnel_key.sh
@@ -114,11 +114,11 @@ tunnel_key_nofrag_test()
# test 'nofrag' set
tc filter add dev h1-et egress protocol all pref 1 handle 1 matchall $tcflags \
action tunnel_key set src_ip 192.0.2.1 dst_ip 192.0.2.2 id 42 nofrag index 10
- $MZ h1-et -c 1 -p 930 -a 00:aa:bb:cc:dd:ee -b 00:ee:dd:cc:bb:aa -t ip -q
+ $MZ -c 1 -p 930 -a 00:aa:bb:cc:dd:ee -b 00:ee:dd:cc:bb:aa -t ip -q h1-et
tc_check_packets "dev $swp1 ingress" 100 1
check_err $? "packet smaller than MTU was not tunneled"
- $MZ h1-et -c 1 -p 931 -a 00:aa:bb:cc:dd:ee -b 00:ee:dd:cc:bb:aa -t ip -q
+ $MZ -c 1 -p 931 -a 00:aa:bb:cc:dd:ee -b 00:ee:dd:cc:bb:aa -t ip -q h1-et
tc_check_packets "dev $swp1 ingress" 100 1
check_err $? "packet bigger than MTU matched nofrag (nofrag was set)"
tc_check_packets "dev $swp1 ingress" 101 0
@@ -128,7 +128,7 @@ tunnel_key_nofrag_test()
# test 'nofrag' cleared
tc actions change action tunnel_key set src_ip 192.0.2.1 dst_ip 192.0.2.2 id 42 index 10
- $MZ h1-et -c 1 -p 931 -a 00:aa:bb:cc:dd:ee -b 00:ee:dd:cc:bb:aa -t ip -q
+ $MZ -c 1 -p 931 -a 00:aa:bb:cc:dd:ee -b 00:ee:dd:cc:bb:aa -t ip -q h1-et
tc_check_packets "dev $swp1 ingress" 100 1
check_err $? "packet bigger than MTU matched nofrag (nofrag was unset)"
tc_check_packets "dev $swp1 ingress" 101 1
diff --git a/tools/testing/selftests/net/forwarding/vxlan_bridge_1d.sh b/tools/testing/selftests/net/forwarding/vxlan_bridge_1d.sh
index b43816dd998c..6913c0185262 100755
--- a/tools/testing/selftests/net/forwarding/vxlan_bridge_1d.sh
+++ b/tools/testing/selftests/net/forwarding/vxlan_bridge_1d.sh
@@ -395,7 +395,7 @@ vxlan_flood_test()
done
local -a t0s=($(flood_fetch_stats "${counters[@]}"))
- $MZ $h1 -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp -q
+ $MZ -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp -q $h1
sleep 1
local -a t1s=($(flood_fetch_stats "${counters[@]}"))
@@ -567,9 +567,9 @@ vxlan_encapped_ping_do()
local inner_tos=$1; shift
local outer_tos=$1; shift
- $MZ $dev -c $count -d 100msec -q \
+ $MZ -c $count -d 100msec -q \
-b $next_hop_mac -B $dest_ip \
- -t udp tos=$outer_tos,sp=23456,dp=$VXPORT,p=$(:
+ -t udp $dev tos=$outer_tos,sp=23456,dp=$VXPORT,p=$(:
)"08:"$( : VXLAN flags
)"00:00:00:"$( : VXLAN reserved
)"00:03:e8:"$( : VXLAN VNI
@@ -705,8 +705,8 @@ test_learning()
# a corresponding entry is created in VxLAN device vx1
RET=0
- in_ns ns1 $MZ w2 -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
- -t icmp -q
+ in_ns ns1 $MZ -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
+ -t icmp -q w2
sleep 1
bridge fdb show brport vx1 | grep $mac | grep -q self
@@ -737,8 +737,8 @@ test_learning()
# Re-learn the first FDB entry and check that it is correctly aged-out
RET=0
- in_ns ns1 $MZ w2 -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
- -t icmp -q
+ in_ns ns1 $MZ -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
+ -t icmp -q w2
sleep 1
bridge fdb show brport vx1 | grep $mac | grep -q self
@@ -749,7 +749,7 @@ test_learning()
vxlan_flood_test $mac $dst 0 10 0
# The entry should age out when it only forwards traffic
- $MZ $h1 -c 50 -d 1sec -p 64 -b $mac -B $dst -t icmp -q &
+ $MZ -c 50 -d 1sec -p 64 -b $mac -B $dst -t icmp -q $h1 &
sleep 60
bridge fdb show brport vx1 | grep $mac | grep -q self
@@ -767,8 +767,8 @@ test_learning()
ip link set dev vx1 type bridge_slave learning off
- in_ns ns1 $MZ w2 -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
- -t icmp -q
+ in_ns ns1 $MZ -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
+ -t icmp -q w2
sleep 1
bridge fdb show brport vx1 | grep $mac | grep -q -v self
@@ -776,8 +776,8 @@ test_learning()
ip link set dev vx1 type bridge_slave learning on
- in_ns ns1 $MZ w2 -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
- -t icmp -q
+ in_ns ns1 $MZ -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
+ -t icmp -q w2
sleep 1
bridge fdb show brport vx1 | grep $mac | grep -q -v self
diff --git a/tools/testing/selftests/net/forwarding/vxlan_bridge_1d_ipv6.sh b/tools/testing/selftests/net/forwarding/vxlan_bridge_1d_ipv6.sh
index a603f7b0a08f..988b13fe0355 100755
--- a/tools/testing/selftests/net/forwarding/vxlan_bridge_1d_ipv6.sh
+++ b/tools/testing/selftests/net/forwarding/vxlan_bridge_1d_ipv6.sh
@@ -516,7 +516,7 @@ vxlan_flood_test()
done
local -a t0s=($(flood_fetch_stats "${counters[@]}"))
- $MZ -6 $h1 -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp6 type=128 -q
+ $MZ -6 -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp6 -q $h1 type=128
sleep 1
local -a t1s=($(flood_fetch_stats "${counters[@]}"))
@@ -682,9 +682,9 @@ vxlan_encapped_ping_do()
local saddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:03"
local daddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:01"
- $MZ -6 $dev -c $count -d 100msec -q \
+ $MZ -6 -c $count -d 100msec -q \
-b $next_hop_mac -B $dest_ip \
- -t udp tos=$outer_tos,sp=23456,dp=$VXPORT,p=$(:
+ -t udp $dev tos=$outer_tos,sp=23456,dp=$VXPORT,p=$(:
)"08:"$( : VXLAN flags
)"00:00:00:"$( : VXLAN reserved
)"00:03:e8:"$( : VXLAN VNI
diff --git a/tools/testing/selftests/net/forwarding/vxlan_bridge_1q.sh b/tools/testing/selftests/net/forwarding/vxlan_bridge_1q.sh
index afc65647f673..17333e5ad94a 100755
--- a/tools/testing/selftests/net/forwarding/vxlan_bridge_1q.sh
+++ b/tools/testing/selftests/net/forwarding/vxlan_bridge_1q.sh
@@ -500,7 +500,7 @@ vxlan_flood_test()
done
local -a t0s=($(flood_fetch_stats "${counters[@]}"))
- $MZ $h1 -Q $vid -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp -q
+ $MZ -Q $vid -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp -q $h1
sleep 1
local -a t1s=($(flood_fetch_stats "${counters[@]}"))
@@ -717,8 +717,8 @@ __test_learning()
# a corresponding entry is created in the VxLAN device
RET=0
- in_ns ns1 $MZ w2 -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
- -B $dst -t icmp -q
+ in_ns ns1 $MZ -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
+ -B $dst -t icmp -q w2
sleep 1
bridge fdb show brport $vx | grep $mac | grep -q self
@@ -752,8 +752,8 @@ __test_learning()
# Re-learn the first FDB entry and check that it is correctly aged-out
RET=0
- in_ns ns1 $MZ w2 -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
- -B $dst -t icmp -q
+ in_ns ns1 $MZ -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
+ -B $dst -t icmp -q w2
sleep 1
bridge fdb show brport $vx | grep $mac | grep -q self
@@ -784,8 +784,8 @@ __test_learning()
ip link set dev $vx type bridge_slave learning off
- in_ns ns1 $MZ w2 -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
- -B $dst -t icmp -q
+ in_ns ns1 $MZ -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
+ -B $dst -t icmp -q w2
sleep 1
bridge fdb show brport $vx | grep $mac | grep "vlan $vid" \
@@ -794,8 +794,8 @@ __test_learning()
ip link set dev $vx type bridge_slave learning on
- in_ns ns1 $MZ w2 -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
- -B $dst -t icmp -q
+ in_ns ns1 $MZ -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
+ -B $dst -t icmp -q w2
sleep 1
bridge fdb show brport $vx | grep $mac | grep "vlan $vid" \
diff --git a/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_ipv6.sh b/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_ipv6.sh
index e83fde79f40d..5af514884e2c 100755
--- a/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_ipv6.sh
+++ b/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_ipv6.sh
@@ -642,7 +642,7 @@ vxlan_flood_test()
done
local -a t0s=($(flood_fetch_stats "${counters[@]}"))
- $MZ -6 $h1 -Q $vid -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp6 type=128 -q
+ $MZ -6 -Q $vid -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp6 -q $h1 type=128
sleep 1
local -a t1s=($(flood_fetch_stats "${counters[@]}"))
diff --git a/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_mc_ul.sh b/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_mc_ul.sh
index 462db0b603e7..5cc2a7f090e3 100755
--- a/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_mc_ul.sh
+++ b/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_mc_ul.sh
@@ -471,8 +471,8 @@ do_packets_v4()
local mac
mac=$(mac_get "$h2")
- "$MZ" "$h1" -Q 10 -c 10 -d 100msec -p 64 -a own -b "$mac" \
- -A 192.0.2.1 -B 192.0.2.2 -t udp sp=1234,dp=2345 -q
+ "$MZ" -Q 10 -c 10 -d 100msec -p 64 -a own -b "$mac" \
+ -A 192.0.2.1 -B 192.0.2.2 -t udp -q "$h1" sp=1234,dp=2345
}
do_packets_v6()
@@ -480,8 +480,8 @@ do_packets_v6()
local mac
mac=$(mac_get "$h2")
- "$MZ" -6 "$h1" -Q 20 -c 10 -d 100msec -p 64 -a own -b "$mac" \
- -A 2001:db8:1::1 -B 2001:db8:1::2 -t udp sp=1234,dp=2345 -q
+ "$MZ" -6 -Q 20 -c 10 -d 100msec -p 64 -a own -b "$mac" \
+ -A 2001:db8:1::1 -B 2001:db8:1::2 -t udp -q "$h1" sp=1234,dp=2345
}
do_test()
diff --git a/tools/testing/selftests/net/forwarding/vxlan_reserved.sh b/tools/testing/selftests/net/forwarding/vxlan_reserved.sh
index 46c31794b91b..6713468bc170 100755
--- a/tools/testing/selftests/net/forwarding/vxlan_reserved.sh
+++ b/tools/testing/selftests/net/forwarding/vxlan_reserved.sh
@@ -167,9 +167,9 @@ vxlan_ping_do()
local vxlan_header=$(vxlan_header_bytes $vni $reserved_bits)
- $MZ $dev -c $count -d 100msec -q \
+ $MZ -c $count -d 100msec -q \
-b $next_hop_mac -B $dest_ip \
- -t udp sp=23456,dp=$VXPORT,p=$(:
+ -t udp $dev sp=23456,dp=$VXPORT,p=$(:
)"$vxlan_header:"$( : VXLAN
)"$dest_mac:"$( : ETH daddr
)"00:11:22:33:44:55:"$( : ETH saddr
--
2.50.1
6 days, 23 hours
- 4
- 4
[PATCH RESEND v5] kunit: qemu_configs: Add MIPS configurations
by Thomas Weißschuh
Add basic support to run various MIPS variants via kunit_tool using the
virtualized malta platform.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
Reviewed-by: David Gow <davidgow(a)google.com>
---
Changes in v5:
- Rebase on v6.17-rc1
- Drop alreayd applied patch to MIPS core code and related CCs
- Link to v4: https://lore.kernel.org/r/20250611-kunit-mips-v4-0-1d8997fb2ae4@linutronix.…
Changes in v4:
- Rebase on v6.16-rc1
- Pick up reviews from David
- Clarify that GIC page is linked to vDSO
- Link to v3: https://lore.kernel.org/r/20250415-kunit-mips-v3-0-4ec2461b5a7e@linutronix.…
Changes in v3:
- Also skip VDSO_RANDOMIZE_SIZE adjustment for kthreads
- Link to v2: https://lore.kernel.org/r/20250414-kunit-mips-v2-0-4cf01e1a29e6@linutronix.…
Changes in v2:
- Fix usercopy kunit test by handling ABI-less tasks in stack_top()
- Drop change to mm initialization.
The broken test is not built by default anymore.
- Link to v1: https://lore.kernel.org/r/20250212-kunit-mips-v1-0-eb49c9d76615@linutronix.…
---
tools/testing/kunit/qemu_configs/mips.py | 18 ++++++++++++++++++
tools/testing/kunit/qemu_configs/mips64.py | 19 +++++++++++++++++++
tools/testing/kunit/qemu_configs/mips64el.py | 19 +++++++++++++++++++
tools/testing/kunit/qemu_configs/mipsel.py | 18 ++++++++++++++++++
4 files changed, 74 insertions(+)
diff --git a/tools/testing/kunit/qemu_configs/mips.py b/tools/testing/kunit/qemu_configs/mips.py
new file mode 100644
index 0000000000000000000000000000000000000000..8899ac157b30bd2ee847eacd5b90fe6ad4e5fb04
--- /dev/null
+++ b/tools/testing/kunit/qemu_configs/mips.py
@@ -0,0 +1,18 @@
+# SPDX-License-Identifier: GPL-2.0
+
+from ..qemu_config import QemuArchParams
+
+QEMU_ARCH = QemuArchParams(linux_arch='mips',
+ kconfig='''
+CONFIG_32BIT=y
+CONFIG_CPU_BIG_ENDIAN=y
+CONFIG_MIPS_MALTA=y
+CONFIG_SERIAL_8250=y
+CONFIG_SERIAL_8250_CONSOLE=y
+CONFIG_POWER_RESET=y
+CONFIG_POWER_RESET_SYSCON=y
+''',
+ qemu_arch='mips',
+ kernel_path='vmlinuz',
+ kernel_command_line='console=ttyS0',
+ extra_qemu_params=['-M', 'malta'])
diff --git a/tools/testing/kunit/qemu_configs/mips64.py b/tools/testing/kunit/qemu_configs/mips64.py
new file mode 100644
index 0000000000000000000000000000000000000000..1478aed05b94da4914f34c6a8affdcfe34eb88ea
--- /dev/null
+++ b/tools/testing/kunit/qemu_configs/mips64.py
@@ -0,0 +1,19 @@
+# SPDX-License-Identifier: GPL-2.0
+
+from ..qemu_config import QemuArchParams
+
+QEMU_ARCH = QemuArchParams(linux_arch='mips',
+ kconfig='''
+CONFIG_CPU_MIPS64_R2=y
+CONFIG_64BIT=y
+CONFIG_CPU_BIG_ENDIAN=y
+CONFIG_MIPS_MALTA=y
+CONFIG_SERIAL_8250=y
+CONFIG_SERIAL_8250_CONSOLE=y
+CONFIG_POWER_RESET=y
+CONFIG_POWER_RESET_SYSCON=y
+''',
+ qemu_arch='mips64',
+ kernel_path='vmlinuz',
+ kernel_command_line='console=ttyS0',
+ extra_qemu_params=['-M', 'malta', '-cpu', '5KEc'])
diff --git a/tools/testing/kunit/qemu_configs/mips64el.py b/tools/testing/kunit/qemu_configs/mips64el.py
new file mode 100644
index 0000000000000000000000000000000000000000..300c711d7a82500b2ebcb4cf1467b6f72b5c17aa
--- /dev/null
+++ b/tools/testing/kunit/qemu_configs/mips64el.py
@@ -0,0 +1,19 @@
+# SPDX-License-Identifier: GPL-2.0
+
+from ..qemu_config import QemuArchParams
+
+QEMU_ARCH = QemuArchParams(linux_arch='mips',
+ kconfig='''
+CONFIG_CPU_MIPS64_R2=y
+CONFIG_64BIT=y
+CONFIG_CPU_LITTLE_ENDIAN=y
+CONFIG_MIPS_MALTA=y
+CONFIG_SERIAL_8250=y
+CONFIG_SERIAL_8250_CONSOLE=y
+CONFIG_POWER_RESET=y
+CONFIG_POWER_RESET_SYSCON=y
+''',
+ qemu_arch='mips64el',
+ kernel_path='vmlinuz',
+ kernel_command_line='console=ttyS0',
+ extra_qemu_params=['-M', 'malta', '-cpu', '5KEc'])
diff --git a/tools/testing/kunit/qemu_configs/mipsel.py b/tools/testing/kunit/qemu_configs/mipsel.py
new file mode 100644
index 0000000000000000000000000000000000000000..3d3543315b45776d0e77fb5c00c8c0a89eafdffd
--- /dev/null
+++ b/tools/testing/kunit/qemu_configs/mipsel.py
@@ -0,0 +1,18 @@
+# SPDX-License-Identifier: GPL-2.0
+
+from ..qemu_config import QemuArchParams
+
+QEMU_ARCH = QemuArchParams(linux_arch='mips',
+ kconfig='''
+CONFIG_32BIT=y
+CONFIG_CPU_LITTLE_ENDIAN=y
+CONFIG_MIPS_MALTA=y
+CONFIG_SERIAL_8250=y
+CONFIG_SERIAL_8250_CONSOLE=y
+CONFIG_POWER_RESET=y
+CONFIG_POWER_RESET_SYSCON=y
+''',
+ qemu_arch='mipsel',
+ kernel_path='vmlinuz',
+ kernel_command_line='console=ttyS0',
+ extra_qemu_params=['-M', 'malta'])
---
base-commit: 5606dd26f0b0d614e64a51e68c86e5066f9a5b71
change-id: 20241014-kunit-mips-e4fe1c265ed7
Best regards,
--
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
1 week
- 1
- 0
[PATCH v3 0/6] ONE_REG interface for SBI FWFT extension
by Anup Patel
This series adds ONE_REG interface for SBI FWFT extension implemented
by KVM RISC-V. This was missed out in accepted SBI FWFT patches for
KVM RISC-V.
These patches can also be found in the riscv_kvm_fwft_one_reg_v3 branch
at: https://github.com/avpatel/linux.git
Changes since v2:
- Re-based on latest KVM RISC-V queue
- Improved FWFT ONE_REG interface to allow enabling/disabling each
FWFT feature from KVM userspace
Changes since v1:
- Dropped have_state in PATCH4 as suggested by Drew
- Added Drew's Reviewed-by in appropriate patches
Anup Patel (6):
RISC-V: KVM: Set initial value of hedeleg in kvm_arch_vcpu_create()
RISC-V: KVM: Introduce feature specific reset for SBI FWFT
RISC-V: KVM: Introduce optional ONE_REG callbacks for SBI extensions
RISC-V: KVM: Move copy_sbi_ext_reg_indices() to SBI implementation
RISC-V: KVM: Implement ONE_REG interface for SBI FWFT state
KVM: riscv: selftests: Add SBI FWFT to get-reg-list test
arch/riscv/include/asm/kvm_vcpu_sbi.h | 22 +-
arch/riscv/include/asm/kvm_vcpu_sbi_fwft.h | 1 +
arch/riscv/include/uapi/asm/kvm.h | 15 ++
arch/riscv/kvm/vcpu.c | 3 +-
arch/riscv/kvm/vcpu_onereg.c | 60 +----
arch/riscv/kvm/vcpu_sbi.c | 172 +++++++++++--
arch/riscv/kvm/vcpu_sbi_fwft.c | 227 ++++++++++++++++--
arch/riscv/kvm/vcpu_sbi_sta.c | 63 +++--
.../selftests/kvm/riscv/get-reg-list.c | 32 +++
9 files changed, 467 insertions(+), 128 deletions(-)
--
2.43.0
1 week
- 3
- 9
[PATCH net-next 3/3] selftests: mptcp: join: allow more time to send ADD_ADDR
by Matthieu Baerts (NGI0)
When many ADD_ADDR need to be sent, it can take some time to send each
of them, and create new subflows. Some CIs seem to occasionally have
issues with these tests, especially with "debug" kernels.
Two subtests will now run for a slightly longer time: the last two where
3 or more ADD_ADDR are sent during the test.
Reviewed-by: Geliang Tang <geliang(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
---
tools/testing/selftests/net/mptcp/mptcp_join.sh | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh
index e9e11a9e60fd5374c8a98c3b7159ccbca8053030..b41cebfa1f921ce9ea6a88a908bf6d5e6027b367 100755
--- a/tools/testing/selftests/net/mptcp/mptcp_join.sh
+++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh
@@ -2268,7 +2268,8 @@ signal_address_tests()
pm_nl_add_endpoint $ns1 10.0.3.1 flags signal
pm_nl_add_endpoint $ns1 10.0.4.1 flags signal
pm_nl_set_limits $ns2 3 3
- run_tests $ns1 $ns2 10.0.1.1
+ speed=slow \
+ run_tests $ns1 $ns2 10.0.1.1
chk_join_nr 3 3 3
chk_add_nr 3 3
fi
@@ -2280,7 +2281,8 @@ signal_address_tests()
pm_nl_add_endpoint $ns1 10.0.3.1 flags signal
pm_nl_add_endpoint $ns1 10.0.14.1 flags signal
pm_nl_set_limits $ns2 3 3
- run_tests $ns1 $ns2 10.0.1.1
+ speed=slow \
+ run_tests $ns1 $ns2 10.0.1.1
join_syn_tx=3 \
chk_join_nr 1 1 1
chk_add_nr 3 3
--
2.51.0
1 week
- 1
- 0
[PATCH net-next 2/3] selftests: mptcp: join: tolerate more ADD_ADDR
by Matthieu Baerts (NGI0)
ADD_ADDR can be retransmitted, and with, the parent commit, these
retransmissions can be sent quicker: from 2 minutes to less than one
second.
To avoid false positives where retransmitted ADD_ADDR causes higher
counters than expected, it is required to be more tolerant. Errors are
now only reported when fewer ADD_ADDRs have been sent/received, except
if no ADD_ADDR are expected.
Before the parent commit, the tolerance was present for each tests where
the ADD_ADDR could be retransmitted in a reasonable time (1 sec). Now
that all tests can have retransmitted ADD_ADDR, it is normal to apply
the same tolerance for all tests.
An alternative could be to disable the ADD_ADDR retransmissions by
default, but that's changing the default kernel behaviour. Plus,
ADD_ADDR retransmissions can be required for some tests. To avoid adding
exceptions to many tests, it seems better to increase the tolerance.
Later, we could add a new MIB counter to identify the ADD_ADDR
retransmissions, and remove the tolerance when this counter is
available.
Reviewed-by: Geliang Tang <geliang(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
---
tools/testing/selftests/net/mptcp/mptcp_join.sh | 19 +++++++------------
1 file changed, 7 insertions(+), 12 deletions(-)
diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh
index 2f046167a0b6cc6fb5531a033d8d95c9ea399cf9..e9e11a9e60fd5374c8a98c3b7159ccbca8053030 100755
--- a/tools/testing/selftests/net/mptcp/mptcp_join.sh
+++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh
@@ -358,6 +358,7 @@ reset_with_add_addr_timeout()
tables="${ip6tables}"
fi
+ # set a maximum, to avoid too long timeout with exponential backoff
ip netns exec $ns1 sysctl -q net.mptcp.add_addr_timeout=1
if ! ip netns exec $ns2 $tables -A OUTPUT -p tcp \
@@ -1669,7 +1670,6 @@ chk_add_nr()
local tx=""
local rx=""
local count
- local timeout
if [[ $ns_invert = "invert" ]]; then
ns_tx=$ns2
@@ -1678,15 +1678,13 @@ chk_add_nr()
rx=" server"
fi
- timeout=$(ip netns exec ${ns_tx} sysctl -n net.mptcp.add_addr_timeout)
-
print_check "add addr rx${rx}"
count=$(mptcp_lib_get_counter ${ns_rx} "MPTcpExtAddAddr")
if [ -z "$count" ]; then
print_skip
- # if the test configured a short timeout tolerate greater then expected
- # add addrs options, due to retransmissions
- elif [ "$count" != "$add_nr" ] && { [ "$timeout" -gt 1 ] || [ "$count" -lt "$add_nr" ]; }; then
+ # Tolerate more ADD_ADDR then expected (if any), due to retransmissions
+ elif [ "$count" != "$add_nr" ] &&
+ { [ "$add_nr" -eq 0 ] || [ "$count" -lt "$add_nr" ]; }; then
fail_test "got $count ADD_ADDR[s] expected $add_nr"
else
print_ok
@@ -1774,18 +1772,15 @@ chk_add_tx_nr()
{
local add_tx_nr=$1
local echo_tx_nr=$2
- local timeout
local count
- timeout=$(ip netns exec $ns1 sysctl -n net.mptcp.add_addr_timeout)
-
print_check "add addr tx"
count=$(mptcp_lib_get_counter ${ns1} "MPTcpExtAddAddrTx")
if [ -z "$count" ]; then
print_skip
- # if the test configured a short timeout tolerate greater then expected
- # add addrs options, due to retransmissions
- elif [ "$count" != "$add_tx_nr" ] && { [ "$timeout" -gt 1 ] || [ "$count" -lt "$add_tx_nr" ]; }; then
+ # Tolerate more ADD_ADDR then expected (if any), due to retransmissions
+ elif [ "$count" != "$add_tx_nr" ] &&
+ { [ "$add_tx_nr" -eq 0 ] || [ "$count" -lt "$add_tx_nr" ]; }; then
fail_test "got $count ADD_ADDR[s] TX, expected $add_tx_nr"
else
print_ok
--
2.51.0
1 week
- 1
- 0
[PATCH net-next 1/3] mptcp: make ADD_ADDR retransmission timeout adaptive
by Matthieu Baerts (NGI0)
From: Geliang Tang <tanggeliang(a)kylinos.cn>
Currently the ADD_ADDR option is retransmitted with a fixed timeout. This
patch makes the retransmission timeout adaptive by using the maximum RTO
among all the subflows, while still capping it at the configured maximum
value (add_addr_timeout_max). This improves responsiveness when
establishing new subflows.
Specifically:
1. Adds mptcp_adjust_add_addr_timeout() helper to compute the adaptive
timeout.
2. Uses maximum subflow RTO (icsk_rto) when available.
3. Applies exponential backoff based on retransmission count.
4. Maintains fallback to configured max timeout when no RTO data exists.
This slightly changes the behaviour of the MPTCP "add_addr_timeout"
sysctl knob to be used as a maximum instead of a fixed value. But this
is seen as an improvement: the ADD_ADDR might be sent quicker than
before to improve the overall MPTCP connection. Also, the default
value is set to 2 min, which was already way too long, and caused the
ADD_ADDR not to be retransmitted for connections shorter than 2 minutes.
Suggested-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/576
Reviewed-by: Christoph Paasch <cpaasch(a)openai.com>
Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
---
v2: no changes.
---
Documentation/networking/mptcp-sysctl.rst | 8 +++++---
net/mptcp/pm.c | 28 ++++++++++++++++++++++++----
2 files changed, 29 insertions(+), 7 deletions(-)
diff --git a/Documentation/networking/mptcp-sysctl.rst b/Documentation/networking/mptcp-sysctl.rst
index 1683c139821e3ba6d9eaa3c59330a523d29f1164..1eb6af26b4a7acdedd575a126c576210a78f0d4d 100644
--- a/Documentation/networking/mptcp-sysctl.rst
+++ b/Documentation/networking/mptcp-sysctl.rst
@@ -8,9 +8,11 @@ MPTCP Sysfs variables
===============================
add_addr_timeout - INTEGER (seconds)
- Set the timeout after which an ADD_ADDR control message will be
- resent to an MPTCP peer that has not acknowledged a previous
- ADD_ADDR message.
+ Set the maximum value of timeout after which an ADD_ADDR control message
+ will be resent to an MPTCP peer that has not acknowledged a previous
+ ADD_ADDR message. A dynamically estimated retransmission timeout based
+ on the estimated connection round-trip-time is used if this value is
+ lower than the maximum one.
Do not retransmit if set to 0.
diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c
index 136a380602cae872b76560649c924330e5f42533..204e1f61212e2be77a8476f024b59be67d04b80a 100644
--- a/net/mptcp/pm.c
+++ b/net/mptcp/pm.c
@@ -268,6 +268,27 @@ int mptcp_pm_mp_prio_send_ack(struct mptcp_sock *msk,
return -EINVAL;
}
+static unsigned int mptcp_adjust_add_addr_timeout(struct mptcp_sock *msk)
+{
+ const struct net *net = sock_net((struct sock *)msk);
+ unsigned int rto = mptcp_get_add_addr_timeout(net);
+ struct mptcp_subflow_context *subflow;
+ unsigned int max = 0;
+
+ mptcp_for_each_subflow(msk, subflow) {
+ struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
+ struct inet_connection_sock *icsk = inet_csk(ssk);
+
+ if (icsk->icsk_rto > max)
+ max = icsk->icsk_rto;
+ }
+
+ if (max && max < rto)
+ rto = max;
+
+ return rto;
+}
+
static void mptcp_pm_add_timer(struct timer_list *timer)
{
struct mptcp_pm_add_entry *entry = timer_container_of(entry, timer,
@@ -292,7 +313,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
goto out;
}
- timeout = mptcp_get_add_addr_timeout(sock_net(sk));
+ timeout = mptcp_adjust_add_addr_timeout(msk);
if (!timeout)
goto out;
@@ -307,7 +328,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
if (entry->retrans_times < ADD_ADDR_RETRANS_MAX)
sk_reset_timer(sk, timer,
- jiffies + timeout);
+ jiffies + (timeout << entry->retrans_times));
spin_unlock_bh(&msk->pm.lock);
@@ -348,7 +369,6 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
{
struct mptcp_pm_add_entry *add_entry = NULL;
struct sock *sk = (struct sock *)msk;
- struct net *net = sock_net(sk);
unsigned int timeout;
lockdep_assert_held(&msk->pm.lock);
@@ -374,7 +394,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
timer_setup(&add_entry->add_timer, mptcp_pm_add_timer, 0);
reset_timer:
- timeout = mptcp_get_add_addr_timeout(net);
+ timeout = mptcp_adjust_add_addr_timeout(msk);
if (timeout)
sk_reset_timer(sk, &add_entry->add_timer, jiffies + timeout);
--
2.51.0
1 week
- 1
- 0
[PATCHSET V2 bpf-next 0/2] cpuidle, bpf: Introduce BPF-ext cpuidle governor policy via struct_ops
by Lin Yikai
Changes in v2:
- Optimized the logic in descriptions. (Song Liu)
- Created a new header file to declare kfuncs for future extensions included by other files. (Christian Loehle)
- Fixed some logical issues in the code. (Christian Loehle)
Reference:
[1] https://lore.kernel.org/bpf/20250829101137.9507-1-yikai.lin@vivo.com/
Summary
----------
Hi, everyone,
This patch set introduces an extensible cpuidle governor framework
using BPF struct_ops, enabling dynamic implementation of idle-state selection policies
via BPF programs.
Motivation
----------
As is well-known, CPUs support multiple idle states (e.g., C0, C1, C2, ...),
where deeper states reduce power consumption, but results in longer wakeup latency,
potentially affecting performance.
Existing generic cpuidle governors operate effectively in common scenarios
but exhibit suboptimal behavior in specific Android phone's use cases.
Our testing reveals that during low-utilization scenarios
(e.g., screen-off background tasks like music playback with CPU utilization <10%),
the C0 state occupies ~50% of idle time, causing significant energy inefficiency.
Reducing C0 to ≤20% could yield ≥5% power savings on mobile phones.
To address this, we expect:
1.Dynamic governor switching to power-saved policies for low cpu utilization scenarios (e.g., screen-off mode)
2.Dynamic switching to alternate governors for high-performance scenarios (e.g., gaming)
OverView
----------
The BPF cpuidle ext governor registers at postcore_initcall()
but remains disabled by default due to its low priority "rating" with value "1".
Activation requires adjust higer "rating" than other governors within BPF.
Core Components:
1.**struct cpuidle_gov_ext_ops** – BPF-overridable operations:
- ops.enable()/ops.disable(): enable or disable callback
- ops.select(): cpu Idle-state selection logic
- ops.set_stop_tick(): Scheduler tick management after state selection
- ops.reflect(): feedback info about previous idle state.
- ops.init()/ops.deinit(): Initialization or cleanup.
2.**Critical kfuncs for kernel state access**:
- bpf_cpuidle_ext_gov_update_rating():
Activate ext governor by raising rating must be called from "ops.init()"
- bpf_cpuidle_ext_gov_latency_req(): get idle-state latency constraints
- bpf_tick_nohz_get_sleep_length(): get CPU sleep duration in tickless mode
Future work
----------
1. Scenario detection: Identifying low-utilization states (e.g., screen-off + background music)
2. Policy optimization: Optimizing state-selection algorithms for specific scenarios
Is it related to sched_ext?
---------------------------
The cpuidle framework is as follows.
----------------------------------------------------------
Scheduler Core
----------------------------------------------------------
|
v
----------------------------------------------------------
| FAIR Class | EXT Class | IDLE Class |
----------------------------------------------------------
| | | |
| | | v
| | | ------------------------
| | | enter_cpu_idle()
| | | ------------------------
| | | |
| | | v
| | | ------------------------------
| | | | CPUIDLE Governor |
| | | ------------------------------
| | | | | |
| | | v v v
| | |-----------------------------------
| | | default | | other | | BPF ext |
| | | Governor | | Governor | | Governor | <<===Here is the feature we add.
| | |-----------------------------------
| | | | | |
| | | v v v
| | |-------------------------------------
| | | select idle state
| | |-------------------------------------
Whereas cpuidle is invoked after switching to idle class when no tasks are present in the scheduling RQ.
They are not directly related, so implementing kfuncs or other extensions through sched_ext is not feasible.
Lin Yikai (2):
cpuidle: Implement BPF extensible cpuidle governor class
selftests/bpf: Add selftests for cpuidle_gov_ext
drivers/cpuidle/Kconfig | 12 +
drivers/cpuidle/governors/Makefile | 1 +
drivers/cpuidle/governors/ext.c | 537 ++++++++++++++++++
.../bpf/prog_tests/test_cpuidle_gov_ext.c | 28 +
.../selftests/bpf/progs/cpuidle_common.h | 13 +
.../selftests/bpf/progs/cpuidle_gov_ext.c | 200 +++++++
6 files changed, 791 insertions(+)
create mode 100644 drivers/cpuidle/governors/ext.c
create mode 100644 tools/testing/selftests/bpf/prog_tests/test_cpuidle_gov_ext.c
create mode 100644 tools/testing/selftests/bpf/progs/cpuidle_common.h
create mode 100644 tools/testing/selftests/bpf/progs/cpuidle_gov_ext.c
--
2.43.0
1 week, 1 day
- 5
- 7
[PATCH net-next 1/2] selftests: net: replace sleeps in fcnal-test with waits
by Jakub Kicinski
fcnal-test.sh already includes lib.sh, use relevant helpers
instead of sleeping. The first chunk is replacing sleep after
killing background commands. All remaining ones replace
sleep after starting nettest as a server with wait_local_port_listen.
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
---
tools/testing/selftests/net/fcnal-test.sh | 430 +++++++++++-----------
1 file changed, 215 insertions(+), 215 deletions(-)
diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh
index 4fcc38907e48..0e3304d37fd0 100755
--- a/tools/testing/selftests/net/fcnal-test.sh
+++ b/tools/testing/selftests/net/fcnal-test.sh
@@ -189,7 +189,7 @@ show_hint()
kill_procs()
{
killall nettest ping ping6 >/dev/null 2>&1
- sleep 1
+ slowwait 2 sh -c 'test -z "$(pgrep '"'^(nettest|ping|ping6)$'"')"'
}
set_ping_group()
@@ -875,7 +875,7 @@ ipv4_tcp_md5_novrf()
# basic use case
log_start
run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 0 "MD5: Single address config"
@@ -883,7 +883,7 @@ ipv4_tcp_md5_novrf()
log_start
show_hint "Should timeout due to MD5 mismatch"
run_cmd nettest -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 2 "MD5: Server no config, client uses password"
@@ -891,7 +891,7 @@ ipv4_tcp_md5_novrf()
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
log_test $? 2 "MD5: Client uses wrong password"
@@ -899,7 +899,7 @@ ipv4_tcp_md5_novrf()
log_start
show_hint "Should timeout due to MD5 mismatch"
run_cmd nettest -s -M ${MD5_PW} -m ${NSB_LO_IP} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 2 "MD5: Client address does not match address configured with password"
@@ -910,7 +910,7 @@ ipv4_tcp_md5_novrf()
# client in prefix
log_start
run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 0 "MD5: Prefix config"
@@ -918,7 +918,7 @@ ipv4_tcp_md5_novrf()
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
log_test $? 2 "MD5: Prefix config, client uses wrong password"
@@ -926,7 +926,7 @@ ipv4_tcp_md5_novrf()
log_start
show_hint "Should timeout due to MD5 mismatch"
run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
}
@@ -943,7 +943,7 @@ ipv4_tcp_md5()
# basic use case
log_start
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config"
@@ -951,7 +951,7 @@ ipv4_tcp_md5()
log_start
show_hint "Should timeout since server does not have MD5 auth"
run_cmd nettest -s -I ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 2 "MD5: VRF: Server no config, client uses password"
@@ -959,7 +959,7 @@ ipv4_tcp_md5()
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Client uses wrong password"
@@ -967,7 +967,7 @@ ipv4_tcp_md5()
log_start
show_hint "Should timeout since server config differs from client"
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
@@ -978,7 +978,7 @@ ipv4_tcp_md5()
# client in prefix
log_start
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 0 "MD5: VRF: Prefix config"
@@ -986,7 +986,7 @@ ipv4_tcp_md5()
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
@@ -994,7 +994,7 @@ ipv4_tcp_md5()
log_start
show_hint "Should timeout since client address is outside of prefix"
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW}
log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
@@ -1005,14 +1005,14 @@ ipv4_tcp_md5()
log_start
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
log_start
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
@@ -1020,7 +1020,7 @@ ipv4_tcp_md5()
show_hint "Should timeout since client in default VRF uses VRF password"
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
@@ -1028,21 +1028,21 @@ ipv4_tcp_md5()
show_hint "Should timeout since client in VRF uses default VRF password"
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
log_start
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
log_start
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
@@ -1050,7 +1050,7 @@ ipv4_tcp_md5()
show_hint "Should timeout since client in default VRF uses VRF password"
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
@@ -1058,7 +1058,7 @@ ipv4_tcp_md5()
show_hint "Should timeout since client in VRF uses default VRF password"
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
@@ -1082,14 +1082,14 @@ test_ipv4_md5_vrf__vrf_server__no_bind_ifindex()
log_start
show_hint "Simulates applications using VRF without TCP_MD5SIG_FLAG_IFINDEX"
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 0 "MD5: VRF: VRF-bound server, unbound key accepts connection"
log_start
show_hint "Binding both the socket and the key is not required but it works"
run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 0 "MD5: VRF: VRF-bound server, bound key accepts connection"
}
@@ -1103,25 +1103,25 @@ test_ipv4_md5_vrf__global_server__bind_ifindex0()
log_start
run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 2 "MD5: VRF: Global server, Key bound to ifindex=0 rejects VRF connection"
log_start
run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 0 "MD5: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection"
log_start
run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts VRF connection"
log_start
run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW}
log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts non-VRF connection"
@@ -1193,7 +1193,7 @@ ipv4_tcp_novrf()
do
log_start
run_cmd nettest -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${a}
log_test_addr ${a} $? 0 "Global server"
done
@@ -1201,7 +1201,7 @@ ipv4_tcp_novrf()
a=${NSA_IP}
log_start
run_cmd nettest -s -I ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${a}
log_test_addr ${a} $? 0 "Device server"
@@ -1221,13 +1221,13 @@ ipv4_tcp_novrf()
do
log_start
run_cmd_nsb nettest -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 tcp
run_cmd nettest -r ${a} -0 ${NSA_IP}
log_test_addr ${a} $? 0 "Client"
log_start
run_cmd_nsb nettest -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 tcp
run_cmd nettest -r ${a} -d ${NSA_DEV}
log_test_addr ${a} $? 0 "Client, device bind"
@@ -1249,7 +1249,7 @@ ipv4_tcp_novrf()
do
log_start
run_cmd nettest -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -r ${a} -0 ${a} -1 ${a}
log_test_addr ${a} $? 0 "Global server, local connection"
done
@@ -1257,7 +1257,7 @@ ipv4_tcp_novrf()
a=${NSA_IP}
log_start
run_cmd nettest -s -I ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -r ${a} -0 ${a}
log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
@@ -1266,7 +1266,7 @@ ipv4_tcp_novrf()
log_start
show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
run_cmd nettest -s -I ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -r ${a}
log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
done
@@ -1274,7 +1274,7 @@ ipv4_tcp_novrf()
a=${NSA_IP}
log_start
run_cmd nettest -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -r ${a} -0 ${a} -d ${NSA_DEV}
log_test_addr ${a} $? 0 "Global server, device client, local connection"
@@ -1283,7 +1283,7 @@ ipv4_tcp_novrf()
log_start
show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
run_cmd nettest -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -r ${a} -d ${NSA_DEV}
log_test_addr ${a} $? 1 "Global server, device client, local connection"
done
@@ -1291,7 +1291,7 @@ ipv4_tcp_novrf()
a=${NSA_IP}
log_start
run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -d ${NSA_DEV} -r ${a} -0 ${a}
log_test_addr ${a} $? 0 "Device server, device client, local connection"
@@ -1323,19 +1323,19 @@ ipv4_tcp_vrf()
log_start
show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
run_cmd nettest -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${a}
log_test_addr ${a} $? 1 "Global server"
log_start
run_cmd nettest -s -I ${VRF} -3 ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${a}
log_test_addr ${a} $? 0 "VRF server"
log_start
run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${a}
log_test_addr ${a} $? 0 "Device server"
@@ -1352,7 +1352,7 @@ ipv4_tcp_vrf()
log_start
show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
run_cmd nettest -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -r ${a} -d ${NSA_DEV}
log_test_addr ${a} $? 1 "Global server, local connection"
@@ -1374,14 +1374,14 @@ ipv4_tcp_vrf()
log_start
show_hint "client socket should be bound to VRF"
run_cmd nettest -s -3 ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${a}
log_test_addr ${a} $? 0 "Global server"
log_start
show_hint "client socket should be bound to VRF"
run_cmd nettest -s -I ${VRF} -3 ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${a}
log_test_addr ${a} $? 0 "VRF server"
@@ -1396,7 +1396,7 @@ ipv4_tcp_vrf()
log_start
show_hint "client socket should be bound to device"
run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${a}
log_test_addr ${a} $? 0 "Device server"
@@ -1406,7 +1406,7 @@ ipv4_tcp_vrf()
log_start
show_hint "Should fail 'Connection refused' since client is not bound to VRF"
run_cmd nettest -s -I ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -r ${a}
log_test_addr ${a} $? 1 "Global server, local connection"
done
@@ -1418,13 +1418,13 @@ ipv4_tcp_vrf()
do
log_start
run_cmd_nsb nettest -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 tcp
run_cmd nettest -r ${a} -d ${VRF}
log_test_addr ${a} $? 0 "Client, VRF bind"
log_start
run_cmd_nsb nettest -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 tcp
run_cmd nettest -r ${a} -d ${NSA_DEV}
log_test_addr ${a} $? 0 "Client, device bind"
@@ -1443,7 +1443,7 @@ ipv4_tcp_vrf()
do
log_start
run_cmd nettest -s -I ${VRF} -3 ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
done
@@ -1451,26 +1451,26 @@ ipv4_tcp_vrf()
a=${NSA_IP}
log_start
run_cmd nettest -s -I ${VRF} -3 ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
log_test_addr ${a} $? 0 "VRF server, device client, local connection"
log_start
show_hint "Should fail 'No route to host' since client is out of VRF scope"
run_cmd nettest -s -I ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -r ${a}
log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
log_start
run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -r ${a} -d ${VRF} -0 ${a}
log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
log_start
run_cmd nettest -s -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -r ${a} -d ${NSA_DEV} -0 ${a}
log_test_addr ${a} $? 0 "Device server, device client, local connection"
}
@@ -1509,7 +1509,7 @@ ipv4_udp_novrf()
do
log_start
run_cmd nettest -D -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -D -r ${a}
log_test_addr ${a} $? 0 "Global server"
@@ -1522,7 +1522,7 @@ ipv4_udp_novrf()
a=${NSA_IP}
log_start
run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -D -r ${a}
log_test_addr ${a} $? 0 "Device server"
@@ -1533,31 +1533,31 @@ ipv4_udp_novrf()
do
log_start
run_cmd_nsb nettest -D -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 udp
run_cmd nettest -D -r ${a} -0 ${NSA_IP}
log_test_addr ${a} $? 0 "Client"
log_start
run_cmd_nsb nettest -D -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 udp
run_cmd nettest -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP}
log_test_addr ${a} $? 0 "Client, device bind"
log_start
run_cmd_nsb nettest -D -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 udp
run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP}
log_test_addr ${a} $? 0 "Client, device send via cmsg"
log_start
run_cmd_nsb nettest -D -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 udp
run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
log_start
run_cmd_nsb nettest -D -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 udp
run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} -U
log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF, with connect()"
@@ -1580,7 +1580,7 @@ ipv4_udp_novrf()
do
log_start
run_cmd nettest -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -r ${a} -0 ${a} -1 ${a}
log_test_addr ${a} $? 0 "Global server, local connection"
done
@@ -1588,7 +1588,7 @@ ipv4_udp_novrf()
a=${NSA_IP}
log_start
run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -r ${a}
log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
@@ -1597,7 +1597,7 @@ ipv4_udp_novrf()
log_start
show_hint "Should fail 'Connection refused' since address is out of device scope"
run_cmd nettest -s -D -I ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -r ${a}
log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
done
@@ -1605,25 +1605,25 @@ ipv4_udp_novrf()
a=${NSA_IP}
log_start
run_cmd nettest -s -D &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 0 "Global server, device client, local connection"
log_start
run_cmd nettest -s -D &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${NSA_DEV} -C -r ${a}
log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
log_start
run_cmd nettest -s -D &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
log_start
run_cmd nettest -s -D &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} -U
log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection, with connect()"
@@ -1636,28 +1636,28 @@ ipv4_udp_novrf()
log_start
show_hint "Should fail since addresses on loopback are out of device scope"
run_cmd nettest -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -r ${a} -d ${NSA_DEV}
log_test_addr ${a} $? 2 "Global server, device client, local connection"
log_start
show_hint "Should fail since addresses on loopback are out of device scope"
run_cmd nettest -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -r ${a} -d ${NSA_DEV} -C
log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
log_start
show_hint "Should fail since addresses on loopback are out of device scope"
run_cmd nettest -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
log_start
show_hint "Should fail since addresses on loopback are out of device scope"
run_cmd nettest -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -U
log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with connect()"
@@ -1667,7 +1667,7 @@ ipv4_udp_novrf()
a=${NSA_IP}
log_start
run_cmd nettest -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${NSA_DEV} -r ${a} -0 ${a}
log_test_addr ${a} $? 0 "Device server, device client, local conn"
@@ -1709,19 +1709,19 @@ ipv4_udp_vrf()
log_start
show_hint "Fails because ingress is in a VRF and global server is disabled"
run_cmd nettest -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -D -r ${a}
log_test_addr ${a} $? 1 "Global server"
log_start
run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -D -r ${a}
log_test_addr ${a} $? 0 "VRF server"
log_start
run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -D -r ${a}
log_test_addr ${a} $? 0 "Enslaved device server"
@@ -1733,7 +1733,7 @@ ipv4_udp_vrf()
log_start
show_hint "Should fail 'Connection refused' since global server is out of scope"
run_cmd nettest -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 1 "Global server, VRF client, local connection"
done
@@ -1741,26 +1741,26 @@ ipv4_udp_vrf()
a=${NSA_IP}
log_start
run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
log_start
run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 0 "VRF server, enslaved device client, local connection"
a=${NSA_IP}
log_start
run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
log_start
run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
@@ -1775,19 +1775,19 @@ ipv4_udp_vrf()
do
log_start
run_cmd nettest -D -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -D -r ${a}
log_test_addr ${a} $? 0 "Global server"
log_start
run_cmd nettest -D -I ${VRF} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -D -r ${a}
log_test_addr ${a} $? 0 "VRF server"
log_start
run_cmd nettest -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -D -r ${a}
log_test_addr ${a} $? 0 "Enslaved device server"
@@ -1802,13 +1802,13 @@ ipv4_udp_vrf()
#
log_start
run_cmd_nsb nettest -D -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 udp
run_cmd nettest -d ${VRF} -D -r ${NSB_IP} -1 ${NSA_IP}
log_test $? 0 "VRF client"
log_start
run_cmd_nsb nettest -D -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 udp
run_cmd nettest -d ${NSA_DEV} -D -r ${NSB_IP} -1 ${NSA_IP}
log_test $? 0 "Enslaved device client"
@@ -1829,31 +1829,31 @@ ipv4_udp_vrf()
a=${NSA_IP}
log_start
run_cmd nettest -D -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
log_start
run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
log_start
run_cmd nettest -s -D -I ${VRF} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 0 "VRF server, device client, local conn"
log_start
run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
log_start
run_cmd nettest -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
@@ -1861,7 +1861,7 @@ ipv4_udp_vrf()
do
log_start
run_cmd nettest -D -s -3 ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
done
@@ -1870,7 +1870,7 @@ ipv4_udp_vrf()
do
log_start
run_cmd nettest -s -D -I ${VRF} -3 ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
done
@@ -2093,7 +2093,7 @@ ipv4_rt()
do
log_start
run_cmd nettest ${varg} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest ${varg} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -2107,7 +2107,7 @@ ipv4_rt()
do
log_start
run_cmd nettest ${varg} -s -I ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest ${varg} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -2120,7 +2120,7 @@ ipv4_rt()
a=${NSA_IP}
log_start
run_cmd nettest ${varg} -s -I ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest ${varg} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -2134,7 +2134,7 @@ ipv4_rt()
#
log_start
run_cmd_nsb nettest ${varg} -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 tcp
run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP} &
sleep 3
run_cmd ip link del ${VRF}
@@ -2145,7 +2145,7 @@ ipv4_rt()
log_start
run_cmd_nsb nettest ${varg} -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 tcp
run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP} &
sleep 3
run_cmd ip link del ${VRF}
@@ -2161,7 +2161,7 @@ ipv4_rt()
do
log_start
run_cmd nettest ${varg} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest ${varg} -d ${VRF} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -2175,7 +2175,7 @@ ipv4_rt()
do
log_start
run_cmd nettest ${varg} -I ${VRF} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest ${varg} -d ${VRF} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -2189,7 +2189,7 @@ ipv4_rt()
log_start
run_cmd nettest ${varg} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -2200,7 +2200,7 @@ ipv4_rt()
log_start
run_cmd nettest ${varg} -I ${VRF} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -2211,7 +2211,7 @@ ipv4_rt()
log_start
run_cmd nettest ${varg} -I ${NSA_DEV} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -2561,7 +2561,7 @@ ipv6_tcp_md5_novrf()
# basic use case
log_start
run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
log_test $? 0 "MD5: Single address config"
@@ -2569,7 +2569,7 @@ ipv6_tcp_md5_novrf()
log_start
show_hint "Should timeout due to MD5 mismatch"
run_cmd nettest -6 -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
log_test $? 2 "MD5: Server no config, client uses password"
@@ -2577,7 +2577,7 @@ ipv6_tcp_md5_novrf()
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
log_test $? 2 "MD5: Client uses wrong password"
@@ -2585,7 +2585,7 @@ ipv6_tcp_md5_novrf()
log_start
show_hint "Should timeout due to MD5 mismatch"
run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
log_test $? 2 "MD5: Client address does not match address configured with password"
@@ -2596,7 +2596,7 @@ ipv6_tcp_md5_novrf()
# client in prefix
log_start
run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
log_test $? 0 "MD5: Prefix config"
@@ -2604,7 +2604,7 @@ ipv6_tcp_md5_novrf()
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
log_test $? 2 "MD5: Prefix config, client uses wrong password"
@@ -2612,7 +2612,7 @@ ipv6_tcp_md5_novrf()
log_start
show_hint "Should timeout due to MD5 mismatch"
run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
}
@@ -2629,7 +2629,7 @@ ipv6_tcp_md5()
# basic use case
log_start
run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config"
@@ -2637,7 +2637,7 @@ ipv6_tcp_md5()
log_start
show_hint "Should timeout since server does not have MD5 auth"
run_cmd nettest -6 -s -I ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
log_test $? 2 "MD5: VRF: Server no config, client uses password"
@@ -2645,7 +2645,7 @@ ipv6_tcp_md5()
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Client uses wrong password"
@@ -2653,7 +2653,7 @@ ipv6_tcp_md5()
log_start
show_hint "Should timeout since server config differs from client"
run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
@@ -2664,7 +2664,7 @@ ipv6_tcp_md5()
# client in prefix
log_start
run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
log_test $? 0 "MD5: VRF: Prefix config"
@@ -2672,7 +2672,7 @@ ipv6_tcp_md5()
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password"
@@ -2680,7 +2680,7 @@ ipv6_tcp_md5()
log_start
show_hint "Should timeout since client address is outside of prefix"
run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW}
log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix"
@@ -2691,14 +2691,14 @@ ipv6_tcp_md5()
log_start
run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
log_start
run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
@@ -2706,7 +2706,7 @@ ipv6_tcp_md5()
show_hint "Should timeout since client in default VRF uses VRF password"
run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
@@ -2714,21 +2714,21 @@ ipv6_tcp_md5()
show_hint "Should timeout since client in VRF uses default VRF password"
run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
log_start
run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF"
log_start
run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF"
@@ -2736,7 +2736,7 @@ ipv6_tcp_md5()
show_hint "Should timeout since client in default VRF uses VRF password"
run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW}
log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw"
@@ -2744,7 +2744,7 @@ ipv6_tcp_md5()
show_hint "Should timeout since client in VRF uses default VRF password"
run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw"
@@ -2772,7 +2772,7 @@ ipv6_tcp_novrf()
do
log_start
run_cmd nettest -6 -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${a}
log_test_addr ${a} $? 0 "Global server"
done
@@ -2793,7 +2793,7 @@ ipv6_tcp_novrf()
do
log_start
run_cmd_nsb nettest -6 -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 tcp
run_cmd nettest -6 -r ${a}
log_test_addr ${a} $? 0 "Client"
done
@@ -2802,7 +2802,7 @@ ipv6_tcp_novrf()
do
log_start
run_cmd_nsb nettest -6 -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 tcp
run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
log_test_addr ${a} $? 0 "Client, device bind"
done
@@ -2822,7 +2822,7 @@ ipv6_tcp_novrf()
do
log_start
run_cmd nettest -6 -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -6 -r ${a}
log_test_addr ${a} $? 0 "Global server, local connection"
done
@@ -2830,7 +2830,7 @@ ipv6_tcp_novrf()
a=${NSA_IP6}
log_start
run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -6 -r ${a} -0 ${a}
log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
@@ -2839,7 +2839,7 @@ ipv6_tcp_novrf()
log_start
show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
run_cmd nettest -6 -s -I ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -6 -r ${a}
log_test_addr ${a} $? 1 "Device server, unbound client, local connection"
done
@@ -2847,7 +2847,7 @@ ipv6_tcp_novrf()
a=${NSA_IP6}
log_start
run_cmd nettest -6 -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
log_test_addr ${a} $? 0 "Global server, device client, local connection"
@@ -2856,7 +2856,7 @@ ipv6_tcp_novrf()
log_start
show_hint "Should fail 'Connection refused' since addresses on loopback are out of device scope"
run_cmd nettest -6 -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
log_test_addr ${a} $? 1 "Global server, device client, local connection"
done
@@ -2865,7 +2865,7 @@ ipv6_tcp_novrf()
do
log_start
run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 0 "Device server, device client, local conn"
done
@@ -2898,7 +2898,7 @@ ipv6_tcp_vrf()
log_start
show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
run_cmd nettest -6 -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${a}
log_test_addr ${a} $? 1 "Global server"
done
@@ -2907,7 +2907,7 @@ ipv6_tcp_vrf()
do
log_start
run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${a}
log_test_addr ${a} $? 0 "VRF server"
done
@@ -2916,7 +2916,7 @@ ipv6_tcp_vrf()
a=${NSA_LINKIP6}%${NSB_DEV}
log_start
run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${a}
log_test_addr ${a} $? 0 "VRF server"
@@ -2924,7 +2924,7 @@ ipv6_tcp_vrf()
do
log_start
run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${a}
log_test_addr ${a} $? 0 "Device server"
done
@@ -2943,7 +2943,7 @@ ipv6_tcp_vrf()
log_start
show_hint "Should fail 'Connection refused' since global server with VRF is disabled"
run_cmd nettest -6 -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
log_test_addr ${a} $? 1 "Global server, local connection"
@@ -2964,7 +2964,7 @@ ipv6_tcp_vrf()
do
log_start
run_cmd nettest -6 -s -3 ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${a}
log_test_addr ${a} $? 0 "Global server"
done
@@ -2973,7 +2973,7 @@ ipv6_tcp_vrf()
do
log_start
run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${a}
log_test_addr ${a} $? 0 "VRF server"
done
@@ -2982,13 +2982,13 @@ ipv6_tcp_vrf()
a=${NSA_LINKIP6}%${NSB_DEV}
log_start
run_cmd nettest -6 -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${a}
log_test_addr ${a} $? 0 "Global server"
log_start
run_cmd nettest -6 -s -I ${VRF} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${a}
log_test_addr ${a} $? 0 "VRF server"
@@ -2996,7 +2996,7 @@ ipv6_tcp_vrf()
do
log_start
run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${a}
log_test_addr ${a} $? 0 "Device server"
done
@@ -3016,7 +3016,7 @@ ipv6_tcp_vrf()
log_start
show_hint "Fails 'Connection refused' since client is not in VRF"
run_cmd nettest -6 -s -I ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -6 -r ${a}
log_test_addr ${a} $? 1 "Global server, local connection"
done
@@ -3029,7 +3029,7 @@ ipv6_tcp_vrf()
do
log_start
run_cmd_nsb nettest -6 -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 tcp
run_cmd nettest -6 -r ${a} -d ${VRF}
log_test_addr ${a} $? 0 "Client, VRF bind"
done
@@ -3038,7 +3038,7 @@ ipv6_tcp_vrf()
log_start
show_hint "Fails since VRF device does not allow linklocal addresses"
run_cmd_nsb nettest -6 -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 tcp
run_cmd nettest -6 -r ${a} -d ${VRF}
log_test_addr ${a} $? 1 "Client, VRF bind"
@@ -3046,7 +3046,7 @@ ipv6_tcp_vrf()
do
log_start
run_cmd_nsb nettest -6 -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 tcp
run_cmd nettest -6 -r ${a} -d ${NSA_DEV}
log_test_addr ${a} $? 0 "Client, device bind"
done
@@ -3071,7 +3071,7 @@ ipv6_tcp_vrf()
do
log_start
run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
log_test_addr ${a} $? 0 "VRF server, VRF client, local connection"
done
@@ -3079,7 +3079,7 @@ ipv6_tcp_vrf()
a=${NSA_IP6}
log_start
run_cmd nettest -6 -s -I ${VRF} -3 ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
log_test_addr ${a} $? 0 "VRF server, device client, local connection"
@@ -3087,13 +3087,13 @@ ipv6_tcp_vrf()
log_start
show_hint "Should fail since unbound client is out of VRF scope"
run_cmd nettest -6 -s -I ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -6 -r ${a}
log_test_addr ${a} $? 1 "VRF server, unbound client, local connection"
log_start
run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -6 -r ${a} -d ${VRF} -0 ${a}
log_test_addr ${a} $? 0 "Device server, VRF client, local connection"
@@ -3101,7 +3101,7 @@ ipv6_tcp_vrf()
do
log_start
run_cmd nettest -6 -s -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest -6 -r ${a} -d ${NSA_DEV} -0 ${a}
log_test_addr ${a} $? 0 "Device server, device client, local connection"
done
@@ -3141,13 +3141,13 @@ ipv6_udp_novrf()
do
log_start
run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -6 -D -r ${a}
log_test_addr ${a} $? 0 "Global server"
log_start
run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -6 -D -r ${a}
log_test_addr ${a} $? 0 "Device server"
done
@@ -3155,7 +3155,7 @@ ipv6_udp_novrf()
a=${NSA_LO_IP6}
log_start
run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -6 -D -r ${a}
log_test_addr ${a} $? 0 "Global server"
@@ -3165,7 +3165,7 @@ ipv6_udp_novrf()
#log_start
#show_hint "Should fail since loopback address is out of scope"
#run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
- #sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
#run_cmd_nsb nettest -6 -D -r ${a}
#log_test_addr ${a} $? 1 "Device server"
@@ -3185,25 +3185,25 @@ ipv6_udp_novrf()
do
log_start
run_cmd_nsb nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 udp
run_cmd nettest -6 -D -r ${a} -0 ${NSA_IP6}
log_test_addr ${a} $? 0 "Client"
log_start
run_cmd_nsb nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 udp
run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -0 ${NSA_IP6}
log_test_addr ${a} $? 0 "Client, device bind"
log_start
run_cmd_nsb nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 udp
run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C -0 ${NSA_IP6}
log_test_addr ${a} $? 0 "Client, device send via cmsg"
log_start
run_cmd_nsb nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 udp
run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP6}
log_test_addr ${a} $? 0 "Client, device bind via IPV6_UNICAST_IF"
@@ -3225,7 +3225,7 @@ ipv6_udp_novrf()
do
log_start
run_cmd nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -r ${a} -0 ${a} -1 ${a}
log_test_addr ${a} $? 0 "Global server, local connection"
done
@@ -3233,7 +3233,7 @@ ipv6_udp_novrf()
a=${NSA_IP6}
log_start
run_cmd nettest -6 -s -D -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -r ${a}
log_test_addr ${a} $? 0 "Device server, unbound client, local connection"
@@ -3242,7 +3242,7 @@ ipv6_udp_novrf()
log_start
show_hint "Should fail 'Connection refused' since address is out of device scope"
run_cmd nettest -6 -s -D -I ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -r ${a}
log_test_addr ${a} $? 1 "Device server, local connection"
done
@@ -3250,19 +3250,19 @@ ipv6_udp_novrf()
a=${NSA_IP6}
log_start
run_cmd nettest -6 -s -D &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 0 "Global server, device client, local connection"
log_start
run_cmd nettest -6 -s -D &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${NSA_DEV} -C -r ${a}
log_test_addr ${a} $? 0 "Global server, device send via cmsg, local connection"
log_start
run_cmd nettest -6 -s -D &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${NSA_DEV} -S -r ${a}
log_test_addr ${a} $? 0 "Global server, device client via IPV6_UNICAST_IF, local connection"
@@ -3271,28 +3271,28 @@ ipv6_udp_novrf()
log_start
show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
run_cmd nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV}
log_test_addr ${a} $? 1 "Global server, device client, local connection"
log_start
show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
run_cmd nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -C
log_test_addr ${a} $? 1 "Global server, device send via cmsg, local connection"
log_start
show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
run_cmd nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
log_start
show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
run_cmd nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -U
log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with connect()"
done
@@ -3300,7 +3300,7 @@ ipv6_udp_novrf()
a=${NSA_IP6}
log_start
run_cmd nettest -6 -D -s -I ${NSA_DEV} -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a} -0 ${a}
log_test_addr ${a} $? 0 "Device server, device client, local conn"
@@ -3314,7 +3314,7 @@ ipv6_udp_novrf()
run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
log_start
run_cmd nettest -6 -s -D &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
log_test $? 0 "UDP in - LLA to GUA"
@@ -3338,7 +3338,7 @@ ipv6_udp_vrf()
log_start
show_hint "Should fail 'Connection refused' since global server is disabled"
run_cmd nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -6 -D -r ${a}
log_test_addr ${a} $? 1 "Global server"
done
@@ -3347,7 +3347,7 @@ ipv6_udp_vrf()
do
log_start
run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -6 -D -r ${a}
log_test_addr ${a} $? 0 "VRF server"
done
@@ -3356,7 +3356,7 @@ ipv6_udp_vrf()
do
log_start
run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -6 -D -r ${a}
log_test_addr ${a} $? 0 "Enslaved device server"
done
@@ -3378,7 +3378,7 @@ ipv6_udp_vrf()
log_start
show_hint "Should fail 'Connection refused' since global server is disabled"
run_cmd nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 1 "Global server, VRF client, local conn"
done
@@ -3387,7 +3387,7 @@ ipv6_udp_vrf()
do
log_start
run_cmd nettest -6 -D -I ${VRF} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
done
@@ -3396,25 +3396,25 @@ ipv6_udp_vrf()
log_start
show_hint "Should fail 'Connection refused' since global server is disabled"
run_cmd nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 1 "Global server, device client, local conn"
log_start
run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 0 "VRF server, device client, local conn"
log_start
run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 0 "Enslaved device server, VRF client, local conn"
log_start
run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 0 "Enslaved device server, device client, local conn"
@@ -3429,7 +3429,7 @@ ipv6_udp_vrf()
do
log_start
run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -6 -D -r ${a}
log_test_addr ${a} $? 0 "Global server"
done
@@ -3438,7 +3438,7 @@ ipv6_udp_vrf()
do
log_start
run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -6 -D -r ${a}
log_test_addr ${a} $? 0 "VRF server"
done
@@ -3447,7 +3447,7 @@ ipv6_udp_vrf()
do
log_start
run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -6 -D -r ${a}
log_test_addr ${a} $? 0 "Enslaved device server"
done
@@ -3465,7 +3465,7 @@ ipv6_udp_vrf()
#
log_start
run_cmd_nsb nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 udp
run_cmd nettest -6 -D -d ${VRF} -r ${NSB_IP6}
log_test $? 0 "VRF client"
@@ -3476,7 +3476,7 @@ ipv6_udp_vrf()
log_start
run_cmd_nsb nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 udp
run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_IP6}
log_test $? 0 "Enslaved device client"
@@ -3491,13 +3491,13 @@ ipv6_udp_vrf()
a=${NSA_IP6}
log_start
run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
#log_start
run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
@@ -3505,13 +3505,13 @@ ipv6_udp_vrf()
a=${VRF_IP6}
log_start
run_cmd nettest -6 -D -s -3 ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 0 "Global server, VRF client, local conn"
log_start
run_cmd nettest -6 -D -I ${VRF} -s -3 ${VRF} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 0 "VRF server, VRF client, local conn"
@@ -3527,25 +3527,25 @@ ipv6_udp_vrf()
a=${NSA_IP6}
log_start
run_cmd nettest -6 -D -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 0 "Global server, device client, local conn"
log_start
run_cmd nettest -6 -D -I ${VRF} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 0 "VRF server, device client, local conn"
log_start
run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${VRF} -r ${a}
log_test_addr ${a} $? 0 "Device server, VRF client, local conn"
log_start
run_cmd nettest -6 -D -I ${NSA_DEV} -s -3 ${NSA_DEV} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 0 "Device server, device client, local conn"
@@ -3557,7 +3557,7 @@ ipv6_udp_vrf()
# link local addresses
log_start
run_cmd nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -6 -D -d ${NSB_DEV} -r ${NSA_LINKIP6}
log_test $? 0 "Global server, linklocal IP"
@@ -3568,7 +3568,7 @@ ipv6_udp_vrf()
log_start
run_cmd_nsb nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 udp
run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSB_LINKIP6}
log_test $? 0 "Enslaved device client, linklocal IP"
@@ -3579,7 +3579,7 @@ ipv6_udp_vrf()
log_start
run_cmd nettest -6 -D -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd nettest -6 -D -d ${NSA_DEV} -r ${NSA_LINKIP6}
log_test $? 0 "Enslaved device client, local conn - linklocal IP"
@@ -3592,7 +3592,7 @@ ipv6_udp_vrf()
run_cmd_nsb ip -6 ro add ${NSA_IP6}/128 dev ${NSB_DEV}
log_start
run_cmd nettest -6 -s -D &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 udp
run_cmd_nsb nettest -6 -D -r ${NSA_IP6}
log_test $? 0 "UDP in - LLA to GUA"
@@ -3771,7 +3771,7 @@ ipv6_rt()
do
log_start
run_cmd nettest ${varg} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest ${varg} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -3785,7 +3785,7 @@ ipv6_rt()
do
log_start
run_cmd nettest ${varg} -I ${VRF} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest ${varg} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -3799,7 +3799,7 @@ ipv6_rt()
do
log_start
run_cmd nettest ${varg} -I ${NSA_DEV} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest ${varg} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -3814,7 +3814,7 @@ ipv6_rt()
#
log_start
run_cmd_nsb nettest ${varg} -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 tcp
run_cmd nettest ${varg} -d ${VRF} -r ${NSB_IP6} &
sleep 3
run_cmd ip link del ${VRF}
@@ -3825,7 +3825,7 @@ ipv6_rt()
log_start
run_cmd_nsb nettest ${varg} -s &
- sleep 1
+ wait_local_port_listen ${NSB} 12345 tcp
run_cmd nettest ${varg} -d ${NSA_DEV} -r ${NSB_IP6} &
sleep 3
run_cmd ip link del ${VRF}
@@ -3842,7 +3842,7 @@ ipv6_rt()
do
log_start
run_cmd nettest ${varg} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest ${varg} -d ${VRF} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -3856,7 +3856,7 @@ ipv6_rt()
do
log_start
run_cmd nettest ${varg} -I ${VRF} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest ${varg} -d ${VRF} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -3869,7 +3869,7 @@ ipv6_rt()
a=${NSA_IP6}
log_start
run_cmd nettest ${varg} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -3880,7 +3880,7 @@ ipv6_rt()
log_start
run_cmd nettest ${varg} -I ${VRF} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -3891,7 +3891,7 @@ ipv6_rt()
log_start
run_cmd nettest ${varg} -I ${NSA_DEV} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd nettest ${varg} -d ${NSA_DEV} -r ${a} &
sleep 3
run_cmd ip link del ${VRF}
@@ -3950,7 +3950,7 @@ netfilter_tcp_reset()
do
log_start
run_cmd nettest -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -r ${a}
log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
done
@@ -3968,7 +3968,7 @@ netfilter_icmp()
do
log_start
run_cmd nettest ${arg} -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest ${arg} -r ${a}
log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
done
@@ -4007,7 +4007,7 @@ netfilter_tcp6_reset()
do
log_start
run_cmd nettest -6 -s &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 -r ${a}
log_test_addr ${a} $? 1 "Global server, reject with TCP-reset on Rx"
done
@@ -4025,7 +4025,7 @@ netfilter_icmp6()
do
log_start
run_cmd nettest -6 -s ${arg} &
- sleep 1
+ wait_local_port_listen ${NSA} 12345 tcp
run_cmd_nsb nettest -6 ${arg} -r ${a}
log_test_addr ${a} $? 1 "Global ${stype} server, Rx reject icmp-port-unreach"
done
@@ -4221,12 +4221,12 @@ use_case_snat_on_vrf()
run_cmd ip6tables -t nat -A POSTROUTING -p tcp -m tcp --dport ${port} -j SNAT --to-source ${NSA_LO_IP6} -o ${VRF}
run_cmd_nsb nettest -s -l ${NSB_IP} -p ${port} &
- sleep 1
+ wait_local_port_listen ${NSB} ${port} tcp
run_cmd nettest -d ${VRF} -r ${NSB_IP} -p ${port}
log_test $? 0 "IPv4 TCP connection over VRF with SNAT"
run_cmd_nsb nettest -6 -s -l ${NSB_IP6} -p ${port} &
- sleep 1
+ wait_local_port_listen ${NSB} ${port} tcp
run_cmd nettest -6 -d ${VRF} -r ${NSB_IP6} -p ${port}
log_test $? 0 "IPv6 TCP connection over VRF with SNAT"
--
2.51.0
1 week, 1 day
- 2
- 3
[PATCH v16 net-next 00/14] AccECN protocol patch series
by chia-yu.chang@nokia-bell-labs.com
From: Chia-Yu Chang <chia-yu.chang(a)nokia-bell-labs.com>
Hello,
Please find the v16 AccECN protocol patch series, which covers the core
functionality of Accurate ECN, AccECN negotiation, AccECN TCP options,
and AccECN failure handling. The Accurate ECN draft can be found in
https://datatracker.ietf.org/doc/html/draft-ietf-tcpm-accurate-ecn-28, and it
will be RFC9768.
This patch series is part of the full AccECN patch series, which is available at
https://github.com/L4STeam/linux-net-next/commits/upstream_l4steam/
Best Regards,
Chia-Yu
---
v16 (6-Sep-2025)
- Use TCP_ECN_IN_ACCECN_OUT_ACCECN, TCP_ECN_IN_ECN_OUT_ECN, and TCP_ECN_IN_ACCECN_OUT_ECN in comments of tcp_ecn_send_syn() (Eric Dumazet <edumazet(a)google.com>)
- Add tcpi_accecn_fail_mode and tcpi_accecn_opt_seen to make tcp_info be multiple of 64 bits in patch #12
v15 (14-Aug-205)
- Update pahole results in commit messages
- Accurate ECN will become RFC9768
v14 (22-Jul-2025)
- Add missing const for struct tcp_sock of tcp_accecn_option_beacon_check() of #11 (Simon Horman <horms(a)kernel.org>)
v13 (18-Jul-2025)
- Implement tcp_accecn_extract_syn_ect() and tcp_accecn_reflector_flags() with static array lookup of patch #6 (Paolo Abeni <pabeni(a)redhat.com>)
- Fix typos in comments of #6 and remove patch #7 of v12 about simulatenous connect (Paolo Abeni <pabeni(a)redhat.com>)
- Move TCP_ACCECN_E1B_INIT_OFFSET, TCP_ACCECN_E0B_INIT_OFFSET, and TCP_ACCECN_CEB_INIT_OFFSET from patch #7 to #11 (Paolo Abeni <pabeni(a)redhat.com>)
- Use static array lookup in tcp_accecn_optfield_to_ecnfield() of patch #11 (Paolo Abeni <pabeni(a)redhat.com>)
- Return false when WARN_ON_ONCE() is true in tcp_accecn_process_option() of patch #11 (Paolo Abeni <pabeni(a)redhat.com>)
- Make synack_ecn_bytes as static const array and use const u32 pointer in tcp_options_write() of #11 (Paolo Abeni <pabeni(a)redhat.com>)
- Use ALIGN() and ALIGN_DOWN() in tcp_options_fit_accecn() to pad TCP AccECN option to dword of #11 (Paolo Abeni <pabeni(a)redhat.com>)
- Return TCP_ACCECN_OPT_FAIL_SEEN if WARN_ON_ONCE() is true in tcp_accecn_option_init() of #12 (Paolo Abeni <pabeni(a)redhat.com>)
v12 (04-Jul-2025)
- Fix compilation issues with some intermediate patches in v11
- Add more comments for AccECN helpers of tcp_ecn.h
v11 (03-Jul-2025)
- Fix compilation issues with some intermediate patches in v10
v10 (02-Jul-2025)
- Add new patch of separated header file include/net/tcp_ecn.h to include ECN and AccECN functions (Eric Dumazet <edumazet(a)google.com>)
- Add comments on the AccECN helper functions in tcp_ecn.h (Eric Dumazet <edumazet(a)google.com>)
- Add documentation of tcp_ecn, tcp_ecn_option, tcp_ecn_beacon in ip-sysctl.rst to the corresponding patch (Eric Dumazet <edumazet(a)google.com>)
- Split wait third ACK functionality into a separated patch from AccECN negotiation patch (Eric Dumazet <edumazet(a)google.com>)
- Add READ_ONCE() over every reads of sysctl for all patches in the series (Eric Dumazet <edumazet(a)google.com>)
- Merge heuristics of AccECN option ceb/cep and ACE field multi-wrap into a single patch
- Add a table of SACK block reduction and required AccECN field in patch #15 commit message (Eric Dumazet <edumazet(a)google.com>)
v9 (21-Jun-2025)
- Use tcp_data_ecn_check() to set TCP_ECN_SEE flag only for RFC3168 ECN (Paolo Abeni <pabeni(a)redhat.com>)
- Add comments about setting TCP_ECN_SEEN flag for RFC3168 and Accruate ECN (Paolo Abeni <pabeni(a)redhat.com>)
- Restruct the code in the for loop of tcp_accecn_process_option() (Paolo Abeni <pabeni(a)redhat.com>)
- Remove ecn_bytes and add use_synack_ecn_bytes flag to identify whether syn_ack_bytes or received_ecn_bytes is used (Paolo Abeni <pabeni(a)redhat.com>)
- Replace leftover_bytes and leftover_size with leftover_highbyte and leftover_lowbyte and add comments in tcp_options_write() (Paolo Abeni <pabeni(a)redhat.com>)
- Add comments and commit message about the 1st retx SYN still attempt AccECN negotiation (Paolo Abeni <pabeni(a)redhat.com>)
v8 (10-Jun-2025)
- Add new helper function tcp_ecn_received_counters_payload() in #6 (Paolo Abeni <pabeni(a)redhat.com>)
- Set opts->num_sack_blocks=0 to avoid potential undefined value in #8 (Paolo Abeni <pabeni(a)redhat.com>)
- Reset leftover_size to 2 once leftover_bytes is used in #9 (Paolo Abeni <pabeni(a)redhat.com>)
- Add new helper function tcp_accecn_opt_demand_min() in #10 (Paolo Abeni <pabeni(a)redhat.com>)
- Add new helper function tcp_accecn_saw_opt_fail_recv() in #11 (Paolo Abeni <pabeni(a)redhat.com>)
- Update tcp_options_fit_accecn() to avoid using recursion in #14 (Paolo Abeni <pabeni(a)redhat.com>)
v7 (14-May-2025)
- Modify group sizes of tcp_sock_write_txrx and tcp_sock_write_rx in #3 based on pahole results (Paolo Abeni <pabeni(a)redhat.com>)
- Fix the issue in #4 and #5 where the RFC3168 ECN behavior in tcp_ecn_send() is changed (Paolo Abeni <pabeni(a)redhat.com>)
- Modify group size of tcp_sock_write_txrx in #4 and #6 based on pahole results (Paolo Abeni <pabeni(a)redhat.com>)
- Update commit message for #9 to explain the increase in tcp_sock_write_rx group size
- Modify group size of tcp_sock_write_tx in #10 based on pahole results
v6 (09-May-2025)
- Add #3 to utilize exisintg holes of tcp_sock_write_txrx group for later patches (#4, #9, #10) with new u8 members (Paolo Abeni <pabeni(a)redhat.com>)
- Add pahole outcomes before and after commit in #4, #5, #6, #9, #10, #15 (Paolo Abeni <pabeni(a)redhat.com>)
- Define new helper function tcp_send_ack_reflect_ect() for sending ACK with reflected ECT in #5 (Paolo Abeni <pabeni(a)redhat.com>)
- Add comments for function tcp_ecn_rcv_synack() in #5 (Paolo Abeni <pabeni(a)redhat.com>)
- Add enum/define to be used by sysctl_tcp_ecn in #5, sysctl_tcp_ecn_option in #9, and sysctl_tcp_ecn_option_beacon in #10 (Paolo Abeni <pabeni(a)redhat.com>)
- Move accecn_fail_mode and saw_accecn_opt in #5 and #11 to use exisintg holes of tcp_sock (Paolo Abeni <pabeni(a)redhat.com>)
- Change data type of new members of tcp_request_sock and move them to the end of struct in #5 and #11 (Paolo Abeni <pabeni(a)redhat.com>)
- Move new members of tcp_info to the end of struct in #6 (Paolo Abeni <pabeni(a)redhat.com>)
- Merge previous #7 into #9 (Paolo Abeni <pabeni(a)redhat.com>)
- Mask ecnfield with INET_ECN_MASK to remove WARN_ONCE in #9 (Paolo Abeni <pabeni(a)redhat.com>)
- Reduce the indentation levels for reabability in #9 and #10 (Paolo Abeni <pabeni(a)redhat.com>)
- Move delivered_ecn_bytes to the RX group in #9, accecn_opt_tstamp to the TX group in #10, pkts_acked_ewma to the RX group in #15 (Paolo Abeni <pabeni(a)redhat.com>)
- Add changes in Documentation/networking/net_cachelines/tcp_sock.rst for new tcp_sock members in #3, #5, #6, #9, #10, #15
v5 (22-Apr-2025)
- Further fix for 32-bit ARM alignment in tcp.c (Simon Horman <horms(a)kernel.org>)
v4 (18-Apr-2025)
- Fix 32-bit ARM assertion for alignment requirement (Simon Horman <horms(a)kernel.org>)
v3 (14-Apr-2025)
- Fix patch apply issue in v2 (Jakub Kicinski <kuba(a)kernel.org>)
v2 (18-Mar-2025)
- Add one missing patch from the previous AccECN protocol preparation patch series to this patch series.
---
Chia-Yu Chang (5):
tcp: reorganize tcp_sock_write_txrx group for variables later
tcp: ecn functions in separated include file
tcp: accecn: AccECN option send control
tcp: accecn: AccECN option failure handling
tcp: accecn: try to fit AccECN option with SACK
Ilpo Järvinen (9):
tcp: reorganize SYN ECN code
tcp: fast path functions later
tcp: AccECN core
tcp: accecn: AccECN negotiation
tcp: accecn: add AccECN rx byte counters
tcp: accecn: AccECN needs to know delivered bytes
tcp: sack option handling improvements
tcp: accecn: AccECN option
tcp: accecn: AccECN option ceb/cep and ACE field multi-wrap heuristics
Documentation/networking/ip-sysctl.rst | 55 +-
.../networking/net_cachelines/tcp_sock.rst | 12 +
include/linux/tcp.h | 32 +-
include/net/netns/ipv4.h | 2 +
include/net/tcp.h | 87 ++-
include/net/tcp_ecn.h | 642 ++++++++++++++++++
include/uapi/linux/tcp.h | 9 +
net/ipv4/syncookies.c | 4 +
net/ipv4/sysctl_net_ipv4.c | 19 +
net/ipv4/tcp.c | 30 +-
net/ipv4/tcp_input.c | 353 ++++++++--
net/ipv4/tcp_ipv4.c | 8 +-
net/ipv4/tcp_minisocks.c | 40 +-
net/ipv4/tcp_output.c | 294 ++++++--
net/ipv6/syncookies.c | 2 +
net/ipv6/tcp_ipv6.c | 1 +
16 files changed, 1406 insertions(+), 184 deletions(-)
create mode 100644 include/net/tcp_ecn.h
--
2.34.1
1 week, 1 day
- 1
- 14
Re: [syzbot] [net?] possible deadlock in __netdev_update_features
by syzbot
syzbot has bisected this issue to:
commit f792709e0baad67224180d73d51c2f090003adde
Author: Stanislav Fomichev <stfomichev(a)gmail.com>
Date: Fri May 16 23:22:05 2025 +0000
selftests: net: validate team flags propagation
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16a3ba42580000
start commit: d69eb204c255 Merge tag 'net-6.17-rc5' of git://git.kernel...
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=15a3ba42580000
console output: https://syzkaller.appspot.com/x/log.txt?x=11a3ba42580000
kernel config: https://syzkaller.appspot.com/x/.config?x=9c302bcfb26a48af
dashboard link: https://syzkaller.appspot.com/bug?extid=7e0f89fb6cae5d002de0
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12942962580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16942962580000
Reported-by: syzbot+7e0f89fb6cae5d002de0(a)syzkaller.appspotmail.com
Fixes: f792709e0baa ("selftests: net: validate team flags propagation")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
1 week, 1 day
- 1
- 0
[PATCH net-next] selftests: ncdevmem: don't retry EFAULT
by Stanislav Fomichev
devmem test fails on NIPA. Most likely we get skb(s) with readable
frags (why?) but the failure manifests as an OOM. The OOM happens
because ncdevmem spams the following message:
recvmsg ret=-1
recvmsg: Bad address
As of today, ncdevmem can't deal with various reasons of EFAULT:
- falling back to regular recvmsg for non-devmem skbs
- increasing ctrl_data size (can't happen with ncdevmem's large buffer)
Exit (cleanly) with error when recvmsg returns EFAULT. This should at
least cause the test to cleanup its state.
Signed-off-by: Stanislav Fomichev <sdf(a)fomichev.me>
---
tools/testing/selftests/drivers/net/hw/ncdevmem.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/testing/selftests/drivers/net/hw/ncdevmem.c b/tools/testing/selftests/drivers/net/hw/ncdevmem.c
index 8dc9511d046f..c0a22938bed2 100644
--- a/tools/testing/selftests/drivers/net/hw/ncdevmem.c
+++ b/tools/testing/selftests/drivers/net/hw/ncdevmem.c
@@ -945,6 +945,10 @@ static int do_server(struct memory_buffer *mem)
continue;
if (ret < 0) {
perror("recvmsg");
+ if (errno == EFAULT) {
+ pr_err("received EFAULT, won't recover");
+ goto err_close_client;
+ }
continue;
}
if (ret == 0) {
--
2.51.0
1 week, 2 days
- 4
- 5
[PATCH net-next] selftests: forwarding: Reorder arguments to obey POSIX getopt
by David Yang
Quoted from musl wiki:
GNU getopt permutes argv to pull options to the front, ahead of
non-option arguments. musl and the POSIX standard getopt stop
processing options at the first non-option argument with no
permutation.
Thus these scripts stop working on musl since non-option arguments do
not always come last. Fix it by reordering arguments.
Signed-off-by: David Yang <mmyangfl(a)gmail.com>
---
.../selftests/net/forwarding/bridge_igmp.sh | 26 ++---
.../net/forwarding/bridge_locked_port.sh | 10 +-
.../selftests/net/forwarding/bridge_mdb.sh | 54 ++++-----
.../net/forwarding/bridge_mdb_max.sh | 16 +--
.../selftests/net/forwarding/bridge_mld.sh | 26 ++---
.../net/forwarding/bridge_sticky_fdb.sh | 2 +-
.../net/forwarding/bridge_vlan_aware.sh | 8 +-
.../net/forwarding/custom_multipath_hash.sh | 34 +++---
.../forwarding/gre_custom_multipath_hash.sh | 34 +++---
.../net/forwarding/gre_inner_v4_multipath.sh | 4 +-
.../net/forwarding/gre_inner_v6_multipath.sh | 4 +-
.../selftests/net/forwarding/gre_multipath.sh | 4 +-
.../net/forwarding/gre_multipath_nh.sh | 8 +-
.../net/forwarding/gre_multipath_nh_res.sh | 8 +-
.../net/forwarding/ip6_forward_instats_vrf.sh | 6 +-
.../ip6gre_custom_multipath_hash.sh | 26 ++---
.../forwarding/ip6gre_inner_v4_multipath.sh | 4 +-
.../forwarding/ip6gre_inner_v6_multipath.sh | 4 +-
.../selftests/net/forwarding/ip6gre_lib.sh | 8 +-
tools/testing/selftests/net/forwarding/lib.sh | 24 ++--
.../forwarding/mirror_gre_bridge_1q_lag.sh | 2 +-
.../forwarding/mirror_gre_vlan_bridge_1q.sh | 4 +-
.../selftests/net/forwarding/mirror_lib.sh | 4 +-
.../selftests/net/forwarding/pedit_dsfield.sh | 4 +-
.../selftests/net/forwarding/pedit_ip.sh | 2 +-
.../selftests/net/forwarding/pedit_l4port.sh | 4 +-
.../selftests/net/forwarding/router.sh | 18 +--
.../net/forwarding/router_broadcast.sh | 2 +-
.../net/forwarding/router_mpath_nh.sh | 8 +-
.../net/forwarding/router_mpath_nh_lib.sh | 4 +-
.../net/forwarding/router_mpath_nh_res.sh | 8 +-
.../net/forwarding/router_mpath_seed.sh | 16 +--
.../net/forwarding/router_multicast.sh | 48 ++++----
.../net/forwarding/router_multipath.sh | 8 +-
.../selftests/net/forwarding/sch_red.sh | 22 ++--
.../net/forwarding/skbedit_priority.sh | 4 +-
.../selftests/net/forwarding/tc_actions.sh | 40 +++----
.../selftests/net/forwarding/tc_chains.sh | 8 +-
.../selftests/net/forwarding/tc_flower.sh | 108 +++++++++---------
.../selftests/net/forwarding/tc_flower_cfm.sh | 22 ++--
.../net/forwarding/tc_flower_l2_miss.sh | 16 +--
.../net/forwarding/tc_flower_port_range.sh | 52 ++++-----
.../net/forwarding/tc_flower_router.sh | 8 +-
.../selftests/net/forwarding/tc_shblocks.sh | 16 +--
.../selftests/net/forwarding/tc_tunnel_key.sh | 6 +-
.../net/forwarding/vxlan_bridge_1d.sh | 24 ++--
.../net/forwarding/vxlan_bridge_1d_ipv6.sh | 6 +-
.../net/forwarding/vxlan_bridge_1q.sh | 18 +--
.../net/forwarding/vxlan_bridge_1q_ipv6.sh | 2 +-
.../net/forwarding/vxlan_bridge_1q_mc_ul.sh | 8 +-
.../net/forwarding/vxlan_reserved.sh | 4 +-
51 files changed, 403 insertions(+), 403 deletions(-)
diff --git a/tools/testing/selftests/net/forwarding/bridge_igmp.sh b/tools/testing/selftests/net/forwarding/bridge_igmp.sh
index d4e7dd659354..605d8f6a7468 100755
--- a/tools/testing/selftests/net/forwarding/bridge_igmp.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_igmp.sh
@@ -158,7 +158,7 @@ v3include_prepare()
ip link set dev br0 type bridge mcast_igmp_version 3
check_err $? "Could not change bridge IGMP version to 3"
- $MZ $host1_if -b $mac -c 1 -B $group -t ip "proto=2,p=$MZPKT_IS_INC" -q
+ $MZ -b $mac -c 1 -B $group -t ip "proto=2,p=$MZPKT_IS_INC" -q $host1_if
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -183,7 +183,7 @@ v3exclude_prepare()
v3include_prepare $host1_if $mac $group
- $MZ $host1_if -c 1 -b $mac -B $group -t ip "proto=2,p=$MZPKT_IS_EXC" -q
+ $MZ -c 1 -b $mac -B $group -t ip "proto=2,p=$MZPKT_IS_EXC" -q $host1_if
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -237,7 +237,7 @@ v3inc_allow_test()
v3include_prepare $h1 $ALL_MAC $ALL_GROUP
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_ALLOW" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_ALLOW" -q $h1
sleep 1
brmcast_check_sg_entries "allow" "${X[@]}"
@@ -258,7 +258,7 @@ v3inc_is_include_test()
v3include_prepare $h1 $ALL_MAC $ALL_GROUP
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_IS_INC2" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_IS_INC2" -q $h1
sleep 1
brmcast_check_sg_entries "is_include" "${X[@]}"
@@ -297,7 +297,7 @@ v3inc_to_exclude_test()
ip link set dev br0 type bridge mcast_last_member_interval 500
check_err $? "Could not change mcast_last_member_interval to 5s"
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_TO_EXC" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_TO_EXC" -q $h1
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -341,7 +341,7 @@ v3exc_allow_test()
v3exclude_prepare $h1 $ALL_MAC $ALL_GROUP
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_ALLOW2" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_ALLOW2" -q $h1
sleep 1
brmcast_check_sg_entries "allow" "${X[@]}" "${Y[@]}"
@@ -364,7 +364,7 @@ v3exc_is_include_test()
v3exclude_prepare $h1 $ALL_MAC $ALL_GROUP
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_IS_INC3" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_IS_INC3" -q $h1
sleep 1
brmcast_check_sg_entries "is_include" "${X[@]}" "${Y[@]}"
@@ -387,7 +387,7 @@ v3exc_is_exclude_test()
v3exclude_prepare $h1 $ALL_MAC $ALL_GROUP
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_IS_EXC2" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_IS_EXC2" -q $h1
sleep 1
brmcast_check_sg_entries "is_exclude" "${X[@]}" "${Y[@]}"
@@ -413,7 +413,7 @@ v3exc_to_exclude_test()
ip link set dev br0 type bridge mcast_last_member_interval 500
check_err $? "Could not change mcast_last_member_interval to 5s"
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_TO_EXC" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_TO_EXC" -q $h1
sleep 1
brmcast_check_sg_entries "to_exclude" "${X[@]}" "${Y[@]}"
@@ -437,7 +437,7 @@ v3inc_block_test()
v3include_prepare $h1 $ALL_MAC $ALL_GROUP
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_BLOCK" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_BLOCK" -q $h1
# make sure the lowered timers have expired (by default 2 seconds)
sleep 3
brmcast_check_sg_entries "block" "${X[@]}"
@@ -470,7 +470,7 @@ v3exc_block_test()
ip link set dev br0 type bridge mcast_last_member_interval 500
check_err $? "Could not change mcast_last_member_interval to 5s"
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_BLOCK" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_BLOCK" -q $h1
sleep 1
brmcast_check_sg_entries "block" "${X[@]}" "${Y[@]}"
@@ -502,7 +502,7 @@ v3exc_timeout_test()
mcast_query_response_interval 500 \
mcast_membership_interval 1500
- $MZ $h1 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_ALLOW2" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_ALLOW2" -q $h1
sleep 5
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -545,7 +545,7 @@ v3star_ex_auto_add_test()
v3exclude_prepare $h1 $ALL_MAC $ALL_GROUP
- $MZ $h2 -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_IS_INC" -q
+ $MZ -c 1 -b $ALL_MAC -B $ALL_GROUP -t ip "proto=2,p=$MZPKT_IS_INC" -q $h2
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
diff --git a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
index c62331b2e006..93d2261be6e3 100755
--- a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
@@ -225,18 +225,18 @@ locked_port_mab_roam()
bridge link set dev $swp1 learning on locked on mab on
- $MZ $h1 -q -c 5 -d 100msec -t udp -a $mac -b rand
+ $MZ -q -c 5 -d 100msec -t udp -a $mac -b rand $h1
bridge fdb get $mac br br0 vlan 1 | grep "dev $swp1" | grep -q "locked"
check_err $? "No locked entry on first injection"
- $MZ $h2 -q -c 5 -d 100msec -t udp -a $mac -b rand
+ $MZ -q -c 5 -d 100msec -t udp -a $mac -b rand $h2
bridge fdb get $mac br br0 vlan 1 | grep -q "dev $swp2"
check_err $? "Entry did not roam to an unlocked port"
bridge fdb get $mac br br0 vlan 1 | grep -q "locked"
check_fail $? "Entry roamed with locked flag on"
- $MZ $h1 -q -c 5 -d 100msec -t udp -a $mac -b rand
+ $MZ -q -c 5 -d 100msec -t udp -a $mac -b rand $h1
bridge fdb get $mac br br0 vlan 1 | grep -q "dev $swp1"
check_fail $? "Entry roamed back to locked port"
@@ -285,12 +285,12 @@ locked_port_mab_flush()
bridge fdb add $unlocked_mac1 dev $swp1 vlan 1 master static
bridge fdb add $unlocked_mac2 dev $swp2 vlan 1 master static
- $MZ $h1 -q -c 5 -d 100msec -t udp -a $locked_mac1 -b rand
+ $MZ -q -c 5 -d 100msec -t udp -a $locked_mac1 -b rand $h1
bridge fdb get $locked_mac1 br br0 vlan 1 | grep "dev $swp1" | \
grep -q "locked"
check_err $? "Failed to create locked FDB entry on first port"
- $MZ $h2 -q -c 5 -d 100msec -t udp -a $locked_mac2 -b rand
+ $MZ -q -c 5 -d 100msec -t udp -a $locked_mac2 -b rand $h2
bridge fdb get $locked_mac2 br br0 vlan 1 | grep "dev $swp2" | \
grep -q "locked"
check_err $? "Failed to create locked FDB entry on second port"
diff --git a/tools/testing/selftests/net/forwarding/bridge_mdb.sh b/tools/testing/selftests/net/forwarding/bridge_mdb.sh
index 8c1597ebc2d3..6ddb64ac90d0 100755
--- a/tools/testing/selftests/net/forwarding/bridge_mdb.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_mdb.sh
@@ -1023,27 +1023,27 @@ __fwd_test_host_ip()
# Packet should only be flooded to multicast router ports when there is
# no matching MDB entry. The bridge is not configured as a multicast
# router port.
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q $h1.10
tc_check_packets "dev br0 ingress" 1 0
check_err $? "Packet locally received after flood"
# Install a regular port group entry and expect the packet to not be
# locally received.
bridge mdb add dev br0 port $swp2 grp $grp temp vid 10
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q $h1.10
tc_check_packets "dev br0 ingress" 1 0
check_err $? "Packet locally received after installing a regular entry"
# Add a host entry and expect the packet to be locally received.
bridge mdb add dev br0 port br0 grp $grp temp vid 10
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q $h1.10
tc_check_packets "dev br0 ingress" 1 1
check_err $? "Packet not locally received after adding a host entry"
# Remove the host entry and expect the packet to not be locally
# received.
bridge mdb del dev br0 port br0 grp $grp vid 10
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $src -B $grp -t udp -q $h1.10
tc_check_packets "dev br0 ingress" 1 1
check_err $? "Packet locally received after removing a host entry"
@@ -1071,27 +1071,27 @@ fwd_test_host_l2()
# Packet should be flooded and locally received when there is no
# matching MDB entry.
- $MZ $h1.10 -c 1 -p 128 -a own -b $dmac -q
+ $MZ -c 1 -p 128 -a own -b $dmac -q $h1.10
tc_check_packets "dev br0 ingress" 1 1
check_err $? "Packet not locally received after flood"
# Install a regular port group entry and expect the packet to not be
# locally received.
bridge mdb add dev br0 port $swp2 grp $dmac permanent vid 10
- $MZ $h1.10 -c 1 -p 128 -a own -b $dmac -q
+ $MZ -c 1 -p 128 -a own -b $dmac -q $h1.10
tc_check_packets "dev br0 ingress" 1 1
check_err $? "Packet locally received after installing a regular entry"
# Add a host entry and expect the packet to be locally received.
bridge mdb add dev br0 port br0 grp $dmac permanent vid 10
- $MZ $h1.10 -c 1 -p 128 -a own -b $dmac -q
+ $MZ -c 1 -p 128 -a own -b $dmac -q $h1.10
tc_check_packets "dev br0 ingress" 1 2
check_err $? "Packet not locally received after adding a host entry"
# Remove the host entry and expect the packet to not be locally
# received.
bridge mdb del dev br0 port br0 grp $dmac permanent vid 10
- $MZ $h1.10 -c 1 -p 128 -a own -b $dmac -q
+ $MZ -c 1 -p 128 -a own -b $dmac -q $h1.10
tc_check_packets "dev br0 ingress" 1 2
check_err $? "Packet locally received after removing a host entry"
@@ -1151,43 +1151,43 @@ __fwd_test_port_ip()
vlan_ethtype $eth_type vlan_id 10 dst_ip $grp \
src_ip $invalid_src action drop
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 1 0
check_err $? "Packet from valid source received on H2 before adding entry"
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 2 0
check_err $? "Packet from invalid source received on H2 before adding entry"
bridge mdb add dev br0 port $swp2 grp $grp vid 10 \
filter_mode $filter_mode source_list $src_list
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 1 1
check_err $? "Packet from valid source not received on H2 after adding entry"
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 2 0
check_err $? "Packet from invalid source received on H2 after adding entry"
bridge mdb replace dev br0 port $swp2 grp $grp vid 10 \
filter_mode exclude
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 1 2
check_err $? "Packet from valid source not received on H2 after allowing all sources"
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 2 1
check_err $? "Packet from invalid source not received on H2 after allowing all sources"
bridge mdb del dev br0 port $swp2 grp $grp vid 10
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $valid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 1 2
check_err $? "Packet from valid source received on H2 after deleting entry"
- $MZ $mode $h1.10 -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q
+ $MZ $mode -a own -b $dmac -c 1 -p 128 -A $invalid_src -B $grp -t udp -q $h1.10
tc_check_packets "dev $h2 ingress" 2 1
check_err $? "Packet from invalid source received on H2 after deleting entry"
@@ -1216,17 +1216,17 @@ fwd_test_port_l2()
tc filter add dev $h2 ingress protocol all pref 1 handle 1 flower \
dst_mac $dmac action drop
- $MZ $h1.10 -c 1 -p 128 -a own -b $dmac -q
+ $MZ -c 1 -p 128 -a own -b $dmac -q $h1.10
tc_check_packets "dev $h2 ingress" 1 0
check_err $? "Packet received on H2 before adding entry"
bridge mdb add dev br0 port $swp2 grp $dmac permanent vid 10
- $MZ $h1.10 -c 1 -p 128 -a own -b $dmac -q
+ $MZ -c 1 -p 128 -a own -b $dmac -q $h1.10
tc_check_packets "dev $h2 ingress" 1 1
check_err $? "Packet not received on H2 after adding entry"
bridge mdb del dev br0 port $swp2 grp $dmac permanent vid 10
- $MZ $h1.10 -c 1 -p 128 -a own -b $dmac -q
+ $MZ -c 1 -p 128 -a own -b $dmac -q $h1.10
tc_check_packets "dev $h2 ingress" 1 1
check_err $? "Packet received on H2 after deleting entry"
@@ -1283,8 +1283,8 @@ ctrl_igmpv3_is_in_test()
filter_mode include source_list 192.0.2.1
# IS_IN ( 192.0.2.2 )
- $MZ $h1.10 -c 1 -a own -b 01:00:5e:01:01:01 -A 192.0.2.1 -B 239.1.1.1 \
- -t ip proto=2,p=$(igmpv3_is_in_get 239.1.1.1 192.0.2.2) -q
+ $MZ -c 1 -a own -b 01:00:5e:01:01:01 -A 192.0.2.1 -B 239.1.1.1 \
+ -t ip proto=2,p=$(igmpv3_is_in_get 239.1.1.1 192.0.2.2) -q $h1.10
bridge mdb get dev br0 grp 239.1.1.1 src 192.0.2.2 vid 10 &> /dev/null
check_fail $? "Permanent entry affected by IGMP packet"
@@ -1296,8 +1296,8 @@ ctrl_igmpv3_is_in_test()
filter_mode include source_list 192.0.2.1
# IS_IN ( 192.0.2.2 )
- $MZ $h1.10 -a own -b 01:00:5e:01:01:01 -c 1 -A 192.0.2.1 -B 239.1.1.1 \
- -t ip proto=2,p=$(igmpv3_is_in_get 239.1.1.1 192.0.2.2) -q
+ $MZ -a own -b 01:00:5e:01:01:01 -c 1 -A 192.0.2.1 -B 239.1.1.1 \
+ -t ip proto=2,p=$(igmpv3_is_in_get 239.1.1.1 192.0.2.2) -q $h1.10
bridge -d mdb get dev br0 grp 239.1.1.1 vid 10 | grep -q 192.0.2.2
check_err $? "Source not add to source list"
@@ -1321,8 +1321,8 @@ ctrl_mldv2_is_in_test()
# IS_IN ( 2001:db8:1::2 )
local p=$(mldv2_is_in_get fe80::1 ff0e::1 2001:db8:1::2)
- $MZ -6 $h1.10 -a own -b 33:33:00:00:00:01 -c 1 -A fe80::1 -B ff0e::1 \
- -t ip hop=1,next=0,p="$p" -q
+ $MZ -6 -a own -b 33:33:00:00:00:01 -c 1 -A fe80::1 -B ff0e::1 \
+ -t ip hop=1,next=0,p="$p" -q $h1.10
bridge mdb get dev br0 grp ff0e::1 src 2001:db8:1::2 vid 10 &> /dev/null
check_fail $? "Permanent entry affected by MLD packet"
@@ -1334,8 +1334,8 @@ ctrl_mldv2_is_in_test()
filter_mode include source_list 2001:db8:1::1
# IS_IN ( 2001:db8:1::2 )
- $MZ -6 $h1.10 -a own -b 33:33:00:00:00:01 -c 1 -A fe80::1 -B ff0e::1 \
- -t ip hop=1,next=0,p="$p" -q
+ $MZ -6 -a own -b 33:33:00:00:00:01 -c 1 -A fe80::1 -B ff0e::1 \
+ -t ip hop=1,next=0,p="$p" -q $h1.10
bridge -d mdb get dev br0 grp ff0e::1 vid 10 | grep -q 2001:db8:1::2
check_err $? "Source not add to source list"
diff --git a/tools/testing/selftests/net/forwarding/bridge_mdb_max.sh b/tools/testing/selftests/net/forwarding/bridge_mdb_max.sh
index 3da9d93ab36f..1ebce13930c3 100755
--- a/tools/testing/selftests/net/forwarding/bridge_mdb_max.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_mdb_max.sh
@@ -253,8 +253,8 @@ ctl4_entries_add()
local peer=$(locus_dev_peer $locus)
local GRP=239.1.1.${grp}
local dmac=01:00:5e:01:01:$(printf "%02x" $grp)
- $MZ $peer -a own -b $dmac -c 1 -A 192.0.2.1 -B $GRP \
- -t ip proto=2,p=$(igmpv3_is_in_get $GRP $IPs) -q
+ $MZ -a own -b $dmac -c 1 -A 192.0.2.1 -B $GRP \
+ -t ip proto=2,p=$(igmpv3_is_in_get $GRP $IPs) -q $peer
sleep 1
local nn=$(bridge mdb show dev br0 | grep $GRP | wc -l)
@@ -274,8 +274,8 @@ ctl4_entries_del()
local peer=$(locus_dev_peer $locus)
local GRP=239.1.1.${grp}
local dmac=01:00:5e:00:00:02
- $MZ $peer -a own -b $dmac -c 1 -A 192.0.2.1 -B 224.0.0.2 \
- -t ip proto=2,p=$(igmpv2_leave_get $GRP) -q
+ $MZ -a own -b $dmac -c 1 -A 192.0.2.1 -B 224.0.0.2 \
+ -t ip proto=2,p=$(igmpv2_leave_get $GRP) -q $peer
sleep 1
! bridge mdb show dev br0 | grep -q $GRP
}
@@ -293,8 +293,8 @@ ctl6_entries_add()
local GRP=ff0e::${grp}
local dmac=33:33:00:00:00:$(printf "%02x" $grp)
local p=$(mldv2_is_in_get $SIP $GRP $IPs)
- $MZ -6 $peer -a own -b $dmac -c 1 -A $SIP -B $GRP \
- -t ip hop=1,next=0,p="$p" -q
+ $MZ -6 -a own -b $dmac -c 1 -A $SIP -B $GRP \
+ -t ip hop=1,next=0,p="$p" -q $peer
sleep 1
local nn=$(bridge mdb show dev br0 | grep $GRP | wc -l)
@@ -316,8 +316,8 @@ ctl6_entries_del()
local GRP=ff0e::${grp}
local dmac=33:33:00:00:00:$(printf "%02x" $grp)
local p=$(mldv1_done_get $SIP $GRP)
- $MZ -6 $peer -a own -b $dmac -c 1 -A $SIP -B $GRP \
- -t ip hop=1,next=0,p="$p" -q
+ $MZ -6 -a own -b $dmac -c 1 -A $SIP -B $GRP \
+ -t ip hop=1,next=0,p="$p" -q $peer
sleep 1
! bridge mdb show dev br0 | grep -q $GRP
}
diff --git a/tools/testing/selftests/net/forwarding/bridge_mld.sh b/tools/testing/selftests/net/forwarding/bridge_mld.sh
index 4cacef5a813a..b4f6a81e8bf0 100755
--- a/tools/testing/selftests/net/forwarding/bridge_mld.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_mld.sh
@@ -158,7 +158,7 @@ mldv2include_prepare()
ip link set dev br0 type bridge mcast_mld_version 2
check_err $? "Could not change bridge MLD version to 2"
- $MZ $host1_if $MZPKT_IS_INC -q
+ $MZ -q $host1_if $MZPKT_IS_INC
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -183,7 +183,7 @@ mldv2exclude_prepare()
mldv2include_prepare $h1
- $MZ $host1_if -c 1 $MZPKT_IS_EXC -q
+ $MZ -c 1 -q $host1_if $MZPKT_IS_EXC
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -236,7 +236,7 @@ mldv2inc_allow_test()
mldv2include_prepare $h1
- $MZ $h1 -c 1 $MZPKT_ALLOW -q
+ $MZ -c 1 -q $h1 $MZPKT_ALLOW
sleep 1
brmcast_check_sg_entries "allow" "${X[@]}"
@@ -257,7 +257,7 @@ mldv2inc_is_include_test()
mldv2include_prepare $h1
- $MZ $h1 -c 1 $MZPKT_IS_INC2 -q
+ $MZ -c 1 -q $h1 $MZPKT_IS_INC2
sleep 1
brmcast_check_sg_entries "is_include" "${X[@]}"
@@ -296,7 +296,7 @@ mldv2inc_to_exclude_test()
ip link set dev br0 type bridge mcast_last_member_interval 500
check_err $? "Could not change mcast_last_member_interval to 5s"
- $MZ $h1 -c 1 $MZPKT_TO_EXC -q
+ $MZ -c 1 -q $h1 $MZPKT_TO_EXC
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -340,7 +340,7 @@ mldv2exc_allow_test()
mldv2exclude_prepare $h1
- $MZ $h1 -c 1 $MZPKT_ALLOW2 -q
+ $MZ -c 1 -q $h1 $MZPKT_ALLOW2
sleep 1
brmcast_check_sg_entries "allow" "${X[@]}" "${Y[@]}"
@@ -363,7 +363,7 @@ mldv2exc_is_include_test()
mldv2exclude_prepare $h1
- $MZ $h1 -c 1 $MZPKT_IS_INC3 -q
+ $MZ -c 1 -q $h1 $MZPKT_IS_INC3
sleep 1
brmcast_check_sg_entries "is_include" "${X[@]}" "${Y[@]}"
@@ -386,7 +386,7 @@ mldv2exc_is_exclude_test()
mldv2exclude_prepare $h1
- $MZ $h1 -c 1 $MZPKT_IS_EXC2 -q
+ $MZ -c 1 -q $h1 $MZPKT_IS_EXC2
sleep 1
brmcast_check_sg_entries "is_exclude" "${X[@]}" "${Y[@]}"
@@ -412,7 +412,7 @@ mldv2exc_to_exclude_test()
ip link set dev br0 type bridge mcast_last_member_interval 500
check_err $? "Could not change mcast_last_member_interval to 5s"
- $MZ $h1 -c 1 $MZPKT_TO_EXC -q
+ $MZ -c 1 -q $h1 $MZPKT_TO_EXC
sleep 1
brmcast_check_sg_entries "to_exclude" "${X[@]}" "${Y[@]}"
@@ -436,7 +436,7 @@ mldv2inc_block_test()
mldv2include_prepare $h1
- $MZ $h1 -c 1 $MZPKT_BLOCK -q
+ $MZ -c 1 -q $h1 $MZPKT_BLOCK
# make sure the lowered timers have expired (by default 2 seconds)
sleep 3
brmcast_check_sg_entries "block" "${X[@]}"
@@ -469,7 +469,7 @@ mldv2exc_block_test()
ip link set dev br0 type bridge mcast_last_member_interval 500
check_err $? "Could not change mcast_last_member_interval to 5s"
- $MZ $h1 -c 1 $MZPKT_BLOCK -q
+ $MZ -c 1 -q $h1 $MZPKT_BLOCK
sleep 1
brmcast_check_sg_entries "block" "${X[@]}" "${Y[@]}"
@@ -501,7 +501,7 @@ mldv2exc_timeout_test()
mcast_query_response_interval 500 \
mcast_membership_interval 1500
- $MZ $h1 -c 1 $MZPKT_ALLOW2 -q
+ $MZ -c 1 -q $h1 $MZPKT_ALLOW2
sleep 5
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
@@ -544,7 +544,7 @@ mldv2star_ex_auto_add_test()
mldv2exclude_prepare $h1
- $MZ $h2 -c 1 $MZPKT_IS_INC -q
+ $MZ -c 1 -q $h2 $MZPKT_IS_INC
sleep 1
bridge -j -d -s mdb show dev br0 \
| jq -e ".[].mdb[] | \
diff --git a/tools/testing/selftests/net/forwarding/bridge_sticky_fdb.sh b/tools/testing/selftests/net/forwarding/bridge_sticky_fdb.sh
index 1f8ef0eff862..cbc9a9f3c6de 100755
--- a/tools/testing/selftests/net/forwarding/bridge_sticky_fdb.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_sticky_fdb.sh
@@ -51,7 +51,7 @@ sticky()
bridge fdb add $TEST_MAC dev $swp1 master static sticky
check_err $? "Could not add fdb entry"
bridge fdb del $TEST_MAC dev $swp1 vlan 1 master static sticky
- $MZ $h2 -c 1 -a $TEST_MAC -t arp "request" -q
+ $MZ -c 1 -a $TEST_MAC -t arp -q $h2 "request"
bridge -j fdb show br br0 brport $swp1\
| jq -e ".[] | select(.mac == \"$TEST_MAC\")" &> /dev/null
check_err $? "Did not find FDB record when should"
diff --git a/tools/testing/selftests/net/forwarding/bridge_vlan_aware.sh b/tools/testing/selftests/net/forwarding/bridge_vlan_aware.sh
index e59fba366a0a..88525294e410 100755
--- a/tools/testing/selftests/net/forwarding/bridge_vlan_aware.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_vlan_aware.sh
@@ -131,7 +131,7 @@ extern_learn()
bridge fdb show brport $swp1 | grep -q de:ad:be:ef:13:37
check_err $? "FDB entry was aged out when should not"
- $MZ $h2 -c 1 -p 64 -a $mac -t ip -q
+ $MZ -c 1 -p 64 -a $mac -t ip -q $h2
bridge fdb show brport $swp2 | grep -q de:ad:be:ef:13:37
check_err $? "FDB entry did not roam when should"
@@ -158,7 +158,7 @@ other_tpid()
ip link set $h2 promisc on
ethtool -K $h2 rx-vlan-filter off rx-vlan-stag-filter off
- $MZ -q $h1 -c 1 -b $mac -a own "88:a8 00:03 81:00 00:05 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
+ $MZ -q -c 1 -b $mac -a own $h1 "88:a8 00:03 81:00 00:05 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
sleep 1
# Match on 'self' addresses as well, for those drivers which
@@ -179,7 +179,7 @@ other_tpid()
bridge vlan del dev $swp1 vid 1
- $MZ -q $h1 -c 1 -b $mac -a own "88:a8 00:03 81:00 00:05 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
+ $MZ -q -c 1 -b $mac -a own $h1 "88:a8 00:03 81:00 00:05 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
sleep 1
RET=0
@@ -202,7 +202,7 @@ other_tpid()
tc filter add dev $h2 ingress protocol all pref 1 handle 101 \
flower dst_mac $mac action drop
- $MZ -q $h1 -c 1 -b $mac -a own "81:00 00:00 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
+ $MZ -q -c 1 -b $mac -a own $h1 "81:00 00:00 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
sleep 1
tc -j -s filter show dev $h2 ingress \
diff --git a/tools/testing/selftests/net/forwarding/custom_multipath_hash.sh b/tools/testing/selftests/net/forwarding/custom_multipath_hash.sh
index 7d531f7091e6..de9086f4c724 100755
--- a/tools/testing/selftests/net/forwarding/custom_multipath_hash.sh
+++ b/tools/testing/selftests/net/forwarding/custom_multipath_hash.sh
@@ -181,44 +181,44 @@ ping_ipv6()
send_src_ipv4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A "198.51.100.2-198.51.100.253" -B 203.0.113.2 \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_dst_ipv4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B "203.0.113.2-203.0.113.253" \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_src_udp4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B 203.0.113.2 \
- -d $MZ_DELAY -t udp "sp=0-32768,dp=30000"
+ -d $MZ_DELAY -t udp $h1 "sp=0-32768,dp=30000"
}
send_dst_udp4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B 203.0.113.2 \
- -d $MZ_DELAY -t udp "sp=20000,dp=0-32768"
+ -d $MZ_DELAY -t udp $h1 "sp=20000,dp=0-32768"
}
send_src_ipv6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A "2001:db8:1::2-2001:db8:1::fd" -B 2001:db8:4::2 \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_dst_ipv6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B "2001:db8:4::2-2001:db8:4::fd" \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_flowlabel()
@@ -226,22 +226,22 @@ send_flowlabel()
# Generate 16384 echo requests, each with a random flow label.
ip vrf exec v$h1 sh -c \
"for _ in {1..16384}; do \
- $PING6 2001:db8:4::2 -F 0 -c 1 -q >/dev/null 2>&1; \
+ $PING6 -F 0 -c 1 -q 2001:db8:4::2 >/dev/null 2>&1; \
done"
}
send_src_udp6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B 2001:db8:4::2 \
- -d $MZ_DELAY -t udp "sp=0-32768,dp=30000"
+ -d $MZ_DELAY -t udp $h1 "sp=0-32768,dp=30000"
}
send_dst_udp6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B 2001:db8:4::2 \
- -d $MZ_DELAY -t udp "sp=20000,dp=0-32768"
+ -d $MZ_DELAY -t udp $h1 "sp=20000,dp=0-32768"
}
custom_hash_test()
diff --git a/tools/testing/selftests/net/forwarding/gre_custom_multipath_hash.sh b/tools/testing/selftests/net/forwarding/gre_custom_multipath_hash.sh
index dda11a4a9450..24e74fa35392 100755
--- a/tools/testing/selftests/net/forwarding/gre_custom_multipath_hash.sh
+++ b/tools/testing/selftests/net/forwarding/gre_custom_multipath_hash.sh
@@ -276,44 +276,44 @@ ping_ipv6()
send_src_ipv4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A "198.51.100.2-198.51.100.253" -B 203.0.113.2 \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_dst_ipv4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B "203.0.113.2-203.0.113.253" \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_src_udp4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B 203.0.113.2 \
- -d $MZ_DELAY -t udp "sp=0-32768,dp=30000"
+ -d $MZ_DELAY -t udp $h1 "sp=0-32768,dp=30000"
}
send_dst_udp4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B 203.0.113.2 \
- -d $MZ_DELAY -t udp "sp=20000,dp=0-32768"
+ -d $MZ_DELAY -t udp $h1 "sp=20000,dp=0-32768"
}
send_src_ipv6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A "2001:db8:1::2-2001:db8:1::fd" -B 2001:db8:2::2 \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_dst_ipv6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B "2001:db8:2::2-2001:db8:2::fd" \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=20000,dp=30000"
}
send_flowlabel()
@@ -321,22 +321,22 @@ send_flowlabel()
# Generate 16384 echo requests, each with a random flow label.
ip vrf exec v$h1 sh -c \
"for _ in {1..16384}; do \
- $PING6 2001:db8:2::2 -F 0 -c 1 -q >/dev/null 2>&1; \
+ $PING6 -F 0 -c 1 -q 2001:db8:2::2 >/dev/null 2>&1; \
done"
}
send_src_udp6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "sp=0-32768,dp=30000"
+ -d $MZ_DELAY -t udp $h1 "sp=0-32768,dp=30000"
}
send_dst_udp6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "sp=20000,dp=0-32768"
+ -d $MZ_DELAY -t udp $h1 "sp=20000,dp=0-32768"
}
custom_hash_test()
diff --git a/tools/testing/selftests/net/forwarding/gre_inner_v4_multipath.sh b/tools/testing/selftests/net/forwarding/gre_inner_v4_multipath.sh
index efca6114a3ce..3e1694c9773b 100755
--- a/tools/testing/selftests/net/forwarding/gre_inner_v4_multipath.sh
+++ b/tools/testing/selftests/net/forwarding/gre_inner_v4_multipath.sh
@@ -266,8 +266,8 @@ multipath4_test()
local t0_222=$(tc_rule_stats_get $ul32 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -q -p 64 -A "192.0.3.2-192.0.3.62" -B "192.0.4.2-192.0.4.62" \
- -d $MZ_DELAY -c 50 -t udp "sp=1024,dp=1024"
+ $MZ -q -p 64 -A "192.0.3.2-192.0.3.62" -B "192.0.4.2-192.0.4.62" \
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=1024,dp=1024"
sleep 1
local t1_111=$(tc_rule_stats_get $ul32 111 ingress)
diff --git a/tools/testing/selftests/net/forwarding/gre_inner_v6_multipath.sh b/tools/testing/selftests/net/forwarding/gre_inner_v6_multipath.sh
index a71ad39fc0c3..fb2707a97f59 100755
--- a/tools/testing/selftests/net/forwarding/gre_inner_v6_multipath.sh
+++ b/tools/testing/selftests/net/forwarding/gre_inner_v6_multipath.sh
@@ -266,9 +266,9 @@ multipath6_test()
local t0_222=$(tc_rule_stats_get $ul32 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -6 -q -p 64 -A "2001:db8:1::2-2001:db8:1::3e" \
+ $MZ -6 -q -p 64 -A "2001:db8:1::2-2001:db8:1::3e" \
-B "2001:db8:2::2-2001:db8:2::3e" \
- -d $MZ_DELAY -c 50 -t udp "sp=1024,dp=1024"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=1024,dp=1024"
sleep 1
local t1_111=$(tc_rule_stats_get $ul32 111 ingress)
diff --git a/tools/testing/selftests/net/forwarding/gre_multipath.sh b/tools/testing/selftests/net/forwarding/gre_multipath.sh
index 57531c1d884d..6ed8b8f1ac22 100755
--- a/tools/testing/selftests/net/forwarding/gre_multipath.sh
+++ b/tools/testing/selftests/net/forwarding/gre_multipath.sh
@@ -219,8 +219,8 @@ multipath4_test()
local t0_222=$(tc_rule_stats_get $ul2 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -q -p 64 -A 192.0.2.1 -B 192.0.2.18 \
- -d $MZ_DELAY -t udp "sp=1024,dp=0-32768"
+ $MZ -q -p 64 -A 192.0.2.1 -B 192.0.2.18 \
+ -d $MZ_DELAY -t udp $h1 "sp=1024,dp=0-32768"
local t1_111=$(tc_rule_stats_get $ul2 111 ingress)
local t1_222=$(tc_rule_stats_get $ul2 222 ingress)
diff --git a/tools/testing/selftests/net/forwarding/gre_multipath_nh.sh b/tools/testing/selftests/net/forwarding/gre_multipath_nh.sh
index 7d5b2b9cc133..d207b5518843 100755
--- a/tools/testing/selftests/net/forwarding/gre_multipath_nh.sh
+++ b/tools/testing/selftests/net/forwarding/gre_multipath_nh.sh
@@ -243,8 +243,8 @@ multipath4_test()
local t0_222=$(tc_rule_stats_get $ul2 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -q -p 64 -A 192.0.2.1 -B 192.0.2.18 \
- -d $MZ_DELAY -t udp "sp=1024,dp=0-32768"
+ $MZ -q -p 64 -A 192.0.2.1 -B 192.0.2.18 \
+ -d $MZ_DELAY -t udp $h1 "sp=1024,dp=0-32768"
local t1_111=$(tc_rule_stats_get $ul2 111 ingress)
local t1_222=$(tc_rule_stats_get $ul2 222 ingress)
@@ -270,8 +270,8 @@ multipath6_test()
local t0_222=$(tc_rule_stats_get $ul2 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -6 -q -p 64 -A 2001:db8:1::1 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "sp=1024,dp=0-32768"
+ $MZ -6 -q -p 64 -A 2001:db8:1::1 -B 2001:db8:2::2 \
+ -d $MZ_DELAY -t udp $h1 "sp=1024,dp=0-32768"
local t1_111=$(tc_rule_stats_get $ul2 111 ingress)
local t1_222=$(tc_rule_stats_get $ul2 222 ingress)
diff --git a/tools/testing/selftests/net/forwarding/gre_multipath_nh_res.sh b/tools/testing/selftests/net/forwarding/gre_multipath_nh_res.sh
index 370f9925302d..f1d8a6b17d6f 100755
--- a/tools/testing/selftests/net/forwarding/gre_multipath_nh_res.sh
+++ b/tools/testing/selftests/net/forwarding/gre_multipath_nh_res.sh
@@ -246,8 +246,8 @@ multipath4_test()
local t0_222=$(tc_rule_stats_get $ul2 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -q -p 64 -A 192.0.2.1 -B 192.0.2.18 \
- -d $MZ_DELAY -t udp "sp=1024,dp=0-32768"
+ $MZ -q -p 64 -A 192.0.2.1 -B 192.0.2.18 \
+ -d $MZ_DELAY -t udp $h1 "sp=1024,dp=0-32768"
local t1_111=$(tc_rule_stats_get $ul2 111 ingress)
local t1_222=$(tc_rule_stats_get $ul2 222 ingress)
@@ -274,8 +274,8 @@ multipath6_test()
local t0_222=$(tc_rule_stats_get $ul2 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -6 -q -p 64 -A 2001:db8:1::1 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "sp=1024,dp=0-32768"
+ $MZ -6 -q -p 64 -A 2001:db8:1::1 -B 2001:db8:2::2 \
+ -d $MZ_DELAY -t udp $h1 "sp=1024,dp=0-32768"
local t1_111=$(tc_rule_stats_get $ul2 111 ingress)
local t1_222=$(tc_rule_stats_get $ul2 222 ingress)
diff --git a/tools/testing/selftests/net/forwarding/ip6_forward_instats_vrf.sh b/tools/testing/selftests/net/forwarding/ip6_forward_instats_vrf.sh
index 49fa94b53a1c..25036e38043c 100755
--- a/tools/testing/selftests/net/forwarding/ip6_forward_instats_vrf.sh
+++ b/tools/testing/selftests/net/forwarding/ip6_forward_instats_vrf.sh
@@ -95,7 +95,7 @@ ipv6_in_too_big_err()
# Send too big packets
ip vrf exec $vrf_name \
- $PING6 -s 1300 2001:1:2::2 -c 1 -w $PING_TIMEOUT &> /dev/null
+ $PING6 -s 1300 -c 1 -w $PING_TIMEOUT 2001:1:2::2 &> /dev/null
local t1=$(ipv6_stats_get $rtr1 Ip6InTooBigErrors)
test "$((t1 - t0))" -ne 0
@@ -131,7 +131,7 @@ ipv6_in_addr_err()
# Disable forwarding temporary while sending the packet
sysctl -qw net.ipv6.conf.all.forwarding=0
ip vrf exec $vrf_name \
- $PING6 2001:1:2::2 -c 1 -w $PING_TIMEOUT &> /dev/null
+ $PING6 -c 1 -w $PING_TIMEOUT 2001:1:2::2 &> /dev/null
sysctl -qw net.ipv6.conf.all.forwarding=1
local t1=$(ipv6_stats_get $rtr1 Ip6InAddrErrors)
@@ -150,7 +150,7 @@ ipv6_in_discard()
# Add a policy to discard
ip xfrm policy add dst 2001:1:2::2/128 dir fwd action block
ip vrf exec $vrf_name \
- $PING6 2001:1:2::2 -c 1 -w $PING_TIMEOUT &> /dev/null
+ $PING6 -c 1 -w $PING_TIMEOUT 2001:1:2::2 &> /dev/null
ip xfrm policy del dst 2001:1:2::2/128 dir fwd
local t1=$(ipv6_stats_get $rtr1 Ip6InDiscards)
diff --git a/tools/testing/selftests/net/forwarding/ip6gre_custom_multipath_hash.sh b/tools/testing/selftests/net/forwarding/ip6gre_custom_multipath_hash.sh
index e28b4a079e52..bcfa88fd0845 100755
--- a/tools/testing/selftests/net/forwarding/ip6gre_custom_multipath_hash.sh
+++ b/tools/testing/selftests/net/forwarding/ip6gre_custom_multipath_hash.sh
@@ -278,44 +278,44 @@ ping_ipv6()
send_src_ipv4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A "198.51.100.2-198.51.100.253" -B 203.0.113.2 \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1"sp=20000,dp=30000"
}
send_dst_ipv4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B "203.0.113.2-203.0.113.253" \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1"sp=20000,dp=30000"
}
send_src_udp4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B 203.0.113.2 \
- -d $MZ_DELAY -t udp "sp=0-32768,dp=30000"
+ -d $MZ_DELAY -t udp $h1"sp=0-32768,dp=30000"
}
send_dst_udp4()
{
- ip vrf exec v$h1 $MZ $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -q -p 64 \
-A 198.51.100.2 -B 203.0.113.2 \
- -d $MZ_DELAY -t udp "sp=20000,dp=0-32768"
+ -d $MZ_DELAY -t udp $h1"sp=20000,dp=0-32768"
}
send_src_ipv6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A "2001:db8:1::2-2001:db8:1::fd" -B 2001:db8:2::2 \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1"sp=20000,dp=30000"
}
send_dst_ipv6()
{
- ip vrf exec v$h1 $MZ -6 $h1 -q -p 64 \
+ ip vrf exec v$h1 $MZ -6 -q -p 64 \
-A 2001:db8:1::2 -B "2001:db8:2::2-2001:db8:2::fd" \
- -d $MZ_DELAY -c 50 -t udp "sp=20000,dp=30000"
+ -d $MZ_DELAY -c 50 -t udp $h1"sp=20000,dp=30000"
}
send_flowlabel()
@@ -323,7 +323,7 @@ send_flowlabel()
# Generate 16384 echo requests, each with a random flow label.
ip vrf exec v$h1 sh -c \
"for _ in {1..16384}; do \
- $PING6 2001:db8:2::2 -F 0 -c 1 -q >/dev/null 2>&1; \
+ $PING6 -F 0 -c 1 -q 2001:db8:2::2 >/dev/null 2>&1; \
done"
}
diff --git a/tools/testing/selftests/net/forwarding/ip6gre_inner_v4_multipath.sh b/tools/testing/selftests/net/forwarding/ip6gre_inner_v4_multipath.sh
index 32d1461f37b7..21a2deb577ef 100755
--- a/tools/testing/selftests/net/forwarding/ip6gre_inner_v4_multipath.sh
+++ b/tools/testing/selftests/net/forwarding/ip6gre_inner_v4_multipath.sh
@@ -265,8 +265,8 @@ multipath4_test()
local t0_222=$(tc_rule_stats_get $ul32 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -q -p 64 -A "192.0.3.2-192.0.3.62" -B "192.0.4.2-192.0.4.62" \
- -d $MZ_DELAY -c 50 -t udp "sp=1024,dp=1024"
+ $MZ -q -p 64 -A "192.0.3.2-192.0.3.62" -B "192.0.4.2-192.0.4.62" \
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=1024,dp=1024"
sleep 1
local t1_111=$(tc_rule_stats_get $ul32 111 ingress)
diff --git a/tools/testing/selftests/net/forwarding/ip6gre_inner_v6_multipath.sh b/tools/testing/selftests/net/forwarding/ip6gre_inner_v6_multipath.sh
index e1a4b50505f5..f2fd82017f21 100755
--- a/tools/testing/selftests/net/forwarding/ip6gre_inner_v6_multipath.sh
+++ b/tools/testing/selftests/net/forwarding/ip6gre_inner_v6_multipath.sh
@@ -265,9 +265,9 @@ multipath6_test()
local t0_222=$(tc_rule_stats_get $ul32 222 ingress)
ip vrf exec v$h1 \
- $MZ $h1 -6 -q -p 64 -A "2001:db8:1::2-2001:db8:1::3e" \
+ $MZ -6 -q -p 64 -A "2001:db8:1::2-2001:db8:1::3e" \
-B "2001:db8:2::2-2001:db8:2::3e" \
- -d $MZ_DELAY -c 50 -t udp "sp=1024,dp=1024"
+ -d $MZ_DELAY -c 50 -t udp $h1 "sp=1024,dp=1024"
sleep 1
local t1_111=$(tc_rule_stats_get $ul32 111 ingress)
diff --git a/tools/testing/selftests/net/forwarding/ip6gre_lib.sh b/tools/testing/selftests/net/forwarding/ip6gre_lib.sh
index 2d91281dc5b7..4ebb8a1c758a 100644
--- a/tools/testing/selftests/net/forwarding/ip6gre_lib.sh
+++ b/tools/testing/selftests/net/forwarding/ip6gre_lib.sh
@@ -355,8 +355,8 @@ test_traffic_ip4ip6()
tc filter add dev $ol2 egress protocol ipv4 pref 1 handle 101 \
flower $TC_FLAG dst_ip 203.0.113.1 action pass
- $MZ $h1 -c 1000 -p 64 -a $h1mac -b $ol1mac -A 198.51.100.1 \
- -B 203.0.113.1 -t ip -q -d $MZ_DELAY
+ $MZ -c 1000 -p 64 -a $h1mac -b $ol1mac -A 198.51.100.1 \
+ -B 203.0.113.1 -t ip -q -d $MZ_DELAY $h1
# Check ports after encap and after decap.
tc_check_at_least_x_packets "dev $ul1 egress" 101 1000
@@ -388,8 +388,8 @@ test_traffic_ip6ip6()
tc filter add dev $ol2 egress protocol ipv6 pref 1 handle 101 \
flower $TC_FLAG dst_ip 2001:db8:2::1 action pass
- $MZ -6 $h1 -c 1000 -p 64 -a $h1mac -b $ol1mac -A 2001:db8:1::1 \
- -B 2001:db8:2::1 -t ip -q -d $MZ_DELAY
+ $MZ -6 -c 1000 -p 64 -a $h1mac -b $ol1mac -A 2001:db8:1::1 \
+ -B 2001:db8:2::1 -t ip -q -d $MZ_DELAY $h1
# Check ports after encap and after decap.
tc_check_at_least_x_packets "dev $ul1 egress" 101 1000
diff --git a/tools/testing/selftests/net/forwarding/lib.sh b/tools/testing/selftests/net/forwarding/lib.sh
index 890b3374dacd..d1a06dbfe2ae 100644
--- a/tools/testing/selftests/net/forwarding/lib.sh
+++ b/tools/testing/selftests/net/forwarding/lib.sh
@@ -1291,8 +1291,8 @@ ping_do()
vrf_name=$(master_name_get $if_name)
ip vrf exec $vrf_name \
- $PING $args $dip -c $PING_COUNT -i 0.1 \
- -w $PING_TIMEOUT &> /dev/null
+ $PING $args -c $PING_COUNT -i 0.1 \
+ -w $PING_TIMEOUT $dip &> /dev/null
}
ping_test()
@@ -1322,8 +1322,8 @@ ping6_do()
vrf_name=$(master_name_get $if_name)
ip vrf exec $vrf_name \
- $PING6 $args $dip -c $PING_COUNT -i 0.1 \
- -w $PING_TIMEOUT &> /dev/null
+ $PING6 $args -c $PING_COUNT -i 0.1 \
+ -w $PING_TIMEOUT $dip &> /dev/null
}
ping6_test()
@@ -1369,7 +1369,7 @@ learning_test()
tc filter add dev $host1_if ingress protocol ip pref 1 handle 101 \
flower dst_mac $mac action drop
- $MZ $host2_if -c 1 -p 64 -b $mac -t ip -q
+ $MZ -c 1 -p 64 -b $mac -t ip -q $host2_if
sleep 1
tc -j -s filter show dev $host1_if ingress \
@@ -1377,14 +1377,14 @@ learning_test()
| select(.options.actions[0].stats.packets == 1)" &> /dev/null
check_fail $? "Packet reached first host when should not"
- $MZ $host1_if -c 1 -p 64 -a $mac -t ip -q
+ $MZ -c 1 -p 64 -a $mac -t ip -q $host1_if
sleep 1
bridge -j fdb show br $bridge brport $br_port1 \
| jq -e ".[] | select(.mac == \"$mac\")" &> /dev/null
check_err $? "Did not find FDB record when should"
- $MZ $host2_if -c 1 -p 64 -b $mac -t ip -q
+ $MZ -c 1 -p 64 -b $mac -t ip -q $host2_if
sleep 1
tc -j -s filter show dev $host1_if ingress \
@@ -1403,7 +1403,7 @@ learning_test()
bridge link set dev $br_port1 learning off
- $MZ $host1_if -c 1 -p 64 -a $mac -t ip -q
+ $MZ -c 1 -p 64 -a $mac -t ip -q $host1_if
sleep 1
bridge -j fdb show br $bridge brport $br_port1 \
@@ -1437,7 +1437,7 @@ flood_test_do()
tc filter add dev $host2_if ingress protocol ip pref 1 handle 101 \
flower dst_mac $mac action drop
- $MZ $host1_if -c 1 -p 64 -b $mac -B $ip -t ip -q
+ $MZ -c 1 -p 64 -b $mac -B $ip -t ip -q $host1_if
sleep 1
tc -j -s filter show dev $host2_if ingress \
@@ -1522,8 +1522,8 @@ __start_traffic()
local dmac=$1; shift
local -a mz_args=("$@")
- $MZ $h_in -p $pktsize -A $sip -B $dip -c 0 \
- -a own -b $dmac -t "$proto" -q "${mz_args[@]}" &
+ $MZ -p $pktsize -A $sip -B $dip -c 0 \
+ -a own -b $dmac -t "$proto" -q $h_in "${mz_args[@]}" &
sleep 1
}
@@ -1663,7 +1663,7 @@ mcast_packet_test()
tc filter add dev $host2_if ingress protocol $tc_proto pref 1 handle 101 \
flower ip_proto udp dst_mac $mac action drop
- $MZ $host1_if $mz_v6arg -c 1 -p 64 -b $mac -A $src_ip -B $ip -t udp "dp=4096,sp=2048" -q
+ $MZ $mz_v6arg -c 1 -p 64 -b $mac -A $src_ip -B $ip -t udp -q $host1_if "dp=4096,sp=2048"
sleep 1
tc -j -s filter show dev $host2_if ingress \
diff --git a/tools/testing/selftests/net/forwarding/mirror_gre_bridge_1q_lag.sh b/tools/testing/selftests/net/forwarding/mirror_gre_bridge_1q_lag.sh
index a20d22d1df36..8d4ae6c952a1 100755
--- a/tools/testing/selftests/net/forwarding/mirror_gre_bridge_1q_lag.sh
+++ b/tools/testing/selftests/net/forwarding/mirror_gre_bridge_1q_lag.sh
@@ -238,7 +238,7 @@ test_lag_slave()
ip neigh flush dev br1
setup_wait_dev $up_dev
setup_wait_dev $host_dev
- $ARPING -I br1 192.0.2.130 -qfc 1
+ $ARPING -I br1 -qfc 1 192.0.2.130
sleep 2
mirror_test vrf-h1 192.0.2.1 192.0.2.18 $host_dev 1 ">= 10"
diff --git a/tools/testing/selftests/net/forwarding/mirror_gre_vlan_bridge_1q.sh b/tools/testing/selftests/net/forwarding/mirror_gre_vlan_bridge_1q.sh
index 1b902cc579f6..a21c771908b3 100755
--- a/tools/testing/selftests/net/forwarding/mirror_gre_vlan_bridge_1q.sh
+++ b/tools/testing/selftests/net/forwarding/mirror_gre_vlan_bridge_1q.sh
@@ -196,7 +196,7 @@ test_span_gre_forbidden_egress()
bridge vlan add dev $swp3 vid 555
# Re-prime FDB
- $ARPING -I br1.555 192.0.2.130 -fqc 1
+ $ARPING -I br1.555 -fqc 1 192.0.2.130
sleep 1
quick_test_span_gre_dir $tundev
@@ -290,7 +290,7 @@ test_span_gre_fdb_roaming()
bridge fdb del dev $swp2 $h3mac vlan 555 master 2>/dev/null
# Re-prime FDB
- $ARPING -I br1.555 192.0.2.130 -fqc 1
+ $ARPING -I br1.555 -fqc 1 192.0.2.130
sleep 1
quick_test_span_gre_dir $tundev
diff --git a/tools/testing/selftests/net/forwarding/mirror_lib.sh b/tools/testing/selftests/net/forwarding/mirror_lib.sh
index 6bf9d5ae933c..401b1cdf0758 100644
--- a/tools/testing/selftests/net/forwarding/mirror_lib.sh
+++ b/tools/testing/selftests/net/forwarding/mirror_lib.sh
@@ -49,8 +49,8 @@ mirror_test()
fi
local t0=$(tc_rule_stats_get $dev $pref)
- $MZ $proto $vrf_name ${sip:+-A $sip} -B $dip -a own -b bc -q \
- -c 10 -d 100msec -t $type
+ $MZ $proto ${sip:+-A $sip} -B $dip -a own -b bc -q \
+ -c 10 -d 100msec -t $type $vrf_name
sleep 0.5
local t1=$(tc_rule_stats_get $dev $pref)
local delta=$((t1 - t0))
diff --git a/tools/testing/selftests/net/forwarding/pedit_dsfield.sh b/tools/testing/selftests/net/forwarding/pedit_dsfield.sh
index af008fbf2725..3e8804ccb721 100755
--- a/tools/testing/selftests/net/forwarding/pedit_dsfield.sh
+++ b/tools/testing/selftests/net/forwarding/pedit_dsfield.sh
@@ -130,8 +130,8 @@ do_test_pedit_dsfield_common()
# TOS 125: DSCP 31, ECN 1. Used for testing that the relevant part is
# overwritten when zero is selected.
- $MZ $mz_flags $h1 -c 10 -d 20msec -p 100 \
- -a own -b $h2mac -q -t tcp tos=0x7d,sp=54321,dp=12345
+ $MZ $mz_flags -c 10 -d 20msec -p 100 \
+ -a own -b $h2mac -q -t tcp $h1 tos=0x7d,sp=54321,dp=12345
local pkts
pkts=$(busywait "$TC_HIT_TIMEOUT" until_counter_is ">= 10" \
diff --git a/tools/testing/selftests/net/forwarding/pedit_ip.sh b/tools/testing/selftests/net/forwarding/pedit_ip.sh
index d14efb2d23b2..48aab7f4cc49 100755
--- a/tools/testing/selftests/net/forwarding/pedit_ip.sh
+++ b/tools/testing/selftests/net/forwarding/pedit_ip.sh
@@ -128,7 +128,7 @@ do_test_pedit_ip()
RET=0
- $MZ $mz_flags $h1 -c 10 -d 20msec -p 100 -a own -b $h2mac -q -t ip
+ $MZ $mz_flags -c 10 -d 20msec -p 100 -a own -b $h2mac -q -t ip $h1
local pkts
pkts=$(busywait "$TC_HIT_TIMEOUT" until_counter_is ">= 10" \
diff --git a/tools/testing/selftests/net/forwarding/pedit_l4port.sh b/tools/testing/selftests/net/forwarding/pedit_l4port.sh
index 10e594c55117..d9846703d6cc 100755
--- a/tools/testing/selftests/net/forwarding/pedit_l4port.sh
+++ b/tools/testing/selftests/net/forwarding/pedit_l4port.sh
@@ -132,8 +132,8 @@ do_test_pedit_l4port_one()
RET=0
- $MZ $mz_flags $h1 -c 10 -d 20msec -p 100 \
- -a own -b $h2mac -q -t $pedit_prot sp=54321,dp=12345
+ $MZ $mz_flags -c 10 -d 20msec -p 100 \
+ -a own -b $h2mac -q -t $pedit_prot $h1 sp=54321,dp=12345
local pkts
pkts=$(busywait "$TC_HIT_TIMEOUT" until_counter_is ">= 10" \
diff --git a/tools/testing/selftests/net/forwarding/router.sh b/tools/testing/selftests/net/forwarding/router.sh
index b98ea9449b8b..2560ad760a66 100755
--- a/tools/testing/selftests/net/forwarding/router.sh
+++ b/tools/testing/selftests/net/forwarding/router.sh
@@ -197,8 +197,8 @@ sip_in_class_e()
tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
flower src_ip 240.0.0.1 ip_proto udp action pass
- $MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
- -A 240.0.0.1 -b $rp1mac -B 198.51.100.2 -q
+ $MZ -t udp -c 5 -d 1msec \
+ -A 240.0.0.1 -b $rp1mac -B 198.51.100.2 -q $h1 "sp=54321,dp=12345"
tc_check_packets "dev $rp2 egress" 101 5
check_err $? "Packets were dropped"
@@ -246,8 +246,8 @@ __mc_mac_mismatch()
create_mcast_sg $rp1 $sip $dip $rp2
- $MZ $flags $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec -b $dmac \
- -B $dip -q
+ $MZ $flags -t udp -c 5 -d 1msec -b $dmac \
+ -B $dip -q $h1 "sp=54321,dp=12345"
tc_check_packets "dev $rp2 egress" 101 5
check_err $? "Packets were dropped"
@@ -275,8 +275,8 @@ ipv4_sip_equal_dip()
tc filter add dev $rp2 egress protocol ip pref 1 handle 101 \
flower src_ip 198.51.100.2 action pass
- $MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
- -A 198.51.100.2 -b $rp1mac -B 198.51.100.2 -q
+ $MZ -t udp -c 5 -d 1msec \
+ -A 198.51.100.2 -b $rp1mac -B 198.51.100.2 -q $h1 "sp=54321,dp=12345"
tc_check_packets "dev $rp2 egress" 101 5
check_err $? "Packets were dropped"
@@ -295,8 +295,8 @@ ipv6_sip_equal_dip()
tc filter add dev $rp2 egress protocol ipv6 pref 1 handle 101 \
flower src_ip 2001:db8:2::2 action pass
- $MZ -6 $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec \
- -A 2001:db8:2::2 -b $rp1mac -B 2001:db8:2::2 -q
+ $MZ -6 -t udp -c 5 -d 1msec \
+ -A 2001:db8:2::2 -b $rp1mac -B 2001:db8:2::2 -q $h1 "sp=54321,dp=12345"
tc_check_packets "dev $rp2 egress" 101 5
check_err $? "Packets were dropped"
@@ -318,7 +318,7 @@ ipv4_dip_link_local()
ip neigh add 169.254.1.1 lladdr 00:11:22:33:44:55 dev $rp2
ip route add 169.254.1.0/24 dev $rp2
- $MZ $h1 -t udp "sp=54321,dp=12345" -c 5 -d 1msec -b $rp1mac -B $dip -q
+ $MZ -t udp -c 5 -d 1msec -b $rp1mac -B $dip -q $h1 "sp=54321,dp=12345"
tc_check_packets "dev $rp2 egress" 101 5
check_err $? "Packets were dropped"
diff --git a/tools/testing/selftests/net/forwarding/router_broadcast.sh b/tools/testing/selftests/net/forwarding/router_broadcast.sh
index 4eac0a06f451..e13569d96cd7 100755
--- a/tools/testing/selftests/net/forwarding/router_broadcast.sh
+++ b/tools/testing/selftests/net/forwarding/router_broadcast.sh
@@ -173,7 +173,7 @@ ping_test_from()
log_info "ping $dip, expected reply from $from"
ip vrf exec $(master_name_get $oif) \
- $PING -I $oif $dip -c 10 -i 0.1 -w $PING_TIMEOUT -b 2>&1 \
+ $PING -I $oif -c 10 -i 0.1 -w $PING_TIMEOUT -b $dip 2>&1 \
| grep "bytes from $from" > /dev/null
check_err_fail $fail $?
}
diff --git a/tools/testing/selftests/net/forwarding/router_mpath_nh.sh b/tools/testing/selftests/net/forwarding/router_mpath_nh.sh
index a7d8399c8d4f..f0cded6b7bcf 100755
--- a/tools/testing/selftests/net/forwarding/router_mpath_nh.sh
+++ b/tools/testing/selftests/net/forwarding/router_mpath_nh.sh
@@ -244,8 +244,8 @@ multipath4_test()
t0_rp12=$(link_stats_tx_packets_get $rp12)
t0_rp13=$(link_stats_tx_packets_get $rp13)
- ip vrf exec vrf-h1 $MZ $h1 -q -p 64 -A 192.0.2.2 -B 198.51.100.2 \
- -d $MZ_DELAY -t udp "$ports"
+ ip vrf exec vrf-h1 $MZ -q -p 64 -A 192.0.2.2 -B 198.51.100.2 \
+ -d $MZ_DELAY -t udp $h1 "$ports"
sleep 1
t1_rp12=$(link_stats_tx_packets_get $rp12)
@@ -280,8 +280,8 @@ multipath6_test()
t0_rp12=$(link_stats_tx_packets_get $rp12)
t0_rp13=$(link_stats_tx_packets_get $rp13)
- $MZ $h1 -6 -q -p 64 -A 2001:db8:1::2 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "$ports"
+ $MZ -6 -q -p 64 -A 2001:db8:1::2 -B 2001:db8:2::2 \
+ -d $MZ_DELAY -t udp $h1 "$ports"
sleep 1
t1_rp12=$(link_stats_tx_packets_get $rp12)
diff --git a/tools/testing/selftests/net/forwarding/router_mpath_nh_lib.sh b/tools/testing/selftests/net/forwarding/router_mpath_nh_lib.sh
index 507b2852dabe..d8ba304ec9ff 100644
--- a/tools/testing/selftests/net/forwarding/router_mpath_nh_lib.sh
+++ b/tools/testing/selftests/net/forwarding/router_mpath_nh_lib.sh
@@ -104,7 +104,7 @@ __nh_stats_test_v4()
sysctl_set net.ipv4.fib_multipath_hash_policy 1
nh_stats_test_dispatch $nhgtype "IPv4" 101 102 103 \
- $MZ $h1 -A 192.0.2.2 -B 198.51.100.2
+ $MZ -A 192.0.2.2 -B 198.51.100.2 $h1
sysctl_restore net.ipv4.fib_multipath_hash_policy
}
@@ -114,7 +114,7 @@ __nh_stats_test_v6()
sysctl_set net.ipv6.fib_multipath_hash_policy 1
nh_stats_test_dispatch $nhgtype "IPv6" 104 105 106 \
- $MZ -6 $h1 -A 2001:db8:1::2 -B 2001:db8:2::2
+ $MZ -6 -A 2001:db8:1::2 -B 2001:db8:2::2 $h1
sysctl_restore net.ipv6.fib_multipath_hash_policy
}
diff --git a/tools/testing/selftests/net/forwarding/router_mpath_nh_res.sh b/tools/testing/selftests/net/forwarding/router_mpath_nh_res.sh
index 88ddae05b39d..1db64b8beab2 100755
--- a/tools/testing/selftests/net/forwarding/router_mpath_nh_res.sh
+++ b/tools/testing/selftests/net/forwarding/router_mpath_nh_res.sh
@@ -245,8 +245,8 @@ multipath4_test()
t0_rp12=$(link_stats_tx_packets_get $rp12)
t0_rp13=$(link_stats_tx_packets_get $rp13)
- ip vrf exec vrf-h1 $MZ $h1 -q -p 64 -A 192.0.2.2 -B 198.51.100.2 \
- -d $MZ_DELAY -t udp "$ports"
+ ip vrf exec vrf-h1 $MZ -q -p 64 -A 192.0.2.2 -B 198.51.100.2 \
+ -d $MZ_DELAY -t udp $h1 "$ports"
sleep 1
t1_rp12=$(link_stats_tx_packets_get $rp12)
@@ -278,8 +278,8 @@ multipath6_l4_test()
t0_rp12=$(link_stats_tx_packets_get $rp12)
t0_rp13=$(link_stats_tx_packets_get $rp13)
- $MZ $h1 -6 -q -p 64 -A 2001:db8:1::2 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "$ports"
+ $MZ -6 -q -p 64 -A 2001:db8:1::2 -B 2001:db8:2::2 \
+ -d $MZ_DELAY -t udp $h1 "$ports"
sleep 1
t1_rp12=$(link_stats_tx_packets_get $rp12)
diff --git a/tools/testing/selftests/net/forwarding/router_mpath_seed.sh b/tools/testing/selftests/net/forwarding/router_mpath_seed.sh
index 314cb906c1eb..d6a2a24da423 100755
--- a/tools/testing/selftests/net/forwarding/router_mpath_seed.sh
+++ b/tools/testing/selftests/net/forwarding/router_mpath_seed.sh
@@ -255,15 +255,15 @@ test_mpath_seed()
test_mpath_seed_ipv4()
{
test_mpath_seed 1000 IPv4 \
- $MZ $h1 -A 192.0.2.1 -B 192.0.2.34 -q \
- -p 64 -d 0 -c 10 -t udp
+ $MZ -A 192.0.2.1 -B 192.0.2.34 -q \
+ -p 64 -d 0 -c 10 -t udp $h1
}
test_mpath_seed_ipv6()
{
test_mpath_seed 2000 IPv6 \
- $MZ -6 $h1 -A 2001:db8:1::1 -B 2001:db8:3::2 -q \
- -p 64 -d 0 -c 10 -t udp
+ $MZ -6 -A 2001:db8:1::1 -B 2001:db8:3::2 -q \
+ -p 64 -d 0 -c 10 -t udp $h1
}
check_mpath_seed_stability()
@@ -311,15 +311,15 @@ test_mpath_seed_stability()
test_mpath_seed_stability_ipv4()
{
test_mpath_seed_stability 1000 IPv4 \
- $MZ $h1 -A 192.0.2.1 -B 192.0.2.34 -q \
- -p 64 -d 0 -c 10 -t udp
+ $MZ -A 192.0.2.1 -B 192.0.2.34 -q \
+ -p 64 -d 0 -c 10 -t udp $h1
}
test_mpath_seed_stability_ipv6()
{
test_mpath_seed_stability 2000 IPv6 \
- $MZ -6 $h1 -A 2001:db8:1::1 -B 2001:db8:3::2 -q \
- -p 64 -d 0 -c 10 -t udp
+ $MZ -6 -A 2001:db8:1::1 -B 2001:db8:3::2 -q \
+ -p 64 -d 0 -c 10 -t udp $h1
}
trap cleanup EXIT
diff --git a/tools/testing/selftests/net/forwarding/router_multicast.sh b/tools/testing/selftests/net/forwarding/router_multicast.sh
index 83e52abdbc2e..b22846b09b45 100755
--- a/tools/testing/selftests/net/forwarding/router_multicast.sh
+++ b/tools/testing/selftests/net/forwarding/router_multicast.sh
@@ -222,8 +222,8 @@ mcast_v4()
create_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3
# Send frames with the corresponding L2 destination address.
- $MZ $h1 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
- -A 198.51.100.2 -B 225.1.2.3 -q
+ $MZ -c 5 -p 128 -t udp -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
+ -A 198.51.100.2 -B 225.1.2.3 -q $h1
tc_check_packets "dev $h2 ingress" 122 5
check_err $? "Multicast not received on first host"
@@ -232,8 +232,8 @@ mcast_v4()
delete_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3
- $MZ $h1 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
- -A 198.51.100.2 -B 225.1.2.3 -q
+ $MZ -c 5 -p 128 -t udp -a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
+ -A 198.51.100.2 -B 225.1.2.3 -q $h1
tc_check_packets "dev $h2 ingress" 122 5
check_err $? "Multicast received on host although deleted"
@@ -262,8 +262,8 @@ mcast_v6()
create_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3
# Send frames with the corresponding L2 destination address.
- $MZ $h1 -6 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 \
- -b 33:33:00:00:00:03 -A 2001:db8:1::2 -B ff0e::3 -q
+ $MZ -6 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 \
+ -b 33:33:00:00:00:03 -A 2001:db8:1::2 -B ff0e::3 -q $h1
tc_check_packets "dev $h2 ingress" 122 5
check_err $? "Multicast not received on first host"
@@ -272,8 +272,8 @@ mcast_v6()
delete_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3
- $MZ $h1 -6 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 \
- -b 33:33:00:00:00:03 -A 2001:db8:1::2 -B ff0e::3 -q
+ $MZ -6 -c 5 -p 128 -t udp -a 00:11:22:33:44:55 \
+ -b 33:33:00:00:00:03 -A 2001:db8:1::2 -B ff0e::3 -q $h1
tc_check_packets "dev $h2 ingress" 122 5
check_err $? "Multicast received on first host although deleted"
@@ -308,18 +308,18 @@ rpf_v4()
create_mcast_sg $rp1 198.51.100.2 225.1.2.3 $rp2 $rp3
- $MZ $h1 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
-a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
- -A 198.51.100.2 -B 225.1.2.3 -q
+ -A 198.51.100.2 -B 225.1.2.3 -q $h1
tc_check_packets "dev $h2 ingress" 1 5
check_err $? "Multicast not received on first host"
tc_check_packets "dev $h3 ingress" 1 5
check_err $? "Multicast not received on second host"
- $MZ $h3 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
-a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
- -A 198.51.100.2 -B 225.1.2.3 -q
+ -A 198.51.100.2 -B 225.1.2.3 -q $h3
tc_check_packets "dev $h1 ingress" 1 0
check_err $? "Multicast received on first host when should not"
@@ -353,18 +353,18 @@ rpf_v6()
create_mcast_sg $rp1 2001:db8:1::2 ff0e::3 $rp2 $rp3
- $MZ $h1 -6 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -6 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
-a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
- -A 2001:db8:1::2 -B ff0e::3 -q
+ -A 2001:db8:1::2 -B ff0e::3 -q $h1
tc_check_packets "dev $h2 ingress" 1 5
check_err $? "Multicast not received on first host"
tc_check_packets "dev $h3 ingress" 1 5
check_err $? "Multicast not received on second host"
- $MZ $h3 -6 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -6 -c 5 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
-a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
- -A 2001:db8:1::2 -B ff0e::3 -q
+ -A 2001:db8:1::2 -B ff0e::3 -q $h3
tc_check_packets "dev $h1 ingress" 1 0
check_err $? "Multicast received on first host when should not"
@@ -399,9 +399,9 @@ unres_v4()
dst_ip 225.1.2.3 ip_proto udp dst_port 12345 action drop
# Forwarding should fail before installing a matching (*, G).
- $MZ $h1 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
-a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
- -A 198.51.100.2 -B 225.1.2.3 -q
+ -A 198.51.100.2 -B 225.1.2.3 -q $h1
tc_check_packets "dev $h2 ingress" 1 0
check_err $? "Multicast received on first host when should not"
@@ -411,9 +411,9 @@ unres_v4()
# Create (*, G). Will not be installed in the kernel.
create_mcast_sg $rp1 0.0.0.0 225.1.2.3 $rp2 $rp3
- $MZ $h1 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
-a 00:11:22:33:44:55 -b 01:00:5e:01:02:03 \
- -A 198.51.100.2 -B 225.1.2.3 -q
+ -A 198.51.100.2 -B 225.1.2.3 -q $h1
tc_check_packets "dev $h2 ingress" 1 1
check_err $? "Multicast not received on first host"
@@ -444,9 +444,9 @@ unres_v6()
dst_ip ff0e::3 ip_proto udp dst_port 12345 action drop
# Forwarding should fail before installing a matching (*, G).
- $MZ $h1 -6 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -6 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
-a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
- -A 2001:db8:1::2 -B ff0e::3 -q
+ -A 2001:db8:1::2 -B ff0e::3 -q $h1
tc_check_packets "dev $h2 ingress" 1 0
check_err $? "Multicast received on first host when should not"
@@ -456,9 +456,9 @@ unres_v6()
# Create (*, G). Will not be installed in the kernel.
create_mcast_sg $rp1 :: ff0e::3 $rp2 $rp3
- $MZ $h1 -6 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
+ $MZ -6 -c 1 -p 128 -t udp "ttl=10,sp=54321,dp=12345" \
-a 00:11:22:33:44:55 -b 33:33:00:00:00:03 \
- -A 2001:db8:1::2 -B ff0e::3 -q
+ -A 2001:db8:1::2 -B ff0e::3 -q $h1
tc_check_packets "dev $h2 ingress" 1 1
check_err $? "Multicast not received on first host"
diff --git a/tools/testing/selftests/net/forwarding/router_multipath.sh b/tools/testing/selftests/net/forwarding/router_multipath.sh
index 46f365b557b7..d21da56f168d 100755
--- a/tools/testing/selftests/net/forwarding/router_multipath.sh
+++ b/tools/testing/selftests/net/forwarding/router_multipath.sh
@@ -178,8 +178,8 @@ multipath4_test()
t0_rp12=$(link_stats_tx_packets_get $rp12)
t0_rp13=$(link_stats_tx_packets_get $rp13)
- ip vrf exec vrf-h1 $MZ $h1 -q -p 64 -A 192.0.2.2 -B 198.51.100.2 \
- -d $MZ_DELAY -t udp "sp=1024,dp=0-32768"
+ ip vrf exec vrf-h1 $MZ -q -p 64 -A 192.0.2.2 -B 198.51.100.2 \
+ -d $MZ_DELAY -t udp $h1"sp=1024,dp=0-32768"
sleep 1
t1_rp12=$(link_stats_tx_packets_get $rp12)
@@ -216,8 +216,8 @@ multipath6_test()
t0_rp12=$(link_stats_tx_packets_get $rp12)
t0_rp13=$(link_stats_tx_packets_get $rp13)
- $MZ $h1 -6 -q -p 64 -A 2001:db8:1::2 -B 2001:db8:2::2 \
- -d $MZ_DELAY -t udp "sp=1024,dp=0-32768"
+ $MZ -6 -q -p 64 -A 2001:db8:1::2 -B 2001:db8:2::2 \
+ -d $MZ_DELAY -t udp $h1 "sp=1024,dp=0-32768"
sleep 1
t1_rp12=$(link_stats_tx_packets_get $rp12)
diff --git a/tools/testing/selftests/net/forwarding/sch_red.sh b/tools/testing/selftests/net/forwarding/sch_red.sh
index af166662b78a..5d49ca59008c 100755
--- a/tools/testing/selftests/net/forwarding/sch_red.sh
+++ b/tools/testing/selftests/net/forwarding/sch_red.sh
@@ -165,7 +165,7 @@ send_packets()
local proto=$1; shift
local pkts=$1; shift
- $MZ $h2 -p $PKTSZ -a own -b $h3_mac -A 192.0.2.2 -B 192.0.2.3 -t $proto -q -c $pkts "$@"
+ $MZ -p $PKTSZ -a own -b $h3_mac -A 192.0.2.2 -B 192.0.2.3 -t $proto -q -c $pkts $h2 "$@"
}
# This sends traffic in an attempt to build a backlog of $size. Returns 0 on
@@ -266,8 +266,8 @@ do_ecn_test()
local limit=$1; shift
local name=ECN
- $MZ $h1 -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
- -a own -b $h3_mac -t tcp -q tos=0x01 &
+ $MZ -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
+ -a own -b $h3_mac -t tcp -q $h1 tos=0x01 &
defer stop_traffic $!
sleep 1
@@ -287,8 +287,8 @@ do_ecn_nodrop_test()
local limit=$1; shift
local name="ECN nodrop"
- $MZ $h1 -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
- -a own -b $h3_mac -t tcp -q tos=0x01 &
+ $MZ -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
+ -a own -b $h3_mac -t tcp -q $h1 tos=0x01 &
defer stop_traffic $!
sleep 1
@@ -311,8 +311,8 @@ do_red_test()
# Use ECN-capable TCP to verify there's no marking even though the queue
# is above limit.
- $MZ $h1 -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
- -a own -b $h3_mac -t tcp -q tos=0x01 &
+ $MZ -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
+ -a own -b $h3_mac -t tcp -q $h1 tos=0x01 &
defer stop_traffic $!
# Pushing below the queue limit should work.
@@ -342,8 +342,8 @@ do_red_qevent_test()
RET=0
- $MZ $h1 -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
- -a own -b $h3_mac -t udp -q &
+ $MZ -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
+ -a own -b $h3_mac -t udp -q $h1 &
defer stop_traffic $!
sleep 1
@@ -381,8 +381,8 @@ do_ecn_qevent_test()
RET=0
- $MZ $h1 -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
- -a own -b $h3_mac -t tcp -q tos=0x01 &
+ $MZ -p $PKTSZ -A 192.0.2.1 -B 192.0.2.3 -c 0 \
+ -a own -b $h3_mac -t tcp -q tos=0x01 $h1 &
defer stop_traffic $!
sleep 1
diff --git a/tools/testing/selftests/net/forwarding/skbedit_priority.sh b/tools/testing/selftests/net/forwarding/skbedit_priority.sh
index 3dd5fcbd3eaa..06e8b9e21b94 100755
--- a/tools/testing/selftests/net/forwarding/skbedit_priority.sh
+++ b/tools/testing/selftests/net/forwarding/skbedit_priority.sh
@@ -125,8 +125,8 @@ test_skbedit_priority_one()
local pkt0=$(qdisc_parent_stats_get $swp2 $classid .packets)
local pkt2=$(tc_rule_handle_stats_get "$locus" 101)
- $MZ $h1 -t udp "sp=54321,dp=12345" -c 10 -d 20msec -p 100 \
- -a own -b $h2mac -A 192.0.2.1 -B 192.0.2.2 -q
+ $MZ -t udp -c 10 -d 20msec -p 100 \
+ -a own -b $h2mac -A 192.0.2.1 -B 192.0.2.2 -q $h1 "sp=54321,dp=12345"
local pkt1
pkt1=$(busywait "$HIT_TIMEOUT" until_counter_is ">= $((pkt0 + 10))" \
diff --git a/tools/testing/selftests/net/forwarding/tc_actions.sh b/tools/testing/selftests/net/forwarding/tc_actions.sh
index ea89e558672d..580aaa42ed31 100755
--- a/tools/testing/selftests/net/forwarding/tc_actions.sh
+++ b/tools/testing/selftests/net/forwarding/tc_actions.sh
@@ -66,8 +66,8 @@ mirred_egress_test()
tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
dst_ip 192.0.2.2 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched without redirect rule inserted"
@@ -76,8 +76,8 @@ mirred_egress_test()
$classifier $tcflags $classifier_args \
action mirred egress $action dev $swp2
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Did not match incoming $action packet"
@@ -96,8 +96,8 @@ gact_drop_and_ok_test()
tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \
$tcflags dst_ip 192.0.2.2 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $swp1 ingress" 102 1
check_err $? "Packet was not dropped"
@@ -105,8 +105,8 @@ gact_drop_and_ok_test()
tc filter add dev $swp1 ingress protocol ip pref 1 handle 101 flower \
$tcflags dst_ip 192.0.2.2 action ok
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $swp1 ingress" 101 1
check_err $? "Did not see passed packet"
@@ -134,8 +134,8 @@ gact_trap_test()
$tcflags dst_ip 192.0.2.2 action mirred egress redirect \
dev $swp2
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $swp1 ingress" 101 1
check_fail $? "Saw packet without trap rule inserted"
@@ -143,8 +143,8 @@ gact_trap_test()
tc filter add dev $swp1 ingress protocol ip pref 2 handle 102 flower \
$tcflags dst_ip 192.0.2.2 action trap
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $swp1 ingress" 102 1
check_err $? "Packet was not trapped"
@@ -175,8 +175,8 @@ mirred_egress_to_ingress_test()
tc filter add dev $swp1 protocol ip pref 12 handle 112 ingress flower \
ip_proto icmp src_ip 192.0.2.1 dst_ip 192.0.2.2 type 0 action pass
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t icmp "ping,id=42,seq=10" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t icmp -q $h1 "ping,id=42,seq=10"
tc_check_packets "dev $h1 egress" 100 1
check_err $? "didn't mirror first packet"
@@ -230,8 +230,8 @@ mirred_egress_to_ingress_tcp_test()
cmp -s $mirred_e2i_tf1 $mirred_e2i_tf2
check_err $? "server output check failed"
- $MZ $h1 -c 10 -p 64 -a $h1mac -b $h1mac -A 192.0.2.1 -B 192.0.2.1 \
- -t icmp "ping,id=42,seq=5" -q
+ $MZ -c 10 -p 64 -a $h1mac -b $h1mac -A 192.0.2.1 -B 192.0.2.1 \
+ -t icmp -q $h1 "ping,id=42,seq=5"
tc_check_packets "dev $h1 egress" 101 10
check_err $? "didn't mirred redirect ICMP"
tc_check_packets "dev $h1 ingress" 102 10
@@ -254,8 +254,8 @@ ingress_2nd_vlan_push()
$tcflags num_of_vlans 2 \
cvlan_ethtype 0x800 action pass
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -Q 10 -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -Q 10 -q $h1
tc_check_packets "dev $swp1 ingress" 30 1
check_err $? "No double-vlan packets received"
@@ -276,8 +276,8 @@ egress_2nd_vlan_push()
$tcflags num_of_vlans 2 \
cvlan_ethtype 0x800 action pass
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h1 egress" 30 1
check_err $? "No double-vlan packets received"
diff --git a/tools/testing/selftests/net/forwarding/tc_chains.sh b/tools/testing/selftests/net/forwarding/tc_chains.sh
index b95de0463ebd..95b194b5e092 100755
--- a/tools/testing/selftests/net/forwarding/tc_chains.sh
+++ b/tools/testing/selftests/net/forwarding/tc_chains.sh
@@ -38,8 +38,8 @@ unreachable_chain_test()
tc filter add dev $h2 ingress chain 1 protocol ip pref 1 handle 1101 \
flower $tcflags dst_mac $h2mac action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 1101 1
check_fail $? "matched on filter in unreachable chain"
@@ -61,8 +61,8 @@ gact_goto_chain_test()
tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
$tcflags dst_mac $h2mac action goto chain 1
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 102 1
check_fail $? "Matched on a wrong filter"
diff --git a/tools/testing/selftests/net/forwarding/tc_flower.sh b/tools/testing/selftests/net/forwarding/tc_flower.sh
index b58909a93112..899d452b9915 100755
--- a/tools/testing/selftests/net/forwarding/tc_flower.sh
+++ b/tools/testing/selftests/net/forwarding/tc_flower.sh
@@ -46,8 +46,8 @@ match_dst_mac_test()
tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
$tcflags dst_mac $h2mac action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter"
@@ -72,8 +72,8 @@ match_src_mac_test()
tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
$tcflags src_mac $h1mac action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter"
@@ -98,8 +98,8 @@ match_dst_ip_test()
tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
$tcflags dst_ip 192.0.2.0/24 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter"
@@ -109,8 +109,8 @@ match_dst_ip_test()
tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 103 1
check_err $? "Did not match on correct filter with mask"
@@ -132,8 +132,8 @@ match_src_ip_test()
tc filter add dev $h2 ingress protocol ip pref 3 handle 103 flower \
$tcflags src_ip 192.0.2.0/24 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter"
@@ -143,8 +143,8 @@ match_src_ip_test()
tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 103 1
check_err $? "Did not match on correct filter with mask"
@@ -168,8 +168,8 @@ match_ip_flags_test()
tc filter add dev $h2 ingress protocol ip pref 4 handle 104 flower \
$tcflags ip_flags nofrag action drop
- $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip "frag=0" -q
+ $MZ -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 "frag=0"
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on wrong frag filter (nofrag)"
@@ -183,8 +183,8 @@ match_ip_flags_test()
tc_check_packets "dev $h2 ingress" 104 1
check_err $? "Did not match on nofrag filter (nofrag)"
- $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip "frag=0,mf" -q
+ $MZ -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1"frag=0,mf"
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Did not match on frag filter (1stfrag)"
@@ -198,10 +198,10 @@ match_ip_flags_test()
tc_check_packets "dev $h2 ingress" 104 1
check_err $? "Match on wrong nofrag filter (1stfrag)"
- $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip "frag=256,mf" -q
- $MZ $h1 -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip "frag=256" -q
+ $MZ -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 "frag=256,mf"
+ $MZ -c 1 -p 1000 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 "frag=256"
tc_check_packets "dev $h2 ingress" 101 3
check_err $? "Did not match on frag filter (no1stfrag)"
@@ -234,8 +234,8 @@ match_pcp_test()
tc filter add dev $h2 ingress protocol 802.1q pref 2 handle 102 \
flower vlan_prio 7 $tcflags dst_mac $h2mac action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 7:85 -t ip -q
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 0:85 -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 7:85 -t ip -q $h1
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 0:85 -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 0
check_err $? "Matched on specified PCP when should not"
@@ -263,7 +263,7 @@ match_vlan_test()
tc filter add dev $h2 ingress protocol 802.1q pref 2 handle 102 \
flower vlan_id 85 $tcflags action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 0:85 -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -B 192.0.2.11 -Q 0:85 -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 0
check_err $? "Matched on specified VLAN when should not"
@@ -289,8 +289,8 @@ match_ip_tos_test()
tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
$tcflags dst_ip 192.0.2.2 ip_tos 0x18 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip tos=18 -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 tos=18
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter (0x18)"
@@ -298,8 +298,8 @@ match_ip_tos_test()
tc_check_packets "dev $h2 ingress" 102 1
check_err $? "Did not match on correct filter (0x18)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip tos=20 -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 tos=20
tc_check_packets "dev $h2 ingress" 102 2
check_fail $? "Matched on a wrong filter (0x20)"
@@ -322,11 +322,11 @@ match_ip_ttl_test()
tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
$tcflags dst_ip 192.0.2.2 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip "ttl=63" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 "ttl=63"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip "ttl=63,mf,frag=256" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 "ttl=63,mf,frag=256"
tc_check_packets "dev $h2 ingress" 102 1
check_fail $? "Matched on the wrong filter (no check on ttl)"
@@ -334,8 +334,8 @@ match_ip_ttl_test()
tc_check_packets "dev $h2 ingress" 101 2
check_err $? "Did not match on correct filter (ttl=63)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip "ttl=255" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1 "ttl=255"
tc_check_packets "dev $h2 ingress" 101 3
check_fail $? "Matched on a wrong filter (ttl=63)"
@@ -358,8 +358,8 @@ match_indev_test()
tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
$tcflags indev $h2 dst_mac $h2mac action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter"
@@ -404,7 +404,7 @@ match_mpls_label_test()
flower $tcflags mpls_label 1048575 action drop
pkt="$ethtype $(mpls_lse 1048575 0 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter (1048575)"
@@ -413,7 +413,7 @@ match_mpls_label_test()
check_err $? "Did not match on correct filter (1048575)"
pkt="$ethtype $(mpls_lse 0 0 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 102 2
check_fail $? "Matched on a wrong filter (0)"
@@ -442,7 +442,7 @@ match_mpls_tc_test()
flower $tcflags mpls_tc 7 action drop
pkt="$ethtype $(mpls_lse 0 7 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter (7)"
@@ -451,7 +451,7 @@ match_mpls_tc_test()
check_err $? "Did not match on correct filter (7)"
pkt="$ethtype $(mpls_lse 0 0 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 102 2
check_fail $? "Matched on a wrong filter (0)"
@@ -480,7 +480,7 @@ match_mpls_bos_test()
flower $tcflags mpls_bos 1 action drop
pkt="$ethtype $(mpls_lse 0 0 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter (1)"
@@ -490,7 +490,7 @@ match_mpls_bos_test()
# Need to add a second label to properly mark the Bottom of Stack
pkt="$ethtype $(mpls_lse 0 0 0 255) $(mpls_lse 0 0 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 102 2
check_fail $? "Matched on a wrong filter (0)"
@@ -519,7 +519,7 @@ match_mpls_ttl_test()
flower $tcflags mpls_ttl 255 action drop
pkt="$ethtype $(mpls_lse 0 0 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_fail $? "Matched on a wrong filter (255)"
@@ -528,7 +528,7 @@ match_mpls_ttl_test()
check_err $? "Did not match on correct filter (255)"
pkt="$ethtype $(mpls_lse 0 0 1 0)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 102 2
check_fail $? "Matched on a wrong filter (0)"
@@ -581,45 +581,45 @@ match_mpls_lse_test()
# Base packet, matched by all filters (except for stack depth 3)
pkt="$ethtype $(mpls_lse 0 0 0 0) $(mpls_lse 1048575 7 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Make a variant of the above packet, with a non-matching value
# for each LSE field
# Wrong label at depth 1
pkt="$ethtype $(mpls_lse 1 0 0 0) $(mpls_lse 1048575 7 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Wrong TC at depth 1
pkt="$ethtype $(mpls_lse 0 1 0 0) $(mpls_lse 1048575 7 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Wrong BOS at depth 1 (not adding a second LSE here since BOS is set
# in the first label, so anything that'd follow wouldn't be considered)
pkt="$ethtype $(mpls_lse 0 0 1 0)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Wrong TTL at depth 1
pkt="$ethtype $(mpls_lse 0 0 0 1) $(mpls_lse 1048575 7 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Wrong label at depth 2
pkt="$ethtype $(mpls_lse 0 0 0 0) $(mpls_lse 1048574 7 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Wrong TC at depth 2
pkt="$ethtype $(mpls_lse 0 0 0 0) $(mpls_lse 1048575 6 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Wrong BOS at depth 2 (adding a third LSE here since BOS isn't set in
# the second label)
pkt="$ethtype $(mpls_lse 0 0 0 0) $(mpls_lse 1048575 7 0 255)"
pkt="$pkt $(mpls_lse 0 0 1 255)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Wrong TTL at depth 2
pkt="$ethtype $(mpls_lse 0 0 0 0) $(mpls_lse 1048575 7 1 254)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
# Filters working at depth 1 should match all packets but one
@@ -707,12 +707,12 @@ match_erspan_opts_test()
enc_key_id 1002 erspan_opts 2:0:1:63 action drop
ep1mac=$(mac_get erspan1)
- $MZ erspan1 -c 1 -p 64 -a $ep1mac -b $h2mac -t ip -q
+ $MZ -c 1 -p 64 -a $ep1mac -b $h2mac -t ip -q erspan1
tc_check_packets "dev ep-ex ingress" 101 1
check_err $? "ERSPAN Type II"
ep2mac=$(mac_get erspan2)
- $MZ erspan2 -c 1 -p 64 -a $ep1mac -b $h2mac -t ip -q
+ $MZ -c 1 -p 64 -a $ep1mac -b $h2mac -t ip -q erspan2
tc_check_packets "dev ep-ex ingress" 102 1
check_err $? "ERSPAN Type III"
diff --git a/tools/testing/selftests/net/forwarding/tc_flower_cfm.sh b/tools/testing/selftests/net/forwarding/tc_flower_cfm.sh
index 3ca20df952eb..e2988d3b855f 100755
--- a/tools/testing/selftests/net/forwarding/tc_flower_cfm.sh
+++ b/tools/testing/selftests/net/forwarding/tc_flower_cfm.sh
@@ -63,9 +63,9 @@ match_cfm_opcode()
flower cfm op 43 action drop
pkt="$ethtype $(generate_cfm_hdr 7 47 0 32)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
pkt="$ethtype $(generate_cfm_hdr 6 5 0 4)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Did not match on correct opcode"
@@ -74,7 +74,7 @@ match_cfm_opcode()
check_err $? "Matched on the wrong opcode"
pkt="$ethtype $(generate_cfm_hdr 0 43 0 12)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Matched on the wrong opcode"
@@ -101,11 +101,11 @@ match_cfm_level()
flower cfm mdl 0 action drop
pkt="$ethtype $(generate_cfm_hdr 5 42 0 12)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
pkt="$ethtype $(generate_cfm_hdr 6 1 0 70)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
pkt="$ethtype $(generate_cfm_hdr 0 1 0 70)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Did not match on correct level"
@@ -117,7 +117,7 @@ match_cfm_level()
check_err $? "Did not match on correct level"
pkt="$ethtype $(generate_cfm_hdr 3 0 0 4)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Matched on the wrong level"
@@ -146,11 +146,11 @@ match_cfm_level_and_opcode()
flower cfm mdl 7 op 42 action drop
pkt="$ethtype $(generate_cfm_hdr 5 41 0 4)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
pkt="$ethtype $(generate_cfm_hdr 7 3 0 4)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
pkt="$ethtype $(generate_cfm_hdr 3 42 0 12)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Did not match on correct level and opcode"
@@ -159,7 +159,7 @@ match_cfm_level_and_opcode()
check_err $? "Matched on the wrong level and opcode"
pkt="$ethtype $(generate_cfm_hdr 7 42 0 12)"
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac "$pkt" -q
+ $MZ -c 1 -p 64 -a $h1mac -b $h2mac -q $h1 "$pkt"
tc_check_packets "dev $h2 ingress" 101 1
check_err $? "Matched on the wrong level and opcode"
diff --git a/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh b/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh
index c2420bb72c12..73ceb27a4d5a 100755
--- a/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh
+++ b/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh
@@ -86,7 +86,7 @@ test_l2_miss_unicast()
dst_ip $dip action pass
# Before adding FDB entry.
- $MZ $h1 -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q
+ $MZ -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 1
check_err $? "Unknown unicast filter was not hit before adding FDB entry"
@@ -97,7 +97,7 @@ test_l2_miss_unicast()
# Adding FDB entry.
bridge fdb replace $dmac dev $swp2 master static
- $MZ $h1 -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q
+ $MZ -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 1
check_err $? "Unknown unicast filter was hit after adding FDB entry"
@@ -108,7 +108,7 @@ test_l2_miss_unicast()
# Deleting FDB entry.
bridge fdb del $dmac dev $swp2 master static
- $MZ $h1 -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q
+ $MZ -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 2
check_err $? "Unknown unicast filter was not hit after deleting FDB entry"
@@ -143,7 +143,7 @@ test_l2_miss_multicast_common()
action pass
# Before adding MDB entry.
- $MZ $mode $h1 -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q
+ $MZ $mode -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 1
check_err $? "Unregistered multicast filter was not hit before adding MDB entry"
@@ -154,7 +154,7 @@ test_l2_miss_multicast_common()
# Adding MDB entry.
bridge mdb replace dev br1 port $swp2 grp $dip permanent
- $MZ $mode $h1 -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q
+ $MZ $mode -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 1
check_err $? "Unregistered multicast filter was hit after adding MDB entry"
@@ -165,7 +165,7 @@ test_l2_miss_multicast_common()
# Deleting MDB entry.
bridge mdb del dev br1 port $swp2 grp $dip
- $MZ $mode $h1 -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q
+ $MZ $mode -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 2
check_err $? "Unregistered multicast filter was not hit after deleting MDB entry"
@@ -255,7 +255,7 @@ test_l2_miss_ll_multicast_common()
flower indev $swp1 l2_miss 1 dst_mac $dmac src_ip $sip \
dst_ip $dip action pass
- $MZ $mode $h1 -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q
+ $MZ $mode -a own -b $dmac -t ip -A $sip -B $dip -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 1
check_err $? "Filter was not hit"
@@ -309,7 +309,7 @@ test_l2_miss_broadcast()
flower l2_miss 0 dst_mac $dmac src_mac $smac \
action pass
- $MZ $h1 -a $smac -b $dmac -c 1 -p 100 -q
+ $MZ -a $smac -b $dmac -c 1 -p 100 -q $h1
tc_check_packets "dev $swp2 egress" 101 0
check_err $? "L2 miss filter was hit when should not"
diff --git a/tools/testing/selftests/net/forwarding/tc_flower_port_range.sh b/tools/testing/selftests/net/forwarding/tc_flower_port_range.sh
index baed5e380dae..6323567ca2fb 100755
--- a/tools/testing/selftests/net/forwarding/tc_flower_port_range.sh
+++ b/tools/testing/selftests/net/forwarding/tc_flower_port_range.sh
@@ -103,22 +103,22 @@ __test_port_range()
dst_port $dport_min-$dport_max \
action drop
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_min,dp=$dport_min"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_min,dp=$dport_min"
tc_check_packets "dev $swp1 ingress" 101 1
check_err $? "Ingress filter not hit with minimum ports"
tc_check_packets "dev $swp2 egress" 101 1
check_err $? "Egress filter not hit with minimum ports"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_mid,dp=$dport_mid"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_mid,dp=$dport_mid"
tc_check_packets "dev $swp1 ingress" 101 2
check_err $? "Ingress filter not hit with middle ports"
tc_check_packets "dev $swp2 egress" 101 2
check_err $? "Egress filter not hit with middle ports"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_max,dp=$dport_max"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_max,dp=$dport_max"
tc_check_packets "dev $swp1 ingress" 101 3
check_err $? "Ingress filter not hit with maximum ports"
tc_check_packets "dev $swp2 egress" 101 3
@@ -126,16 +126,16 @@ __test_port_range()
# Send traffic when both ports are out of range and when only one port
# is out of range.
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$((sport_min - 1)),dp=$dport_min"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$((sport_max + 1)),dp=$dport_min"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_min,dp=$((dport_min - 1))"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_min,dp=$((dport_max + 1))"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$((sport_max + 1)),dp=$((dport_max + 1))"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$((sport_min - 1)),dp=$dport_min"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$((sport_max + 1)),dp=$dport_min"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_min,dp=$((dport_min - 1))"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_min,dp=$((dport_max + 1))"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$((sport_max + 1)),dp=$((dport_max + 1))"
tc_check_packets "dev $swp1 ingress" 101 3
check_err $? "Ingress filter was hit when should not"
tc_check_packets "dev $swp2 egress" 101 3
@@ -219,18 +219,18 @@ test_port_range_ipv4_udp_drop()
action drop
# Test ports outside range - should pass
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$((sport_min - 1)),dp=$dport"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$((sport_max + 1)),dp=$dport"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$((sport_min - 1)),dp=$dport"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$((sport_max + 1)),dp=$dport"
# Test ports inside range - should be dropped
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_min,dp=$dport"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_mid,dp=$dport"
- $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
- -t $ip_proto "sp=$sport_max,dp=$dport"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_min,dp=$dport"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_mid,dp=$dport"
+ $MZ $mode -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \
+ -t $ip_proto $h1 "sp=$sport_max,dp=$dport"
tc_check_packets "dev $swp1 ingress" 101 3
check_err $? "Filter did not drop the expected number of packets"
diff --git a/tools/testing/selftests/net/forwarding/tc_flower_router.sh b/tools/testing/selftests/net/forwarding/tc_flower_router.sh
index 4aee9c9e69f6..e0af18844581 100755
--- a/tools/testing/selftests/net/forwarding/tc_flower_router.sh
+++ b/tools/testing/selftests/net/forwarding/tc_flower_router.sh
@@ -90,8 +90,8 @@ match_indev_egress_test()
tc filter add dev $rp3 egress protocol ip pref 2 handle 102 flower \
$tcflags indev $rp2 dst_ip 192.0.3.1 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $rp1mac -A 192.0.1.1 -B 192.0.3.1 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $rp1mac -A 192.0.1.1 -B 192.0.3.1 \
+ -t ip -q $h1
tc_check_packets "dev $rp3 egress" 102 1
check_fail $? "Matched on a wrong filter"
@@ -99,8 +99,8 @@ match_indev_egress_test()
tc_check_packets "dev $rp3 egress" 101 1
check_err $? "Did not match on correct filter"
- $MZ $h2 -c 1 -p 64 -a $h2mac -b $rp2mac -A 192.0.2.1 -B 192.0.3.1 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h2mac -b $rp2mac -A 192.0.2.1 -B 192.0.3.1 \
+ -t ip -q $h2
tc_check_packets "dev $rp3 egress" 101 2
check_fail $? "Matched on a wrong filter"
diff --git a/tools/testing/selftests/net/forwarding/tc_shblocks.sh b/tools/testing/selftests/net/forwarding/tc_shblocks.sh
index 772e00ac3230..37517e4b5df6 100755
--- a/tools/testing/selftests/net/forwarding/tc_shblocks.sh
+++ b/tools/testing/selftests/net/forwarding/tc_shblocks.sh
@@ -53,14 +53,14 @@ shared_block_test()
tc filter add block 22 protocol ip pref 1 handle 101 flower \
$tcflags dst_ip 192.0.2.2 action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "block 22" 101 1
check_err $? "Did not match first incoming packet on a block"
- $MZ $h2 -c 1 -p 64 -a $h2mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h2mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h2
tc_check_packets "block 22" 101 2
check_err $? "Did not match second incoming packet on a block"
@@ -79,14 +79,14 @@ match_indev_test()
tc filter add block 22 protocol ip pref 2 handle 102 flower \
$tcflags indev $swp2 dst_mac $swmac action drop
- $MZ $h1 -c 1 -p 64 -a $h1mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h1mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h1
tc_check_packets "block 22" 101 1
check_err $? "Did not match first incoming packet on a block"
- $MZ $h2 -c 1 -p 64 -a $h2mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
- -t ip -q
+ $MZ -c 1 -p 64 -a $h2mac -b $swmac -A 192.0.2.1 -B 192.0.2.2 \
+ -t ip -q $h2
tc_check_packets "block 22" 102 1
check_err $? "Did not match second incoming packet on a block"
diff --git a/tools/testing/selftests/net/forwarding/tc_tunnel_key.sh b/tools/testing/selftests/net/forwarding/tc_tunnel_key.sh
index 79775b10b99f..8c5205502827 100755
--- a/tools/testing/selftests/net/forwarding/tc_tunnel_key.sh
+++ b/tools/testing/selftests/net/forwarding/tc_tunnel_key.sh
@@ -114,11 +114,11 @@ tunnel_key_nofrag_test()
# test 'nofrag' set
tc filter add dev h1-et egress protocol all pref 1 handle 1 matchall $tcflags \
action tunnel_key set src_ip 192.0.2.1 dst_ip 192.0.2.2 id 42 nofrag index 10
- $MZ h1-et -c 1 -p 930 -a 00:aa:bb:cc:dd:ee -b 00:ee:dd:cc:bb:aa -t ip -q
+ $MZ -c 1 -p 930 -a 00:aa:bb:cc:dd:ee -b 00:ee:dd:cc:bb:aa -t ip -q h1-et
tc_check_packets "dev $swp1 ingress" 100 1
check_err $? "packet smaller than MTU was not tunneled"
- $MZ h1-et -c 1 -p 931 -a 00:aa:bb:cc:dd:ee -b 00:ee:dd:cc:bb:aa -t ip -q
+ $MZ -c 1 -p 931 -a 00:aa:bb:cc:dd:ee -b 00:ee:dd:cc:bb:aa -t ip -q h1-et
tc_check_packets "dev $swp1 ingress" 100 1
check_err $? "packet bigger than MTU matched nofrag (nofrag was set)"
tc_check_packets "dev $swp1 ingress" 101 0
@@ -128,7 +128,7 @@ tunnel_key_nofrag_test()
# test 'nofrag' cleared
tc actions change action tunnel_key set src_ip 192.0.2.1 dst_ip 192.0.2.2 id 42 index 10
- $MZ h1-et -c 1 -p 931 -a 00:aa:bb:cc:dd:ee -b 00:ee:dd:cc:bb:aa -t ip -q
+ $MZ -c 1 -p 931 -a 00:aa:bb:cc:dd:ee -b 00:ee:dd:cc:bb:aa -t ip -q h1-et
tc_check_packets "dev $swp1 ingress" 100 1
check_err $? "packet bigger than MTU matched nofrag (nofrag was unset)"
tc_check_packets "dev $swp1 ingress" 101 1
diff --git a/tools/testing/selftests/net/forwarding/vxlan_bridge_1d.sh b/tools/testing/selftests/net/forwarding/vxlan_bridge_1d.sh
index b43816dd998c..6913c0185262 100755
--- a/tools/testing/selftests/net/forwarding/vxlan_bridge_1d.sh
+++ b/tools/testing/selftests/net/forwarding/vxlan_bridge_1d.sh
@@ -395,7 +395,7 @@ vxlan_flood_test()
done
local -a t0s=($(flood_fetch_stats "${counters[@]}"))
- $MZ $h1 -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp -q
+ $MZ -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp -q $h1
sleep 1
local -a t1s=($(flood_fetch_stats "${counters[@]}"))
@@ -567,9 +567,9 @@ vxlan_encapped_ping_do()
local inner_tos=$1; shift
local outer_tos=$1; shift
- $MZ $dev -c $count -d 100msec -q \
+ $MZ -c $count -d 100msec -q \
-b $next_hop_mac -B $dest_ip \
- -t udp tos=$outer_tos,sp=23456,dp=$VXPORT,p=$(:
+ -t udp $dev tos=$outer_tos,sp=23456,dp=$VXPORT,p=$(:
)"08:"$( : VXLAN flags
)"00:00:00:"$( : VXLAN reserved
)"00:03:e8:"$( : VXLAN VNI
@@ -705,8 +705,8 @@ test_learning()
# a corresponding entry is created in VxLAN device vx1
RET=0
- in_ns ns1 $MZ w2 -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
- -t icmp -q
+ in_ns ns1 $MZ -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
+ -t icmp -q w2
sleep 1
bridge fdb show brport vx1 | grep $mac | grep -q self
@@ -737,8 +737,8 @@ test_learning()
# Re-learn the first FDB entry and check that it is correctly aged-out
RET=0
- in_ns ns1 $MZ w2 -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
- -t icmp -q
+ in_ns ns1 $MZ -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
+ -t icmp -q w2
sleep 1
bridge fdb show brport vx1 | grep $mac | grep -q self
@@ -749,7 +749,7 @@ test_learning()
vxlan_flood_test $mac $dst 0 10 0
# The entry should age out when it only forwards traffic
- $MZ $h1 -c 50 -d 1sec -p 64 -b $mac -B $dst -t icmp -q &
+ $MZ -c 50 -d 1sec -p 64 -b $mac -B $dst -t icmp -q $h1 &
sleep 60
bridge fdb show brport vx1 | grep $mac | grep -q self
@@ -767,8 +767,8 @@ test_learning()
ip link set dev vx1 type bridge_slave learning off
- in_ns ns1 $MZ w2 -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
- -t icmp -q
+ in_ns ns1 $MZ -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
+ -t icmp -q w2
sleep 1
bridge fdb show brport vx1 | grep $mac | grep -q -v self
@@ -776,8 +776,8 @@ test_learning()
ip link set dev vx1 type bridge_slave learning on
- in_ns ns1 $MZ w2 -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
- -t icmp -q
+ in_ns ns1 $MZ -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff -B $dst \
+ -t icmp -q w2
sleep 1
bridge fdb show brport vx1 | grep $mac | grep -q -v self
diff --git a/tools/testing/selftests/net/forwarding/vxlan_bridge_1d_ipv6.sh b/tools/testing/selftests/net/forwarding/vxlan_bridge_1d_ipv6.sh
index a603f7b0a08f..988b13fe0355 100755
--- a/tools/testing/selftests/net/forwarding/vxlan_bridge_1d_ipv6.sh
+++ b/tools/testing/selftests/net/forwarding/vxlan_bridge_1d_ipv6.sh
@@ -516,7 +516,7 @@ vxlan_flood_test()
done
local -a t0s=($(flood_fetch_stats "${counters[@]}"))
- $MZ -6 $h1 -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp6 type=128 -q
+ $MZ -6 -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp6 -q $h1 type=128
sleep 1
local -a t1s=($(flood_fetch_stats "${counters[@]}"))
@@ -682,9 +682,9 @@ vxlan_encapped_ping_do()
local saddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:03"
local daddr="20:01:0d:b8:00:01:00:00:00:00:00:00:00:00:00:01"
- $MZ -6 $dev -c $count -d 100msec -q \
+ $MZ -6 -c $count -d 100msec -q \
-b $next_hop_mac -B $dest_ip \
- -t udp tos=$outer_tos,sp=23456,dp=$VXPORT,p=$(:
+ -t udp $dev tos=$outer_tos,sp=23456,dp=$VXPORT,p=$(:
)"08:"$( : VXLAN flags
)"00:00:00:"$( : VXLAN reserved
)"00:03:e8:"$( : VXLAN VNI
diff --git a/tools/testing/selftests/net/forwarding/vxlan_bridge_1q.sh b/tools/testing/selftests/net/forwarding/vxlan_bridge_1q.sh
index afc65647f673..17333e5ad94a 100755
--- a/tools/testing/selftests/net/forwarding/vxlan_bridge_1q.sh
+++ b/tools/testing/selftests/net/forwarding/vxlan_bridge_1q.sh
@@ -500,7 +500,7 @@ vxlan_flood_test()
done
local -a t0s=($(flood_fetch_stats "${counters[@]}"))
- $MZ $h1 -Q $vid -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp -q
+ $MZ -Q $vid -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp -q $h1
sleep 1
local -a t1s=($(flood_fetch_stats "${counters[@]}"))
@@ -717,8 +717,8 @@ __test_learning()
# a corresponding entry is created in the VxLAN device
RET=0
- in_ns ns1 $MZ w2 -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
- -B $dst -t icmp -q
+ in_ns ns1 $MZ -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
+ -B $dst -t icmp -q w2
sleep 1
bridge fdb show brport $vx | grep $mac | grep -q self
@@ -752,8 +752,8 @@ __test_learning()
# Re-learn the first FDB entry and check that it is correctly aged-out
RET=0
- in_ns ns1 $MZ w2 -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
- -B $dst -t icmp -q
+ in_ns ns1 $MZ -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
+ -B $dst -t icmp -q w2
sleep 1
bridge fdb show brport $vx | grep $mac | grep -q self
@@ -784,8 +784,8 @@ __test_learning()
ip link set dev $vx type bridge_slave learning off
- in_ns ns1 $MZ w2 -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
- -B $dst -t icmp -q
+ in_ns ns1 $MZ -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
+ -B $dst -t icmp -q w2
sleep 1
bridge fdb show brport $vx | grep $mac | grep "vlan $vid" \
@@ -794,8 +794,8 @@ __test_learning()
ip link set dev $vx type bridge_slave learning on
- in_ns ns1 $MZ w2 -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
- -B $dst -t icmp -q
+ in_ns ns1 $MZ -Q $vid -c 1 -p 64 -a $mac -b ff:ff:ff:ff:ff:ff \
+ -B $dst -t icmp -q w2
sleep 1
bridge fdb show brport $vx | grep $mac | grep "vlan $vid" \
diff --git a/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_ipv6.sh b/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_ipv6.sh
index e83fde79f40d..5af514884e2c 100755
--- a/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_ipv6.sh
+++ b/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_ipv6.sh
@@ -642,7 +642,7 @@ vxlan_flood_test()
done
local -a t0s=($(flood_fetch_stats "${counters[@]}"))
- $MZ -6 $h1 -Q $vid -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp6 type=128 -q
+ $MZ -6 -Q $vid -c 10 -d 100msec -p 64 -b $mac -B $dst -t icmp6 -q $h1 type=128
sleep 1
local -a t1s=($(flood_fetch_stats "${counters[@]}"))
diff --git a/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_mc_ul.sh b/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_mc_ul.sh
index 462db0b603e7..5cc2a7f090e3 100755
--- a/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_mc_ul.sh
+++ b/tools/testing/selftests/net/forwarding/vxlan_bridge_1q_mc_ul.sh
@@ -471,8 +471,8 @@ do_packets_v4()
local mac
mac=$(mac_get "$h2")
- "$MZ" "$h1" -Q 10 -c 10 -d 100msec -p 64 -a own -b "$mac" \
- -A 192.0.2.1 -B 192.0.2.2 -t udp sp=1234,dp=2345 -q
+ "$MZ" -Q 10 -c 10 -d 100msec -p 64 -a own -b "$mac" \
+ -A 192.0.2.1 -B 192.0.2.2 -t udp -q "$h1" sp=1234,dp=2345
}
do_packets_v6()
@@ -480,8 +480,8 @@ do_packets_v6()
local mac
mac=$(mac_get "$h2")
- "$MZ" -6 "$h1" -Q 20 -c 10 -d 100msec -p 64 -a own -b "$mac" \
- -A 2001:db8:1::1 -B 2001:db8:1::2 -t udp sp=1234,dp=2345 -q
+ "$MZ" -6 -Q 20 -c 10 -d 100msec -p 64 -a own -b "$mac" \
+ -A 2001:db8:1::1 -B 2001:db8:1::2 -t udp -q "$h1" sp=1234,dp=2345
}
do_test()
diff --git a/tools/testing/selftests/net/forwarding/vxlan_reserved.sh b/tools/testing/selftests/net/forwarding/vxlan_reserved.sh
index 46c31794b91b..6713468bc170 100755
--- a/tools/testing/selftests/net/forwarding/vxlan_reserved.sh
+++ b/tools/testing/selftests/net/forwarding/vxlan_reserved.sh
@@ -167,9 +167,9 @@ vxlan_ping_do()
local vxlan_header=$(vxlan_header_bytes $vni $reserved_bits)
- $MZ $dev -c $count -d 100msec -q \
+ $MZ -c $count -d 100msec -q \
-b $next_hop_mac -B $dest_ip \
- -t udp sp=23456,dp=$VXPORT,p=$(:
+ -t udp $dev sp=23456,dp=$VXPORT,p=$(:
)"$vxlan_header:"$( : VXLAN
)"$dest_mac:"$( : ETH daddr
)"00:11:22:33:44:55:"$( : ETH saddr
--
2.50.1
1 week, 2 days
- 2
- 1
[PATCH v2 bpf-next] selftests/bpf: Fix the issue where the error code is 0
by Feng Yang
From: Feng Yang <yangfeng(a)kylinos.cn>
The error message printed here only uses the previous err value,
which results in it being printed as 0.
Fix this issue by using libbpf_get_error to retrieve the error.
Fix before:
run_subtest:FAIL:1019 bpf_map__attach_struct_ops failed for map pro_epilogue: err=0
Fix after:
run_subtest:FAIL:1019 bpf_map__attach_struct_ops failed for map pro_epilogue: err=-9
Signed-off-by: Feng Yang <yangfeng(a)kylinos.cn>
---
Changes in v2:
- Use libbpf_get_error, thanks: Alexei Starovoitov.
- Link to v1: https://lore.kernel.org/all/20250828081507.1380218-1-yangfeng59949@163.com/
---
tools/testing/selftests/bpf/test_loader.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/bpf/test_loader.c b/tools/testing/selftests/bpf/test_loader.c
index 78423cf89e01..b8e102eb0908 100644
--- a/tools/testing/selftests/bpf/test_loader.c
+++ b/tools/testing/selftests/bpf/test_loader.c
@@ -1082,8 +1082,8 @@ void run_subtest(struct test_loader *tester,
}
link = bpf_map__attach_struct_ops(map);
if (!link) {
- PRINT_FAIL("bpf_map__attach_struct_ops failed for map %s: err=%d\n",
- bpf_map__name(map), err);
+ PRINT_FAIL("bpf_map__attach_struct_ops failed for map %s: err=%ld\n",
+ bpf_map__name(map), libbpf_get_error(link));
goto tobj_cleanup;
}
links[links_cnt++] = link;
--
2.25.1
1 week, 2 days
- 2
- 1
[PATCH] seccomp: Add SECCOMP_CLONE_FILTER operation
by Tom Hromatka
Add an operation, SECCOMP_CLONE_FILTER, that can copy the seccomp filters
from another process to the current process.
I roughly reproduced the Docker seccomp filter [1] and timed how long it
takes to build it (via libseccomp) and attach it to a process. After
1000 runs, on average it took 3,740,000 TSC ticks (or ~1440 microseconds)
on an AMD EPYC 9J14 running at 2596 MHz. The median build/load time was
3,715,000 TSC ticks.
On the same system, I preloaded the above Docker seccomp filter onto a
process. (Note that I opened a pidfd to the reference process and left
the pidfd open for the entire run.) I then cloned the filter using the
feature in this patch to 1000 new processes. On average, it took 9,300
TSC ticks (or ~3.6 microseconds) to copy the filter to the new processes.
The median clone time was 9,048 TSC ticks.
This is approximately a 400x performance improvement for those container
managers that are using the exact same seccomp filter across all of their
containers.
[1] https://raw.githubusercontent.com/moby/moby/refs/heads/master/profiles/secc…
Signed-off-by: Tom Hromatka <tom.hromatka(a)oracle.com>
---
.../userspace-api/seccomp_filter.rst | 10 ++
include/uapi/linux/seccomp.h | 1 +
kernel/seccomp.c | 48 ++++++
samples/seccomp/Makefile | 2 +-
samples/seccomp/clone-filter.c | 143 ++++++++++++++++++
tools/include/uapi/linux/seccomp.h | 1 +
tools/testing/selftests/seccomp/seccomp_bpf.c | 71 +++++++++
7 files changed, 275 insertions(+), 1 deletion(-)
create mode 100644 samples/seccomp/clone-filter.c
diff --git a/Documentation/userspace-api/seccomp_filter.rst b/Documentation/userspace-api/seccomp_filter.rst
index cff0fa7f3175..ef1797d093f6 100644
--- a/Documentation/userspace-api/seccomp_filter.rst
+++ b/Documentation/userspace-api/seccomp_filter.rst
@@ -289,6 +289,16 @@ above in this document: all arguments being read from the tracee's memory
should be read into the tracer's memory before any policy decisions are made.
This allows for an atomic decision on syscall arguments.
+Cloning an Existing Seccomp Filter
+==================================
+
+Constructing and loading a complex seccomp filter can often take a non-trivial
+amount of time. If a user wants to use the same seccomp filter across more
+than one process, it can be cloned to new processes via the
+``SECCOMP_CLONE_FILTER`` operation. Note that the clone will only succeed if
+the destination process does not have any seccomp filters already applied to
+it. See ``samples/seccomp/clone-filter.c`` for an example.
+
Sysctls
=======
diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
index dbfc9b37fcae..b0917e333b4b 100644
--- a/include/uapi/linux/seccomp.h
+++ b/include/uapi/linux/seccomp.h
@@ -16,6 +16,7 @@
#define SECCOMP_SET_MODE_FILTER 1
#define SECCOMP_GET_ACTION_AVAIL 2
#define SECCOMP_GET_NOTIF_SIZES 3
+#define SECCOMP_CLONE_FILTER 4
/* Valid flags for SECCOMP_SET_MODE_FILTER */
#define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0)
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 41aa761c7738..b726e0d6715d 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -2081,6 +2081,49 @@ static long seccomp_get_notif_sizes(void __user *usizes)
return 0;
}
+static long seccomp_clone_filter(void __user *upidfd)
+{
+ struct task_struct *task;
+ unsigned int flags;
+ pid_t pidfd;
+
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
+
+ if (atomic_read(¤t->seccomp.filter_count) > 0)
+ return -EINVAL;
+
+ if (copy_from_user(&pidfd, upidfd, sizeof(pid_t)))
+ return -EFAULT;
+
+ task = pidfd_get_task(pidfd, &flags);
+ if (IS_ERR(task))
+ return -ESRCH;
+
+ spin_lock_irq(¤t->sighand->siglock);
+ spin_lock_irq(&task->sighand->siglock);
+
+ if (atomic_read(&task->seccomp.filter_count) == 0) {
+ spin_unlock_irq(&task->sighand->siglock);
+ spin_unlock_irq(¤t->sighand->siglock);
+ put_task_struct(task);
+ return -EINVAL;
+ }
+
+ get_seccomp_filter(task);
+ current->seccomp = task->seccomp;
+
+ spin_unlock_irq(&task->sighand->siglock);
+
+ set_task_syscall_work(current, SECCOMP);
+
+ spin_unlock_irq(¤t->sighand->siglock);
+
+ put_task_struct(task);
+
+ return 0;
+}
+
/* Common entry point for both prctl and syscall. */
static long do_seccomp(unsigned int op, unsigned int flags,
void __user *uargs)
@@ -2102,6 +2145,11 @@ static long do_seccomp(unsigned int op, unsigned int flags,
return -EINVAL;
return seccomp_get_notif_sizes(uargs);
+ case SECCOMP_CLONE_FILTER:
+ if (flags != 0)
+ return -EINVAL;
+
+ return seccomp_clone_filter(uargs);
default:
return -EINVAL;
}
diff --git a/samples/seccomp/Makefile b/samples/seccomp/Makefile
index c85ae0ed8342..d38977f41b86 100644
--- a/samples/seccomp/Makefile
+++ b/samples/seccomp/Makefile
@@ -1,5 +1,5 @@
# SPDX-License-Identifier: GPL-2.0
-userprogs-always-y += bpf-fancy dropper bpf-direct user-trap
+userprogs-always-y += bpf-fancy dropper bpf-direct user-trap clone-filter
bpf-fancy-objs := bpf-fancy.o bpf-helper.o
diff --git a/samples/seccomp/clone-filter.c b/samples/seccomp/clone-filter.c
new file mode 100644
index 000000000000..d26e1375b9dc
--- /dev/null
+++ b/samples/seccomp/clone-filter.c
@@ -0,0 +1,143 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Seccomp filter example for cloning a filter
+ *
+ * Copyright (c) 2025 Oracle and/or its affiliates.
+ * Author: Tom Hromatka <tom.hromatka(a)oracle.com>
+ *
+ * The code may be used by anyone for any purpose,
+ * and can serve as a starting point for developing
+ * applications that reuse the same seccomp filter
+ * across many processes.
+ */
+#include <linux/seccomp.h>
+#include <linux/filter.h>
+#include <sys/syscall.h>
+#include <sys/wait.h>
+#include <stdbool.h>
+#include <signal.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <errno.h>
+
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
+
+static int seccomp(unsigned int op, unsigned int flags, void *args)
+{
+ errno = 0;
+ return syscall(__NR_seccomp, op, flags, args);
+}
+
+static int install_filter(void)
+{
+ struct sock_filter deny_filter[] = {
+ BPF_STMT(BPF_LD|BPF_W|BPF_ABS,
+ offsetof(struct seccomp_data, nr)),
+ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, __NR_getppid, 0, 1),
+ BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO | ESRCH),
+ BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW),
+ };
+ struct sock_fprog deny_prog = {
+ .len = (unsigned short)ARRAY_SIZE(deny_filter),
+ .filter = deny_filter,
+ };
+
+ return seccomp(SECCOMP_SET_MODE_FILTER, 0, &deny_prog);
+}
+
+static int clone_filter(pid_t ref_pid)
+{
+ int ref_pidfd, ret;
+
+ ref_pidfd = syscall(SYS_pidfd_open, ref_pid, 0);
+ if (ref_pidfd < 0)
+ return -errno;
+
+ ret = seccomp(SECCOMP_CLONE_FILTER, 0, &ref_pidfd);
+
+ close(ref_pidfd);
+
+ return ret;
+}
+
+static void do_ref_filter(void)
+{
+ int ret;
+
+ ret = install_filter();
+ if (ret) {
+ perror("Failed to install ref filter\n");
+ exit(1);
+ }
+
+ while (true)
+ sleep(1);
+}
+
+static void do_child_process(pid_t ref_pid)
+{
+ pid_t res;
+ int ret;
+
+ ret = clone_filter(ref_pid);
+ if (ret != 0) {
+ perror("Failed to clone filter. Installing filter from scratch\n");
+
+ ret = install_filter();
+ if (ret != 0) {
+ perror("Filter install failed\n");
+ exit(ret);
+ }
+ }
+
+ res = syscall(__NR_getpid);
+ if (res < 0) {
+ perror("getpid() unexpectedly failed\n");
+ exit(errno);
+ }
+
+ res = syscall(__NR_getppid);
+ if (res > 0) {
+ perror("getppid() unexpectedly succeeded\n");
+ exit(1);
+ }
+
+ exit(0);
+}
+
+int main(void)
+{
+ pid_t ref_pid = -1, child_pid = -1;
+ int ret, status;
+
+ ref_pid = fork();
+ if (ref_pid < 0)
+ exit(errno);
+ else if (ref_pid == 0)
+ do_ref_filter();
+
+ child_pid = fork();
+ if (child_pid < 0)
+ goto out;
+ else if (child_pid == 0)
+ do_child_process(ref_pid);
+
+ waitpid(child_pid, &status, 0);
+ if (WEXITSTATUS(status) != 0) {
+ perror("child process failed");
+ ret = WEXITSTATUS(status);
+ goto out;
+ }
+
+ ret = 0;
+
+out:
+ if (ref_pid != -1)
+ kill(ref_pid, SIGKILL);
+ if (child_pid != -1)
+ kill(child_pid, SIGKILL);
+
+ exit(ret);
+}
diff --git a/tools/include/uapi/linux/seccomp.h b/tools/include/uapi/linux/seccomp.h
index dbfc9b37fcae..b0917e333b4b 100644
--- a/tools/include/uapi/linux/seccomp.h
+++ b/tools/include/uapi/linux/seccomp.h
@@ -16,6 +16,7 @@
#define SECCOMP_SET_MODE_FILTER 1
#define SECCOMP_GET_ACTION_AVAIL 2
#define SECCOMP_GET_NOTIF_SIZES 3
+#define SECCOMP_CLONE_FILTER 4
/* Valid flags for SECCOMP_SET_MODE_FILTER */
#define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0)
diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c
index 61acbd45ffaa..df5e0f615da0 100644
--- a/tools/testing/selftests/seccomp/seccomp_bpf.c
+++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
@@ -177,6 +177,10 @@ struct seccomp_data {
#define SECCOMP_GET_NOTIF_SIZES 3
#endif
+#ifndef SECCOMP_CLONE_FILTER
+#define SECCOMP_CLONE_FILTER 4
+#endif
+
#ifndef SECCOMP_FILTER_FLAG_TSYNC
#define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0)
#endif
@@ -5090,6 +5094,73 @@ TEST_F(URETPROBE, uretprobe_default_block_with_uretprobe_syscall)
ASSERT_EQ(0, run_probed_with_filter(&prog));
}
+TEST(clone_filter)
+{
+ struct sock_filter deny_filter[] = {
+ BPF_STMT(BPF_LD|BPF_W|BPF_ABS,
+ offsetof(struct seccomp_data, nr)),
+ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, __NR_getppid, 0, 1),
+ BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ERRNO | ESRCH),
+ BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW),
+ };
+ struct sock_fprog deny_prog = {
+ .len = (unsigned short)ARRAY_SIZE(deny_filter),
+ .filter = deny_filter,
+ };
+ struct timespec ts = {
+ .tv_sec = 0,
+ .tv_nsec = 100000000,
+ };
+
+ pid_t child_pid, self_pid, res;
+ int child_pidfd, ret;
+
+ /* Only real root can copy a filter. */
+ if (geteuid()) {
+ SKIP(return, "clone_filter requires real root");
+ return;
+ }
+
+ self_pid = getpid();
+
+ child_pid = fork();
+ ASSERT_LE(0, child_pid);
+
+ if (child_pid == 0) {
+ ASSERT_EQ(0, prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0));
+ ASSERT_EQ(0, prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &deny_prog));
+
+ while (true)
+ EXPECT_EQ(0, syscall(__NR_nanosleep, &ts, NULL));
+ }
+
+ /* wait for the child pid to create its seccomp filter */
+ ASSERT_EQ(0, syscall(__NR_nanosleep, &ts, NULL));
+
+ child_pidfd = syscall(SYS_pidfd_open, child_pid, 0);
+ EXPECT_LE(0, child_pidfd);
+
+ /* Invalid flag provided */
+ ret = seccomp(SECCOMP_CLONE_FILTER, 1, &child_pidfd);
+ EXPECT_EQ(-1, ret);
+ EXPECT_EQ(errno, EINVAL);
+
+ errno = 0;
+ ret = seccomp(SECCOMP_CLONE_FILTER, 0, &child_pidfd);
+ EXPECT_EQ(0, ret);
+ EXPECT_EQ(errno, 0);
+
+ res = syscall(__NR_getppid);
+ EXPECT_EQ(res, -1);
+ EXPECT_EQ(errno, ESRCH);
+
+ res = syscall(__NR_getpid);
+ EXPECT_EQ(res, self_pid);
+
+ close(child_pidfd);
+ kill(child_pid, SIGKILL);
+}
+
/*
* TODO:
* - expand NNP testing
--
2.47.3
1 week, 2 days
- 6
- 12
[PATCH net-next v2 0/2] net: selftest: Introduce netconsole torture test
by Breno Leitao
Create a netconsole test that puts a lot of pressure on the netconsole
list manipulation. Do it by creating dynamic targets and deleting
targets while messages are being sent. Also put interface down while the
In order to do it, refactor create_dynamic_target(), so it can be used to
create random targets in the torture test.
Signed-off-by: Breno Leitao <leitao(a)debian.org>
---
Changes in v2:
- Reuse the netconsole creation from lib_netcons.sh. Thus, refactoring
the create_dynamic_target() (Jakub)
- Move the "wait" to after all the messages has been sent.
- Link to v1: https://lore.kernel.org/r/20250902-netconsole_torture-v1-1-03c6066598e9@deb…
---
Breno Leitao (2):
selftest: netcons: refactor target creation
selftest: netcons: create a torture test
tools/testing/selftests/drivers/net/Makefile | 1 +
.../selftests/drivers/net/lib/sh/lib_netcons.sh | 30 +++--
.../selftests/drivers/net/netcons_torture.sh | 127 +++++++++++++++++++++
3 files changed, 147 insertions(+), 11 deletions(-)
---
base-commit: 2fd4161d0d2547650d9559d57fc67b4e0a26a9e3
change-id: 20250902-netconsole_torture-8fc23f0aca99
Best regards,
--
Breno Leitao <leitao(a)debian.org>
1 week, 2 days
- 3
- 5
[PATCH v20 0/8] fork: Support shadow stacks in clone3()
by Mark Brown
[ I think at this point everyone is OK with the ABI, and the x86
implementation has been tested so hopefully we are near to being
able to get this merged? If there are any outstanding issues let
me know and I can look at addressing them. The one possible issue
I am aware of is that the RISC-V shadow stack support was briefly
in -next but got dropped along with the general RISC-V issues during
the last merge window, rebasing for that is still in progress. I
guess ideally this could be applied on a branch and then pulled into
the RISC-V tree? ]
The kernel has recently added support for shadow stacks, currently
x86 only using their CET feature but both arm64 and RISC-V have
equivalent features (GCS and Zicfiss respectively), I am actively
working on GCS[1]. With shadow stacks the hardware maintains an
additional stack containing only the return addresses for branch
instructions which is not generally writeable by userspace and ensures
that any returns are to the recorded addresses. This provides some
protection against ROP attacks and making it easier to collect call
stacks. These shadow stacks are allocated in the address space of the
userspace process.
Our API for shadow stacks does not currently offer userspace any
flexiblity for managing the allocation of shadow stacks for newly
created threads, instead the kernel allocates a new shadow stack with
the same size as the normal stack whenever a thread is created with the
feature enabled. The stacks allocated in this way are freed by the
kernel when the thread exits or shadow stacks are disabled for the
thread. This lack of flexibility and control isn't ideal, in the vast
majority of cases the shadow stack will be over allocated and the
implicit allocation and deallocation is not consistent with other
interfaces. As far as I can tell the interface is done in this manner
mainly because the shadow stack patches were in development since before
clone3() was implemented.
Since clone3() is readily extensible let's add support for specifying a
shadow stack when creating a new thread or process, keeping the current
implicit allocation behaviour if one is not specified either with
clone3() or through the use of clone(). The user must provide a shadow
stack pointer, this must point to memory mapped for use as a shadow
stackby map_shadow_stack() with an architecture specified shadow stack
token at the top of the stack.
Yuri Khrustalev has raised questions from the libc side regarding
discoverability of extended clone3() structure sizes[2], this seems like
a general issue with clone3(). There was a suggestion to add a hwcap on
arm64 which isn't ideal but is doable there, though architecture
specific mechanisms would also be needed for x86 (and RISC-V if it's
support gets merged before this does). The idea has, however, had
strong pushback from the architecture maintainers and it is possible to
detect support for this in clone3() by attempting a call with a
misaligned shadow stack pointer specified so no hwcap has been added.
[1] https://lore.kernel.org/linux-arm-kernel/20241001-arm64-gcs-v13-0-222b78d87…
[2] https://lore.kernel.org/r/aCs65ccRQtJBnZ_5@arm.com
Signed-off-by: Mark Brown <broonie(a)kernel.org>
---
Changes in v20:
- Comment fixes and clarifications in x86 arch_shstk_validate_clone()
from Rick Edgecombe.
- Spelling fix in documentation.
- Link to v19: https://lore.kernel.org/r/20250819-clone3-shadow-stack-v19-0-bc957075479b@k…
Changes in v19:
- Rebase onto v6.17-rc1.
- Link to v18: https://lore.kernel.org/r/20250702-clone3-shadow-stack-v18-0-7965d2b694db@k…
Changes in v18:
- Rebase onto v6.16-rc3.
- Thanks to pointers from Yuri Khrustalev this version has been tested
on x86 so I have removed the RFT tag.
- Clarify clone3_shadow_stack_valid() comment about the Kconfig check.
- Remove redundant GCSB DSYNCs in arm64 code.
- Fix token validation on x86.
- Link to v17: https://lore.kernel.org/r/20250609-clone3-shadow-stack-v17-0-8840ed97ff6f@k…
Changes in v17:
- Rebase onto v6.16-rc1.
- Link to v16: https://lore.kernel.org/r/20250416-clone3-shadow-stack-v16-0-2ffc9ca3917b@k…
Changes in v16:
- Rebase onto v6.15-rc2.
- Roll in fixes from x86 testing from Rick Edgecombe.
- Rework so that the argument is shadow_stack_token.
- Link to v15: https://lore.kernel.org/r/20250408-clone3-shadow-stack-v15-0-3fa245c6e3be@k…
Changes in v15:
- Rebase onto v6.15-rc1.
- Link to v14: https://lore.kernel.org/r/20250206-clone3-shadow-stack-v14-0-805b53af73b9@k…
Changes in v14:
- Rebase onto v6.14-rc1.
- Link to v13: https://lore.kernel.org/r/20241203-clone3-shadow-stack-v13-0-93b89a81a5ed@k…
Changes in v13:
- Rebase onto v6.13-rc1.
- Link to v12: https://lore.kernel.org/r/20241031-clone3-shadow-stack-v12-0-7183eb8bee17@k…
Changes in v12:
- Add the regular prctl() to the userspace API document since arm64
support is queued in -next.
- Link to v11: https://lore.kernel.org/r/20241005-clone3-shadow-stack-v11-0-2a6a2bd6d651@k…
Changes in v11:
- Rebase onto arm64 for-next/gcs, which is based on v6.12-rc1, and
integrate arm64 support.
- Rework the interface to specify a shadow stack pointer rather than a
base and size like we do for the regular stack.
- Link to v10: https://lore.kernel.org/r/20240821-clone3-shadow-stack-v10-0-06e8797b9445@k…
Changes in v10:
- Integrate fixes & improvements for the x86 implementation from Rick
Edgecombe.
- Require that the shadow stack be VM_WRITE.
- Require that the shadow stack base and size be sizeof(void *) aligned.
- Clean up trailing newline.
- Link to v9: https://lore.kernel.org/r/20240819-clone3-shadow-stack-v9-0-962d74f99464@ke…
Changes in v9:
- Pull token validation earlier and report problems with an error return
to parent rather than signal delivery to the child.
- Verify that the top of the supplied shadow stack is VM_SHADOW_STACK.
- Rework token validation to only do the page mapping once.
- Drop no longer needed support for testing for signals in selftest.
- Fix typo in comments.
- Link to v8: https://lore.kernel.org/r/20240808-clone3-shadow-stack-v8-0-0acf37caf14c@ke…
Changes in v8:
- Fix token verification with user specified shadow stack.
- Don't track user managed shadow stacks for child processes.
- Link to v7: https://lore.kernel.org/r/20240731-clone3-shadow-stack-v7-0-a9532eebfb1d@ke…
Changes in v7:
- Rebase onto v6.11-rc1.
- Typo fixes.
- Link to v6: https://lore.kernel.org/r/20240623-clone3-shadow-stack-v6-0-9ee7783b1fb9@ke…
Changes in v6:
- Rebase onto v6.10-rc3.
- Ensure we don't try to free the parent shadow stack in error paths of
x86 arch code.
- Spelling fixes in userspace API document.
- Additional cleanups and improvements to the clone3() tests to support
the shadow stack tests.
- Link to v5: https://lore.kernel.org/r/20240203-clone3-shadow-stack-v5-0-322c69598e4b@ke…
Changes in v5:
- Rebase onto v6.8-rc2.
- Rework ABI to have the user allocate the shadow stack memory with
map_shadow_stack() and a token.
- Force inlining of the x86 shadow stack enablement.
- Move shadow stack enablement out into a shared header for reuse by
other tests.
- Link to v4: https://lore.kernel.org/r/20231128-clone3-shadow-stack-v4-0-8b28ffe4f676@ke…
Changes in v4:
- Formatting changes.
- Use a define for minimum shadow stack size and move some basic
validation to fork.c.
- Link to v3: https://lore.kernel.org/r/20231120-clone3-shadow-stack-v3-0-a7b8ed3e2acc@ke…
Changes in v3:
- Rebase onto v6.7-rc2.
- Remove stale shadow_stack in internal kargs.
- If a shadow stack is specified unconditionally use it regardless of
CLONE_ parameters.
- Force enable shadow stacks in the selftest.
- Update changelogs for RISC-V feature rename.
- Link to v2: https://lore.kernel.org/r/20231114-clone3-shadow-stack-v2-0-b613f8681155@ke…
Changes in v2:
- Rebase onto v6.7-rc1.
- Remove ability to provide preallocated shadow stack, just specify the
desired size.
- Link to v1: https://lore.kernel.org/r/20231023-clone3-shadow-stack-v1-0-d867d0b5d4d0@ke…
---
Mark Brown (8):
arm64/gcs: Return a success value from gcs_alloc_thread_stack()
Documentation: userspace-api: Add shadow stack API documentation
selftests: Provide helper header for shadow stack testing
fork: Add shadow stack support to clone3()
selftests/clone3: Remove redundant flushes of output streams
selftests/clone3: Factor more of main loop into test_clone3()
selftests/clone3: Allow tests to flag if -E2BIG is a valid error code
selftests/clone3: Test shadow stack support
Documentation/userspace-api/index.rst | 1 +
Documentation/userspace-api/shadow_stack.rst | 44 +++++
arch/arm64/include/asm/gcs.h | 8 +-
arch/arm64/kernel/process.c | 8 +-
arch/arm64/mm/gcs.c | 55 +++++-
arch/x86/include/asm/shstk.h | 11 +-
arch/x86/kernel/process.c | 2 +-
arch/x86/kernel/shstk.c | 53 ++++-
include/asm-generic/cacheflush.h | 11 ++
include/linux/sched/task.h | 17 ++
include/uapi/linux/sched.h | 9 +-
kernel/fork.c | 93 +++++++--
tools/testing/selftests/clone3/clone3.c | 226 ++++++++++++++++++----
tools/testing/selftests/clone3/clone3_selftests.h | 65 ++++++-
tools/testing/selftests/ksft_shstk.h | 98 ++++++++++
15 files changed, 620 insertions(+), 81 deletions(-)
---
base-commit: 8f5ae30d69d7543eee0d70083daf4de8fe15d585
change-id: 20231019-clone3-shadow-stack-15d40d2bf536
Best regards,
--
Mark Brown <broonie(a)kernel.org>
1 week, 2 days
- 5
- 16
[PATCH] selftests/futex: Fix -Wformat-security warnings in futex_priv_hash
by Sukrut Heroorkar
Fix several -Wformat-security warnings in futex_priv_hash by passing
the test message strings as arguments to %s format specifiers in
ksft_*() logging functions.
This silences the warnings without changing the functional behavior
of the test.
Signed-off-by: Sukrut Heroorkar <hsukrut3(a)gmail.com>
---
.../selftests/futex/functional/futex_priv_hash.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/tools/testing/selftests/futex/functional/futex_priv_hash.c b/tools/testing/selftests/futex/functional/futex_priv_hash.c
index aea001ac4946..2627eeb1625f 100644
--- a/tools/testing/selftests/futex/functional/futex_priv_hash.c
+++ b/tools/testing/selftests/futex/functional/futex_priv_hash.c
@@ -193,10 +193,10 @@ int main(int argc, char *argv[])
futex_slots1 = futex_hash_slots_get();
if (futex_slots1 <= 0) {
ksft_print_msg("Current hash buckets: %d\n", futex_slots1);
- ksft_exit_fail_msg(test_msg_auto_create);
+ ksft_exit_fail_msg("%s", test_msg_auto_create);
}
- ksft_test_result_pass(test_msg_auto_create);
+ ksft_test_result_pass("%s", test_msg_auto_create);
online_cpus = sysconf(_SC_NPROCESSORS_ONLN);
ret = pthread_barrier_init(&barrier_main, NULL, MAX_THREADS + 1);
@@ -237,11 +237,11 @@ int main(int argc, char *argv[])
}
ksft_print_msg("Expected increase of hash buckets but got: %d -> %d\n",
futex_slots1, futex_slotsn);
- ksft_exit_fail_msg(test_msg_auto_inc);
+ ksft_exit_fail_msg("%s", test_msg_auto_inc);
}
- ksft_test_result_pass(test_msg_auto_inc);
+ ksft_test_result_pass("%s", test_msg_auto_inc);
} else {
- ksft_test_result_skip(test_msg_auto_inc);
+ ksft_test_result_skip("%s", test_msg_auto_inc);
}
ret = pthread_mutex_unlock(&global_lock);
--
2.43.0
1 week, 2 days
- 3
- 2
[PATCH bpf-next v2 0/3] Add overwrite mode for bpf ring buffer
by Xu Kuohai
When the bpf ring buffer is full, new events can not be recorded util
the consumer consumes some events to free space. This may cause critical
events to be discarded, such as in fault diagnostic, where recent events
are more critical than older ones.
So add ovewrite mode for bpf ring buffer. In this mode, the new event
overwrites the oldest event when the buffer is full.
v2:
- remove libbpf changes (Andrii)
- update overwrite benchmark
v1:
https://lore.kernel.org/bpf/20250804022101.2171981-1-xukuohai@huaweicloud.c…
Xu Kuohai (3):
bpf: Add overwrite mode for bpf ring buffer
selftests/bpf: Add test for overwrite ring buffer
selftests/bpf/benchs: Add producer and overwrite bench for ring buffer
include/uapi/linux/bpf.h | 4 +
kernel/bpf/ringbuf.c | 159 +++++++++++++++---
tools/include/uapi/linux/bpf.h | 4 +
tools/testing/selftests/bpf/Makefile | 3 +-
tools/testing/selftests/bpf/bench.c | 2 +
.../selftests/bpf/benchs/bench_ringbufs.c | 95 ++++++++++-
.../bpf/benchs/run_bench_ringbufs.sh | 4 +
.../selftests/bpf/prog_tests/ringbuf.c | 74 ++++++++
.../selftests/bpf/progs/ringbuf_bench.c | 10 ++
.../bpf/progs/test_ringbuf_overwrite.c | 98 +++++++++++
10 files changed, 418 insertions(+), 35 deletions(-)
create mode 100644 tools/testing/selftests/bpf/progs/test_ringbuf_overwrite.c
--
2.43.0
1 week, 2 days
- 1
- 3
[PATCH v4 0/4] procfs: make reference pidns more user-visible
by Aleksa Sarai
Ever since the introduction of pid namespaces, procfs has had very
implicit behaviour surrounding them (the pidns used by a procfs mount is
auto-selected based on the mounting process's active pidns, and the
pidns itself is basically hidden once the mount has been constructed).
/* pidns mount option for procfs */
This implicit behaviour has historically meant that userspace was
required to do some special dances in order to configure the pidns of a
procfs mount as desired. Examples include:
* In order to bypass the mnt_too_revealing() check, Kubernetes creates
a procfs mount from an empty pidns so that user namespaced containers
can be nested (without this, the nested containers would fail to
mount procfs). But this requires forking off a helper process because
you cannot just one-shot this using mount(2).
* Container runtimes in general need to fork into a container before
configuring its mounts, which can lead to security issues in the case
of shared-pidns containers (a privileged process in the pidns can
interact with your container runtime process). While
SUID_DUMP_DISABLE and user namespaces make this less of an issue, the
strict need for this due to a minor uAPI wart is kind of unfortunate.
Things would be much easier if there was a way for userspace to just
specify the pidns they want. Patch 1 implements a new "pidns" argument
which can be set using fsconfig(2):
fsconfig(procfd, FSCONFIG_SET_FD, "pidns", NULL, nsfd);
fsconfig(procfd, FSCONFIG_SET_STRING, "pidns", "/proc/self/ns/pid", 0);
or classic mount(2) / mount(8):
// mount -t proc -o pidns=/proc/self/ns/pid proc /tmp/proc
mount("proc", "/tmp/proc", "proc", MS_..., "pidns=/proc/self/ns/pid");
The initial security model I have in this RFC is to be as conservative
as possible and just mirror the security model for setns(2) -- which
means that you can only set pidns=... to pid namespaces that your
current pid namespace is a direct ancestor of and you have CAP_SYS_ADMIN
privileges over the pid namespace. This fulfils the requirements of
container runtimes, but I suspect that this may be too strict for some
usecases.
The pidns argument is not displayed in mountinfo -- it's not clear to me
what value it would make sense to show (maybe we could just use ns_dname
to provide an identifier for the namespace, but this number would be
fairly useless to userspace). I'm open to suggestions. Note that
PROCFS_GET_PID_NAMESPACE (see below) does at least let userspace get
information about this outside of mountinfo.
Note that you cannot change the pidns of an already-created procfs
instance. The primary reason is that allowing this to be changed would
require RCU-protecting proc_pid_ns(sb) and thus auditing all of
fs/proc/* and some of the users in fs/* to make sure they wouldn't UAF
the pid namespace. Since creating procfs instances is very cheap, it
seems unnecessary to overcomplicate this upfront. Trying to reconfigure
procfs this way errors out with -EBUSY.
/* ioctl(PROCFS_GET_PID_NAMESPACE) */
In addition, being able to figure out what pid namespace is being used
by a procfs mount is quite useful when you have an administrative
process (such as a container runtime) which wants to figure out the
correct way of mapping PIDs between its own namespace and the namespace
for procfs (using NS_GET_{PID,TGID}_{IN,FROM}_PIDNS). There are
alternative ways to do this, but they all rely on ancillary information
that third-party libraries and tools do not necessarily have access to.
To make this easier, add a new ioctl (PROCFS_GET_PID_NAMESPACE) which
can be used to get a reference to the pidns that a procfs is using.
Rather than copying the (fairly strict) security model for setns(2),
apply a slightly looser model to better match what userspace can already
do:
* Make the ioctl only valid on the root (meaning that a process without
access to the procfs root -- such as only having an fd to a procfs
file or some open_tree(2)-like subset -- cannot use this API). This
means that the process already has some level of access to the
/proc/$pid directories.
* If the calling process is in an ancestor pidns, then they can already
create pidfd for processes inside the pidns, which is morally
equivalent to a pidns file descriptor according to setns(2). So it
seems reasonable to just allow it in this case. (The justification
for this model was suggested by Christian.)
* If the process has access to /proc/1/ns/pid already (i.e. has
ptrace-read access to the pidns pid1), then this ioctl is equivalent
to just opening a handle to it that way.
Ideally we would check for ptrace-read access against all processes
in the pidns (which is very likely to be true for at least one
process, as SUID_DUMP_DISABLE is cleared on exec(2) and is rarely set
by most programs), but this would obviously not scale.
I'm open to suggestions for whether we need to make this stricter (or
possibly allow more cases).
Signed-off-by: Aleksa Sarai <cyphar(a)cyphar.com>
---
Changes in v4:
- Remove unneeded EXPORT_SYMBOL_GPL. [Christian Brauner]
- Return -EOPNOTSUPP for new APIs for CONFIG_PID_NS=n rather than
pretending they don't exist entirely. [Christian Brauner]
- PROCFS_IOCTL_MAGIC conflicts with XSDFEC_MAGIC, so we need to allocate
subvalues more carefully (switch to _IO(PROCFS_IOCTL_MAGIC, 32)).
- Add some more selftests for PROCFS_GET_PID_NAMESPACE.
- Reword argument for PROCFS_GET_PID_NAMESPACE security model based on
Christian's suggestion, and remove CAP_SYS_ADMIN edge-case (in most
cases, such a process would also have ptrace-read credentials over the
pidns pid1).
- v3: <https://lore.kernel.org/r/20250724-procfs-pidns-api-v3-0-4c685c910923@cypha…>
Changes in v3:
- Disallow changing pidns for existing procfs instances, as we'd
probably have to RCU-protect everything that touches the pinned pidns
reference.
- Improve tests with slightly nicer ASSERT_ERRNO* macros.
- v2: <https://lore.kernel.org/r/20250723-procfs-pidns-api-v2-0-621e7edd8e40@cypha…>
Changes in v2:
- #ifdef CONFIG_PID_NS
- Improve cover letter wording to make it clear we're talking about two
separate features with different permission models. [Andy Lutomirski]
- Fix build warnings in pidns_is_ancestor() patch. [kernel test robot]
- v1: <https://lore.kernel.org/r/20250721-procfs-pidns-api-v1-0-5cd9007e512d@cypha…>
---
Aleksa Sarai (4):
pidns: move is-ancestor logic to helper
procfs: add "pidns" mount option
procfs: add PROCFS_GET_PID_NAMESPACE ioctl
selftests/proc: add tests for new pidns APIs
Documentation/filesystems/proc.rst | 12 ++
fs/proc/root.c | 166 +++++++++++++++-
include/linux/pid_namespace.h | 9 +
include/uapi/linux/fs.h | 4 +
kernel/pid_namespace.c | 22 ++-
tools/testing/selftests/proc/.gitignore | 1 +
tools/testing/selftests/proc/Makefile | 1 +
tools/testing/selftests/proc/proc-pidns.c | 315 ++++++++++++++++++++++++++++++
8 files changed, 514 insertions(+), 16 deletions(-)
---
base-commit: 66639db858112bf6b0f76677f7517643d586e575
change-id: 20250717-procfs-pidns-api-8ed1583431f0
Best regards,
--
Aleksa Sarai <cyphar(a)cyphar.com>
1 week, 2 days
- 4
- 18
[PATCH] selftests/mm: refactore split_huge_page_test with kselftest_harness
by Wei Yang
Refactor split_huge_page_test with kselftest_harness, since there is a
magic counting about valid tests.
The idea is simple:
For standalone test, put it into TEST().
For tests iterating order/offset, define fixture and variant with
order and offset. And skip it if order/offset is not valid.
No functional change is expected.
Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com>
Cc: David Hildenbrand <david(a)redhat.com>
Cc: Zi Yan <ziy(a)nvidia.com>
Cc: Donet Tom <donettom(a)linux.ibm.com>
Cc: Ryan Roberts <ryan.roberts(a)arm.com>
Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com>
---
.../selftests/mm/split_huge_page_test.c | 308 ++++++++++++++----
1 file changed, 238 insertions(+), 70 deletions(-)
diff --git a/tools/testing/selftests/mm/split_huge_page_test.c b/tools/testing/selftests/mm/split_huge_page_test.c
index 7731191cc8e9..2376c3530b26 100644
--- a/tools/testing/selftests/mm/split_huge_page_test.c
+++ b/tools/testing/selftests/mm/split_huge_page_test.c
@@ -20,14 +20,16 @@
#include <stdbool.h>
#include <time.h>
#include "vm_util.h"
-#include "../kselftest.h"
+#include "../kselftest_harness.h"
uint64_t pagesize;
-unsigned int pageshift;
uint64_t pmd_pagesize;
unsigned int pmd_order;
int *expected_orders;
+char *optional_xfs_path;
+char fs_loc_template[] = "/tmp/thp_fs_XXXXXX";
+
#define SPLIT_DEBUGFS "/sys/kernel/debug/split_huge_pages"
#define SMAP_PATH "/proc/self/smaps"
#define INPUT_MAX 80
@@ -41,6 +43,20 @@ const char *kpageflags_proc = "/proc/kpageflags";
int pagemap_fd;
int kpageflags_fd;
+#define ADD_VARIANT_ORDER(fixture_name, ord) \
+ FIXTURE_VARIANT_ADD(fixture_name, order_##ord) \
+ { \
+ .order = ord, \
+ }
+
+#define ADD_VARIANT_ORDER_OFFSET(fixture_name, ord, stp) \
+ FIXTURE_VARIANT_ADD(fixture_name, order_##ord##_stp_##stp) \
+ { \
+ .order = ord, \
+ .step = stp, \
+ }
+
+
static bool is_backed_by_folio(char *vaddr, int order, int pagemap_fd,
int kpageflags_fd)
{
@@ -255,6 +271,26 @@ static int check_after_split_folio_orders(char *vaddr_start, size_t len,
return status;
}
+void prepare_proc_fd(void)
+{
+ pagemap_fd = open(pagemap_proc, O_RDONLY);
+ if (pagemap_fd == -1)
+ ksft_exit_fail_msg("read pagemap: %s\n", strerror(errno));
+
+ kpageflags_fd = open(kpageflags_proc, O_RDONLY);
+ if (kpageflags_fd == -1)
+ ksft_exit_fail_msg("read kpageflags: %s\n", strerror(errno));
+}
+
+void cleanup_proc_fd(void)
+{
+ if (pagemap_fd != -1)
+ close(pagemap_fd);
+
+ if (kpageflags_fd != -1)
+ close(kpageflags_fd);
+}
+
static void write_file(const char *path, const char *buf, size_t buflen)
{
int fd;
@@ -292,10 +328,8 @@ static char *allocate_zero_filled_hugepage(size_t len)
size_t i;
result = memalign(pmd_pagesize, len);
- if (!result) {
- printf("Fail to allocate memory\n");
- exit(EXIT_FAILURE);
- }
+ if (!result)
+ ksft_exit_fail_msg("Fail to allocate memory: %s\n", strerror(errno));
madvise(result, len, MADV_HUGEPAGE);
@@ -334,16 +368,19 @@ static void verify_rss_anon_split_huge_page_all_zeroes(char *one_page, int nr_hp
rss_anon_before, rss_anon_after);
}
-static void split_pmd_zero_pages(void)
+TEST(split_pmd_zero_pages)
{
char *one_page;
int nr_hpages = 4;
size_t len = nr_hpages * pmd_pagesize;
+ prepare_proc_fd();
+
one_page = allocate_zero_filled_hugepage(len);
verify_rss_anon_split_huge_page_all_zeroes(one_page, nr_hpages, len);
- ksft_test_result_pass("Split zero filled huge pages successful\n");
free(one_page);
+
+ cleanup_proc_fd();
}
static void split_pmd_thp_to_order(int order)
@@ -383,11 +420,10 @@ static void split_pmd_thp_to_order(int order)
if (!check_huge_anon(one_page, 0, pmd_pagesize))
ksft_exit_fail_msg("Still AnonHugePages not split\n");
- ksft_test_result_pass("Split huge pages to order %d successful\n", order);
free(one_page);
}
-static void split_pte_mapped_thp(void)
+TEST(split_pte_mapped_thp)
{
const size_t nr_thps = 4;
const size_t thp_area_size = nr_thps * pmd_pagesize;
@@ -395,6 +431,8 @@ static void split_pte_mapped_thp(void)
char *thp_area, *tmp, *page_area = MAP_FAILED;
size_t i;
+ prepare_proc_fd();
+
thp_area = mmap((void *)(1UL << 30), thp_area_size, PROT_READ | PROT_WRITE,
MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
if (thp_area == MAP_FAILED) {
@@ -470,14 +508,43 @@ static void split_pte_mapped_thp(void)
ksft_test_result_fail("THP %zu not split\n", i);
}
- ksft_test_result_pass("Split PTE-mapped huge pages successful\n");
out:
munmap(thp_area, thp_area_size);
if (page_area != MAP_FAILED)
munmap(page_area, page_area_size);
+ cleanup_proc_fd();
+}
+
+FIXTURE(split_file_backed_thp) {
+};
+
+FIXTURE_VARIANT(split_file_backed_thp) {
+ int order;
+};
+
+FIXTURE_SETUP(split_file_backed_thp)
+{
+ if (variant->order >= pmd_order)
+ SKIP(return, "order %d is not supported", variant->order);
+ prepare_proc_fd();
+}
+
+FIXTURE_TEARDOWN(split_file_backed_thp)
+{
+ cleanup_proc_fd();
}
-static void split_file_backed_thp(int order)
+ADD_VARIANT_ORDER(split_file_backed_thp, 0);
+ADD_VARIANT_ORDER(split_file_backed_thp, 1);
+ADD_VARIANT_ORDER(split_file_backed_thp, 2);
+ADD_VARIANT_ORDER(split_file_backed_thp, 3);
+ADD_VARIANT_ORDER(split_file_backed_thp, 4);
+ADD_VARIANT_ORDER(split_file_backed_thp, 5);
+ADD_VARIANT_ORDER(split_file_backed_thp, 6);
+ADD_VARIANT_ORDER(split_file_backed_thp, 7);
+ADD_VARIANT_ORDER(split_file_backed_thp, 8);
+
+TEST_F(split_file_backed_thp, orders)
{
int status;
int fd;
@@ -487,7 +554,7 @@ static void split_file_backed_thp(int order)
ssize_t num_written, num_read;
char *file_buf1, *file_buf2;
uint64_t pgoff_start = 0, pgoff_end = 1024;
- int i;
+ int i, order = variant->order;
ksft_print_msg("Please enable pr_debug in split_huge_pages_in_file() for more info.\n");
@@ -567,7 +634,6 @@ static void split_file_backed_thp(int order)
ksft_exit_fail_msg("cannot remove tmp dir: %s\n", strerror(errno));
ksft_print_msg("Please check dmesg for more information\n");
- ksft_test_result_pass("File-backed THP split to order %d test done\n", order);
return;
close_file:
@@ -579,6 +645,45 @@ static void split_file_backed_thp(int order)
ksft_exit_fail_msg("Error occurred\n");
}
+FIXTURE(split_pmd_thp_to_order) {
+};
+
+FIXTURE_VARIANT(split_pmd_thp_to_order) {
+ int order;
+};
+
+FIXTURE_SETUP(split_pmd_thp_to_order)
+{
+ if (variant->order >= pmd_order)
+ SKIP(return, "order %d is not supported", variant->order);
+
+ expected_orders = (int *)malloc(sizeof(int) * (pmd_order + 1));
+ if (!expected_orders)
+ ksft_exit_fail_msg("Fail to allocate memory: %s\n", strerror(errno));
+
+ prepare_proc_fd();
+}
+
+FIXTURE_TEARDOWN(split_pmd_thp_to_order)
+{
+ free(expected_orders);
+ cleanup_proc_fd();
+}
+
+ADD_VARIANT_ORDER(split_pmd_thp_to_order, 0);
+ADD_VARIANT_ORDER(split_pmd_thp_to_order, 2);
+ADD_VARIANT_ORDER(split_pmd_thp_to_order, 3);
+ADD_VARIANT_ORDER(split_pmd_thp_to_order, 4);
+ADD_VARIANT_ORDER(split_pmd_thp_to_order, 5);
+ADD_VARIANT_ORDER(split_pmd_thp_to_order, 6);
+ADD_VARIANT_ORDER(split_pmd_thp_to_order, 7);
+ADD_VARIANT_ORDER(split_pmd_thp_to_order, 8);
+
+TEST_F(split_pmd_thp_to_order, order)
+{
+ split_pmd_thp_to_order(variant->order);
+}
+
static bool prepare_thp_fs(const char *xfs_path, char *thp_fs_template,
const char **thp_fs_loc)
{
@@ -757,81 +862,144 @@ static void split_thp_in_pagecache_to_order_at(size_t fd_size,
}
}
-int main(int argc, char **argv)
-{
- int i;
- size_t fd_size;
- char *optional_xfs_path = NULL;
- char fs_loc_template[] = "/tmp/thp_fs_XXXXXX";
+FIXTURE(split_thp_in_pagecache_to_order) {
+ bool created_tmp;
const char *fs_loc;
+};
+
+FIXTURE_VARIANT(split_thp_in_pagecache_to_order) {
+ int order;
+};
+
+FIXTURE_SETUP(split_thp_in_pagecache_to_order)
+{
+ /* limit order to less than pmd_order */
+ if (variant->order >= pmd_order)
+ SKIP(return, "order %d is not supported", variant->order);
+ expected_orders = (int *)malloc(sizeof(int) * (pmd_order + 1));
+ if (!expected_orders)
+ ksft_exit_fail_msg("Fail to allocate memory: %s\n", strerror(errno));
+
+ self->created_tmp = prepare_thp_fs(optional_xfs_path, fs_loc_template,
+ &self->fs_loc);
+ prepare_proc_fd();
+}
+
+FIXTURE_TEARDOWN(split_thp_in_pagecache_to_order)
+{
+ cleanup_proc_fd();
+ cleanup_thp_fs(self->fs_loc, self->created_tmp);
+ free(expected_orders);
+}
+
+ADD_VARIANT_ORDER(split_thp_in_pagecache_to_order, 8);
+ADD_VARIANT_ORDER(split_thp_in_pagecache_to_order, 7);
+ADD_VARIANT_ORDER(split_thp_in_pagecache_to_order, 6);
+ADD_VARIANT_ORDER(split_thp_in_pagecache_to_order, 5);
+ADD_VARIANT_ORDER(split_thp_in_pagecache_to_order, 4);
+ADD_VARIANT_ORDER(split_thp_in_pagecache_to_order, 3);
+ADD_VARIANT_ORDER(split_thp_in_pagecache_to_order, 2);
+ADD_VARIANT_ORDER(split_thp_in_pagecache_to_order, 1);
+ADD_VARIANT_ORDER(split_thp_in_pagecache_to_order, 0);
+
+TEST_F(split_thp_in_pagecache_to_order, order)
+{
+ size_t fd_size = 2 * pmd_pagesize;
+
+ split_thp_in_pagecache_to_order_at(fd_size, self->fs_loc, variant->order, -1);
+}
+
+FIXTURE(split_thp_in_pagecache_to_order_offset) {
bool created_tmp;
+ const char *fs_loc;
int offset;
- unsigned int nr_pages;
- unsigned int tests;
+};
- ksft_print_header();
+FIXTURE_VARIANT(split_thp_in_pagecache_to_order_offset) {
+ int order;
+ int step;
+};
- if (geteuid() != 0) {
- ksft_print_msg("Please run the benchmark as root\n");
- ksft_finished();
- }
-
- if (argc > 1)
- optional_xfs_path = argv[1];
+FIXTURE_SETUP(split_thp_in_pagecache_to_order_offset)
+{
+ int nr_pages = pmd_pagesize / pagesize;
+ int offset = variant->step * MAX(nr_pages / 4, 1 << variant->order);
- pagesize = getpagesize();
- pageshift = ffs(pagesize) - 1;
- pmd_pagesize = read_pmd_pagesize();
- if (!pmd_pagesize)
- ksft_exit_fail_msg("Reading PMD pagesize failed\n");
+ /* limit order to less than pmd_order */
+ if (variant->order >= pmd_order)
+ SKIP(return, "order %d is not supported", variant->order);
- nr_pages = pmd_pagesize / pagesize;
- pmd_order = sz2ord(pmd_pagesize, pagesize);
+ if (offset < nr_pages)
+ self->offset = offset;
+ else
+ SKIP(return, "offset out of thp range");
expected_orders = (int *)malloc(sizeof(int) * (pmd_order + 1));
if (!expected_orders)
ksft_exit_fail_msg("Fail to allocate memory: %s\n", strerror(errno));
- tests = 2 + (pmd_order - 1) + (2 * pmd_order) + (pmd_order - 1) * 4 + 2;
- ksft_set_plan(tests);
-
- pagemap_fd = open(pagemap_proc, O_RDONLY);
- if (pagemap_fd == -1)
- ksft_exit_fail_msg("read pagemap: %s\n", strerror(errno));
-
- kpageflags_fd = open(kpageflags_proc, O_RDONLY);
- if (kpageflags_fd == -1)
- ksft_exit_fail_msg("read kpageflags: %s\n", strerror(errno));
+ self->created_tmp = prepare_thp_fs(optional_xfs_path, fs_loc_template,
+ &self->fs_loc);
+ prepare_proc_fd();
+}
- fd_size = 2 * pmd_pagesize;
+FIXTURE_TEARDOWN(split_thp_in_pagecache_to_order_offset)
+{
+ cleanup_proc_fd();
+ cleanup_thp_fs(self->fs_loc, self->created_tmp);
+ free(expected_orders);
+}
- split_pmd_zero_pages();
+#define SPLIT_IN_PAGECACHE_ORDER_OFFSETS(ord) \
+ ADD_VARIANT_ORDER_OFFSET(split_thp_in_pagecache_to_order_offset, ord, 0);\
+ ADD_VARIANT_ORDER_OFFSET(split_thp_in_pagecache_to_order_offset, ord, 1);\
+ ADD_VARIANT_ORDER_OFFSET(split_thp_in_pagecache_to_order_offset, ord, 2);\
+ ADD_VARIANT_ORDER_OFFSET(split_thp_in_pagecache_to_order_offset, ord, 3)\
+
+SPLIT_IN_PAGECACHE_ORDER_OFFSETS(0);
+SPLIT_IN_PAGECACHE_ORDER_OFFSETS(1);
+SPLIT_IN_PAGECACHE_ORDER_OFFSETS(2);
+SPLIT_IN_PAGECACHE_ORDER_OFFSETS(3);
+SPLIT_IN_PAGECACHE_ORDER_OFFSETS(4);
+SPLIT_IN_PAGECACHE_ORDER_OFFSETS(5);
+SPLIT_IN_PAGECACHE_ORDER_OFFSETS(6);
+SPLIT_IN_PAGECACHE_ORDER_OFFSETS(7);
+SPLIT_IN_PAGECACHE_ORDER_OFFSETS(8);
+
+TEST_F(split_thp_in_pagecache_to_order_offset, order_offset)
+{
+ size_t fd_size = 2 * pmd_pagesize;
- for (i = 0; i < pmd_order; i++)
- if (i != 1)
- split_pmd_thp_to_order(i);
+ split_thp_in_pagecache_to_order_at(fd_size, self->fs_loc,
+ variant->order, self->offset);
+}
- split_pte_mapped_thp();
- for (i = 0; i < pmd_order; i++)
- split_file_backed_thp(i);
+int main(int argc, char **argv)
+{
+ int i;
- created_tmp = prepare_thp_fs(optional_xfs_path, fs_loc_template,
- &fs_loc);
- for (i = pmd_order - 1; i >= 0; i--)
- split_thp_in_pagecache_to_order_at(fd_size, fs_loc, i, -1);
+ if (geteuid() != 0) {
+ ksft_print_msg("Please run the benchmark as root\n");
+ ksft_finished();
+ }
- for (i = 0; i < pmd_order; i++)
- for (offset = 0;
- offset < nr_pages;
- offset += MAX(nr_pages / 4, 1 << i))
- split_thp_in_pagecache_to_order_at(fd_size, fs_loc, i, offset);
- cleanup_thp_fs(fs_loc, created_tmp);
+ for (i = 1; i < argc; i++) {
+ /* only one parameter supported */
+ if (*argv[i] != '-') {
+ optional_xfs_path = argv[i];
+ break;
+ }
- close(pagemap_fd);
- close(kpageflags_fd);
- free(expected_orders);
+ /* option -l/-h has no parameter */
+ if (*(argv[i] + 1) != 'l' && *(argv[i] + 1) != 'h')
+ i++;
+ }
- ksft_finished();
+ pagesize = getpagesize();
+ pmd_pagesize = read_pmd_pagesize();
+ if (!pmd_pagesize)
+ ksft_exit_fail_msg("Reading PMD pagesize failed\n");
+ pmd_order = sz2ord(pmd_pagesize, pagesize);
- return 0;
+ return test_harness_run(argc, argv);
}
--
2.34.1
1 week, 2 days
- 3
- 4
next-20250905: x86_64: udpgso_bench.sh triggers NULL deref in zerocopy_fill_skb_from_iter
by Naresh Kamboju
The following kernel crash was noticed on x86_64 running selftests net
udpgso_bench.sh
on Linux next-20250905 tag.
Regression Analysis:
- New regression? yes
- Reproducibility? Re-validation is in progress
First seen on next-20250905
Bad: next-20250905
Good: next-20250904
Test regression: next-20250905 x86_64 selftests net BUG kernel NULL
pointer dereference zerocopy_fill_skb_from_iter
Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org>
x86_64:
Test:
* selftests: net: udpgso_bench.sh
Test error:
selftests: net: udpgso_bench.sh
ipv4
tcp
<trim>
# tcp zerocopy
[ 991.110488] SELinux: unrecognized netlink message: protocol=4
nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=64835 comm=ss
# RTNETLINK answers: Invalid argument
[ 991.129878] BUG: kernel NULL pointer dereference, address: 0000000000000008
[ 991.136850] #PF: supervisor read access in kernel mode
[ 991.141986] #PF: error_code(0x0000) - not-present page
[ 991.147118] PGD 0 P4D 0
[ 991.149657] Oops: Oops: 0000 [#1] SMP PTI
[ 991.153661] CPU: 0 UID: 0 PID: 64842 Comm: udpgso_bench_tx Tainted:
G S 6.17.0-rc4-next-20250905 #1 PREEMPT(voluntary)
[ 991.165907] Tainted: [S]=CPU_OUT_OF_SPEC
[ 991.169825] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS
2.7 12/07/2021
[ 991.177209] RIP: 0010:zerocopy_fill_skb_from_iter
(include/linux/page-flags.h:284)
[ 991.182954] Code: 4d 85 c0 0f 84 04 01 00 00 44 39 c7 41 0f 4d f8 4c
63 de 4a 8b 54 dc 30 49 89 d6 4d 29 ce 49 c1 fe 06 49 d3 ee 4d 85 f6
74 24 <48> 8b 4a 08 f6 c1 01 0f 85 cb 00 00 00 0f 1f 44 00 00 31 c9 48
f7
All code
========
0: 4d 85 c0 test %r8,%r8
3: 0f 84 04 01 00 00 je 0x10d
9: 44 39 c7 cmp %r8d,%edi
c: 41 0f 4d f8 cmovge %r8d,%edi
10: 4c 63 de movslq %esi,%r11
13: 4a 8b 54 dc 30 mov 0x30(%rsp,%r11,8),%rdx
18: 49 89 d6 mov %rdx,%r14
1b: 4d 29 ce sub %r9,%r14
1e: 49 c1 fe 06 sar $0x6,%r14
22: 49 d3 ee shr %cl,%r14
25: 4d 85 f6 test %r14,%r14
28: 74 24 je 0x4e
2a:* 48 8b 4a 08 mov 0x8(%rdx),%rcx <-- trapping instruction
2e: f6 c1 01 test $0x1,%cl
31: 0f 85 cb 00 00 00 jne 0x102
37: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
3c: 31 c9 xor %ecx,%ecx
3e: 48 rex.W
3f: f7 .byte 0xf7
Code starting with the faulting instruction
===========================================
0: 48 8b 4a 08 mov 0x8(%rdx),%rcx
4: f6 c1 01 test $0x1,%cl
7: 0f 85 cb 00 00 00 jne 0xd8
d: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
12: 31 c9 xor %ecx,%ecx
14: 48 rex.W
15: f7 .byte 0xf7
[ 991.201691] RSP: 0018:ffffb11281d0ba90 EFLAGS: 00010202
[ 991.206910] RAX: ffffe14ec4208000 RBX: 0000000000005000 RCX: 0000000000000009
[ 991.214033] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000001000
[ 991.221156] RBP: ffffb11281d0bb88 R08: 00000000000020ff R09: ffffe14ec4208000
[ 991.228280] R10: 0000000000000005 R11: 0000000000000006 R12: ffff96b4825f4200
[ 991.235406] R13: 0000000000000001 R14: 000000003d6277bf R15: 0000000000000000
[ 991.242529] FS: 00007f41e80b9740(0000) GS:ffff96b83bc1b000(0000)
knlGS:0000000000000000
[ 991.250608] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 991.256378] CR2: 0000000000000008 CR3: 0000000106c42003 CR4: 00000000003706f0
[ 991.263513] Call Trace:
[ 991.265956] <TASK>
[ 991.268055] __zerocopy_sg_from_iter (net/core/datagram.c:?)
[ 991.272674] ? kmalloc_reserve (net/core/skbuff.c:581)
[ 991.276599] skb_zerocopy_iter_stream (net/core/skbuff.c:1867)
[ 991.281219] tcp_sendmsg_locked (net/ipv4/tcp.c:1283)
[ 991.285493] tcp_sendmsg (net/ipv4/tcp.c:1393)
[ 991.288896] inet6_sendmsg (net/ipv6/af_inet6.c:661)
[ 991.292466] __sock_sendmsg (net/socket.c:717)
[ 991.296126] __sys_sendto (net/socket.c:?)
[ 991.299785] __x64_sys_sendto (net/socket.c:2235 net/socket.c:2231
net/socket.c:2231)
[ 991.303622] x64_sys_call (arch/x86/entry/syscall_64.c:41)
[ 991.307462] do_syscall_64 (arch/x86/entry/syscall_64.c:?)
[ 991.311128] ? irqentry_exit (kernel/entry/common.c:210)
[ 991.314881] ? exc_page_fault (arch/x86/mm/fault.c:1536)
[ 991.318720] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 991.323762] RIP: 0033:0x7f41e814b687
[ 991.327352] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00
59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10
0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff
ff
All code
========
0: 48 89 fa mov %rdi,%rdx
3: 4c 89 df mov %r11,%rdi
6: e8 58 b3 00 00 call 0xb363
b: 8b 93 08 03 00 00 mov 0x308(%rbx),%edx
11: 59 pop %rcx
12: 5e pop %rsi
13: 48 83 f8 fc cmp $0xfffffffffffffffc,%rax
17: 74 1a je 0x33
19: 5b pop %rbx
1a: c3 ret
1b: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
22: 00
23: 48 8b 44 24 10 mov 0x10(%rsp),%rax
28: 0f 05 syscall
2a:* 5b pop %rbx <-- trapping instruction
2b: c3 ret
2c: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
33: 83 e2 39 and $0x39,%edx
36: 83 fa 08 cmp $0x8,%edx
39: 75 de jne 0x19
3b: e8 23 ff ff ff call 0xffffffffffffff63
Code starting with the faulting instruction
===========================================
0: 5b pop %rbx
1: c3 ret
2: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
9: 83 e2 39 and $0x39,%edx
c: 83 fa 08 cmp $0x8,%edx
f: 75 de jne 0xffffffffffffffef
11: e8 23 ff ff ff call 0xffffffffffffff39
[ 991.346124] RSP: 002b:00007ffdd843ba50 EFLAGS: 00000202 ORIG_RAX:
000000000000002c
[ 991.353680] RAX: ffffffffffffffda RBX: 00007f41e80b9740 RCX: 00007f41e814b687
[ 991.360806] RDX: 000000000000f180 RSI: 000056251f1fd100 RDI: 0000000000000005
[ 991.367931] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 991.375063] R10: 0000000004000000 R11: 0000000000000202 R12: 0000000000000000
[ 991.382193] R13: 000056251f1fb080 R14: 000001a670e438d8 R15: 0000000000000005
[ 991.389357] </TASK>
[ 991.391571] Modules linked in: mptcp_diag tcp_diag inet_diag
xt_conntrack xfrm_user ipip bridge stp llc geneve vxlan act_csum
act_pedit openvswitch nsh nf_nat nf_conntrack nf_defrag_ipv6
nf_defrag_ipv4 psample cls_flower sch_prio xt_mark nft_compat
nf_tables sch_ingress act_mirred cls_basic sch_fq_codel vrf pktgen
macvtap macvlan tap x86_pkg_temp_thermal ip_tables x_tables [last
unloaded: test_bpf]
[ 991.426812] CR2: 0000000000000008
[ 991.430121] ---[ end trace 0000000000000000 ]---
[ 991.434733] RIP: 0010:zerocopy_fill_skb_from_iter
(include/linux/page-flags.h:284)
[ 991.440477] Code: 4d 85 c0 0f 84 04 01 00 00 44 39 c7 41 0f 4d f8 4c
63 de 4a 8b 54 dc 30 49 89 d6 4d 29 ce 49 c1 fe 06 49 d3 ee 4d 85 f6
74 24 <48> 8b 4a 08 f6 c1 01 0f 85 cb 00 00 00 0f 1f 44 00 00 31 c9 48
f7
All code
========
0: 4d 85 c0 test %r8,%r8
3: 0f 84 04 01 00 00 je 0x10d
9: 44 39 c7 cmp %r8d,%edi
c: 41 0f 4d f8 cmovge %r8d,%edi
10: 4c 63 de movslq %esi,%r11
13: 4a 8b 54 dc 30 mov 0x30(%rsp,%r11,8),%rdx
18: 49 89 d6 mov %rdx,%r14
1b: 4d 29 ce sub %r9,%r14
1e: 49 c1 fe 06 sar $0x6,%r14
22: 49 d3 ee shr %cl,%r14
25: 4d 85 f6 test %r14,%r14
28: 74 24 je 0x4e
2a:* 48 8b 4a 08 mov 0x8(%rdx),%rcx <-- trapping instruction
2e: f6 c1 01 test $0x1,%cl
31: 0f 85 cb 00 00 00 jne 0x102
37: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
3c: 31 c9 xor %ecx,%ecx
3e: 48 rex.W
3f: f7 .byte 0xf7
Code starting with the faulting instruction
===========================================
0: 48 8b 4a 08 mov 0x8(%rdx),%rcx
4: f6 c1 01 test $0x1,%cl
7: 0f 85 cb 00 00 00 jne 0xd8
d: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
12: 31 c9 xor %ecx,%ecx
14: 48 rex.W
15: f7 .byte 0xf7
[ 991.459215] RSP: 0018:ffffb11281d0ba90 EFLAGS: 00010202
[ 991.464434] RAX: ffffe14ec4208000 RBX: 0000000000005000 RCX: 0000000000000009
[ 991.471557] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000001000
[ 991.478681] RBP: ffffb11281d0bb88 R08: 00000000000020ff R09: ffffe14ec4208000
[ 991.485807] R10: 0000000000000005 R11: 0000000000000006 R12: ffff96b4825f4200
[ 991.492930] R13: 0000000000000001 R14: 000000003d6277bf R15: 0000000000000000
[ 991.500054] FS: 00007f41e80b9740(0000) GS:ffff96b83bc1b000(0000)
knlGS:0000000000000000
[ 991.508132] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 991.513870] CR2: 0000000000000008 CR3: 0000000106c42003 CR4: 00000000003706f0
[ 991.520994] note: udpgso_bench_tx[64842] exited with irqs disabled
## Source
* Kernel version: 6.17.0-rc4
* Git tree: https://kernel.googlesource.com/pub/scm/linux/kernel/git/next/linux-next.git
* Git describe: next-20250905
* Git commit: be5d4872e528796df9d7425f2bd9b3893eb3a42c
* Architectures: x86_64
* Toolchains: clang-nightly
* Kconfigs: defconfig+selftests/*/config
## Build
* Test log: https://qa-reports.linaro.org/api/testruns/29777495/log_file/
* LAVA test log: https://lkft.validation.linaro.org/scheduler/job/8434053#L16943
* Test details:
https://regressions.linaro.org/lkft/linux-next-master/next-20250905/log-par…
* Test plan: https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/32GkXBGNRN…
* Build link: https://storage.tuxsuite.com/public/linaro/lkft/builds/32GkU7mdlpISpPeeeEwI…
* Kernel config:
https://storage.tuxsuite.com/public/linaro/lkft/builds/32GkU7mdlpISpPeeeEwI…
--
Linaro LKFT
https://lkft.linaro.org
1 week, 2 days
- 3
- 4
[PATCH] kunit: print a message before triggering a NULL dereference
by Dan Carpenter
Print a message so that people reading dmesg know that these NULL
dereferences are not a bug, but instead a deliberate part of
the testing.
Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org>
---
lib/kunit/kunit-test.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/kunit/kunit-test.c b/lib/kunit/kunit-test.c
index 8c01eabd4eaf..a8b6e16f4465 100644
--- a/lib/kunit/kunit-test.c
+++ b/lib/kunit/kunit-test.c
@@ -119,6 +119,8 @@ static void kunit_test_null_dereference(void *data)
struct kunit *test = data;
int *null = NULL;
+ pr_info("Triggering deliberate NULL derefence.\n");
+
*null = 0;
KUNIT_FAIL(test, "This line should never be reached\n");
--
2.47.2
1 week, 2 days
- 1
- 0
[PATCH] selftests: pid_namespace: add the missing close()
by zhouyuhang
From: Zhou Yuhang <zhouyuhang(a)kylinos.cn>
Add the missing close() in the pid_max_cb() function.
Signed-off-by: Zhou Yuhang <zhouyuhang(a)kylinos.cn>
---
tools/testing/selftests/pid_namespace/pid_max.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/pid_namespace/pid_max.c b/tools/testing/selftests/pid_namespace/pid_max.c
index 96f274f0582b..41f8b943bc96 100644
--- a/tools/testing/selftests/pid_namespace/pid_max.c
+++ b/tools/testing/selftests/pid_namespace/pid_max.c
@@ -61,6 +61,7 @@ static int pid_max_cb(void *data)
}
ret = write(fd, "500", sizeof("500") - 1);
+ close(fd);
if (ret < 0) {
fprintf(stderr, "%m - Failed to write pid_max\n");
return -1;
--
2.33.0
1 week, 3 days
- 1
- 0
[bug report] selftest/bpf/benchs: Add benchmark for sockmap usage
by Dan Carpenter
Hello Jiayuan Chen,
Commit 7b2fa44de5e7 ("selftest/bpf/benchs: Add benchmark for sockmap
usage") from Apr 7, 2025 (linux-next), leads to the following Smatch
static checker warning:
tools/testing/selftests/bpf/benchs/bench_sockmap.c:129 bench_sockmap_prog_destroy()
error: buffer overflow 'ctx.fds' 5 <= 19
tools/testing/selftests/bpf/benchs/bench_sockmap.c
123 static void bench_sockmap_prog_destroy(void)
124 {
125 int i;
126
127 for (i = 0; i < sizeof(ctx.fds); i++) {
^^^^^^^^^^^^^^^
This should be ARRAY_SIZE(ctx.fds) otherwise it's a buffer overflow.
128 if (ctx.fds[0] > 0)
^^^^^^^^^^
Instead of .fds[0] it should be .fds[i], right?
--> 129 close(ctx.fds[i]);
130 }
131
132 bench_sockmap_prog__destroy(ctx.skel);
133 }
regards,
dan carpenter
1 week, 3 days
- 1
- 0
[PATCH v2 bpf-next] selftests/bpf: Fix the invalid operand for instruction issue
by Feng Yang
From: Feng Yang <yangfeng(a)kylinos.cn>
The following issue occurs when compiling with clang version 17.0.6:
progs/compute_live_registers.c:251:3: error: invalid operand for instruction
251 | "r0 = 1;"
| ^
<inline asm>:1:22: note: instantiated into assembly here
1 | r0 = 1;r2 = 2;if r1 & 0x7 goto +1;exit;r0 = r2;exit;
| ^
1 error generated.
Use __imm_insn to fix this issue.
Fixes: 4a4b84ba9e453 ("selftests/bpf: verify jset handling in CFG computation")
Signed-off-by: Feng Yang <yangfeng(a)kylinos.cn>
---
Changes in v2:
- Use __imm_insn, thanks: Eduard Zingerman.
- Link to v1: https://lore.kernel.org/all/20250827031540.461017-1-yangfeng59949@163.com/
---
tools/testing/selftests/bpf/progs/compute_live_registers.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/bpf/progs/compute_live_registers.c b/tools/testing/selftests/bpf/progs/compute_live_registers.c
index 6884ab99a421..01d73ad76faf 100644
--- a/tools/testing/selftests/bpf/progs/compute_live_registers.c
+++ b/tools/testing/selftests/bpf/progs/compute_live_registers.c
@@ -249,11 +249,13 @@ __naked void if3_jset_bug(void)
asm volatile (
"r0 = 1;"
"r2 = 2;"
- "if r1 & 0x7 goto +1;"
+ ".8byte %[jset];" /* same as 'if r1 & 0x7 goto +1;' */
"exit;"
"r0 = r2;"
"exit;"
- ::: __clobber_all);
+ :
+ : __imm_insn(jset, BPF_JMP_IMM(BPF_JSET, BPF_REG_1, 0x7, 1))
+ : __clobber_all);
}
SEC("socket")
--
2.43.0
1 week, 3 days
- 2
- 2
[PATCH v1] libbpf: remove unused args in parse_usdt_note
by Jiawei Zhao
Remove unused 'elf' and 'path' parameters from parse_usdt_note function
signature. These parameters are not referenced within the function body
and only add unnecessary complexity.
The function only requires the note header, data buffer, offsets, and
output structure to perform USDT note parsing.
Update function declaration, definition, and the single call site in
collect_usdt_targets() to match the simplified signature.
This is a safe internal cleanup as parse_usdt_note is a static function.
Signed-off-by: Jiawei Zhao <phoenix500526(a)163.com>
---
tools/lib/bpf/usdt.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/tools/lib/bpf/usdt.c b/tools/lib/bpf/usdt.c
index e5eeac0b0fa4..deaea4bd13a6 100644
--- a/tools/lib/bpf/usdt.c
+++ b/tools/lib/bpf/usdt.c
@@ -581,9 +581,8 @@ static struct elf_seg *find_vma_seg(struct elf_seg *segs, size_t seg_cnt, long o
return NULL;
}
-static int parse_usdt_note(Elf *elf, const char *path, GElf_Nhdr *nhdr,
- const char *data, size_t name_off, size_t desc_off,
- struct usdt_note *usdt_note);
+static int parse_usdt_note(GElf_Nhdr *nhdr, const char *data, size_t name_off,
+ size_t desc_off, struct usdt_note *usdt_note);
static int parse_usdt_spec(struct usdt_spec *spec, const struct usdt_note *note, __u64 usdt_cookie);
@@ -637,7 +636,7 @@ static int collect_usdt_targets(struct usdt_manager *man, Elf *elf, const char *
struct elf_seg *seg = NULL;
void *tmp;
- err = parse_usdt_note(elf, path, &nhdr, data->d_buf, name_off, desc_off, ¬e);
+ err = parse_usdt_note(&nhdr, data->d_buf, name_off, desc_off, ¬e);
if (err)
goto err_out;
@@ -1143,8 +1142,7 @@ struct bpf_link *usdt_manager_attach_usdt(struct usdt_manager *man, const struct
/* Parse out USDT ELF note from '.note.stapsdt' section.
* Logic inspired by perf's code.
*/
-static int parse_usdt_note(Elf *elf, const char *path, GElf_Nhdr *nhdr,
- const char *data, size_t name_off, size_t desc_off,
+static int parse_usdt_note(GElf_Nhdr *nhdr, const char *data, size_t name_off, size_t desc_off,
struct usdt_note *note)
{
const char *provider, *name, *args;
--
2.43.0
1 week, 3 days
- 3
- 2
[PATCH net-next v2] selftests: net: Add tests to verify team driver option set and get.
by Marc Harvey
There are currently no kernel tests that verify setting and getting
options of the team driver.
In the future, options may be added that implicitly change other
options, which will make it useful to have tests like these that show
nothing breaks. There will be a follow up patch to this that adds new
"rx_enabled" and "tx_enabled" options, which will implicitly affect the
"enabled" option value and vice versa.
The tests use teamnl to first set options to specific values and then
gets them to compare to the set values.
Signed-off-by: Marc Harvey <marcharvey(a)google.com>
---
Changes in v2:
- Fixed shellcheck failures.
- Fixed test failing in vng by adding a config option to enable the
team driver's active backup mode.
- Link to v1: https://lore.kernel.org/netdev/20250902235504.4190036-1-marcharvey@google.c…
.../selftests/drivers/net/team/Makefile | 6 +-
.../testing/selftests/drivers/net/team/config | 1 +
.../selftests/drivers/net/team/options.sh | 192 ++++++++++++++++++
3 files changed, 197 insertions(+), 2 deletions(-)
create mode 100755 tools/testing/selftests/drivers/net/team/options.sh
diff --git a/tools/testing/selftests/drivers/net/team/Makefile b/tools/testing/selftests/drivers/net/team/Makefile
index eaf6938f100e..8b00b70ce67f 100644
--- a/tools/testing/selftests/drivers/net/team/Makefile
+++ b/tools/testing/selftests/drivers/net/team/Makefile
@@ -1,11 +1,13 @@
# SPDX-License-Identifier: GPL-2.0
# Makefile for net selftests
-TEST_PROGS := dev_addr_lists.sh propagation.sh
+TEST_PROGS := dev_addr_lists.sh propagation.sh options.sh
TEST_INCLUDES := \
../bonding/lag_lib.sh \
../../../net/forwarding/lib.sh \
- ../../../net/lib.sh
+ ../../../net/lib.sh \
+ ../../../net/in_netns.sh \
+ ../../../net/lib/sh/defer.sh \
include ../../../lib.mk
diff --git a/tools/testing/selftests/drivers/net/team/config b/tools/testing/selftests/drivers/net/team/config
index 636b3525b679..558e1d0cf565 100644
--- a/tools/testing/selftests/drivers/net/team/config
+++ b/tools/testing/selftests/drivers/net/team/config
@@ -3,4 +3,5 @@ CONFIG_IPV6=y
CONFIG_MACVLAN=y
CONFIG_NETDEVSIM=m
CONFIG_NET_TEAM=y
+CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=y
CONFIG_NET_TEAM_MODE_LOADBALANCE=y
diff --git a/tools/testing/selftests/drivers/net/team/options.sh b/tools/testing/selftests/drivers/net/team/options.sh
new file mode 100755
index 000000000000..82bf22aa3480
--- /dev/null
+++ b/tools/testing/selftests/drivers/net/team/options.sh
@@ -0,0 +1,192 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+
+# These tests verify basic set and get functionality of the team
+# driver options over netlink.
+
+# Run in private netns.
+test_dir="$(dirname "$0")"
+if [[ $# -eq 0 ]]; then
+ "${test_dir}"/../../../net/in_netns.sh "$0" __subprocess
+ exit $?
+fi
+
+ALL_TESTS="
+ team_test_options
+"
+
+source "${test_dir}/../../../net/lib.sh"
+
+TEAM_PORT="team0"
+MEMBER_PORT="dummy0"
+
+setup()
+{
+ ip link add name "${MEMBER_PORT}" type dummy
+ ip link add name "${TEAM_PORT}" type team
+}
+
+get_and_check_value()
+{
+ local option_name="$1"
+ local expected_value="$2"
+ local port_flag="$3"
+
+ local value_from_get
+
+ if ! value_from_get=$(teamnl "${TEAM_PORT}" getoption "${option_name}" \
+ "${port_flag}"); then
+ echo "Could not get option '${option_name}'" >&2
+ return 1
+ fi
+
+ if [[ "${value_from_get}" != "${expected_value}" ]]; then
+ echo "Incorrect value for option '${option_name}'" >&2
+ echo "get (${value_from_get}) != set (${expected_value})" >&2
+ return 1
+ fi
+}
+
+set_and_check_get()
+{
+ local option_name="$1"
+ local option_value="$2"
+ local port_flag="$3"
+
+ local value_from_get
+
+ if ! teamnl "${TEAM_PORT}" setoption "${option_name}" "${option_value}" \
+ "${port_flag}"; then
+ echo "'setoption ${option_name} ${option_value}' failed" >&2
+ return 1
+ fi
+
+ get_and_check_value "${option_name}" "${option_value}" "${port_flag}"
+ return $?
+}
+
+# Get a "port flag" to pass to the `teamnl` command.
+# E.g. $1="dummy0" -> "port=dummy0",
+# $1="" -> ""
+get_port_flag()
+{
+ local port_name="$1"
+
+ if [[ -n "${port_name}" ]]; then
+ echo "--port=${port_name}"
+ fi
+}
+
+attach_port_if_specified()
+{
+ local port_name="${1}"
+
+ if [[ -n "${port_name}" ]]; then
+ ip link set dev "${port_name}" master "${TEAM_PORT}"
+ return $?
+ fi
+}
+
+detach_port_if_specified()
+{
+ local port_name="${1}"
+
+ if [[ -n "${port_name}" ]]; then
+ ip link set dev "${port_name}" nomaster
+ return $?
+ fi
+}
+
+#######################################
+# Test that an option's get value matches its set value.
+# Globals:
+# RET - Used by testing infra like `check_err`.
+# EXIT_STATUS - Used by `log_test` to whole script exit value.
+# Arguments:
+# option_name - The name of the option.
+# value_1 - The first value to try setting.
+# value_2 - The second value to try setting.
+# port_name - The (optional) name of the attached port.
+#######################################
+team_test_option()
+{
+ local option_name="$1"
+ local value_1="$2"
+ local value_2="$3"
+ local possible_values="$2 $3 $2"
+ local port_name="$4"
+ local port_flag
+
+ RET=0
+
+ echo "Setting '${option_name}' to '${value_1}' and '${value_2}'"
+
+ attach_port_if_specified "${port_name}"
+ check_err $? "Couldn't attach ${port_name} to master"
+ port_flag=$(get_port_flag "${port_name}")
+
+ # Set and get both possible values.
+ for value in ${possible_values}; do
+ set_and_check_get "${option_name}" "${value}" "${port_flag}"
+ check_err $? "Failed to set '${option_name}' to '${value}'"
+ done
+
+ detach_port_if_specified "${port_name}"
+ check_err $? "Couldn't detach ${port_name} from its master"
+
+ log_test "Set + Get '${option_name}' test"
+}
+
+#######################################
+# Test that getting a non-existant option fails.
+# Globals:
+# RET - Used by testing infra like `check_err`.
+# EXIT_STATUS - Used by `log_test` to whole script exit value.
+# Arguments:
+# option_name - The name of the option.
+# port_name - The (optional) name of the attached port.
+#######################################
+team_test_get_option_fails()
+{
+ local option_name="$1"
+ local port_name="$2"
+ local port_flag
+
+ RET=0
+
+ attach_port_if_specified "${port_name}"
+ check_err $? "Couldn't attach ${port_name} to master"
+ port_flag=$(get_port_flag "${port_name}")
+
+ # Just confirm that getting the value fails.
+ teamnl "${TEAM_PORT}" getoption "${option_name}" "${port_flag}"
+ check_fail $? "Shouldn't be able to get option '${option_name}'"
+
+ detach_port_if_specified "${port_name}"
+
+ log_test "Get '${option_name}' fails"
+}
+
+team_test_options()
+{
+ # Wrong option name behavior.
+ team_test_get_option_fails fake_option1
+ team_test_get_option_fails fake_option2 "${MEMBER_PORT}"
+
+ # Correct set and get behavior.
+ team_test_option mode activebackup loadbalance
+ team_test_option notify_peers_count 0 5
+ team_test_option notify_peers_interval 0 5
+ team_test_option mcast_rejoin_count 0 5
+ team_test_option mcast_rejoin_interval 0 5
+ team_test_option enabled true false "${MEMBER_PORT}"
+ team_test_option user_linkup true false "${MEMBER_PORT}"
+ team_test_option user_linkup_enabled true false "${MEMBER_PORT}"
+ team_test_option priority 10 20 "${MEMBER_PORT}"
+ team_test_option queue_id 0 1 "${MEMBER_PORT}"
+}
+
+require_command teamnl
+setup
+tests_run
+exit "${EXIT_STATUS}"
--
2.51.0.338.gd7d06c2dae-goog
1 week, 3 days
- 2
- 2
[PATCH net-next 10/10] selftests: forwarding: Add test for BR_BOOLOPT_FDB_LOCAL_VLAN_0
by Petr Machata
Add a selftest to check the operation of this newly-introduced bridge
option.
Signed-off-by: Petr Machata <petrm(a)nvidia.com>
---
Notes:
CC: Shuah Khan <shuah(a)kernel.org>
CC: linux-kselftest(a)vger.kernel.org
.../testing/selftests/net/forwarding/Makefile | 1 +
.../net/forwarding/bridge_fdb_local_vlan_0.sh | 374 ++++++++++++++++++
2 files changed, 375 insertions(+)
create mode 100755 tools/testing/selftests/net/forwarding/bridge_fdb_local_vlan_0.sh
diff --git a/tools/testing/selftests/net/forwarding/Makefile b/tools/testing/selftests/net/forwarding/Makefile
index 0a0d4c2a85f7..e6f482a600da 100644
--- a/tools/testing/selftests/net/forwarding/Makefile
+++ b/tools/testing/selftests/net/forwarding/Makefile
@@ -5,6 +5,7 @@ TEST_PROGS = \
bridge_fdb_learning_limit.sh \
bridge_igmp.sh \
bridge_locked_port.sh \
+ bridge_fdb_local_vlan_0.sh \
bridge_mdb.sh \
bridge_mdb_host.sh \
bridge_mdb_max.sh \
diff --git a/tools/testing/selftests/net/forwarding/bridge_fdb_local_vlan_0.sh b/tools/testing/selftests/net/forwarding/bridge_fdb_local_vlan_0.sh
new file mode 100755
index 000000000000..5a0b43aff5aa
--- /dev/null
+++ b/tools/testing/selftests/net/forwarding/bridge_fdb_local_vlan_0.sh
@@ -0,0 +1,374 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+
+# +-----------------------+ +-----------------------+ +-----------------------+
+# | H1 (vrf) | | H2 (vrf) | | H3 (vrf) |
+# | + $h1 | | + $h2 | | + $h3 |
+# | | 192.0.2.1/28 | | | 192.0.2.2/28 | | | 192.0.2.18/28 |
+# | | 2001:db8:1::1/64 | | | 2001:db8:1::2/64 | | | 2001:db8:2::2/64 |
+# | | | | | | | | |
+# +----|------------------+ +----|------------------+ +----|------------------+
+# | | |
+# +----|-------------------------|-------------------------|------------------+
+# | +--|-------------------------|------------------+ | |
+# | | + $swp1 + $swp2 | + $swp3 |
+# | | | 192.0.2.17/28 |
+# | | BR1 (802.1q) | 2001:db8:2::1/64 |
+# | | 192.0.2.3/28 | |
+# | | 2001:db8:1::3/64 | |
+# | +-----------------------------------------------+ SW |
+# +---------------------------------------------------------------------------+
+#
+#shellcheck disable=SC2317 # SC doesn't see our uses of functions.
+#shellcheck disable=SC2034 # ... and global variables
+
+ALL_TESTS="
+ test_d_no_sharing
+ test_d_sharing
+ test_q_no_sharing
+ test_q_sharing
+"
+
+NUM_NETIFS=6
+source lib.sh
+
+pMAC=00:11:22:33:44:55
+bMAC=00:11:22:33:44:66
+mMAC=00:11:22:33:44:77
+xMAC=00:11:22:33:44:88
+
+host_create()
+{
+ local h=$1; shift
+ local ipv4=$1; shift
+ local ipv6=$1; shift
+
+ simple_if_init "$h" "$ipv4" "$ipv6"
+ defer simple_if_fini "$h" "$ipv4" "$ipv6"
+
+ ip_route_add vrf "v$h" 192.0.2.16/28 nexthop via 192.0.2.3
+ ip_route_add vrf "v$h" 2001:db8:2::/64 nexthop via 2001:db8:1::3
+}
+
+h3_create()
+{
+ simple_if_init "$h3" 192.0.2.18/28 2001:db8:2::2/64
+ defer simple_if_fini "$h3" 192.0.2.18/28 2001:db8:2::2/64
+
+ ip_route_add vrf "v$h3" 192.0.2.0/28 nexthop via 192.0.2.17
+ ip_route_add vrf "v$h3" 2001:db8:1::/64 nexthop via 2001:db8:2::1
+
+ tc qdisc add dev "$h3" clsact
+ defer tc qdisc del dev "$h3" clsact
+
+ tc filter add dev "$h3" ingress proto ip pref 104 \
+ flower skip_hw ip_proto udp dst_port 4096 \
+ action pass
+ defer tc filter del dev "$h3" ingress proto ip pref 104
+
+ tc qdisc add dev "$h2" clsact
+ defer tc qdisc del dev "$h2" clsact
+
+ tc filter add dev "$h2" ingress proto ip pref 104 \
+ flower skip_hw ip_proto udp dst_port 4096 \
+ action pass
+ defer tc filter del dev "$h2" ingress proto ip pref 104
+}
+
+switch_create()
+{
+ ip_link_set_up "$swp1"
+
+ ip_link_set_up "$swp2"
+
+ ip_addr_add "$swp3" 192.0.2.17/28
+ ip_addr_add "$swp3" 2001:db8:2::1/64
+ ip_link_set_up "$swp3"
+}
+
+setup_prepare()
+{
+ h1=${NETIFS[p1]}
+ swp1=${NETIFS[p2]}
+
+ swp2=${NETIFS[p3]}
+ h2=${NETIFS[p4]}
+
+ swp3=${NETIFS[p5]}
+ h3=${NETIFS[p6]}
+
+ vrf_prepare
+ defer vrf_cleanup
+
+ forwarding_enable
+ defer forwarding_restore
+
+ host_create "$h1" 192.0.2.1/28 2001:db8:1::1/64
+ host_create "$h2" 192.0.2.2/28 2001:db8:1::2/64
+ h3_create
+
+ switch_create
+}
+
+adf_bridge_create()
+{
+ local dev
+ local mac
+
+ ip_link_add br up type bridge vlan_default_pvid 0 "$@"
+ mac=$(mac_get br)
+ ip_addr_add br 192.0.2.3/28
+ ip_addr_add br 2001:db8:1::3/64
+
+ bridge_vlan_add dev br vid 1 pvid untagged self
+ bridge_vlan_add dev br vid 2 self
+ bridge_vlan_add dev br vid 3 self
+
+ for dev in "$swp1" "$swp2"; do
+ ip_link_set_master "$dev" br
+ bridge_vlan_add dev "$dev" vid 1 pvid untagged
+ bridge_vlan_add dev "$dev" vid 2
+ bridge_vlan_add dev "$dev" vid 3
+ done
+
+ ip_link_set_addr br "$mac"
+}
+
+check_fdb_local_vlan_0_support()
+{
+ if ip_link_add XXbr up type bridge vlan_filtering 1 fdb_local_vlan_0 1 \
+ &>/dev/null; then
+ return 0
+ fi
+
+ log_test_skip "FDB sharing" \
+ "iproute 2 or the kernel do not support fdb_local_vlan_0"
+}
+
+check_mac_presence()
+{
+ local should_fail=$1; shift
+ local dev=$1; shift
+ local vlan=$1; shift
+ local mac
+
+ mac=$(mac_get "$dev")
+
+ if ((vlan == 0)); then
+ vlan=null
+ fi
+
+ bridge -j fdb show dev "$dev" |
+ jq -e --arg mac "$mac" --argjson vlan "$vlan" \
+ '.[] | select(.mac == $mac) | select(.vlan == $vlan)' > /dev/null
+ check_err_fail "$should_fail" $? "FDB dev $dev vid $vlan addr $mac exists"
+}
+
+do_sharing_test()
+{
+ local should_fail=$1; shift
+ local what=$1; shift
+ local dev
+
+ RET=0
+
+ for dev in "$swp1" "$swp2" br; do
+ check_mac_presence 0 "$dev" 0
+ check_mac_presence "$should_fail" "$dev" 1
+ check_mac_presence "$should_fail" "$dev" 2
+ check_mac_presence "$should_fail" "$dev" 3
+ done
+
+ log_test "$what"
+}
+
+do_end_to_end_test()
+{
+ local mac=$1; shift
+ local what=$1; shift
+ local probe_dev=${1-$h3}; shift
+ local expect=${1-10}; shift
+
+ local t0
+ local t1
+ local dd
+
+ RET=0
+
+ # In mausezahn, use $dev MAC as the destination MAC. In the MAC sharing
+ # context, that will cause an FDB miss on VLAN 1 and prompt a second
+ # lookup in VLAN 0.
+
+ t0=$(tc_rule_stats_get "$probe_dev" 104 ingress)
+
+ $MZ "$h1" -c 10 -p 64 -a own -b "$mac" \
+ -A 192.0.2.1 -B 192.0.2.18 -t udp "dp=4096,sp=2048" -q
+ sleep 1
+
+ t1=$(tc_rule_stats_get "$probe_dev" 104 ingress)
+ dd=$((t1 - t0))
+
+ ((dd == expect))
+ check_err $? "Expected $expect packets on $probe_dev got $dd"
+
+ log_test "$what"
+}
+
+do_tests()
+{
+ local should_fail=$1; shift
+ local what=$1; shift
+ local swp1_mac
+ local br_mac
+
+ swp1_mac=$(mac_get "$swp1")
+ br_mac=$(mac_get br)
+
+ do_sharing_test "$should_fail" "$what"
+ do_end_to_end_test "$swp1_mac" "$what: end to end, $swp1 MAC"
+ do_end_to_end_test "$br_mac" "$what: end to end, br MAC"
+}
+
+bridge_standard()
+{
+ local vlan_filtering=$1; shift
+
+ if ((vlan_filtering)); then
+ echo 802.1q
+ else
+ echo 802.1d
+ fi
+}
+
+nonexistent_fdb_test()
+{
+ local vlan_filtering=$1; shift
+ local standard
+
+ standard=$(bridge_standard "$vlan_filtering")
+
+ # We expect flooding, so $h2 should get the traffic.
+ do_end_to_end_test "$xMAC" "$standard: Nonexistent FDB" "$h2"
+}
+
+misleading_fdb_test()
+{
+ local vlan_filtering=$1; shift
+ local standard
+
+ standard=$(bridge_standard "$vlan_filtering")
+
+ defer_scope_push
+ # Add an FDB entry on VLAN 0. The lookup on VLAN-aware bridge
+ # shouldn't pick this up even with fdb_local_vlan_0 enabled, so
+ # the traffic should be flooded. This all holds on
+ # vlan_filtering bridge, on non-vlan_filtering one the FDB entry
+ # is expected to be found as usual, no flooding takes place.
+ #
+ # Adding only on VLAN 0 is a bit tricky, because bridge is
+ # trying to be nice and interprets the request as if the FDB
+ # should be added on each VLAN.
+
+ bridge fdb add "$mMAC" dev "$swp1" master
+ bridge fdb del "$mMAC" dev "$swp1" vlan 1 master
+ bridge fdb del "$mMAC" dev "$swp1" vlan 2 master
+ bridge fdb del "$mMAC" dev "$swp1" vlan 3 master
+
+ local expect=$((vlan_filtering ? 10 : 0))
+ do_end_to_end_test "$mMAC" \
+ "$standard: Lookup of non-local MAC on VLAN 0" \
+ "$h2" "$expect"
+ defer_scope_pop
+}
+
+change_mac()
+{
+ local dev=$1; shift
+ local mac=$1; shift
+ local cur_mac
+
+ cur_mac=$(mac_get "$dev")
+
+ log_info "Change $dev MAC $cur_mac -> $mac"
+ ip_link_set_addr "$dev" "$mac"
+ defer log_info "Change $dev MAC back"
+}
+
+do_test_no_sharing()
+{
+ local vlan_filtering=$1; shift
+ local standard
+
+ standard=$(bridge_standard "$vlan_filtering")
+
+ adf_bridge_create vlan_filtering "$vlan_filtering"
+ setup_wait
+
+ do_tests 0 "$standard, no FDB sharing"
+
+ change_mac "$swp1" "$pMAC"
+ change_mac br "$bMAC"
+
+ do_tests 0 "$standard, no FDB sharing after MAC change"
+
+ in_defer_scope check_fdb_local_vlan_0_support || return
+
+ log_info "Set fdb_local_vlan_0=1"
+ ip link set dev br type bridge fdb_local_vlan_0 1
+
+ do_tests 1 "$standard, fdb sharing after toggle"
+}
+
+do_test_sharing()
+{
+ local vlan_filtering=$1; shift
+ local standard
+
+ standard=$(bridge_standard "$vlan_filtering")
+
+ in_defer_scope check_fdb_local_vlan_0_support || return
+
+ adf_bridge_create vlan_filtering "$vlan_filtering" fdb_local_vlan_0 1
+ setup_wait
+
+ do_tests 1 "$standard, FDB sharing"
+
+ nonexistent_fdb_test "$vlan_filtering"
+ misleading_fdb_test "$vlan_filtering"
+
+ change_mac "$swp1" "$pMAC"
+ change_mac br "$bMAC"
+
+ do_tests 1 "$standard, FDB sharing after MAC change"
+
+ log_info "Set fdb_local_vlan_0=0"
+ ip link set dev br type bridge fdb_local_vlan_0 0
+
+ do_tests 0 "$standard, No FDB sharing after toggle"
+}
+
+test_d_no_sharing()
+{
+ do_test_no_sharing 0
+}
+
+test_d_sharing()
+{
+ do_test_sharing 0
+}
+
+test_q_no_sharing()
+{
+ do_test_no_sharing 1
+}
+
+test_q_sharing()
+{
+ do_test_sharing 1
+}
+
+
+trap cleanup EXIT
+
+setup_prepare
+tests_run
--
2.49.0
1 week, 3 days
- 1
- 0
[PATCH net-next 09/10] selftests: net: lib.sh: Don't defer failed commands
by Petr Machata
Usually the autodefer helpers in lib.sh are expected to be run in context
where success is the expected outcome. However when using them for feature
detection, failure can legitimately occur. But the failed command still
schedules a cleanup, which will likely fail again.
Instead, only schedule deferred cleanup when the positive command succeeds.
This way of organizing the cleanup has the added benefit that now the
return code from these functions reflects whether the command passed.
Signed-off-by: Petr Machata <petrm(a)nvidia.com>
---
Notes:
CC: Shuah Khan <shuah(a)kernel.org>
CC: linux-kselftest(a)vger.kernel.org
tools/testing/selftests/net/lib.sh | 32 +++++++++++++++---------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/tools/testing/selftests/net/lib.sh b/tools/testing/selftests/net/lib.sh
index c7add0dc4c60..80cf1a75136c 100644
--- a/tools/testing/selftests/net/lib.sh
+++ b/tools/testing/selftests/net/lib.sh
@@ -547,8 +547,8 @@ ip_link_add()
{
local name=$1; shift
- ip link add name "$name" "$@"
- defer ip link del dev "$name"
+ ip link add name "$name" "$@" && \
+ defer ip link del dev "$name"
}
ip_link_set_master()
@@ -556,8 +556,8 @@ ip_link_set_master()
local member=$1; shift
local master=$1; shift
- ip link set dev "$member" master "$master"
- defer ip link set dev "$member" nomaster
+ ip link set dev "$member" master "$master" && \
+ defer ip link set dev "$member" nomaster
}
ip_link_set_addr()
@@ -566,8 +566,8 @@ ip_link_set_addr()
local addr=$1; shift
local old_addr=$(mac_get "$name")
- ip link set dev "$name" address "$addr"
- defer ip link set dev "$name" address "$old_addr"
+ ip link set dev "$name" address "$addr" && \
+ defer ip link set dev "$name" address "$old_addr"
}
ip_link_has_flag()
@@ -590,8 +590,8 @@ ip_link_set_up()
local name=$1; shift
if ! ip_link_is_up "$name"; then
- ip link set dev "$name" up
- defer ip link set dev "$name" down
+ ip link set dev "$name" up && \
+ defer ip link set dev "$name" down
fi
}
@@ -600,8 +600,8 @@ ip_link_set_down()
local name=$1; shift
if ip_link_is_up "$name"; then
- ip link set dev "$name" down
- defer ip link set dev "$name" up
+ ip link set dev "$name" down && \
+ defer ip link set dev "$name" up
fi
}
@@ -609,20 +609,20 @@ ip_addr_add()
{
local name=$1; shift
- ip addr add dev "$name" "$@"
- defer ip addr del dev "$name" "$@"
+ ip addr add dev "$name" "$@" && \
+ defer ip addr del dev "$name" "$@"
}
ip_route_add()
{
- ip route add "$@"
- defer ip route del "$@"
+ ip route add "$@" && \
+ defer ip route del "$@"
}
bridge_vlan_add()
{
- bridge vlan add "$@"
- defer bridge vlan del "$@"
+ bridge vlan add "$@" && \
+ defer bridge vlan del "$@"
}
wait_local_port_listen()
--
2.49.0
1 week, 3 days
- 1
- 0
[PATCH net-next 08/10] selftests: defer: Introduce DEFER_PAUSE_ON_FAIL
by Petr Machata
The fact that all cleanup (ideally) goes through the defer framework makes
debugging of these commands a bit tricky. However, this also gives us a
nice point to place a hook along the lines of PAUSE_ON_FAIL. When the
environment variable DEFER_PAUSE_ON_FAIL is set, and a cleanup command
results in non-zero exit status, show a bit of debuginfo and give the user
an opportunity to interrupt the execution altogether.
Signed-off-by: Petr Machata <petrm(a)nvidia.com>
---
Notes:
CC: Shuah Khan <shuah(a)kernel.org>
CC: linux-kselftest(a)vger.kernel.org
tools/testing/selftests/net/lib/sh/defer.sh | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/tools/testing/selftests/net/lib/sh/defer.sh b/tools/testing/selftests/net/lib/sh/defer.sh
index 6c642f3d0ced..47ab78c4d465 100644
--- a/tools/testing/selftests/net/lib/sh/defer.sh
+++ b/tools/testing/selftests/net/lib/sh/defer.sh
@@ -1,6 +1,10 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
+# Whether to pause and allow debugging when an executed deferred command has a
+# non-zero exit code.
+: "${DEFER_PAUSE_ON_FAIL:=no}"
+
# map[(scope_id,track,cleanup_id) -> cleanup_command]
# track={d=default | p=priority}
declare -A __DEFER__JOBS
@@ -38,8 +42,20 @@ __defer__run()
local track=$1; shift
local defer_ix=$1; shift
local defer_key=$(__defer__defer_key $track $defer_ix)
+ local ret
eval ${__DEFER__JOBS[$defer_key]}
+ ret=$?
+
+ if [[ "$DEFER_PAUSE_ON_FAIL" == yes && "$ret" -ne 0 ]]; then
+ echo "Deferred command (track $track index $defer_ix):"
+ echo " ${__DEFER__JOBS[$defer_key]}"
+ echo "... ended with an exit status of $ret"
+ echo "Hit enter to continue, 'q' to quit"
+ read a
+ [[ "$a" == q ]] && exit 1
+ fi
+
unset __DEFER__JOBS[$defer_key]
}
--
2.49.0
1 week, 3 days
- 1
- 0
[PATCH net-next 07/10] selftests: defer: Allow spaces in arguments of deferred commands
by Petr Machata
Currently the way deferred commands are stored and invoked causes any
whitespace to act as an argument separator when the command is executed.
To make it possible to use spaces in deferred commands, store the commands
quoted, and then eval the string prior to execution.
Fixes: a6e263f125cd ("selftests: net: lib: Introduce deferred commands")
Signed-off-by: Petr Machata <petrm(a)nvidia.com>
---
Notes:
CC: Shuah Khan <shuah(a)kernel.org>
CC: linux-kselftest(a)vger.kernel.org
tools/testing/selftests/net/lib/sh/defer.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/net/lib/sh/defer.sh b/tools/testing/selftests/net/lib/sh/defer.sh
index 082f5d38321b..6c642f3d0ced 100644
--- a/tools/testing/selftests/net/lib/sh/defer.sh
+++ b/tools/testing/selftests/net/lib/sh/defer.sh
@@ -39,7 +39,7 @@ __defer__run()
local defer_ix=$1; shift
local defer_key=$(__defer__defer_key $track $defer_ix)
- ${__DEFER__JOBS[$defer_key]}
+ eval ${__DEFER__JOBS[$defer_key]}
unset __DEFER__JOBS[$defer_key]
}
@@ -49,7 +49,7 @@ __defer__schedule()
local ndefers=$(__defer__ndefers $track)
local ndefers_key=$(__defer__ndefer_key $track)
local defer_key=$(__defer__defer_key $track $ndefers)
- local defer="$@"
+ local defer="${@@Q}"
__DEFER__JOBS[$defer_key]="$defer"
__DEFER__NJOBS[$ndefers_key]=$((ndefers + 1))
--
2.49.0
1 week, 3 days
- 1
- 0
[PATCH net-next v5 0/9] vsock: add namespace support to vhost-vsock
by Bobby Eshleman
This series adds namespace support to vhost-vsock and loopback. It does
not add namespaces to any of the other guest transports (virtio-vsock,
hyperv, or vmci).
The current revision only supports two modes: local or global. Local
mode is complete isolation of namespaces, while global mode is complete
sharing between namespaces of CIDs (the original behavior).
The mode is set using /proc/sys/net/vsock/ns_mode.
Modes are per-netns and write-once. This allows a system to configure
namespaces independently (some may share CIDs, others are completely
isolated). This also supports future possible mixed use cases, where
there may be namespaces in global mode spinning up VMs while there are
mixed mode namespaces that provide services to the VMs, but are not
allowed to allocate from the global CID pool.
Additionally, added tests for the new semantics:
tools/testing/selftests/vsock/vmtest.sh
1..22
ok 1 vm_server_host_client
ok 2 vm_client_host_server
ok 3 vm_loopback
ok 4 host_vsock_ns_mode_ok
ok 5 host_vsock_ns_mode_write_once_ok
ok 6 global_same_cid_fails
ok 7 local_same_cid_ok
ok 8 global_local_same_cid_ok
ok 9 local_global_same_cid_ok
ok 10 diff_ns_global_host_connect_to_global_vm_ok
ok 11 diff_ns_global_host_connect_to_local_vm_fails
ok 12 diff_ns_global_vm_connect_to_global_host_ok
ok 13 diff_ns_global_vm_connect_to_local_host_fails
ok 14 diff_ns_local_host_connect_to_local_vm_fails
ok 15 diff_ns_local_vm_connect_to_local_host_fails
ok 16 diff_ns_global_to_local_loopback_local_fails
ok 17 diff_ns_local_to_global_loopback_fails
ok 18 diff_ns_local_to_local_loopback_fails
ok 19 diff_ns_global_to_global_loopback_ok
ok 20 same_ns_local_loopback_ok
ok 21 same_ns_local_host_connect_to_local_vm_ok
ok 22 same_ns_local_vm_connect_to_local_host_ok
SUMMARY: PASS=22 SKIP=0 FAIL=0
Log: /tmp/vsock_vmtest_OQC4.log
Thanks again for everyone's help and reviews!
Signed-off-by: Bobby Eshleman <bobbyeshleman(a)gmail.com>
To: Stefano Garzarella <sgarzare(a)redhat.com>
To: Shuah Khan <shuah(a)kernel.org>
To: David S. Miller <davem(a)davemloft.net>
To: Eric Dumazet <edumazet(a)google.com>
To: Jakub Kicinski <kuba(a)kernel.org>
To: Paolo Abeni <pabeni(a)redhat.com>
To: Simon Horman <horms(a)kernel.org>
To: Stefan Hajnoczi <stefanha(a)redhat.com>
To: Michael S. Tsirkin <mst(a)redhat.com>
To: Jason Wang <jasowang(a)redhat.com>
To: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com>
To: Eugenio Pérez <eperezma(a)redhat.com>
To: K. Y. Srinivasan <kys(a)microsoft.com>
To: Haiyang Zhang <haiyangz(a)microsoft.com>
To: Wei Liu <wei.liu(a)kernel.org>
To: Dexuan Cui <decui(a)microsoft.com>
To: Bryan Tan <bryan-bt.tan(a)broadcom.com>
To: Vishnu Dasa <vishnu.dasa(a)broadcom.com>
To: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com>
Cc: virtualization(a)lists.linux.dev
Cc: netdev(a)vger.kernel.org
Cc: linux-kselftest(a)vger.kernel.org
Cc: linux-kernel(a)vger.kernel.org
Cc: kvm(a)vger.kernel.org
Cc: linux-hyperv(a)vger.kernel.org
Cc: berrange(a)redhat.com
Changes in v5:
- /proc/net/vsock_ns_mode -> /proc/sys/net/vsock/ns_mode
- vsock_global_net -> vsock_global_dummy_net
- fix netns lookup in vhost_vsock to respect pid namespaces
- add callbacks for vsock_loopback to avoid circular dependency
- vmtest.sh loads vsock_loopback module
- remove vsock_net_mode_can_set()
- change vsock_net_write_mode() to return true/false based on success
- make vsock_net_mode enum instead of u8
- Link to v4: https://lore.kernel.org/r/20250805-vsock-vmtest-v4-0-059ec51ab111@meta.com
Changes in v4:
- removed RFC tag
- implemented loopback support
- renamed new tests to better reflect behavior
- completed suite of tests with permutations of ns modes and vsock_test
as guest/host
- simplified socat bridging with unix socket instead of tcp + veth
- only use vsock_test for success case, socat for failure case (context
in commit message)
- lots of cleanup
Changes in v3:
- add notion of "modes"
- add procfs /proc/net/vsock_ns_mode
- local and global modes only
- no /dev/vhost-vsock-netns
- vmtest.sh already merged, so new patch just adds new tests for NS
- Link to v2:
https://lore.kernel.org/kvm/20250312-vsock-netns-v2-0-84bffa1aa97a@gmail.com
Changes in v2:
- only support vhost-vsock namespaces
- all g2h namespaces retain old behavior, only common API changes
impacted by vhost-vsock changes
- add /dev/vhost-vsock-netns for "opt-in"
- leave /dev/vhost-vsock to old behavior
- removed netns module param
- Link to v1:
https://lore.kernel.org/r/20200116172428.311437-1-sgarzare@redhat.com
Changes in v1:
- added 'netns' module param to vsock.ko to enable the
network namespace support (disabled by default)
- added 'vsock_net_eq()' to check the "net" assigned to a socket
only when 'netns' support is enabled
- Link to RFC: https://patchwork.ozlabs.org/cover/1202235/
---
Bobby Eshleman (9):
vsock: a per-net vsock NS mode state
vsock: add net to vsock skb cb
vsock: add netns to vsock core
vsock/loopback: add netns support
vsock/virtio: add netns to virtio transport common
vhost/vsock: add netns support
selftests/vsock: improve logging in vmtest.sh
selftests/vsock: invoke vsock_test through helpers
selftests/vsock: add namespace tests
MAINTAINERS | 1 +
drivers/vhost/vsock.c | 30 +-
include/linux/virtio_vsock.h | 12 +
include/net/af_vsock.h | 89 ++-
include/net/net_namespace.h | 4 +
include/net/netns/vsock.h | 25 +
net/vmw_vsock/af_vsock.c | 312 ++++++++-
net/vmw_vsock/hyperv_transport.c | 2 +-
net/vmw_vsock/virtio_transport.c | 5 +-
net/vmw_vsock/virtio_transport_common.c | 14 +-
net/vmw_vsock/vmci_transport.c | 4 +-
net/vmw_vsock/vsock_loopback.c | 76 ++-
tools/testing/selftests/vsock/vmtest.sh | 1092 ++++++++++++++++++++++++++-----
13 files changed, 1475 insertions(+), 191 deletions(-)
---
base-commit: 242041164339594ca019481d54b4f68a7aaff64e
change-id: 20250325-vsock-vmtest-b3a21d2102c2
Best regards,
--
Bobby Eshleman <bobbyeshleman(a)meta.com>
1 week, 3 days
- 3
- 18
[PATCH bpf-next v4 1/2] bpf: add bpf_strcasecmp kfunc
by Rong Tao
From: Rong Tao <rongtao(a)cestc.cn>
bpf_strcasecmp() function performs same like bpf_strcmp() except ignoring
the case of the characters.
Signed-off-by: Rong Tao <rongtao(a)cestc.cn>
---
kernel/bpf/helpers.c | 68 +++++++++++++++++++++++++++++++-------------
1 file changed, 48 insertions(+), 20 deletions(-)
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 401b4932cc49..588bc7e36436 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -3349,45 +3349,72 @@ __bpf_kfunc void __bpf_trap(void)
* __get_kernel_nofault instead of plain dereference to make them safe.
*/
-/**
- * bpf_strcmp - Compare two strings
- * @s1__ign: One string
- * @s2__ign: Another string
- *
- * Return:
- * * %0 - Strings are equal
- * * %-1 - @s1__ign is smaller
- * * %1 - @s2__ign is smaller
- * * %-EFAULT - Cannot read one of the strings
- * * %-E2BIG - One of strings is too large
- * * %-ERANGE - One of strings is outside of kernel address space
- */
-__bpf_kfunc int bpf_strcmp(const char *s1__ign, const char *s2__ign)
+static int __bpf_strcasecmp(const char *s1, const char *s2, bool ignore_case)
{
char c1, c2;
int i;
- if (!copy_from_kernel_nofault_allowed(s1__ign, 1) ||
- !copy_from_kernel_nofault_allowed(s2__ign, 1)) {
+ if (!copy_from_kernel_nofault_allowed(s1, 1) ||
+ !copy_from_kernel_nofault_allowed(s2, 1)) {
return -ERANGE;
}
guard(pagefault)();
for (i = 0; i < XATTR_SIZE_MAX; i++) {
- __get_kernel_nofault(&c1, s1__ign, char, err_out);
- __get_kernel_nofault(&c2, s2__ign, char, err_out);
+ __get_kernel_nofault(&c1, s1, char, err_out);
+ __get_kernel_nofault(&c2, s2, char, err_out);
+ if (ignore_case) {
+ c1 = tolower(c1);
+ c2 = tolower(c2);
+ }
if (c1 != c2)
return c1 < c2 ? -1 : 1;
if (c1 == '\0')
return 0;
- s1__ign++;
- s2__ign++;
+ s1++;
+ s2++;
}
return -E2BIG;
err_out:
return -EFAULT;
}
+/**
+ * bpf_strcmp - Compare two strings
+ * @s1__ign: One string
+ * @s2__ign: Another string
+ *
+ * Return:
+ * * %0 - Strings are equal
+ * * %-1 - @s1__ign is smaller
+ * * %1 - @s2__ign is smaller
+ * * %-EFAULT - Cannot read one of the strings
+ * * %-E2BIG - One of strings is too large
+ * * %-ERANGE - One of strings is outside of kernel address space
+ */
+__bpf_kfunc int bpf_strcmp(const char *s1__ign, const char *s2__ign)
+{
+ return __bpf_strcasecmp(s1__ign, s2__ign, false);
+}
+
+/**
+ * bpf_strcasecmp - Compare two strings, ignoring the case of the characters
+ * @s1__ign: One string
+ * @s2__ign: Another string
+ *
+ * Return:
+ * * %0 - Strings are equal
+ * * %-1 - @s1__ign is smaller
+ * * %1 - @s2__ign is smaller
+ * * %-EFAULT - Cannot read one of the strings
+ * * %-E2BIG - One of strings is too large
+ * * %-ERANGE - One of strings is outside of kernel address space
+ */
+__bpf_kfunc int bpf_strcasecmp(const char *s1__ign, const char *s2__ign)
+{
+ return __bpf_strcasecmp(s1__ign, s2__ign, true);
+}
+
/**
* bpf_strnchr - Find a character in a length limited string
* @s__ign: The string to be searched
@@ -3832,6 +3859,7 @@ BTF_ID_FLAGS(func, bpf_iter_dmabuf_destroy, KF_ITER_DESTROY | KF_SLEEPABLE)
#endif
BTF_ID_FLAGS(func, __bpf_trap)
BTF_ID_FLAGS(func, bpf_strcmp);
+BTF_ID_FLAGS(func, bpf_strcasecmp);
BTF_ID_FLAGS(func, bpf_strchr);
BTF_ID_FLAGS(func, bpf_strchrnul);
BTF_ID_FLAGS(func, bpf_strnchr);
--
2.51.0
1 week, 3 days
- 4
- 3
[PATCH RESEND bpf-next v3 0/3] selftests/bpf: benchmark all symbols for kprobe-multi
by Menglong Dong
Add the benchmark testcase "kprobe-multi-all", which will hook all the
kernel functions during the testing.
This series is separated out from [1].
Changes since V2:
* add some comment to attach_ksyms_all, which notes that don't run the
testing on a debug kernel
Changes since V1:
* introduce trace_blacklist instead of copy-pasting strcmp in the 2nd
patch
* use fprintf() instead of printf() in 3rd patch
Link: https://lore.kernel.org/bpf/20250817024607.296117-1-dongml2@chinatelecom.cn/ [1]
Menglong Dong (3):
selftests/bpf: move get_ksyms and get_addrs to trace_helpers.c
selftests/bpf: skip recursive functions for kprobe_multi
selftests/bpf: add benchmark testing for kprobe-multi-all
tools/testing/selftests/bpf/bench.c | 4 +
.../selftests/bpf/benchs/bench_trigger.c | 61 +++++
.../selftests/bpf/benchs/run_bench_trigger.sh | 4 +-
.../bpf/prog_tests/kprobe_multi_test.c | 220 +---------------
.../selftests/bpf/progs/trigger_bench.c | 12 +
tools/testing/selftests/bpf/trace_helpers.c | 234 ++++++++++++++++++
tools/testing/selftests/bpf/trace_helpers.h | 3 +
7 files changed, 319 insertions(+), 219 deletions(-)
--
2.51.0
1 week, 3 days
- 2
- 4
[PATCH 0/2] Fix va_high_addr_switch.sh test failure
by Chunyu Hu
The two patches fix the va_high_addr_switch.sh test failure on x86_64.
Patch 1 fixes the hugepages setup issue that nr_hugepages is reset too
early in run_vmtests.sh and break the later va_high_addr_switch testing.
Patch 2 fixes the test failure caused by the hint addr align method change
in hugetlb_get_unmapped_area().
Chunyu Hu (2):
selftests/mm: fix hugepages cleanup too early
selftests/mm: fix va_high_addr_switch.sh failure on x86_64
tools/testing/selftests/mm/run_vmtests.sh | 9 +++++++--
tools/testing/selftests/mm/va_high_addr_switch.c | 4 ++--
2 files changed, 9 insertions(+), 4 deletions(-)
--
2.49.0
1 week, 3 days
- 2
- 5
[PATCH bpf-next v3 00/14] selftests/bpf: Integrate test_xsk.c to test_progs framework
by Bastien Curutchet (eBPF Foundation)
Hi all,
This is a second version of a series I sent some time ago, it continues
the work of migrating the script tests into prog_tests.
The test_xsk.sh script covers many AF_XDP use cases. The tests it runs
are defined in xksxceiver.c. Since this script is used to test real
hardware, the goal here is to leave it as it is, and only integrate the
tests that run on veth peers into the test_progs framework.
Some tests are flaky so they can't be integrated in the CI as they are.
I think that fixing their flakyness would require a significant amount of
work. So, as first step, I've excluded them from the list of tests
migrated to the CI (see PATCH 13). If these tests get fixed at some
point, integrating them into the CI will be straightforward.
PATCH 1 extracts test_xsk[.c/.h] from xskxceiver[.c/.h] to make the
tests available to test_progs.
PATCH 2 to 5 fix small issues in the current test
PATCH 7 to 12 handle all errors to release resources instead of calling
exit() when any error occurs.
PATCH 13 isolates some flaky tests
PATCH 14 integrate the non-flaky tests to the test_progs framework
Maciej, I've fixed the bug you found in the initial series. I've
looked for any hardware able to run test_xsk.sh in my office, but I
couldn't find one ... So here again, only the veth part has been tested,
sorry about that.
Signed-off-by: Bastien Curutchet (eBPF Foundation) <bastien.curutchet(a)bootlin.com>
---
Changes in v3:
- Rebase on latest bpf-next_base to integrate commit c9110e6f7237 ("selftests/bpf:
Fix count write in testapp_xdp_metadata_copy()").
- Move XDP_METADATA_COPY_* tests from flaky-tests to nominal tests
- Link to v2: https://lore.kernel.org/r/20250902-xsk-v2-0-17c6345d5215@bootlin.com
Changes in v2:
- Rebase on the latest bpf-next_base and integrate the newly added tests
to the work (adjust_tail* and tx_queue_consumer tests)
- Re-order patches to split xkxceiver sooner.
- Fix the bug reported by Maciej.
- Fix verbose mode in test_xsk.sh by keeping kselftest (remove PATCH 1,
7 and 8)
- Link to v1: https://lore.kernel.org/r/20250313-xsk-v1-0-7374729a93b9@bootlin.com
---
Bastien Curutchet (eBPF Foundation) (14):
selftests/bpf: test_xsk: Split xskxceiver
selftests/bpf: test_xsk: Initialize bitmap before use
selftests/bpf: test_xsk: Fix memory leaks
selftests/bpf: test_xsk: Wrap test clean-up in functions
selftests/bpf: test_xsk: Release resources when swap fails
selftests/bpf: test_xsk: Add return value to init_iface()
selftests/bpf: test_xsk: Don't exit immediately when xsk_attach fails
selftests/bpf: test_xsk: Don't exit immediately when gettimeofday fails
selftests/bpf: test_xsk: Don't exit immediately when workers fail
selftests/bpf: test_xsk: Don't exit immediately if validate_traffic fails
selftests/bpf: test_xsk: Don't exit immediately on allocation failures
selftests/bpf: test_xsk: Move exit_with_error to xskxceiver.c
selftests/bpf: test_xsk: Isolate flaky tests
selftests/bpf: test_xsk: Integrate test_xsk.c to test_progs framework
tools/testing/selftests/bpf/Makefile | 11 +-
tools/testing/selftests/bpf/prog_tests/test_xsk.c | 2604 ++++++++++++++++++++
tools/testing/selftests/bpf/prog_tests/test_xsk.h | 294 +++
tools/testing/selftests/bpf/prog_tests/xsk.c | 146 ++
tools/testing/selftests/bpf/xskxceiver.c | 2685 +--------------------
tools/testing/selftests/bpf/xskxceiver.h | 156 --
6 files changed, 3170 insertions(+), 2726 deletions(-)
---
base-commit: e4e08c130231eb8071153ab5f056874d8f70430b
change-id: 20250218-xsk-0cf90e975d14
Best regards,
--
Bastien Curutchet (eBPF Foundation) <bastien.curutchet(a)bootlin.com>
1 week, 3 days
- 3
- 16
[PATCH] selftests/powerpc/pmu/: Add check_extended_reg_test to .gitignore
by Gopi Krishna Menon
Add the check_extended_reg_test binary to .gitignore to avoid accidentally
staging the build artifact.
Signed-off-by: Gopi Krishna Menon <krishnagopi487(a)gmail.com>
---
tools/testing/selftests/powerpc/pmu/sampling_tests/.gitignore | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/powerpc/pmu/sampling_tests/.gitignore b/tools/testing/selftests/powerpc/pmu/sampling_tests/.gitignore
index f93b4c7c3a8a..ea29228334e8 100644
--- a/tools/testing/selftests/powerpc/pmu/sampling_tests/.gitignore
+++ b/tools/testing/selftests/powerpc/pmu/sampling_tests/.gitignore
@@ -1,5 +1,6 @@
bhrb_filter_map_test
bhrb_no_crash_wo_pmu_test
+check_extended_reg_test
intr_regs_no_crash_wo_pmu_test
mmcr0_cc56run_test
mmcr0_exceptionbits_test
--
2.43.0
1 week, 3 days
- 1
- 0
[bpf-next v2 0/5] powerpc64/bpf: Add support for bpf arena and arena atomics
by Saket Kumar Bhaskar
This patch series introduces support for the PROBE_MEM32,
bpf_addr_space_cast and PROBE_ATOMIC instructions in the powerpc BPF JIT,
facilitating the implementation of BPF arena and arena atomics.
The last patch in the series has fix for arena spinlock selftest
failure.
All selftests related to bpf_arena, bpf_arena_atomic(except
load_acquire/store_release) enablement are passing:
# ./test_progs -t arena_list
#5/1 arena_list/arena_list_1:OK
#5/2 arena_list/arena_list_1000:OK
#5 arena_list:OK
Summary: 1/2 PASSED, 0 SKIPPED, 0 FAILED
# ./test_progs -t arena_htab
#4/1 arena_htab/arena_htab_llvm:OK
#4/2 arena_htab/arena_htab_asm:OK
#4 arena_htab:OK
Summary: 1/2 PASSED, 0 SKIPPED, 0 FAILED
# ./test_progs -t verifier_arena
#464/1 verifier_arena/basic_alloc1:OK
#464/2 verifier_arena/basic_alloc2:OK
#464/3 verifier_arena/basic_alloc3:OK
#464/4 verifier_arena/iter_maps1:OK
#464/5 verifier_arena/iter_maps2:OK
#464/6 verifier_arena/iter_maps3:OK
#464 verifier_arena:OK
#465/1 verifier_arena_large/big_alloc1:OK
#465/2 verifier_arena_large/big_alloc2:OK
#465 verifier_arena_large:OK
Summary: 2/8 PASSED, 0 SKIPPED, 0 FAILED
# ./test_progs -t arena_atomics
#3/1 arena_atomics/add:OK
#3/2 arena_atomics/sub:OK
#3/3 arena_atomics/and:OK
#3/4 arena_atomics/or:OK
#3/5 arena_atomics/xor:OK
#3/6 arena_atomics/cmpxchg:OK
#3/7 arena_atomics/xchg:OK
#3/8 arena_atomics/uaf:OK
#3/9 arena_atomics/load_acquire:SKIP
#3/10 arena_atomics/store_release:SKIP
#3 arena_atomics:OK (SKIP: 2/10)
Summary: 1/8 PASSED, 2 SKIPPED, 0 FAILED
All selftests related to arena_spin_lock are passing:
# ./test_progs -t arena_spin_lock
#6/1 arena_spin_lock/arena_spin_lock_1:OK
#6/2 arena_spin_lock/arena_spin_lock_1000:OK
#6/3 arena_spin_lock/arena_spin_lock_50000:OK
#6 arena_spin_lock:OK
Summary: 1/3 PASSED, 0 SKIPPED, 0 FAILED
Changes since v1:
Addressed comments from Chris:
* Squashed introduction of bpf_jit_emit_probe_mem_store() and its usage in
one patch.
* Defined and used PPC_RAW_RLDICL_DOT to avoid the CMPDI.
* Removed conditional statement for fixup[0] = PPC_RAW_LI(dst_reg, 0);
* Indicated this change is limited to powerpc64 in subject.
Addressed comments from Alexei:
* Removed skel->rodata->nr_cpus = get_nprocs() and its usage to get
currently online cpus(as it needs to be updated from userspace).
Saket Kumar Bhaskar (5):
powerpc64/bpf: Implement PROBE_MEM32 pseudo instructions
powerpc64/bpf: Implement bpf_addr_space_cast instruction
powerpc64/bpf: Introduce bpf_jit_emit_atomic_ops() to emit atomic
instructions
powerpc64/bpf: Implement PROBE_ATOMIC instructions
selftests/bpf: Fix arena_spin_lock selftest failure
arch/powerpc/include/asm/ppc-opcode.h | 1 +
arch/powerpc/net/bpf_jit.h | 6 +-
arch/powerpc/net/bpf_jit_comp.c | 32 +-
arch/powerpc/net/bpf_jit_comp32.c | 2 +-
arch/powerpc/net/bpf_jit_comp64.c | 401 +++++++++++++-----
.../bpf/prog_tests/arena_spin_lock.c | 13 +
.../selftests/bpf/progs/arena_spin_lock.c | 5 +-
7 files changed, 347 insertions(+), 113 deletions(-)
--
2.43.5
1 week, 3 days
- 3
- 10
[PATCH v3 0/3] KVM: riscv: selftests: Enable supported test cases
by dayss1224@gmail.com
From: Dong Yang <dayss1224(a)gmail.com>
Add supported KVM test cases and fix the compilation dependencies.
---
Changes in v3:
- Reorder patches to fix build dependencies
- Sort common supported test cases alphabetically
- Move ucall_common.h include from common header to specific source files
Changes in v2:
- Delete some repeat KVM test cases on riscv
- Add missing headers to fix the build for new RISC-V KVM selftests
Dong Yang (1):
KVM: riscv: selftests: Add missing headers for new testcases
Quan Zhou (2):
KVM: riscv: selftests: Use the existing RISCV_FENCE macro in
`rseq-riscv.h`
KVM: riscv: selftests: Add common supported test cases
tools/testing/selftests/kvm/Makefile.kvm | 6 ++++++
tools/testing/selftests/kvm/access_tracking_perf_test.c | 1 +
tools/testing/selftests/kvm/include/riscv/processor.h | 1 +
.../selftests/kvm/memslot_modification_stress_test.c | 1 +
tools/testing/selftests/kvm/memslot_perf_test.c | 1 +
tools/testing/selftests/rseq/rseq-riscv.h | 3 +--
6 files changed, 11 insertions(+), 2 deletions(-)
--
2.34.1
1 week, 4 days
- 4
- 6
[PATCH net-next] selftest: netcons: create a torture test
by Breno Leitao
Create a netconsole test that puts a lot of pressure on the netconsole
list manipulation. Do it by creating dynamic targets and deleting
targets while messages are being sent. Also put interface down while the
messages are being sent, as creating parallel targets.
The code launches three background jobs on distinct schedules:
* Toggle netcons target every 30 iterations
* create and delete random_target every 50 iterations
* toggle iface every 70 iterations
This creates multiple concurrency sources that interact with netconsole
states. This is good practice to simulate stress, and exercise netpoll
and netconsole locks.
This test already found an issue as reported in [1]
Link: https://lore.kernel.org/all/20250901-netpoll_memleak-v1-1-34a181977dfc@debi… [1]
Signed-off-by: Breno Leitao <leitao(a)debian.org>
---
tools/testing/selftests/drivers/net/Makefile | 1 +
.../selftests/drivers/net/netcons_torture.sh | 133 +++++++++++++++++++++
2 files changed, 134 insertions(+)
diff --git a/tools/testing/selftests/drivers/net/Makefile b/tools/testing/selftests/drivers/net/Makefile
index 984ece05f7f92..2b253b1ff4f38 100644
--- a/tools/testing/selftests/drivers/net/Makefile
+++ b/tools/testing/selftests/drivers/net/Makefile
@@ -17,6 +17,7 @@ TEST_PROGS := \
netcons_fragmented_msg.sh \
netcons_overflow.sh \
netcons_sysdata.sh \
+ netcons_torture.sh \
netpoll_basic.py \
ping.py \
queues.py \
diff --git a/tools/testing/selftests/drivers/net/netcons_torture.sh b/tools/testing/selftests/drivers/net/netcons_torture.sh
new file mode 100755
index 0000000000000..d41884c83cab3
--- /dev/null
+++ b/tools/testing/selftests/drivers/net/netcons_torture.sh
@@ -0,0 +1,133 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: GPL-2.0
+
+# Repeatedly send kernel messages, toggles netconsole targets on and off,
+# creates and deletes targets in parallel, and toggles the source interface to
+# simulate stress conditions.
+#
+# This test aims verify the robustness of netconsole under dynamic
+# configurations and concurrent operations.
+#
+# The major goal is to run this test with LOCKDEP, Kmemleak and KASAN to make
+# sure no issues is reported.
+#
+# Author: Breno Leitao <leitao(a)debian.org>
+
+set -euo pipefail
+
+SCRIPTDIR=$(dirname "$(readlink -e "${BASH_SOURCE[0]}")")
+
+source "${SCRIPTDIR}"/lib/sh/lib_netcons.sh
+
+# Number of times the main loop run
+ITERATIONS=${1:-1000}
+
+# Only test extended format
+FORMAT="extended"
+# And ipv6 only
+IP_VERSION="ipv6"
+
+# Create, enable and delete some targets.
+create_and_delete_random_target() {
+ COUNT=1
+ RND_PREFIX=$(mktemp -u netcons_rnd_XXXX_)
+
+ if [ -d "${NETCONS_CONFIGFS}/${RND_PREFIX}${COUNT}" ] || \
+ [ -d "${NETCONS_CONFIGFS}/${RND_PREFIX}0" ]; then
+ echo "Function didn't finish yet, skipping it." >&2
+ return
+ fi
+
+ # enable COUNT targets
+ for i in $(seq 0 ${COUNT})
+ do
+ RND_TARGET="${RND_PREFIX}"${i}
+ RND_TARGET_PATH="${NETCONS_CONFIGFS}"/"${RND_TARGET}"
+
+ # Basic population so the target can come up
+ mkdir "${RND_TARGET_PATH}"
+ echo "${DSTIP}" > "${RND_TARGET_PATH}"/remote_ip
+ echo "${SRCIP}" > "${RND_TARGET_PATH}"/local_ip
+ echo "${DSTMAC}" > "${RND_TARGET_PATH}"/remote_mac
+ echo "${SRCIF}" > "${RND_TARGET_PATH}"/dev_name
+
+ echo 1 > "${RND_TARGET_PATH}"/enabled
+ done
+
+ echo "netconsole selftest: ${COUNT} additional target was created" > /dev/kmsg
+ # disable them all
+ for i in $(seq 0 ${COUNT})
+ do
+ RND_TARGET="${RND_PREFIX}"${i}
+ RND_TARGET_PATH="${NETCONS_CONFIGFS}"/"${RND_TARGET}"
+ echo 0 > "${RND_TARGET_PATH}"/enabled
+ rmdir "${RND_TARGET_PATH}"
+ done
+}
+
+# Disable and enable the target mid-air, while messages
+# are being transmitted.
+toggle_netcons_target() {
+ for i in $(seq 2)
+ do
+ if [ ! -d "${NETCONS_PATH}" ]
+ then
+ break
+ fi
+ echo 0 > "${NETCONS_PATH}"/enabled 2> /dev/null || true
+ # Try to enable a bit harder, given it might fail to enable
+ # Write to `enabled` might fail depending on the lock, which is
+ # highly contentious here
+ for _ in $(seq 5)
+ do
+ echo 1 > "${NETCONS_PATH}"/enabled 2> /dev/null || true
+ done
+ done
+}
+
+toggle_iface(){
+ ip link set "${SRCIF}" down
+ ip link set "${SRCIF}" up
+}
+
+# Start here
+
+modprobe netdevsim 2> /dev/null || true
+modprobe netconsole 2> /dev/null || true
+
+# Check for basic system dependency and exit if not found
+check_for_dependencies
+# Set current loglevel to KERN_INFO(6), and default to KERN_NOTICE(5)
+echo "6 5" > /proc/sys/kernel/printk
+# Remove the namespace, interfaces and netconsole target on exit
+trap cleanup EXIT
+# Create one namespace and two interfaces
+set_network "${IP_VERSION}"
+# Create a dynamic target for netconsole
+create_dynamic_target "${FORMAT}"
+
+for i in $(seq "$ITERATIONS")
+do
+ for _ in $(seq 10)
+ do
+ echo "${MSG}: ${TARGET} ${i}" > /dev/kmsg
+ wait
+ done
+
+ if (( i % 30 == 0 )); then
+ toggle_netcons_target &
+ fi
+
+ if (( i % 50 == 0 )); then
+ # create some targets, enable them, send msg and disable
+ # all in a parallel thread
+ create_and_delete_random_target &
+ fi
+
+ if (( i % 70 == 0 )); then
+ toggle_iface &
+ fi
+done
+wait
+
+exit "${ksft_pass}"
---
base-commit: 2fd4161d0d2547650d9559d57fc67b4e0a26a9e3
change-id: 20250902-netconsole_torture-8fc23f0aca99
Best regards,
--
Breno Leitao <leitao(a)debian.org>
1 week, 4 days
- 2
- 2
[PATCH 0/8] riscv: add initial support for hardware breakpoints
by Jesse Taube
This patchset adds initial support for hardware breakpoints and
watchpoints to the RISC-V architecture. The framework is built on
top of perf subsystem and SBI debug trigger extension.
Currently following features are not supported and are in works:
- icount for single stepping
- Virtualization of debug triggers
- kernel space debug triggers
The SBI debug trigger extension can be found at:
https://github.com/riscv-non-isa/riscv-sbi-doc/blob/master/src/ext-debug-tr…
The Sdtrig ISA is part of RISC-V debug specification which can be
found at:
https://github.com/riscv/riscv-debug-spec
based off the original RFC by Himanshu Chauhan here:
https://lore.kernel.org/lkml/20240222125059.13331-1-hchauhan@ventanamicro.c…
Second RFC by Jesse Taube here:
https://lore.kernel.org/lkml/20250722173829.984082-1-jesse@rivosinc.com/
Himanshu Chauhan (2):
riscv: Add SBI debug trigger extension and function ids
riscv: Introduce support for hardware break/watchpoints
Jesse Taube (6):
riscv: Add insn.c, consolidate instruction decoding
riscv: insn: Add get_insn_nofault
riscv: hw_breakpoint: Use icount for single stepping
riscv: ptrace: Add hw breakpoint support
riscv: ptrace: Add hw breakpoint regset
selftests: riscv: Add test for hardware breakpoints
arch/riscv/Kconfig | 2 +
arch/riscv/include/asm/bug.h | 12 -
arch/riscv/include/asm/hw_breakpoint.h | 59 ++
arch/riscv/include/asm/insn.h | 132 ++-
arch/riscv/include/asm/kdebug.h | 3 +-
arch/riscv/include/asm/processor.h | 4 +
arch/riscv/include/asm/sbi.h | 33 +-
arch/riscv/include/uapi/asm/ptrace.h | 9 +
arch/riscv/kernel/Makefile | 2 +
arch/riscv/kernel/hw_breakpoint.c | 763 ++++++++++++++++++
arch/riscv/kernel/insn.c | 165 ++++
arch/riscv/kernel/kgdb.c | 102 +--
arch/riscv/kernel/probes/kprobes.c | 1 +
arch/riscv/kernel/process.c | 4 +
arch/riscv/kernel/ptrace.c | 169 ++++
arch/riscv/kernel/traps.c | 11 +-
arch/riscv/kernel/traps_misaligned.c | 93 +--
include/uapi/linux/elf.h | 2 +
tools/include/uapi/linux/elf.h | 1 +
tools/perf/tests/tests.h | 3 +-
tools/testing/selftests/riscv/Makefile | 2 +-
.../selftests/riscv/breakpoints/.gitignore | 1 +
.../selftests/riscv/breakpoints/Makefile | 13 +
.../riscv/breakpoints/breakpoint_test.c | 246 ++++++
24 files changed, 1641 insertions(+), 191 deletions(-)
create mode 100644 arch/riscv/include/asm/hw_breakpoint.h
create mode 100644 arch/riscv/kernel/hw_breakpoint.c
create mode 100644 arch/riscv/kernel/insn.c
create mode 100644 tools/testing/selftests/riscv/breakpoints/.gitignore
create mode 100644 tools/testing/selftests/riscv/breakpoints/Makefile
create mode 100644 tools/testing/selftests/riscv/breakpoints/breakpoint_test.c
--
2.43.0
1 week, 4 days
- 5
- 14
[PATCH v9 00/19] TDX KVM selftests
by Sagi Shahar
This is v9 of the TDX selftests.
Thanks everyone for the thorough review on v8 [1]. I tried addressing
all the comments. I'm terribly sorry if I missed something.
The original v8 series [1] was split to make reviewing the test framework
changes easier. This series includes the original patches up to the TDX
lifecycle test which is the first TDX selftest in the series.
This series is based on v6.17-rc2
Changes from v8:
- Rebased on top of v6.17-rc2
- Drop several patches which are no longer needed now that TDX support
is integrated into the common flow.
- Split several patches to make reviewing easier.
- Massive refactor compared to v8 to pull TDX special handling into
__vm_create() and vm_vcpu_add() instead of creating separate functions
for TDX.
- Use kbuild to expose values from c to assembly code.
- Move setup of the reset vectors to c code as suggested by Sean.
- Drop redundant cpuid masking functions which are no longer necessary.
- Initialize TDX protected pages one at a time instead of allocating
large chinks of memory.
- Add UCALL support for TDX to align with the rest of the selftests.
- Minor fixes to kselftest_harness.h and virt_map() that were identified
as part of this work.
[1] https://lore.kernel.org/lkml/20250807201628.1185915-1-sagis@google.com/
Ackerley Tng (2):
KVM: selftests: Add helpers to init TDX memory and finalize VM
KVM: selftests: Add ucall support for TDX
Erdem Aktas (2):
KVM: selftests: Add TDX boot code
KVM: selftests: Add support for TDX TDCALL from guest
Isaku Yamahata (2):
KVM: selftests: Update kvm_init_vm_address_properties() for TDX
KVM: selftests: TDX: Use KVM_TDX_CAPABILITIES to validate TDs'
attribute configuration
Sagi Shahar (13):
KVM: selftests: Include overflow.h instead of redefining
is_signed_type()
KVM: selftests: Allocate pgd in virt_map() as necessary
KVM: selftests: Expose functions to get default sregs values
KVM: selftests: Expose function to allocate guest vCPU stack
KVM: selftests: Expose segment definitons to assembly files
KVM: selftests: Add kbuild definitons
KVM: selftests: Define structs to pass parameters to TDX boot code
KVM: selftests: Set up TDX boot code region
KVM: selftests: Set up TDX boot parameters region
KVM: selftests: Add helper to initialize TDX VM
KVM: selftests: Hook TDX support to vm and vcpu creation
KVM: selftests: Add wrapper for TDX MMIO from guest
KVM: selftests: Add TDX lifecycle test
tools/include/linux/kbuild.h | 18 +
tools/testing/selftests/kselftest_harness.h | 3 +-
tools/testing/selftests/kvm/Makefile.kvm | 32 ++
.../selftests/kvm/include/x86/processor.h | 8 +
.../selftests/kvm/include/x86/processor_asm.h | 12 +
.../selftests/kvm/include/x86/tdx/td_boot.h | 81 ++++
.../kvm/include/x86/tdx/td_boot_asm.h | 16 +
.../selftests/kvm/include/x86/tdx/tdcall.h | 34 ++
.../selftests/kvm/include/x86/tdx/tdx.h | 14 +
.../selftests/kvm/include/x86/tdx/tdx_util.h | 86 ++++
.../testing/selftests/kvm/include/x86/ucall.h | 4 +-
tools/testing/selftests/kvm/lib/kvm_util.c | 25 +-
.../testing/selftests/kvm/lib/x86/processor.c | 122 ++++--
.../selftests/kvm/lib/x86/tdx/td_boot.S | 60 +++
.../kvm/lib/x86/tdx/td_boot_offsets.c | 21 +
.../selftests/kvm/lib/x86/tdx/tdcall.S | 93 +++++
.../kvm/lib/x86/tdx/tdcall_offsets.c | 16 +
tools/testing/selftests/kvm/lib/x86/tdx/tdx.c | 22 +
.../selftests/kvm/lib/x86/tdx/tdx_util.c | 391 ++++++++++++++++++
tools/testing/selftests/kvm/lib/x86/ucall.c | 45 +-
tools/testing/selftests/kvm/x86/tdx_vm_test.c | 31 ++
21 files changed, 1095 insertions(+), 39 deletions(-)
create mode 100644 tools/include/linux/kbuild.h
create mode 100644 tools/testing/selftests/kvm/include/x86/processor_asm.h
create mode 100644 tools/testing/selftests/kvm/include/x86/tdx/td_boot.h
create mode 100644 tools/testing/selftests/kvm/include/x86/tdx/td_boot_asm.h
create mode 100644 tools/testing/selftests/kvm/include/x86/tdx/tdcall.h
create mode 100644 tools/testing/selftests/kvm/include/x86/tdx/tdx.h
create mode 100644 tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h
create mode 100644 tools/testing/selftests/kvm/lib/x86/tdx/td_boot.S
create mode 100644 tools/testing/selftests/kvm/lib/x86/tdx/td_boot_offsets.c
create mode 100644 tools/testing/selftests/kvm/lib/x86/tdx/tdcall.S
create mode 100644 tools/testing/selftests/kvm/lib/x86/tdx/tdcall_offsets.c
create mode 100644 tools/testing/selftests/kvm/lib/x86/tdx/tdx.c
create mode 100644 tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c
create mode 100644 tools/testing/selftests/kvm/x86/tdx_vm_test.c
--
2.51.0.rc1.193.gad69d77794-goog
1 week, 4 days
- 6
- 62
[PATCH net-next] selftests: net: Add tests to verify team driver option set and get.
by Marc Harvey
There are currently no kernel tests that verify setting and getting
options of the team driver.
In the future, options may be added that implicitly change other
options, which will make it useful to have tests like these that show
nothing breaks. There will be a follow up patch to this that adds new
"rx_enabled" and "tx_enabled" options, which will implicitly affect the
"enabled" option value and vice versa.
The tests use teamnl to first set options to specific values and then
gets them to compare to the set values.
Signed-off-by: Marc Harvey <marcharvey(a)google.com>
---
.../selftests/drivers/net/team/Makefile | 6 +-
.../selftests/drivers/net/team/options.sh | 194 ++++++++++++++++++
2 files changed, 198 insertions(+), 2 deletions(-)
create mode 100755 tools/testing/selftests/drivers/net/team/options.sh
diff --git a/tools/testing/selftests/drivers/net/team/Makefile b/tools/testing/selftests/drivers/net/team/Makefile
index eaf6938f100e..8b00b70ce67f 100644
--- a/tools/testing/selftests/drivers/net/team/Makefile
+++ b/tools/testing/selftests/drivers/net/team/Makefile
@@ -1,11 +1,13 @@
# SPDX-License-Identifier: GPL-2.0
# Makefile for net selftests
-TEST_PROGS := dev_addr_lists.sh propagation.sh
+TEST_PROGS := dev_addr_lists.sh propagation.sh options.sh
TEST_INCLUDES := \
../bonding/lag_lib.sh \
../../../net/forwarding/lib.sh \
- ../../../net/lib.sh
+ ../../../net/lib.sh \
+ ../../../net/in_netns.sh \
+ ../../../net/lib/sh/defer.sh \
include ../../../lib.mk
diff --git a/tools/testing/selftests/drivers/net/team/options.sh b/tools/testing/selftests/drivers/net/team/options.sh
new file mode 100755
index 000000000000..b9c7aa357ad5
--- /dev/null
+++ b/tools/testing/selftests/drivers/net/team/options.sh
@@ -0,0 +1,194 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+
+# These tests verify basic set and get functionality of the team
+# driver options over netlink.
+
+# Run in private netns.
+test_dir="$(dirname "$0")"
+if [[ $# -eq 0 ]]; then
+ "${test_dir}"/../../../net/in_netns.sh "$0" __subprocess
+ exit $?
+fi
+
+ALL_TESTS="
+ team_test_options
+"
+
+source "${test_dir}/../../../net/lib.sh"
+
+TEAM_PORT="team0"
+MEMBER_PORT="dummy0"
+
+setup()
+{
+ ip link add name "${MEMBER_PORT}" type dummy
+ ip link add name "${TEAM_PORT}" type team
+}
+
+get_and_check_value()
+{
+ local option_name="$1"
+ local expected_value="$2"
+ local port_flag="$3"
+
+ local value_from_get
+
+ value_from_get=$(teamnl "${TEAM_PORT}" getoption "${option_name}" \
+ "${port_flag}")
+ if [[ $? != 0 ]]; then
+ echo "Could not get option '${option_name}'" >&2
+ return 1
+ fi
+
+ if [[ "${value_from_get}" != "${expected_value}" ]]; then
+ echo "Incorrect value for option '${option_name}'" >&2
+ echo "get (${value_from_get}) != set (${expected_value})" >&2
+ return 1
+ fi
+}
+
+set_and_check_get()
+{
+ local option_name="$1"
+ local option_value="$2"
+ local port_flag="$3"
+
+ local value_from_get
+
+ teamnl "${TEAM_PORT}" setoption "${option_name}" "${option_value}" \
+ "${port_flag}"
+ if [[ $? != 0 ]]; then
+ echo "'setoption ${option_name} ${option_value}' failed" >&2
+ return 1
+ fi
+
+ get_and_check_value "${option_name}" "${option_value}" "${port_flag}"
+ return $?
+}
+
+# Get a "port flag" to pass to the `teamnl` command.
+# E.g. $?="dummy0" -> "port=dummy0",
+# $?="" -> ""
+get_port_flag()
+{
+ local port_name="$1"
+
+ if [[ -n "${port_name}" ]]; then
+ echo "--port=${port_name}"
+ fi
+}
+
+attach_port_if_specified()
+{
+ local port_name="${1}"
+
+ if [[ -n "${port_name}" ]]; then
+ ip link set dev "${port_name}" master "${TEAM_PORT}"
+ return $?
+ fi
+}
+
+detach_port_if_specified()
+{
+ local port_name="${1}"
+
+ if [[ -n "${port_name}" ]]; then
+ ip link set dev "${port_name}" nomaster
+ return $?
+ fi
+}
+
+#######################################
+# Test that an option's get value matches its set value.
+# Globals:
+# RET - Used by testing infra like `check_err`.
+# EXIT_STATUS - Used by `log_test` to whole script exit value.
+# Arguments:
+# option_name - The name of the option.
+# value_1 - The first value to try setting.
+# value_2 - The second value to try setting.
+# port_name - The (optional) name of the attached port.
+#######################################
+team_test_option()
+{
+ local option_name="$1"
+ local value_1="$2"
+ local value_2="$3"
+ local possible_values="$2 $3 $2"
+ local port_name="$4"
+ local port_flag
+
+ RET=0
+
+ echo "Setting '${option_name}' to '${value_1}' and '${value_2}'"
+
+ attach_port_if_specified "${port_name}"
+ check_err $? "Couldn't attach ${port_name} to master"
+ port_flag=$(get_port_flag "${port_name}")
+
+ # Set and get both possible values.
+ for value in ${possible_values}; do
+ set_and_check_get "${option_name}" "${value}" "${port_flag}"
+ check_err $? "Failed to set '${option_name}' to '${value}'"
+ done
+
+ detach_port_if_specified "${port_name}"
+ check_err $? "Couldn't detach ${port_name} from its master"
+
+ log_test "Set + Get '${option_name}' test"
+}
+
+#######################################
+# Test that getting a non-existant option fails.
+# Globals:
+# RET - Used by testing infra like `check_err`.
+# EXIT_STATUS - Used by `log_test` to whole script exit value.
+# Arguments:
+# option_name - The name of the option.
+# port_name - The (optional) name of the attached port.
+#######################################
+team_test_get_option_fails()
+{
+ local option_name="$1"
+ local port_name="$2"
+ local port_flag
+
+ RET=0
+
+ attach_port_if_specified "${port_name}"
+ check_err $? "Couldn't attach ${port_name} to master"
+ port_flag=$(get_port_flag "${port_name}")
+
+ # Just confirm that getting the value fails.
+ teamnl "${TEAM_PORT}" getoption "${option_name}" "${port_flag}"
+ check_fail $? "Shouldn't be able to get option '${option_name}'"
+
+ detach_port_if_specified "${port_name}"
+
+ log_test "Get '${option_name}' fails"
+}
+
+team_test_options()
+{
+ # Wrong option name behavior.
+ team_test_get_option_fails fake_option1
+ team_test_get_option_fails fake_option2 "${MEMBER_PORT}"
+
+ # Correct set and get behavior.
+ team_test_option mode activebackup loadbalance
+ team_test_option notify_peers_count 0 5
+ team_test_option notify_peers_interval 0 5
+ team_test_option mcast_rejoin_count 0 5
+ team_test_option mcast_rejoin_interval 0 5
+ team_test_option enabled true false "${MEMBER_PORT}"
+ team_test_option user_linkup true false "${MEMBER_PORT}"
+ team_test_option user_linkup_enabled true false "${MEMBER_PORT}"
+ team_test_option priority 10 20 "${MEMBER_PORT}"
+ team_test_option queue_id 0 1 "${MEMBER_PORT}"
+}
+
+require_command teamnl
+setup
+tests_run
+exit "${EXIT_STATUS}"
--
2.51.0.355.g5224444f11-goog
1 week, 4 days
- 3
- 4
[PATCH bpf-next v3 0/3] selftests/bpf: benchmark all symbols for kprobe-multi
by Menglong Dong
Add the benchmark testcase "kprobe-multi-all", which will hook all the
kernel functions during the testing.
This series is separated out from [1].
Changes since V2:
* add some comment to attach_ksyms_all, which notes that don't run the
testing on a debug kernel
Changes since V1:
* introduce trace_blacklist instead of copy-pasting strcmp in the 2nd
patch
* use fprintf() instead of printf() in 3rd patch
Link: https://lore.kernel.org/bpf/20250817024607.296117-1-dongml2@chinatelecom.cn/ [1]
Menglong Dong (3):
selftests/bpf: move get_ksyms and get_addrs to trace_helpers.c
selftests/bpf: skip recursive functions for kprobe_multi
selftests/bpf: add benchmark testing for kprobe-multi-all
tools/testing/selftests/bpf/bench.c | 4 +
.../selftests/bpf/benchs/bench_trigger.c | 61 +++++
.../selftests/bpf/benchs/run_bench_trigger.sh | 4 +-
.../bpf/prog_tests/kprobe_multi_test.c | 220 +---------------
.../selftests/bpf/progs/trigger_bench.c | 12 +
tools/testing/selftests/bpf/trace_helpers.c | 234 ++++++++++++++++++
tools/testing/selftests/bpf/trace_helpers.h | 3 +
7 files changed, 319 insertions(+), 219 deletions(-)
--
2.51.0
1 week, 4 days
- 3
- 5
[PATCH] selftests/bpf: Upon failures, exit with code 1 in test_xsk.sh
by Ricardo B. Marlière
Currently, even if some subtests fails, the end result will still yield
"ok 1 selftests: bpf: test_xsk.sh". Fix it by exiting with 1 if there are
any failures.
Signed-off-by: Ricardo B. Marlière <rbm(a)suse.com>
---
tools/testing/selftests/bpf/test_xsk.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_xsk.sh b/tools/testing/selftests/bpf/test_xsk.sh
index 65aafe0003db054e9dfd156092fed53b07be06a0..62db060298a4a3b4391ee4cfa50557cf4a62d3d5 100755
--- a/tools/testing/selftests/bpf/test_xsk.sh
+++ b/tools/testing/selftests/bpf/test_xsk.sh
@@ -241,4 +241,6 @@ done
if [ $failures -eq 0 ]; then
echo "All tests successful!"
+else
+ exit 1
fi
---
base-commit: 5b6d6fe1ca7b712c74f78426bb23c465fd34b322
change-id: 20250828-selftests-bpf-test_xsk_ret-1eb27dbac071
Best regards,
--
Ricardo B. Marlière <rbm(a)suse.com>
1 week, 4 days
- 3
- 2
[PATCH] selftests/bpf: Fix count write in testapp_xdp_metadata_copy()
by Ricardo B. Marlière
Commit 4b302092553c ("selftests/xsk: Add tail adjustment tests and support
check") added a new global to xsk_xdp_progs.c, but left out the access in
the testapp_xdp_metadata_copy() function. Since bpf_map_update_elem() will
write to the whole bss section, it gets truncated. Fix by writing to
skel_rx->bss->count directly.
Fixes: 4b302092553c ("selftests/xsk: Add tail adjustment tests and support check")
Signed-off-by: Ricardo B. Marlière <rbm(a)suse.com>
---
tools/testing/selftests/bpf/xskxceiver.c | 14 +-------------
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/tools/testing/selftests/bpf/xskxceiver.c b/tools/testing/selftests/bpf/xskxceiver.c
index a29de0713f19f05ef49a52e3824bb58a30565e87..352adc8df2d1cd777c823c5a89f1720ee043f342 100644
--- a/tools/testing/selftests/bpf/xskxceiver.c
+++ b/tools/testing/selftests/bpf/xskxceiver.c
@@ -2276,25 +2276,13 @@ static int testapp_xdp_metadata_copy(struct test_spec *test)
{
struct xsk_xdp_progs *skel_rx = test->ifobj_rx->xdp_progs;
struct xsk_xdp_progs *skel_tx = test->ifobj_tx->xdp_progs;
- struct bpf_map *data_map;
- int count = 0;
- int key = 0;
test_spec_set_xdp_prog(test, skel_rx->progs.xsk_xdp_populate_metadata,
skel_tx->progs.xsk_xdp_populate_metadata,
skel_rx->maps.xsk, skel_tx->maps.xsk);
test->ifobj_rx->use_metadata = true;
- data_map = bpf_object__find_map_by_name(skel_rx->obj, "xsk_xdp_.bss");
- if (!data_map || !bpf_map__is_internal(data_map)) {
- ksft_print_msg("Error: could not find bss section of XDP program\n");
- return TEST_FAILURE;
- }
-
- if (bpf_map_update_elem(bpf_map__fd(data_map), &key, &count, BPF_ANY)) {
- ksft_print_msg("Error: could not update count element\n");
- return TEST_FAILURE;
- }
+ skel_rx->bss->count = 0;
return testapp_validate_traffic(test);
}
---
base-commit: 5b6d6fe1ca7b712c74f78426bb23c465fd34b322
change-id: 20250829-selftests-bpf-xsk_regression_fix-674d292e4d2a
Best regards,
--
Ricardo B. Marlière <rbm(a)suse.com>
1 week, 4 days
- 2
- 1
[PATCH net-next v2 0/4] mptcp: misc. features for v6.18
by Matthieu Baerts (NGI0)
This series contains 4 independent new features:
- Patch 1: use HMAC-SHA256 library instead of open-coded HMAC.
- Patch 2: selftests: check for unexpected fallback counter increments.
- Patches 3-4: record subflows in RPS table, for aRFS support.
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
---
Changes in v2:
- Drop previous patches 2 ("mptcp: make ADD_ADDR retransmission timeout
adaptive") + 3 ("selftests: mptcp: remove add_addr_timeout settings"):
They were introducing instabilities in the selftests.
- Rebased. Other patches have not been modified.
- Link to v1: https://lore.kernel.org/r/20250901-net-next-mptcp-misc-feat-6-18-v1-0-80ae8…
---
Christoph Paasch (2):
net: Add rfs_needed() helper
mptcp: record subflows in RPS table
Eric Biggers (1):
mptcp: use HMAC-SHA256 library instead of open-coded HMAC
Gang Yan (1):
selftests: mptcp: add checks for fallback counters
include/net/rps.h | 85 ++++++++++------
net/mptcp/crypto.c | 35 +------
net/mptcp/protocol.c | 21 ++++
tools/testing/selftests/net/mptcp/mptcp_join.sh | 123 ++++++++++++++++++++++++
4 files changed, 202 insertions(+), 62 deletions(-)
---
base-commit: cd8a4cfa6bb43a441901e82f5c222dddc75a18a3
change-id: 20250829-net-next-mptcp-misc-feat-6-18-722fa87a60f1
Best regards,
--
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
1 week, 4 days
- 2
- 5
[PATCH RESEND v4] selftests/tty: add TIOCSTI test suite
by Abhinav Saxena
TIOCSTI is a TTY ioctl command that allows inserting characters into
the terminal input queue, making it appear as if the user typed those
characters. This functionality has behavior that varies based on system
configuration and process credentials.
The dev.tty.legacy_tiocsti sysctl introduced in commit 83efeeeb3d04
("tty: Allow TIOCSTI to be disabled") controls TIOCSTI usage. When
disabled, TIOCSTI requires CAP_SYS_ADMIN capability.
The current implementation checks the current process's credentials via
capable(CAP_SYS_ADMIN), but does not validate against the file opener's
credentials stored in file->f_cred. This creates different behavior when
file descriptors are passed between processes via SCM_RIGHTS.
Add a test suite with 16 test variants using fixture variants to verify
TIOCSTI behavior when dev.tty.legacy_tiocsti is enabled/disabled:
- Basic TIOCSTI tests (8 variants): Direct testing with different
capability and controlling terminal combinations
- FD passing tests (8 variants): Test behavior when file descriptors
are passed between processes with different capabilities
The FD passing tests document this behavior - some tests show different
results than expected based on file opener credentials, demonstrating
that TIOCSTI uses current process credentials rather than file opener
credentials.
The tests validate proper enforcement of the legacy_tiocsti sysctl. Test
implementation uses openpty(3) with TIOCSCTTY for isolated PTY
environments. See tty_ioctl(4) for details on TIOCSTI behavior and
security requirements.
Signed-off-by: Abhinav Saxena <xandfury(a)gmail.com>
---
RESEND: add TTY/serial maintainers and linux-serial CCs. No code changes.
- Link to orignal v4: https://lore.kernel.org/r/20250902-toicsti-bug-v4-1-e5c960e0b3d6@gmail.com
Changes in v4:
- Moved skip conditions and sysctl setup from TEST_F to FIXTURE_SETUP (Kees Cook)
- Fixed fclose() error handling in set_legacy_tiocsti_setting (Kees Cook)
- Extracted run_basic_tiocsti_test() and run_fdpass_tiocsti_test functions (Kees Cook)
- Removed redundant sysctl restore logic from TEST_F (Kees Cook)
- Simplified FIXTURE_TEARDOWN (Kees Cook)
- Replace drop_to_nobody() to drop_all_privs() which should be more portable (Justin Stitt)
- Link to v3: https://lore.kernel.org/r/20250730-toicsti-bug-v3-1-dd2dac97f27a@gmail.com
Add selftests for TIOCSTI ioctl
To run all tests:
$ sudo ./tools/testing/selftests/tty/tty_tiocsti_test
Test Results:
- PASSED: 13/16 tests
- Different behavior: 3/16 tests (documenting credential checking behavior)
All tests validated using:
- scripts/checkpatch.pl --strict (clean output)
- Functional testing on kernel v6.16-rc2
Changes in v3:
- Replaced all printf() calls with TH_LOG() for proper test logging (Kees Cook)
- Added struct __test_metadata parameter to helper functions
- Moved common legacy_tiocsti availability check to FIXTURE_SETUP()
- Implemented sysctl modification/restoration in FIXTURE_SETUP/TEARDOWN
- Used openpty() with TIOCSCTTY for reliable PTY testing environment
- Fixed child/parent synchronization in FD passing tests
- Replaced manual _exit(1) handling with proper ASSERT statements
- Switched // comments to /* */ format throughout
- Expanded to 16 test variants using fixture variants
- Enhanced error handling and test reliability
- Link to v2: https://lore.kernel.org/r/20250713-toicsti-bug-v2-1-b183787eea29@gmail.com
- Link to v1: https://lore.kernel.org/r/20250622-toicsti-bug-v1-0-f374373b04b2@gmail.com
References:
- tty_ioctl(4) - documents TIOCSTI ioctl and capability requirements
- openpty(3) - pseudo-terminal creation and management
- commit 83efeeeb3d04 ("tty: Allow TIOCSTI to be disabled")
- Documentation/security/credentials.rst
- https://github.com/KSPP/linux/issues/156
- https://lore.kernel.org/linux-hardening/Y0m9l52AKmw6Yxi1@hostpad/
- drivers/tty/Kconfig
- Documentation/driver-api/tty/
---
tools/testing/selftests/tty/Makefile | 6 +-
tools/testing/selftests/tty/config | 1 +
tools/testing/selftests/tty/tty_tiocsti_test.c | 650 +++++++++++++++++++++++++
3 files changed, 656 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/tty/Makefile b/tools/testing/selftests/tty/Makefile
index 50d7027b2ae3fb495dd1c0684363fa8f426be42c..7f6fbe5a0cd5663310e334d9d068b21dab9136ec 100644
--- a/tools/testing/selftests/tty/Makefile
+++ b/tools/testing/selftests/tty/Makefile
@@ -1,5 +1,9 @@
# SPDX-License-Identifier: GPL-2.0
CFLAGS = -O2 -Wall
-TEST_GEN_PROGS := tty_tstamp_update
+TEST_GEN_PROGS := tty_tstamp_update tty_tiocsti_test
+LDLIBS += -lcap
include ../lib.mk
+
+# Add libcap for TIOCSTI test
+$(OUTPUT)/tty_tiocsti_test: LDLIBS += -lcap
diff --git a/tools/testing/selftests/tty/config b/tools/testing/selftests/tty/config
new file mode 100644
index 0000000000000000000000000000000000000000..c6373aba66366c82435bb26c019eb360eb6310eb
--- /dev/null
+++ b/tools/testing/selftests/tty/config
@@ -0,0 +1 @@
+CONFIG_LEGACY_TIOCSTI=y
diff --git a/tools/testing/selftests/tty/tty_tiocsti_test.c b/tools/testing/selftests/tty/tty_tiocsti_test.c
new file mode 100644
index 0000000000000000000000000000000000000000..5e767e6cb3ef8f05c5430eb0fcc792064c446c03
--- /dev/null
+++ b/tools/testing/selftests/tty/tty_tiocsti_test.c
@@ -0,0 +1,650 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * TTY Tests - TIOCSTI
+ *
+ * Copyright © 2025 Abhinav Saxena <xandfury(a)gmail.com>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/ioctl.h>
+#include <errno.h>
+#include <stdbool.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <pwd.h>
+#include <termios.h>
+#include <grp.h>
+#include <sys/capability.h>
+#include <sys/prctl.h>
+#include <pty.h>
+#include <utmp.h>
+
+#include "../kselftest_harness.h"
+
+enum test_type {
+ TEST_PTY_TIOCSTI_BASIC,
+ TEST_PTY_TIOCSTI_FD_PASSING,
+ /* other tests cases such as serial may be added. */
+};
+
+/*
+ * Test Strategy:
+ * - Basic tests: Use PTY with/without TIOCSCTTY (controlling terminal for
+ * current process)
+ * - FD passing tests: Child creates PTY, parent receives FD (demonstrates
+ * security issue)
+ *
+ * SECURITY VULNERABILITY DEMONSTRATION:
+ * FD passing tests show that TIOCSTI uses CURRENT process credentials, not
+ * opener credentials. This means privileged processes can be given FDs from
+ * unprivileged processes and successfully perform TIOCSTI operations that the
+ * unprivileged process couldn't do directly.
+ *
+ * Attack scenario:
+ * 1. Unprivileged process opens TTY (direct TIOCSTI fails due to lack of
+ * privileges)
+ * 2. Unprivileged process passes FD to privileged process via SCM_RIGHTS
+ * 3. Privileged process can use TIOCSTI on the FD (succeeds due to its
+ * privileges)
+ * 4. Result: Effective privilege escalation via file descriptor passing
+ *
+ * This matches the kernel logic in tiocsti():
+ * 1. if (!tty_legacy_tiocsti && !capable(CAP_SYS_ADMIN)) return -EIO;
+ * 2. if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
+ * return -EPERM;
+ * Note: Both checks use capable() on CURRENT process, not FD opener!
+ *
+ * If the file credentials were also checked along with the capable() checks
+ * then the results for FD pass tests would be consistent with the basic tests.
+ */
+
+FIXTURE(tiocsti)
+{
+ int pty_master_fd; /* PTY - for basic tests */
+ int pty_slave_fd;
+ bool has_pty;
+ bool initial_cap_sys_admin;
+ int original_legacy_tiocsti_setting;
+ bool can_modify_sysctl;
+};
+
+FIXTURE_VARIANT(tiocsti)
+{
+ const enum test_type test_type;
+ const bool controlling_tty; /* true=current->signal->tty == tty */
+ const int legacy_tiocsti; /* 0=restricted, 1=permissive */
+ const bool requires_cap; /* true=with CAP_SYS_ADMIN, false=without */
+ const int expected_success; /* 0=success, -EIO/-EPERM=specific error */
+};
+
+/*
+ * Tests Controlling Terminal Variants (current->signal->tty == tty)
+ *
+ * TIOCSTI Test Matrix:
+ *
+ * | legacy_tiocsti | CAP_SYS_ADMIN | Expected Result | Error |
+ * |----------------|---------------|-----------------|-------|
+ * | 1 (permissive) | true | SUCCESS | - |
+ * | 1 (permissive) | false | SUCCESS | - |
+ * | 0 (restricted) | true | SUCCESS | - |
+ * | 0 (restricted) | false | FAILURE | -EIO |
+ */
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(tiocsti, basic_pty_permissive_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = true,
+ .legacy_tiocsti = 1,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, basic_pty_permissive_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = true,
+ .legacy_tiocsti = 1,
+ .requires_cap = false,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, basic_pty_restricted_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = true,
+ .legacy_tiocsti = 0,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, basic_pty_restricted_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = true,
+ .legacy_tiocsti = 0,
+ .requires_cap = false,
+ .expected_success = -EIO, /* FAILURE: legacy restriction */
+}; /* clang-format on */
+
+/*
+ * Note for FD Passing Test Variants
+ * Since we're testing the scenario where an unprivileged process pass an FD
+ * to a privileged one, .requires_cap here means the caps of the child process.
+ * Not the parent; parent would always be privileged.
+ */
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_pty_permissive_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = true,
+ .legacy_tiocsti = 1,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_pty_permissive_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = true,
+ .legacy_tiocsti = 1,
+ .requires_cap = false,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_pty_restricted_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = true,
+ .legacy_tiocsti = 0,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_pty_restricted_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = true,
+ .legacy_tiocsti = 0,
+ .requires_cap = false,
+ .expected_success = -EIO,
+}; /* clang-format on */
+
+/*
+ * Non-Controlling Terminal Variants (current->signal->tty != tty)
+ *
+ * TIOCSTI Test Matrix:
+ *
+ * | legacy_tiocsti | CAP_SYS_ADMIN | Expected Result | Error |
+ * |----------------|---------------|-----------------|-------|
+ * | 1 (permissive) | true | SUCCESS | - |
+ * | 1 (permissive) | false | FAILURE | -EPERM|
+ * | 0 (restricted) | true | SUCCESS | - |
+ * | 0 (restricted) | false | FAILURE | -EIO |
+ */
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(tiocsti, basic_nopty_permissive_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = false,
+ .legacy_tiocsti = 1,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, basic_nopty_permissive_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = false,
+ .legacy_tiocsti = 1,
+ .requires_cap = false,
+ .expected_success = -EPERM,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, basic_nopty_restricted_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = false,
+ .legacy_tiocsti = 0,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, basic_nopty_restricted_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = false,
+ .legacy_tiocsti = 0,
+ .requires_cap = false,
+ .expected_success = -EIO,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_nopty_permissive_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = false,
+ .legacy_tiocsti = 1,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_nopty_permissive_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = false,
+ .legacy_tiocsti = 1,
+ .requires_cap = false,
+ .expected_success = -EPERM,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_nopty_restricted_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = false,
+ .legacy_tiocsti = 0,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_nopty_restricted_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = false,
+ .legacy_tiocsti = 0,
+ .requires_cap = false,
+ .expected_success = -EIO,
+}; /* clang-format on */
+
+/* Helper function to send FD via SCM_RIGHTS */
+static int send_fd_via_socket(int socket_fd, int fd_to_send)
+{
+ struct msghdr msg = { 0 };
+ struct cmsghdr *cmsg;
+ char cmsg_buf[CMSG_SPACE(sizeof(int))];
+ char dummy_data = 'F';
+ struct iovec iov = { .iov_base = &dummy_data, .iov_len = 1 };
+
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_control = cmsg_buf;
+ msg.msg_controllen = sizeof(cmsg_buf);
+
+ cmsg = CMSG_FIRSTHDR(&msg);
+ cmsg->cmsg_level = SOL_SOCKET;
+ cmsg->cmsg_type = SCM_RIGHTS;
+ cmsg->cmsg_len = CMSG_LEN(sizeof(int));
+
+ memcpy(CMSG_DATA(cmsg), &fd_to_send, sizeof(int));
+
+ return sendmsg(socket_fd, &msg, 0) < 0 ? -1 : 0;
+}
+
+/* Helper function to receive FD via SCM_RIGHTS */
+static int recv_fd_via_socket(int socket_fd)
+{
+ struct msghdr msg = { 0 };
+ struct cmsghdr *cmsg;
+ char cmsg_buf[CMSG_SPACE(sizeof(int))];
+ char dummy_data;
+ struct iovec iov = { .iov_base = &dummy_data, .iov_len = 1 };
+ int received_fd = -1;
+
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_control = cmsg_buf;
+ msg.msg_controllen = sizeof(cmsg_buf);
+
+ if (recvmsg(socket_fd, &msg, 0) < 0)
+ return -1;
+
+ for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+ if (cmsg->cmsg_level == SOL_SOCKET &&
+ cmsg->cmsg_type == SCM_RIGHTS) {
+ memcpy(&received_fd, CMSG_DATA(cmsg), sizeof(int));
+ break;
+ }
+ }
+
+ return received_fd;
+}
+
+static inline bool has_cap_sys_admin(void)
+{
+ cap_t caps = cap_get_proc();
+
+ if (!caps)
+ return false;
+
+ cap_flag_value_t cap_val;
+ bool has_cap = (cap_get_flag(caps, CAP_SYS_ADMIN, CAP_EFFECTIVE,
+ &cap_val) == 0) &&
+ (cap_val == CAP_SET);
+
+ cap_free(caps);
+ return has_cap;
+}
+
+/*
+ * Switch to non-root user and clear all capabilities
+ */
+static inline bool drop_all_privs(struct __test_metadata *_metadata)
+{
+ /* Drop supplementary groups */
+ ASSERT_EQ(setgroups(0, NULL), 0);
+
+ /* Switch to non-root user */
+ ASSERT_EQ(setgid(1000), 0);
+ ASSERT_EQ(setuid(1000), 0);
+
+ /* Clear all capabilities */
+ cap_t empty = cap_init();
+
+ ASSERT_NE(empty, NULL);
+ ASSERT_EQ(cap_set_proc(empty), 0);
+ cap_free(empty);
+
+ /* Prevent privilege regain */
+ ASSERT_EQ(prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0), 0);
+
+ /* Verify privilege drop */
+ ASSERT_FALSE(has_cap_sys_admin());
+ return true;
+}
+
+static inline int get_legacy_tiocsti_setting(struct __test_metadata *_metadata)
+{
+ FILE *fp;
+ int value = -1;
+
+ fp = fopen("/proc/sys/dev/tty/legacy_tiocsti", "r");
+ if (!fp) {
+ /* legacy_tiocsti sysctl not available (kernel < 6.2) */
+ return -1;
+ }
+
+ if (fscanf(fp, "%d", &value) == 1 && fclose(fp) == 0) {
+ if (value < 0 || value > 1)
+ value = -1; /* Invalid value */
+ } else {
+ value = -1; /* Failed to parse */
+ }
+
+ return value;
+}
+
+static inline bool set_legacy_tiocsti_setting(struct __test_metadata *_metadata,
+ int value)
+{
+ FILE *fp;
+ bool success = false;
+
+ /* Sanity-check the value */
+ ASSERT_GE(value, 0);
+ ASSERT_LE(value, 1);
+
+ /*
+ * Try to open for writing; if we lack permission, return false so
+ * the test harness will skip variants that need to change it
+ */
+ fp = fopen("/proc/sys/dev/tty/legacy_tiocsti", "w");
+ if (!fp)
+ return false;
+
+ /* Write the new setting */
+ if (fprintf(fp, "%d\n", value) > 0 && fclose(fp) == 0)
+ success = true;
+ else
+ TH_LOG("Failed to write legacy_tiocsti: %s", strerror(errno));
+
+ return success;
+}
+
+/*
+ * TIOCSTI injection test function
+ * @tty_fd: TTY slave file descriptor to test TIOCSTI on
+ * Returns: 0 on success, -errno on failure
+ */
+static inline int test_tiocsti_injection(struct __test_metadata *_metadata,
+ int tty_fd)
+{
+ int ret;
+ char inject_char = 'V';
+
+ errno = 0;
+ ret = ioctl(tty_fd, TIOCSTI, &inject_char);
+ return ret == 0 ? 0 : -errno;
+}
+
+/*
+ * Child process: test TIOCSTI directly with capability/controlling
+ * terminal setup
+ */
+static void run_basic_tiocsti_test(struct __test_metadata *_metadata,
+ FIXTURE_DATA(tiocsti) * self,
+ const FIXTURE_VARIANT(tiocsti) * variant)
+{
+ /* Handle capability requirements */
+ if (self->initial_cap_sys_admin && !variant->requires_cap)
+ ASSERT_TRUE(drop_all_privs(_metadata));
+
+ if (variant->controlling_tty) {
+ /*
+ * Create new session and set PTY as
+ * controlling terminal
+ */
+ pid_t sid = setsid();
+
+ ASSERT_GE(sid, 0);
+ ASSERT_EQ(ioctl(self->pty_slave_fd, TIOCSCTTY, 0), 0);
+ }
+
+ /*
+ * Validate test environment setup and verify final
+ * capability state matches expectation
+ * after potential drop.
+ */
+ ASSERT_TRUE(self->has_pty);
+ ASSERT_EQ(has_cap_sys_admin(), variant->requires_cap);
+
+ /* Test TIOCSTI and validate result */
+ int result = test_tiocsti_injection(_metadata, self->pty_slave_fd);
+
+ /* Check against expected result from variant */
+ EXPECT_EQ(result, variant->expected_success);
+ _exit(0);
+}
+
+/*
+ * Child process: create PTY and then pass FD to parent via SCM_RIGHTS
+ */
+static void run_fdpass_tiocsti_test(struct __test_metadata *_metadata,
+ const FIXTURE_VARIANT(tiocsti) * variant,
+ int sockfd)
+{
+ signal(SIGHUP, SIG_IGN);
+
+ /* Handle privilege dropping */
+ if (!variant->requires_cap && has_cap_sys_admin())
+ ASSERT_TRUE(drop_all_privs(_metadata));
+
+ /* Create child's PTY */
+ int child_master_fd, child_slave_fd;
+
+ ASSERT_EQ(openpty(&child_master_fd, &child_slave_fd, NULL, NULL, NULL),
+ 0);
+
+ if (variant->controlling_tty) {
+ pid_t sid = setsid();
+
+ ASSERT_GE(sid, 0);
+ ASSERT_EQ(ioctl(child_slave_fd, TIOCSCTTY, 0), 0);
+ }
+
+ /* Test child's direct TIOCSTI for reference */
+ int direct_result = test_tiocsti_injection(_metadata, child_slave_fd);
+
+ EXPECT_EQ(direct_result, variant->expected_success);
+
+ /* Send FD to parent */
+ ASSERT_EQ(send_fd_via_socket(sockfd, child_slave_fd), 0);
+
+ /* Wait for parent completion signal */
+ char sync_byte;
+ ssize_t bytes_read = read(sockfd, &sync_byte, 1);
+
+ ASSERT_EQ(bytes_read, 1);
+
+ close(child_master_fd);
+ close(child_slave_fd);
+ close(sockfd);
+ _exit(0);
+}
+
+FIXTURE_SETUP(tiocsti)
+{
+ /* Create PTY pair for basic tests */
+ self->has_pty = (openpty(&self->pty_master_fd, &self->pty_slave_fd,
+ NULL, NULL, NULL) == 0);
+ if (!self->has_pty) {
+ self->pty_master_fd = -1;
+ self->pty_slave_fd = -1;
+ }
+
+ self->initial_cap_sys_admin = has_cap_sys_admin();
+ self->original_legacy_tiocsti_setting =
+ get_legacy_tiocsti_setting(_metadata);
+
+ if (self->original_legacy_tiocsti_setting < 0)
+ SKIP(return,
+ "legacy_tiocsti sysctl not available (kernel < 6.2)");
+
+ /* Common skip conditions */
+ if (variant->test_type == TEST_PTY_TIOCSTI_BASIC && !self->has_pty)
+ SKIP(return, "PTY not available for controlling terminal test");
+
+ if (variant->test_type == TEST_PTY_TIOCSTI_FD_PASSING &&
+ !self->initial_cap_sys_admin)
+ SKIP(return, "FD Pass tests require CAP_SYS_ADMIN");
+
+ if (variant->requires_cap && !self->initial_cap_sys_admin)
+ SKIP(return, "Test requires initial CAP_SYS_ADMIN");
+
+ /* Test if we can modify the sysctl (requires appropriate privileges) */
+ self->can_modify_sysctl = set_legacy_tiocsti_setting(
+ _metadata, self->original_legacy_tiocsti_setting);
+
+ /* Sysctl setup based on variant */
+ if (self->can_modify_sysctl &&
+ self->original_legacy_tiocsti_setting != variant->legacy_tiocsti) {
+ if (!set_legacy_tiocsti_setting(_metadata,
+ variant->legacy_tiocsti))
+ SKIP(return, "Failed to set legacy_tiocsti sysctl");
+
+ } else if (!self->can_modify_sysctl &&
+ self->original_legacy_tiocsti_setting !=
+ variant->legacy_tiocsti)
+ SKIP(return, "legacy_tiocsti setting mismatch");
+}
+
+FIXTURE_TEARDOWN(tiocsti)
+{
+ /*
+ * Backup restoration -
+ * each test should restore its own sysctl changes
+ */
+ if (self->can_modify_sysctl) {
+ int current_value = get_legacy_tiocsti_setting(_metadata);
+
+ if (current_value != self->original_legacy_tiocsti_setting) {
+ TH_LOG("Backup: Restoring legacy_tiocsti from %d to %d",
+ current_value,
+ self->original_legacy_tiocsti_setting);
+ set_legacy_tiocsti_setting(
+ _metadata,
+ self->original_legacy_tiocsti_setting);
+ }
+ }
+
+ if (self->has_pty) {
+ if (self->pty_master_fd >= 0)
+ close(self->pty_master_fd);
+ if (self->pty_slave_fd >= 0)
+ close(self->pty_slave_fd);
+ }
+}
+
+TEST_F(tiocsti, test)
+{
+ int status;
+ pid_t child_pid;
+
+ if (variant->test_type == TEST_PTY_TIOCSTI_BASIC) {
+ /* ===== BASIC TIOCSTI TEST ===== */
+ child_pid = fork();
+ ASSERT_GE(child_pid, 0);
+
+ /* Perform the actual test in the child process */
+ if (child_pid == 0)
+ run_basic_tiocsti_test(_metadata, self, variant);
+
+ } else {
+ /* ===== FD PASSING SECURITY TEST ===== */
+ int sockpair[2];
+
+ ASSERT_EQ(socketpair(AF_UNIX, SOCK_STREAM, 0, sockpair), 0);
+
+ child_pid = fork();
+ ASSERT_GE(child_pid, 0);
+
+ if (child_pid == 0) {
+ /* Child process - create PTY and send FD */
+ close(sockpair[0]);
+ run_fdpass_tiocsti_test(_metadata, variant,
+ sockpair[1]);
+ }
+
+ /* Parent process - receive FD and test TIOCSTI */
+ close(sockpair[1]);
+
+ int received_fd = recv_fd_via_socket(sockpair[0]);
+
+ ASSERT_GE(received_fd, 0);
+
+ bool parent_has_cap = self->initial_cap_sys_admin;
+
+ TH_LOG("=== TIOCSTI FD Passing Test Context ===");
+ TH_LOG("legacy_tiocsti: %d, Parent CAP_SYS_ADMIN: %s, Child: %s",
+ variant->legacy_tiocsti, parent_has_cap ? "yes" : "no",
+ variant->requires_cap ? "kept" : "dropped");
+
+ /* SECURITY TEST: Try TIOCSTI with FD opened by child */
+ int result = test_tiocsti_injection(_metadata, received_fd);
+
+ /* Log security concern if demonstrated */
+ if (result == 0 && !variant->requires_cap) {
+ TH_LOG("*** SECURITY CONCERN DEMONSTRATED ***");
+ TH_LOG("Privileged parent can use TIOCSTI on FD from unprivileged child");
+ TH_LOG("This shows current process credentials are used, not opener credentials");
+ }
+
+ EXPECT_EQ(result, variant->expected_success)
+ {
+ TH_LOG("FD passing: expected error %d, got %d",
+ variant->expected_success, result);
+ }
+
+ /* Signal child completion */
+ char sync_byte = 'D';
+ ssize_t bytes_written = write(sockpair[0], &sync_byte, 1);
+
+ ASSERT_EQ(bytes_written, 1);
+
+ close(received_fd);
+ close(sockpair[0]);
+ }
+
+ /* Common child process cleanup for both test types */
+ ASSERT_EQ(waitpid(child_pid, &status, 0), child_pid);
+
+ if (WIFSIGNALED(status)) {
+ TH_LOG("Child terminated by signal %d", WTERMSIG(status));
+ ASSERT_FALSE(WIFSIGNALED(status))
+ {
+ TH_LOG("Child process failed assertion");
+ }
+ } else {
+ EXPECT_EQ(WEXITSTATUS(status), 0);
+ }
+}
+
+TEST_HARNESS_MAIN
---
base-commit: e6b9dce0aeeb91dfc0974ab87f02454e24566182
change-id: 20250618-toicsti-bug-7822b8e94a32
Best regards,
--
Abhinav Saxena <xandfury(a)gmail.com>
1 week, 4 days
- 1
- 0
[PATCH v4] selftests/tty: add TIOCSTI test suite
by Abhinav Saxena
TIOCSTI is a TTY ioctl command that allows inserting characters into
the terminal input queue, making it appear as if the user typed those
characters. This functionality has behavior that varies based on system
configuration and process credentials.
The dev.tty.legacy_tiocsti sysctl introduced in commit 83efeeeb3d04
("tty: Allow TIOCSTI to be disabled") controls TIOCSTI usage. When
disabled, TIOCSTI requires CAP_SYS_ADMIN capability.
The current implementation checks the current process's credentials via
capable(CAP_SYS_ADMIN), but does not validate against the file opener's
credentials stored in file->f_cred. This creates different behavior when
file descriptors are passed between processes via SCM_RIGHTS.
Add a test suite with 16 test variants using fixture variants to verify
TIOCSTI behavior when dev.tty.legacy_tiocsti is enabled/disabled:
- Basic TIOCSTI tests (8 variants): Direct testing with different
capability and controlling terminal combinations
- FD passing tests (8 variants): Test behavior when file descriptors
are passed between processes with different capabilities
The FD passing tests document this behavior - some tests show different
results than expected based on file opener credentials, demonstrating
that TIOCSTI uses current process credentials rather than file opener
credentials.
The tests validate proper enforcement of the legacy_tiocsti sysctl. Test
implementation uses openpty(3) with TIOCSCTTY for isolated PTY
environments. See tty_ioctl(4) for details on TIOCSTI behavior and
security requirements.
Signed-off-by: Abhinav Saxena <xandfury(a)gmail.com>
---
Changes in v4:
- Moved skip conditions and sysctl setup from TEST_F to FIXTURE_SETUP (Kees Cook)
- Fixed fclose() error handling in set_legacy_tiocsti_setting (Kees Cook)
- Extracted run_basic_tiocsti_test() and run_fdpass_tiocsti_test functions (Kees Cook)
- Removed redundant sysctl restore logic from TEST_F (Kees Cook)
- Simplified FIXTURE_TEARDOWN (Kees Cook)
- Replace drop_to_nobody() to drop_all_privs() which should be more portable (Justin Stitt)
- Link to v3: https://lore.kernel.org/r/20250730-toicsti-bug-v3-1-dd2dac97f27a@gmail.com
Add selftests for TIOCSTI ioctl
To run all tests:
$ sudo ./tools/testing/selftests/tty/tty_tiocsti_test
Test Results:
- PASSED: 13/16 tests
- Different behavior: 3/16 tests (documenting credential checking behavior)
All tests validated using:
- scripts/checkpatch.pl --strict (clean output)
- Functional testing on kernel v6.16-rc2
Changes in v3:
- Replaced all printf() calls with TH_LOG() for proper test logging (Kees Cook)
- Added struct __test_metadata parameter to helper functions
- Moved common legacy_tiocsti availability check to FIXTURE_SETUP()
- Implemented sysctl modification/restoration in FIXTURE_SETUP/TEARDOWN
- Used openpty() with TIOCSCTTY for reliable PTY testing environment
- Fixed child/parent synchronization in FD passing tests
- Replaced manual _exit(1) handling with proper ASSERT statements
- Switched // comments to /* */ format throughout
- Expanded to 16 test variants using fixture variants
- Enhanced error handling and test reliability
- Link to v2: https://lore.kernel.org/r/20250713-toicsti-bug-v2-1-b183787eea29@gmail.com
- Link to v1: https://lore.kernel.org/r/20250622-toicsti-bug-v1-0-f374373b04b2@gmail.com
References:
- tty_ioctl(4) - documents TIOCSTI ioctl and capability requirements
- openpty(3) - pseudo-terminal creation and management
- commit 83efeeeb3d04 ("tty: Allow TIOCSTI to be disabled")
- Documentation/security/credentials.rst
- https://github.com/KSPP/linux/issues/156
- https://lore.kernel.org/linux-hardening/Y0m9l52AKmw6Yxi1@hostpad/
- drivers/tty/Kconfig
- Documentation/driver-api/tty/
---
tools/testing/selftests/tty/Makefile | 6 +-
tools/testing/selftests/tty/config | 1 +
tools/testing/selftests/tty/tty_tiocsti_test.c | 650 +++++++++++++++++++++++++
3 files changed, 656 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/tty/Makefile b/tools/testing/selftests/tty/Makefile
index 50d7027b2ae3fb495dd1c0684363fa8f426be42c..7f6fbe5a0cd5663310e334d9d068b21dab9136ec 100644
--- a/tools/testing/selftests/tty/Makefile
+++ b/tools/testing/selftests/tty/Makefile
@@ -1,5 +1,9 @@
# SPDX-License-Identifier: GPL-2.0
CFLAGS = -O2 -Wall
-TEST_GEN_PROGS := tty_tstamp_update
+TEST_GEN_PROGS := tty_tstamp_update tty_tiocsti_test
+LDLIBS += -lcap
include ../lib.mk
+
+# Add libcap for TIOCSTI test
+$(OUTPUT)/tty_tiocsti_test: LDLIBS += -lcap
diff --git a/tools/testing/selftests/tty/config b/tools/testing/selftests/tty/config
new file mode 100644
index 0000000000000000000000000000000000000000..c6373aba66366c82435bb26c019eb360eb6310eb
--- /dev/null
+++ b/tools/testing/selftests/tty/config
@@ -0,0 +1 @@
+CONFIG_LEGACY_TIOCSTI=y
diff --git a/tools/testing/selftests/tty/tty_tiocsti_test.c b/tools/testing/selftests/tty/tty_tiocsti_test.c
new file mode 100644
index 0000000000000000000000000000000000000000..5e767e6cb3ef8f05c5430eb0fcc792064c446c03
--- /dev/null
+++ b/tools/testing/selftests/tty/tty_tiocsti_test.c
@@ -0,0 +1,650 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * TTY Tests - TIOCSTI
+ *
+ * Copyright © 2025 Abhinav Saxena <xandfury(a)gmail.com>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/ioctl.h>
+#include <errno.h>
+#include <stdbool.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <pwd.h>
+#include <termios.h>
+#include <grp.h>
+#include <sys/capability.h>
+#include <sys/prctl.h>
+#include <pty.h>
+#include <utmp.h>
+
+#include "../kselftest_harness.h"
+
+enum test_type {
+ TEST_PTY_TIOCSTI_BASIC,
+ TEST_PTY_TIOCSTI_FD_PASSING,
+ /* other tests cases such as serial may be added. */
+};
+
+/*
+ * Test Strategy:
+ * - Basic tests: Use PTY with/without TIOCSCTTY (controlling terminal for
+ * current process)
+ * - FD passing tests: Child creates PTY, parent receives FD (demonstrates
+ * security issue)
+ *
+ * SECURITY VULNERABILITY DEMONSTRATION:
+ * FD passing tests show that TIOCSTI uses CURRENT process credentials, not
+ * opener credentials. This means privileged processes can be given FDs from
+ * unprivileged processes and successfully perform TIOCSTI operations that the
+ * unprivileged process couldn't do directly.
+ *
+ * Attack scenario:
+ * 1. Unprivileged process opens TTY (direct TIOCSTI fails due to lack of
+ * privileges)
+ * 2. Unprivileged process passes FD to privileged process via SCM_RIGHTS
+ * 3. Privileged process can use TIOCSTI on the FD (succeeds due to its
+ * privileges)
+ * 4. Result: Effective privilege escalation via file descriptor passing
+ *
+ * This matches the kernel logic in tiocsti():
+ * 1. if (!tty_legacy_tiocsti && !capable(CAP_SYS_ADMIN)) return -EIO;
+ * 2. if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
+ * return -EPERM;
+ * Note: Both checks use capable() on CURRENT process, not FD opener!
+ *
+ * If the file credentials were also checked along with the capable() checks
+ * then the results for FD pass tests would be consistent with the basic tests.
+ */
+
+FIXTURE(tiocsti)
+{
+ int pty_master_fd; /* PTY - for basic tests */
+ int pty_slave_fd;
+ bool has_pty;
+ bool initial_cap_sys_admin;
+ int original_legacy_tiocsti_setting;
+ bool can_modify_sysctl;
+};
+
+FIXTURE_VARIANT(tiocsti)
+{
+ const enum test_type test_type;
+ const bool controlling_tty; /* true=current->signal->tty == tty */
+ const int legacy_tiocsti; /* 0=restricted, 1=permissive */
+ const bool requires_cap; /* true=with CAP_SYS_ADMIN, false=without */
+ const int expected_success; /* 0=success, -EIO/-EPERM=specific error */
+};
+
+/*
+ * Tests Controlling Terminal Variants (current->signal->tty == tty)
+ *
+ * TIOCSTI Test Matrix:
+ *
+ * | legacy_tiocsti | CAP_SYS_ADMIN | Expected Result | Error |
+ * |----------------|---------------|-----------------|-------|
+ * | 1 (permissive) | true | SUCCESS | - |
+ * | 1 (permissive) | false | SUCCESS | - |
+ * | 0 (restricted) | true | SUCCESS | - |
+ * | 0 (restricted) | false | FAILURE | -EIO |
+ */
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(tiocsti, basic_pty_permissive_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = true,
+ .legacy_tiocsti = 1,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, basic_pty_permissive_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = true,
+ .legacy_tiocsti = 1,
+ .requires_cap = false,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, basic_pty_restricted_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = true,
+ .legacy_tiocsti = 0,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, basic_pty_restricted_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = true,
+ .legacy_tiocsti = 0,
+ .requires_cap = false,
+ .expected_success = -EIO, /* FAILURE: legacy restriction */
+}; /* clang-format on */
+
+/*
+ * Note for FD Passing Test Variants
+ * Since we're testing the scenario where an unprivileged process pass an FD
+ * to a privileged one, .requires_cap here means the caps of the child process.
+ * Not the parent; parent would always be privileged.
+ */
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_pty_permissive_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = true,
+ .legacy_tiocsti = 1,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_pty_permissive_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = true,
+ .legacy_tiocsti = 1,
+ .requires_cap = false,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_pty_restricted_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = true,
+ .legacy_tiocsti = 0,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_pty_restricted_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = true,
+ .legacy_tiocsti = 0,
+ .requires_cap = false,
+ .expected_success = -EIO,
+}; /* clang-format on */
+
+/*
+ * Non-Controlling Terminal Variants (current->signal->tty != tty)
+ *
+ * TIOCSTI Test Matrix:
+ *
+ * | legacy_tiocsti | CAP_SYS_ADMIN | Expected Result | Error |
+ * |----------------|---------------|-----------------|-------|
+ * | 1 (permissive) | true | SUCCESS | - |
+ * | 1 (permissive) | false | FAILURE | -EPERM|
+ * | 0 (restricted) | true | SUCCESS | - |
+ * | 0 (restricted) | false | FAILURE | -EIO |
+ */
+
+/* clang-format off */
+FIXTURE_VARIANT_ADD(tiocsti, basic_nopty_permissive_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = false,
+ .legacy_tiocsti = 1,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, basic_nopty_permissive_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = false,
+ .legacy_tiocsti = 1,
+ .requires_cap = false,
+ .expected_success = -EPERM,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, basic_nopty_restricted_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = false,
+ .legacy_tiocsti = 0,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, basic_nopty_restricted_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_BASIC,
+ .controlling_tty = false,
+ .legacy_tiocsti = 0,
+ .requires_cap = false,
+ .expected_success = -EIO,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_nopty_permissive_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = false,
+ .legacy_tiocsti = 1,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_nopty_permissive_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = false,
+ .legacy_tiocsti = 1,
+ .requires_cap = false,
+ .expected_success = -EPERM,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_nopty_restricted_withcap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = false,
+ .legacy_tiocsti = 0,
+ .requires_cap = true,
+ .expected_success = 0,
+};
+
+FIXTURE_VARIANT_ADD(tiocsti, fdpass_nopty_restricted_nocap) {
+ .test_type = TEST_PTY_TIOCSTI_FD_PASSING,
+ .controlling_tty = false,
+ .legacy_tiocsti = 0,
+ .requires_cap = false,
+ .expected_success = -EIO,
+}; /* clang-format on */
+
+/* Helper function to send FD via SCM_RIGHTS */
+static int send_fd_via_socket(int socket_fd, int fd_to_send)
+{
+ struct msghdr msg = { 0 };
+ struct cmsghdr *cmsg;
+ char cmsg_buf[CMSG_SPACE(sizeof(int))];
+ char dummy_data = 'F';
+ struct iovec iov = { .iov_base = &dummy_data, .iov_len = 1 };
+
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_control = cmsg_buf;
+ msg.msg_controllen = sizeof(cmsg_buf);
+
+ cmsg = CMSG_FIRSTHDR(&msg);
+ cmsg->cmsg_level = SOL_SOCKET;
+ cmsg->cmsg_type = SCM_RIGHTS;
+ cmsg->cmsg_len = CMSG_LEN(sizeof(int));
+
+ memcpy(CMSG_DATA(cmsg), &fd_to_send, sizeof(int));
+
+ return sendmsg(socket_fd, &msg, 0) < 0 ? -1 : 0;
+}
+
+/* Helper function to receive FD via SCM_RIGHTS */
+static int recv_fd_via_socket(int socket_fd)
+{
+ struct msghdr msg = { 0 };
+ struct cmsghdr *cmsg;
+ char cmsg_buf[CMSG_SPACE(sizeof(int))];
+ char dummy_data;
+ struct iovec iov = { .iov_base = &dummy_data, .iov_len = 1 };
+ int received_fd = -1;
+
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_control = cmsg_buf;
+ msg.msg_controllen = sizeof(cmsg_buf);
+
+ if (recvmsg(socket_fd, &msg, 0) < 0)
+ return -1;
+
+ for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+ if (cmsg->cmsg_level == SOL_SOCKET &&
+ cmsg->cmsg_type == SCM_RIGHTS) {
+ memcpy(&received_fd, CMSG_DATA(cmsg), sizeof(int));
+ break;
+ }
+ }
+
+ return received_fd;
+}
+
+static inline bool has_cap_sys_admin(void)
+{
+ cap_t caps = cap_get_proc();
+
+ if (!caps)
+ return false;
+
+ cap_flag_value_t cap_val;
+ bool has_cap = (cap_get_flag(caps, CAP_SYS_ADMIN, CAP_EFFECTIVE,
+ &cap_val) == 0) &&
+ (cap_val == CAP_SET);
+
+ cap_free(caps);
+ return has_cap;
+}
+
+/*
+ * Switch to non-root user and clear all capabilities
+ */
+static inline bool drop_all_privs(struct __test_metadata *_metadata)
+{
+ /* Drop supplementary groups */
+ ASSERT_EQ(setgroups(0, NULL), 0);
+
+ /* Switch to non-root user */
+ ASSERT_EQ(setgid(1000), 0);
+ ASSERT_EQ(setuid(1000), 0);
+
+ /* Clear all capabilities */
+ cap_t empty = cap_init();
+
+ ASSERT_NE(empty, NULL);
+ ASSERT_EQ(cap_set_proc(empty), 0);
+ cap_free(empty);
+
+ /* Prevent privilege regain */
+ ASSERT_EQ(prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0), 0);
+
+ /* Verify privilege drop */
+ ASSERT_FALSE(has_cap_sys_admin());
+ return true;
+}
+
+static inline int get_legacy_tiocsti_setting(struct __test_metadata *_metadata)
+{
+ FILE *fp;
+ int value = -1;
+
+ fp = fopen("/proc/sys/dev/tty/legacy_tiocsti", "r");
+ if (!fp) {
+ /* legacy_tiocsti sysctl not available (kernel < 6.2) */
+ return -1;
+ }
+
+ if (fscanf(fp, "%d", &value) == 1 && fclose(fp) == 0) {
+ if (value < 0 || value > 1)
+ value = -1; /* Invalid value */
+ } else {
+ value = -1; /* Failed to parse */
+ }
+
+ return value;
+}
+
+static inline bool set_legacy_tiocsti_setting(struct __test_metadata *_metadata,
+ int value)
+{
+ FILE *fp;
+ bool success = false;
+
+ /* Sanity-check the value */
+ ASSERT_GE(value, 0);
+ ASSERT_LE(value, 1);
+
+ /*
+ * Try to open for writing; if we lack permission, return false so
+ * the test harness will skip variants that need to change it
+ */
+ fp = fopen("/proc/sys/dev/tty/legacy_tiocsti", "w");
+ if (!fp)
+ return false;
+
+ /* Write the new setting */
+ if (fprintf(fp, "%d\n", value) > 0 && fclose(fp) == 0)
+ success = true;
+ else
+ TH_LOG("Failed to write legacy_tiocsti: %s", strerror(errno));
+
+ return success;
+}
+
+/*
+ * TIOCSTI injection test function
+ * @tty_fd: TTY slave file descriptor to test TIOCSTI on
+ * Returns: 0 on success, -errno on failure
+ */
+static inline int test_tiocsti_injection(struct __test_metadata *_metadata,
+ int tty_fd)
+{
+ int ret;
+ char inject_char = 'V';
+
+ errno = 0;
+ ret = ioctl(tty_fd, TIOCSTI, &inject_char);
+ return ret == 0 ? 0 : -errno;
+}
+
+/*
+ * Child process: test TIOCSTI directly with capability/controlling
+ * terminal setup
+ */
+static void run_basic_tiocsti_test(struct __test_metadata *_metadata,
+ FIXTURE_DATA(tiocsti) * self,
+ const FIXTURE_VARIANT(tiocsti) * variant)
+{
+ /* Handle capability requirements */
+ if (self->initial_cap_sys_admin && !variant->requires_cap)
+ ASSERT_TRUE(drop_all_privs(_metadata));
+
+ if (variant->controlling_tty) {
+ /*
+ * Create new session and set PTY as
+ * controlling terminal
+ */
+ pid_t sid = setsid();
+
+ ASSERT_GE(sid, 0);
+ ASSERT_EQ(ioctl(self->pty_slave_fd, TIOCSCTTY, 0), 0);
+ }
+
+ /*
+ * Validate test environment setup and verify final
+ * capability state matches expectation
+ * after potential drop.
+ */
+ ASSERT_TRUE(self->has_pty);
+ ASSERT_EQ(has_cap_sys_admin(), variant->requires_cap);
+
+ /* Test TIOCSTI and validate result */
+ int result = test_tiocsti_injection(_metadata, self->pty_slave_fd);
+
+ /* Check against expected result from variant */
+ EXPECT_EQ(result, variant->expected_success);
+ _exit(0);
+}
+
+/*
+ * Child process: create PTY and then pass FD to parent via SCM_RIGHTS
+ */
+static void run_fdpass_tiocsti_test(struct __test_metadata *_metadata,
+ const FIXTURE_VARIANT(tiocsti) * variant,
+ int sockfd)
+{
+ signal(SIGHUP, SIG_IGN);
+
+ /* Handle privilege dropping */
+ if (!variant->requires_cap && has_cap_sys_admin())
+ ASSERT_TRUE(drop_all_privs(_metadata));
+
+ /* Create child's PTY */
+ int child_master_fd, child_slave_fd;
+
+ ASSERT_EQ(openpty(&child_master_fd, &child_slave_fd, NULL, NULL, NULL),
+ 0);
+
+ if (variant->controlling_tty) {
+ pid_t sid = setsid();
+
+ ASSERT_GE(sid, 0);
+ ASSERT_EQ(ioctl(child_slave_fd, TIOCSCTTY, 0), 0);
+ }
+
+ /* Test child's direct TIOCSTI for reference */
+ int direct_result = test_tiocsti_injection(_metadata, child_slave_fd);
+
+ EXPECT_EQ(direct_result, variant->expected_success);
+
+ /* Send FD to parent */
+ ASSERT_EQ(send_fd_via_socket(sockfd, child_slave_fd), 0);
+
+ /* Wait for parent completion signal */
+ char sync_byte;
+ ssize_t bytes_read = read(sockfd, &sync_byte, 1);
+
+ ASSERT_EQ(bytes_read, 1);
+
+ close(child_master_fd);
+ close(child_slave_fd);
+ close(sockfd);
+ _exit(0);
+}
+
+FIXTURE_SETUP(tiocsti)
+{
+ /* Create PTY pair for basic tests */
+ self->has_pty = (openpty(&self->pty_master_fd, &self->pty_slave_fd,
+ NULL, NULL, NULL) == 0);
+ if (!self->has_pty) {
+ self->pty_master_fd = -1;
+ self->pty_slave_fd = -1;
+ }
+
+ self->initial_cap_sys_admin = has_cap_sys_admin();
+ self->original_legacy_tiocsti_setting =
+ get_legacy_tiocsti_setting(_metadata);
+
+ if (self->original_legacy_tiocsti_setting < 0)
+ SKIP(return,
+ "legacy_tiocsti sysctl not available (kernel < 6.2)");
+
+ /* Common skip conditions */
+ if (variant->test_type == TEST_PTY_TIOCSTI_BASIC && !self->has_pty)
+ SKIP(return, "PTY not available for controlling terminal test");
+
+ if (variant->test_type == TEST_PTY_TIOCSTI_FD_PASSING &&
+ !self->initial_cap_sys_admin)
+ SKIP(return, "FD Pass tests require CAP_SYS_ADMIN");
+
+ if (variant->requires_cap && !self->initial_cap_sys_admin)
+ SKIP(return, "Test requires initial CAP_SYS_ADMIN");
+
+ /* Test if we can modify the sysctl (requires appropriate privileges) */
+ self->can_modify_sysctl = set_legacy_tiocsti_setting(
+ _metadata, self->original_legacy_tiocsti_setting);
+
+ /* Sysctl setup based on variant */
+ if (self->can_modify_sysctl &&
+ self->original_legacy_tiocsti_setting != variant->legacy_tiocsti) {
+ if (!set_legacy_tiocsti_setting(_metadata,
+ variant->legacy_tiocsti))
+ SKIP(return, "Failed to set legacy_tiocsti sysctl");
+
+ } else if (!self->can_modify_sysctl &&
+ self->original_legacy_tiocsti_setting !=
+ variant->legacy_tiocsti)
+ SKIP(return, "legacy_tiocsti setting mismatch");
+}
+
+FIXTURE_TEARDOWN(tiocsti)
+{
+ /*
+ * Backup restoration -
+ * each test should restore its own sysctl changes
+ */
+ if (self->can_modify_sysctl) {
+ int current_value = get_legacy_tiocsti_setting(_metadata);
+
+ if (current_value != self->original_legacy_tiocsti_setting) {
+ TH_LOG("Backup: Restoring legacy_tiocsti from %d to %d",
+ current_value,
+ self->original_legacy_tiocsti_setting);
+ set_legacy_tiocsti_setting(
+ _metadata,
+ self->original_legacy_tiocsti_setting);
+ }
+ }
+
+ if (self->has_pty) {
+ if (self->pty_master_fd >= 0)
+ close(self->pty_master_fd);
+ if (self->pty_slave_fd >= 0)
+ close(self->pty_slave_fd);
+ }
+}
+
+TEST_F(tiocsti, test)
+{
+ int status;
+ pid_t child_pid;
+
+ if (variant->test_type == TEST_PTY_TIOCSTI_BASIC) {
+ /* ===== BASIC TIOCSTI TEST ===== */
+ child_pid = fork();
+ ASSERT_GE(child_pid, 0);
+
+ /* Perform the actual test in the child process */
+ if (child_pid == 0)
+ run_basic_tiocsti_test(_metadata, self, variant);
+
+ } else {
+ /* ===== FD PASSING SECURITY TEST ===== */
+ int sockpair[2];
+
+ ASSERT_EQ(socketpair(AF_UNIX, SOCK_STREAM, 0, sockpair), 0);
+
+ child_pid = fork();
+ ASSERT_GE(child_pid, 0);
+
+ if (child_pid == 0) {
+ /* Child process - create PTY and send FD */
+ close(sockpair[0]);
+ run_fdpass_tiocsti_test(_metadata, variant,
+ sockpair[1]);
+ }
+
+ /* Parent process - receive FD and test TIOCSTI */
+ close(sockpair[1]);
+
+ int received_fd = recv_fd_via_socket(sockpair[0]);
+
+ ASSERT_GE(received_fd, 0);
+
+ bool parent_has_cap = self->initial_cap_sys_admin;
+
+ TH_LOG("=== TIOCSTI FD Passing Test Context ===");
+ TH_LOG("legacy_tiocsti: %d, Parent CAP_SYS_ADMIN: %s, Child: %s",
+ variant->legacy_tiocsti, parent_has_cap ? "yes" : "no",
+ variant->requires_cap ? "kept" : "dropped");
+
+ /* SECURITY TEST: Try TIOCSTI with FD opened by child */
+ int result = test_tiocsti_injection(_metadata, received_fd);
+
+ /* Log security concern if demonstrated */
+ if (result == 0 && !variant->requires_cap) {
+ TH_LOG("*** SECURITY CONCERN DEMONSTRATED ***");
+ TH_LOG("Privileged parent can use TIOCSTI on FD from unprivileged child");
+ TH_LOG("This shows current process credentials are used, not opener credentials");
+ }
+
+ EXPECT_EQ(result, variant->expected_success)
+ {
+ TH_LOG("FD passing: expected error %d, got %d",
+ variant->expected_success, result);
+ }
+
+ /* Signal child completion */
+ char sync_byte = 'D';
+ ssize_t bytes_written = write(sockpair[0], &sync_byte, 1);
+
+ ASSERT_EQ(bytes_written, 1);
+
+ close(received_fd);
+ close(sockpair[0]);
+ }
+
+ /* Common child process cleanup for both test types */
+ ASSERT_EQ(waitpid(child_pid, &status, 0), child_pid);
+
+ if (WIFSIGNALED(status)) {
+ TH_LOG("Child terminated by signal %d", WTERMSIG(status));
+ ASSERT_FALSE(WIFSIGNALED(status))
+ {
+ TH_LOG("Child process failed assertion");
+ }
+ } else {
+ EXPECT_EQ(WEXITSTATUS(status), 0);
+ }
+}
+
+TEST_HARNESS_MAIN
---
base-commit: e6b9dce0aeeb91dfc0974ab87f02454e24566182
change-id: 20250618-toicsti-bug-7822b8e94a32
Best regards,
--
Abhinav Saxena <xandfury(a)gmail.com>
1 week, 4 days
- 2
- 2
[PATCH v2 0/2] selftests/mm: split_huge_page_test: split_pte_mapped_thp improvements
by David Hildenbrand
One fix for occasional failures I found while testing and a bunch of
cleanups that should make that test easier to digest.
Tested on x86-64, the test seems to reliably pass.
Cc: Andrew Morton <akpm(a)linux-foundation.org>
Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Cc: Zi Yan <ziy(a)nvidia.com>
Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com>
Cc: "Liam R. Howlett" <Liam.Howlett(a)oracle.com>
Cc: Nico Pache <npache(a)redhat.com>
Cc: Ryan Roberts <ryan.roberts(a)arm.com>
Cc: Dev Jain <dev.jain(a)arm.com>
Cc: Barry Song <baohua(a)kernel.org>
Cc: Wei Yang <richard.weiyang(a)gmail.com>
--
Mostly a resend, because I accidentally disabled "ccover = true" in my
git config so people were only CCed on the cover letter.
v1 -> v2:
* "selftests/mm: split_huge_page_test: fix occasional is_backed_by_folio()
wrong results"
-> Fixup missing ")" in patch description
David Hildenbrand (2):
selftests/mm: split_huge_page_test: fix occasional
is_backed_by_folio() wrong results
selftests/mm: split_huge_page_test: cleanups for split_pte_mapped_thp
test
.../selftests/mm/split_huge_page_test.c | 138 ++++++++++--------
1 file changed, 81 insertions(+), 57 deletions(-)
base-commit: ef42a39c44ef6da64ae3495d27e28dd6fca62a51
--
2.50.1
1 week, 5 days
- 1
- 2