[PATCH net-next 0/6] selftests: net: configure rp_filter in setup_ns

List overview All Threads
Download

newer

older

[PATCH RFC v7 0/8] Add NUMA...

[PATCH net-next v4]...

Hangbin Liu

7 May 2025 7 May '25

1:18 p.m.

Some distributions enable rp_filter globally by default, which can interfere with various test cases. To address this, many tests explicitly disable rp_filter within their scripts.

To avoid duplication and ensure consistent behavior across tests, this patch moves the rp_filter configuration into setup_ns, applied immediately after a new namespace is created. This change ensures that all namespace-based tests inherit the appropriate rp_filter settings, simplifying individual test scripts and improving maintainability.

BTW, the patch 4/6 for srv6 is a bit large. Please tell me if you think I need to break this one.

Hangbin Liu (6): selftests: net: disable rp_filter after namespace initialization selftests: net: remove redundant rp_filter configuration selftests: net: use setup_ns for bareudp testing selftests: net: use setup_ns for SRv6 tests and remove rp_filter configuration selftests: netfilter: remove rp_filter configuration selftests: mptcp: remove rp_filter configuration

tools/testing/selftests/net/bareudp.sh | 49 ++--------- tools/testing/selftests/net/fib_rule_tests.sh | 3 - tools/testing/selftests/net/fib_tests.sh | 3 - tools/testing/selftests/net/icmp_redirect.sh | 2 - tools/testing/selftests/net/lib.sh | 2 + .../testing/selftests/net/mptcp/mptcp_lib.sh | 2 - .../selftests/net/netfilter/br_netfilter.sh | 3 - .../selftests/net/netfilter/bridge_brouter.sh | 2 - .../selftests/net/netfilter/conntrack_vrf.sh | 3 - tools/testing/selftests/net/netfilter/ipvs.sh | 6 -- .../selftests/net/netfilter/nft_fib.sh | 2 - .../selftests/net/netfilter/nft_nat_zones.sh | 2 - .../testing/selftests/net/netfilter/rpath.sh | 18 ++-- .../selftests/net/srv6_end_dt46_l3vpn_test.sh | 5 -- .../selftests/net/srv6_end_dt4_l3vpn_test.sh | 5 -- .../net/srv6_end_next_csid_l3vpn_test.sh | 77 ++++------------- .../net/srv6_end_x_next_csid_l3vpn_test.sh | 83 +++++-------------- .../net/srv6_hencap_red_l3vpn_test.sh | 74 ++++------------- .../net/srv6_hl2encap_red_l2vpn_test.sh | 77 ++++------------- 19 files changed, 87 insertions(+), 331 deletions(-)

-- 2.46.0

Show replies by date

Hangbin Liu

7 May 7 May

1:18 p.m.

New subject: [PATCH net-next 1/6] selftests: net: disable rp_filter after namespace initialization

Some distributions enable rp_filter globally by default. To ensure consistent behavior across environments, we explicitly disable it in several test cases.

This patch moves the rp_filter disabling logic to immediately after the network namespace is initialized. With this change, individual test cases with creating namespace via setup_ns no longer need to disable rp_filter again.

This helps avoid redundancy and ensures test consistency.

Signed-off-by: Hangbin Liu liuhangbin@gmail.com --- tools/testing/selftests/net/lib.sh | 2 ++ 1 file changed, 2 insertions(+)

diff --git a/tools/testing/selftests/net/lib.sh b/tools/testing/selftests/net/lib.sh index 7e1e56318625..7962da06f816 100644 --- a/tools/testing/selftests/net/lib.sh +++ b/tools/testing/selftests/net/lib.sh @@ -217,6 +217,8 @@ setup_ns() return $ksft_skip fi ip -n "${!ns_name}" link set lo up + ip netns exec "${!ns_name}" sysctl -wq net.ipv4.conf.all.rp_filter=0 + ip netns exec "${!ns_name}" sysctl -wq net.ipv4.conf.default.rp_filter=0 ns_list+=("${!ns_name}") done NS_LIST+=("${ns_list[@]}")

-- 2.46.0

Hangbin Liu

1:18 p.m.

New subject: [PATCH net-next 2/6] selftests: net: remove redundant rp_filter configuration

The following tests use setup_ns to create a network namespace, which will disables rp_filter immediately after namespace creation. Therefore, it is no longer necessary to disable rp_filter again within these individual tests.

Signed-off-by: Hangbin Liu liuhangbin@gmail.com --- tools/testing/selftests/net/fib_rule_tests.sh | 3 --- tools/testing/selftests/net/fib_tests.sh | 3 --- tools/testing/selftests/net/icmp_redirect.sh | 2 -- 3 files changed, 8 deletions(-)

diff --git a/tools/testing/selftests/net/fib_rule_tests.sh b/tools/testing/selftests/net/fib_rule_tests.sh index c7cea556b416..5fbdd2a0b537 100755 --- a/tools/testing/selftests/net/fib_rule_tests.sh +++ b/tools/testing/selftests/net/fib_rule_tests.sh @@ -516,10 +516,7 @@ fib_rule4_test() fib_rule4_test_match_n_redirect "$match" "$match" "$getnomatch" \ "oif redirect to table" "oif no redirect to table"

- # Enable forwarding and disable rp_filter as all the addresses are in - # the same subnet and egress device == ingress device. ip netns exec $testns sysctl -qw net.ipv4.ip_forward=1 - ip netns exec $testns sysctl -qw net.ipv4.conf.$DEV.rp_filter=0 match="from $SRC_IP iif $DEV" getnomatch="from $SRC_IP iif lo" fib_rule4_test_match_n_redirect "$match" "$match" "$getnomatch" \ diff --git a/tools/testing/selftests/net/fib_tests.sh b/tools/testing/selftests/net/fib_tests.sh index c58dc4ac2810..a94b73a53f72 100755 --- a/tools/testing/selftests/net/fib_tests.sh +++ b/tools/testing/selftests/net/fib_tests.sh @@ -2560,9 +2560,6 @@ ipv4_mpath_list_test() run_cmd "ip -n $ns2 route add 203.0.113.0/24 nexthop via 172.16.201.2 nexthop via 172.16.202.2" run_cmd "ip netns exec $ns2 sysctl -qw net.ipv4.fib_multipath_hash_policy=1" - run_cmd "ip netns exec $ns2 sysctl -qw net.ipv4.conf.veth2.rp_filter=0" - run_cmd "ip netns exec $ns2 sysctl -qw net.ipv4.conf.all.rp_filter=0" - run_cmd "ip netns exec $ns2 sysctl -qw net.ipv4.conf.default.rp_filter=0" set +e

local dmac=$(ip -n $ns2 -j link show dev veth2 | jq -r '.[]["address"]') diff --git a/tools/testing/selftests/net/icmp_redirect.sh b/tools/testing/selftests/net/icmp_redirect.sh index d6f0e449c029..b13c89a99ecb 100755 --- a/tools/testing/selftests/net/icmp_redirect.sh +++ b/tools/testing/selftests/net/icmp_redirect.sh @@ -178,8 +178,6 @@ setup() else ip netns exec $ns sysctl -q -w net.ipv4.ip_forward=1 ip netns exec $ns sysctl -q -w net.ipv4.conf.all.send_redirects=1 - ip netns exec $ns sysctl -q -w net.ipv4.conf.default.rp_filter=0 - ip netns exec $ns sysctl -q -w net.ipv4.conf.all.rp_filter=0

ip netns exec $ns sysctl -q -w net.ipv6.conf.all.forwarding=1 ip netns exec $ns sysctl -q -w net.ipv6.route.mtu_expires=10

-- 2.46.0

Hangbin Liu

1:18 p.m.

New subject: [PATCH net-next 3/6] selftests: net: use setup_ns for bareudp testing

Switch bareudp testing to use setup_ns, which sets up rp_filter by default. This allows us to remove the manual rp_filter configuration from the script.

Additionally, since setup_ns handles namespace naming and cleanup, we no longer need a separate cleanup function. We also move the trap setup earlier in the script, before the test setup begins.

Signed-off-by: Hangbin Liu liuhangbin@gmail.com --- tools/testing/selftests/net/bareudp.sh | 49 ++++---------------------- 1 file changed, 7 insertions(+), 42 deletions(-)

diff --git a/tools/testing/selftests/net/bareudp.sh b/tools/testing/selftests/net/bareudp.sh index f366cadbc5e8..4046131e7888 100755 --- a/tools/testing/selftests/net/bareudp.sh +++ b/tools/testing/selftests/net/bareudp.sh @@ -106,26 +106,16 @@ # | | # +-----------------------------------------------------------------------+

+. ./lib.sh + ERR=4 # Return 4 by default, which is the SKIP code for kselftest PING6="ping" PAUSE_ON_FAIL="no"

-readonly NS0=$(mktemp -u ns0-XXXXXXXX) -readonly NS1=$(mktemp -u ns1-XXXXXXXX) -readonly NS2=$(mktemp -u ns2-XXXXXXXX) -readonly NS3=$(mktemp -u ns3-XXXXXXXX) - # Exit the script after having removed the network namespaces it created -# -# Parameters: -# -# * The list of network namespaces to delete before exiting. -# exit_cleanup() { - for ns in "$@"; do - ip netns delete "${ns}" 2>/dev/null || true - done + cleanup_all_ns

if [ "${ERR}" -eq 4 ]; then echo "Error: Setting up the testing environment failed." >&2 @@ -140,17 +130,7 @@ exit_cleanup() # namespaces created by this script are deleted. create_namespaces() { - ip netns add "${NS0}" || exit_cleanup - ip netns add "${NS1}" || exit_cleanup "${NS0}" - ip netns add "${NS2}" || exit_cleanup "${NS0}" "${NS1}" - ip netns add "${NS3}" || exit_cleanup "${NS0}" "${NS1}" "${NS2}" -} - -# The trap function handler -# -exit_cleanup_all() -{ - exit_cleanup "${NS0}" "${NS1}" "${NS2}" "${NS3}" + setup_ns NS0 NS1 NS2 NS3 || exit_cleanup }

# Configure a network interface using a host route @@ -188,10 +168,6 @@ iface_config() # setup_underlay() { - for ns in "${NS0}" "${NS1}" "${NS2}" "${NS3}"; do - ip -netns "${ns}" link set dev lo up - done; - ip link add name veth01 netns "${NS0}" type veth peer name veth10 netns "${NS1}" ip link add name veth12 netns "${NS1}" type veth peer name veth21 netns "${NS2}" ip link add name veth23 netns "${NS2}" type veth peer name veth32 netns "${NS3}" @@ -234,14 +210,6 @@ setup_overlay_ipv4() ip netns exec "${NS2}" sysctl -qw net.ipv4.ip_forward=1 ip -netns "${NS1}" route add 192.0.2.100/32 via 192.0.2.10 ip -netns "${NS2}" route add 192.0.2.103/32 via 192.0.2.33 - - # The intermediate namespaces don't have routes for the reverse path, - # as it will be handled by tc. So we need to ensure that rp_filter is - # not going to block the traffic. - ip netns exec "${NS1}" sysctl -qw net.ipv4.conf.all.rp_filter=0 - ip netns exec "${NS2}" sysctl -qw net.ipv4.conf.all.rp_filter=0 - ip netns exec "${NS1}" sysctl -qw net.ipv4.conf.default.rp_filter=0 - ip netns exec "${NS2}" sysctl -qw net.ipv4.conf.default.rp_filter=0 }

setup_overlay_ipv6() @@ -521,13 +489,10 @@ done

check_features

-# Create namespaces before setting up the exit trap. -# Otherwise, exit_cleanup_all() could delete namespaces that were not created -# by this script. -create_namespaces - set -e -trap exit_cleanup_all EXIT +trap exit_cleanup EXIT + +create_namespaces

setup_underlay setup_overlay_ipv4

-- 2.46.0

Hangbin Liu

1:18 p.m.

New subject: [PATCH net-next 4/6] selftests: net: use setup_ns for SRv6 tests and remove rp_filter configuration

Some SRv6 tests manually set up network namespaces and disable rp_filter. Since the setup_ns library function already handles rp_filter configuration, convert these SRv6 tests to use setup_ns and remove the redundant rp_filter settings.

Signed-off-by: Hangbin Liu liuhangbin@gmail.com --- .../selftests/net/srv6_end_dt46_l3vpn_test.sh | 5 -- .../selftests/net/srv6_end_dt4_l3vpn_test.sh | 5 -- .../net/srv6_end_next_csid_l3vpn_test.sh | 77 ++++------------- .../net/srv6_end_x_next_csid_l3vpn_test.sh | 83 +++++-------------- .../net/srv6_hencap_red_l3vpn_test.sh | 74 ++++------------- .../net/srv6_hl2encap_red_l2vpn_test.sh | 77 ++++------------- 6 files changed, 73 insertions(+), 248 deletions(-)

diff --git a/tools/testing/selftests/net/srv6_end_dt46_l3vpn_test.sh b/tools/testing/selftests/net/srv6_end_dt46_l3vpn_test.sh index 02d617040793..a5e959a080bb 100755 --- a/tools/testing/selftests/net/srv6_end_dt46_l3vpn_test.sh +++ b/tools/testing/selftests/net/srv6_end_dt46_l3vpn_test.sh @@ -285,11 +285,6 @@ setup_hs() ip netns exec ${hsname} sysctl -wq net.ipv6.conf.all.accept_dad=0 ip netns exec ${hsname} sysctl -wq net.ipv6.conf.default.accept_dad=0

- # disable the rp_filter otherwise the kernel gets confused about how - # to route decap ipv4 packets. - ip netns exec ${rtname} sysctl -wq net.ipv4.conf.all.rp_filter=0 - ip netns exec ${rtname} sysctl -wq net.ipv4.conf.default.rp_filter=0 - ip -netns ${hsname} link add veth0 type veth peer name ${rtveth} ip -netns ${hsname} link set ${rtveth} netns ${rtname} ip -netns ${hsname} addr add ${IPv6_HS_NETWORK}::${hid}/64 dev veth0 nodad diff --git a/tools/testing/selftests/net/srv6_end_dt4_l3vpn_test.sh b/tools/testing/selftests/net/srv6_end_dt4_l3vpn_test.sh index 79fb81e63c59..a649dba3cb77 100755 --- a/tools/testing/selftests/net/srv6_end_dt4_l3vpn_test.sh +++ b/tools/testing/selftests/net/srv6_end_dt4_l3vpn_test.sh @@ -250,11 +250,6 @@ setup_hs() eval local rtname=${rt_${rid}} local rtveth=veth-t${tid}

- # disable the rp_filter otherwise the kernel gets confused about how - # to route decap ipv4 packets. - ip netns exec ${rtname} sysctl -wq net.ipv4.conf.all.rp_filter=0 - ip netns exec ${rtname} sysctl -wq net.ipv4.conf.default.rp_filter=0 - ip -netns ${hsname} link add veth0 type veth peer name ${rtveth} ip -netns ${hsname} link set ${rtveth} netns ${rtname} ip -netns ${hsname} addr add ${IPv4_HS_NETWORK}.${hid}/24 dev veth0 diff --git a/tools/testing/selftests/net/srv6_end_next_csid_l3vpn_test.sh b/tools/testing/selftests/net/srv6_end_next_csid_l3vpn_test.sh index 87e414cc417c..ba730655a7bf 100755 --- a/tools/testing/selftests/net/srv6_end_next_csid_l3vpn_test.sh +++ b/tools/testing/selftests/net/srv6_end_next_csid_l3vpn_test.sh @@ -245,10 +245,8 @@ # that adopted in the use cases already examined (of course, it is necessary to # consider the different SIDs/C-SIDs).

-# Kselftest framework requirement - SKIP code is 4. -readonly ksft_skip=4 +source lib.sh

-readonly RDMSUFF="$(mktemp -u XXXXXXXX)" readonly DUMMY_DEVNAME="dum0" readonly VRF_TID=100 readonly VRF_DEVNAME="vrf-${VRF_TID}" @@ -376,32 +374,18 @@ test_command_or_ksft_skip() fi }

-get_nodename() -{ - local name="$1" - - echo "${name}-${RDMSUFF}" -} - get_rtname() { local rtid="$1"

- get_nodename "rt-${rtid}" + echo "rt_${rtid}" }

get_hsname() { local hsid="$1"

- get_nodename "hs-${hsid}" -} - -__create_namespace() -{ - local name="$1" - - ip netns add "${name}" + echo "hs_${hsid}" }

create_router() @@ -410,8 +394,7 @@ create_router() local nsname

nsname="$(get_rtname "${rtid}")" - - __create_namespace "${nsname}" + setup_ns "${nsname}" }

create_host() @@ -420,28 +403,12 @@ create_host() local nsname

nsname="$(get_hsname "${hsid}")" - - __create_namespace "${nsname}" + setup_ns "${nsname}" }

# check whether the setup phase was completed successfully or not. In # case of an error during the setup phase of the testing environment, @@ -462,10 +429,10 @@ add_link_rt_pairs() local nsname local neigh_nsname

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

for neigh in ${rt_neighs}; do - neigh_nsname="$(get_rtname "${neigh}")" + eval neigh_nsname=${$(get_rtname "${neigh}")}

ip link add "veth-rt-${rt}-${neigh}" netns "${nsname}" \ type veth peer name "veth-rt-${neigh}-${rt}" \ @@ -497,7 +464,7 @@ setup_rt_networking() local devname local neigh

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

for neigh in ${rt_neighs}; do devname="veth-rt-${rt}-${neigh}" @@ -518,9 +485,6 @@ setup_rt_networking() ip netns exec "${nsname}" sysctl -wq net.ipv6.conf.all.accept_dad=0 ip netns exec "${nsname}" sysctl -wq net.ipv6.conf.default.accept_dad=0 ip netns exec "${nsname}" sysctl -wq net.ipv6.conf.all.forwarding=1 - - ip netns exec "${nsname}" sysctl -wq net.ipv4.conf.all.rp_filter=0 - ip netns exec "${nsname}" sysctl -wq net.ipv4.conf.default.rp_filter=0 ip netns exec "${nsname}" sysctl -wq net.ipv4.ip_forward=1 }

@@ -596,7 +560,7 @@ setup_rt_local_sids() local lcnode_func_prefix local lcblock_prefix

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

for neigh in ${rt_neighs}; do devname="veth-rt-${rt}-${neigh}" @@ -668,8 +632,8 @@ __setup_l3vpn() local rtsrc_nsname local rtdst_nsname

- rtsrc_nsname="$(get_rtname "${src}")" - rtdst_nsname="$(get_rtname "${dst}")" + eval rtsrc_nsname=${$(get_rtname "${src}")} + eval rtdst_nsname=${$(get_rtname "${dst}")}

container="${LCBLOCK_ADDR}"

@@ -744,8 +708,8 @@ setup_hs() local hsname local rtname

- hsname="$(get_hsname "${hs}")" - rtname="$(get_rtname "${rt}")" + eval hsname=${$(get_hsname "${hs}")} + eval rtname=${$(get_rtname "${rt}")}

ip netns exec "${hsname}" sysctl -wq net.ipv6.conf.all.accept_dad=0 ip netns exec "${hsname}" sysctl -wq net.ipv6.conf.default.accept_dad=0 @@ -791,11 +755,6 @@ setup_hs() ip netns exec "${rtname}" \ sysctl -wq net.ipv4.conf."${RT2HS_DEVNAME}".proxy_arp=1

- # disable the rp_filter otherwise the kernel gets confused about how - # to route decap ipv4 packets. - ip netns exec "${rtname}" \ - sysctl -wq net.ipv4.conf."${RT2HS_DEVNAME}".rp_filter=0 - ip netns exec "${rtname}" sh -c "echo 1 > /proc/sys/net/vrf/strict_mode" }

@@ -880,7 +839,7 @@ check_rt_connectivity() local prefix local rtsrc_nsname

- rtsrc_nsname="$(get_rtname "${rtsrc}")" + eval rtsrc_nsname=${$(get_rtname "${rtsrc}")}

prefix="$(get_network_prefix "${rtsrc}" "${rtdst}")"

@@ -903,7 +862,7 @@ check_hs_ipv6_connectivity() local hsdst="$2" local hssrc_nsname

- hssrc_nsname="$(get_hsname "${hssrc}")" + eval hssrc_nsname=${$(get_hsname "${hssrc}")}

ip netns exec "${hssrc_nsname}" ping -c 1 -W "${PING_TIMEOUT_SEC}" \ "${IPv6_HS_NETWORK}::${hsdst}" >/dev/null 2>&1 @@ -915,7 +874,7 @@ check_hs_ipv4_connectivity() local hsdst="$2" local hssrc_nsname

- hssrc_nsname="$(get_hsname "${hssrc}")" + eval hssrc_nsname=${$(get_hsname "${hssrc}")}

ip netns exec "${hssrc_nsname}" ping -c 1 -W "${PING_TIMEOUT_SEC}" \ "${IPv4_HS_NETWORK}.${hsdst}" >/dev/null 2>&1 @@ -1025,7 +984,7 @@ rt_x_nextcsid_end_behavior_test() local nsname local ret

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

__nextcsid_end_behavior_test "${nsname}" "add" "${blen}" "${flen}" ret="$?" diff --git a/tools/testing/selftests/net/srv6_end_x_next_csid_l3vpn_test.sh b/tools/testing/selftests/net/srv6_end_x_next_csid_l3vpn_test.sh index c79cb8ede17f..4b86040c58c6 100755 --- a/tools/testing/selftests/net/srv6_end_x_next_csid_l3vpn_test.sh +++ b/tools/testing/selftests/net/srv6_end_x_next_csid_l3vpn_test.sh @@ -287,10 +287,8 @@ # packet using the SRv6 End.DT46 behavior (associated with the SID fcff:1::d46) # and sends it to the host hs-1.

-# Kselftest framework requirement - SKIP code is 4. -readonly ksft_skip=4 +source lib.sh

-readonly RDMSUFF="$(mktemp -u XXXXXXXX)" readonly DUMMY_DEVNAME="dum0" readonly VRF_TID=100 readonly VRF_DEVNAME="vrf-${VRF_TID}" @@ -418,32 +416,18 @@ test_command_or_ksft_skip() fi }

-get_nodename() -{ - local name="$1" - - echo "${name}-${RDMSUFF}" -} - get_rtname() { local rtid="$1"

- get_nodename "rt-${rtid}" + echo "rt_${rtid}" }

get_hsname() { local hsid="$1"

- get_nodename "hs-${hsid}" -} - -__create_namespace() -{ - local name="$1" - - ip netns add "${name}" + echo "hs_${hsid}" }

create_router() @@ -452,15 +436,12 @@ create_router() local nsname

nsname="$(get_rtname "${rtid}")" + setup_ns "${nsname}"

- __create_namespace "${nsname}" - + eval nsname=${$(get_rtname "${rtid}")} ip netns exec "${nsname}" sysctl -wq net.ipv6.conf.all.accept_dad=0 ip netns exec "${nsname}" sysctl -wq net.ipv6.conf.default.accept_dad=0 ip netns exec "${nsname}" sysctl -wq net.ipv6.conf.all.forwarding=1 - - ip netns exec "${nsname}" sysctl -wq net.ipv4.conf.all.rp_filter=0 - ip netns exec "${nsname}" sysctl -wq net.ipv4.conf.default.rp_filter=0 ip netns exec "${nsname}" sysctl -wq net.ipv4.ip_forward=1 }

@@ -470,29 +451,12 @@ create_host() local nsname

nsname="$(get_hsname "${hsid}")" - - __create_namespace "${nsname}" + setup_ns "${nsname}" }

cleanup() { - local nsname - local i - - # destroy routers - for i in ${ROUTERS}; do - nsname="$(get_rtname "${i}")" - - ip netns del "${nsname}" &>/dev/null || true - done - - # destroy hosts - for i in ${HOSTS}; do - nsname="$(get_hsname "${i}")" - - ip netns del "${nsname}" &>/dev/null || true - done - + cleanup_all_ns # check whether the setup phase was completed successfully or not. In # case of an error during the setup phase of the testing environment, # the selftest is considered as "skipped". @@ -512,10 +476,10 @@ add_link_rt_pairs() local nsname local neigh_nsname

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

for neigh in ${rt_neighs}; do - neigh_nsname="$(get_rtname "${neigh}")" + eval neigh_nsname=${$(get_rtname "${neigh}")}

ip link add "veth-rt-${rt}-${neigh}" netns "${nsname}" \ type veth peer name "veth-rt-${neigh}-${rt}" \ @@ -547,7 +511,7 @@ setup_rt_networking() local devname local neigh

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

for neigh in ${rt_neighs}; do devname="veth-rt-${rt}-${neigh}" @@ -631,7 +595,7 @@ set_end_x_nextcsid() local rt="$1" local adj="$2"

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")} net_prefix="$(get_network_prefix "${rt}" "${adj}")" lcnode_func_prefix="$(build_lcnode_func_prefix "${rt}")"

@@ -650,7 +614,7 @@ set_underlay_sids_reachability() local rt="$1" local rt_neighs="$2"

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

for neigh in ${rt_neighs}; do devname="veth-rt-${rt}-${neigh}" @@ -685,7 +649,7 @@ setup_rt_local_sids() local lcnode_func_prefix local lcblock_prefix

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

set_underlay_sids_reachability "${rt}" "${rt_neighs}"

@@ -728,8 +692,8 @@ __setup_l3vpn() local rtsrc_nsname local rtdst_nsname

- rtsrc_nsname="$(get_rtname "${src}")" - rtdst_nsname="$(get_rtname "${dst}")" + eval rtsrc_nsname=${$(get_rtname "${src}")} + eval rtdst_nsname=${$(get_rtname "${dst}")}

container="${LCBLOCK_ADDR}"

@@ -804,8 +768,8 @@ setup_hs() local hsname local rtname

- hsname="$(get_hsname "${hs}")" - rtname="$(get_rtname "${rt}")" + eval hsname=${$(get_hsname "${hs}")} + eval rtname=${$(get_rtname "${rt}")}

ip netns exec "${hsname}" sysctl -wq net.ipv6.conf.all.accept_dad=0 ip netns exec "${hsname}" sysctl -wq net.ipv6.conf.default.accept_dad=0 @@ -851,11 +815,6 @@ setup_hs() ip netns exec "${rtname}" \ sysctl -wq net.ipv4.conf."${RT2HS_DEVNAME}".proxy_arp=1

@@ -947,7 +906,7 @@ check_rt_connectivity() local prefix local rtsrc_nsname

- rtsrc_nsname="$(get_rtname "${rtsrc}")" + eval rtsrc_nsname=${$(get_rtname "${rtsrc}")}

prefix="$(get_network_prefix "${rtsrc}" "${rtdst}")"

@@ -970,7 +929,7 @@ check_hs_ipv6_connectivity() local hsdst="$2" local hssrc_nsname

- hssrc_nsname="$(get_hsname "${hssrc}")" + eval hssrc_nsname=${$(get_hsname "${hssrc}")}

ip netns exec "${hssrc_nsname}" ping -c 1 -W "${PING_TIMEOUT_SEC}" \ "${IPv6_HS_NETWORK}::${hsdst}" >/dev/null 2>&1 @@ -982,7 +941,7 @@ check_hs_ipv4_connectivity() local hsdst="$2" local hssrc_nsname

- hssrc_nsname="$(get_hsname "${hssrc}")" + eval hssrc_nsname=${$(get_hsname "${hssrc}")}

ip netns exec "${hssrc_nsname}" ping -c 1 -W "${PING_TIMEOUT_SEC}" \ "${IPv4_HS_NETWORK}.${hsdst}" >/dev/null 2>&1 @@ -1093,7 +1052,7 @@ rt_x_nextcsid_end_x_behavior_test() local nsname local ret

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

__nextcsid_end_x_behavior_test "${nsname}" "add" "${blen}" "${flen}" ret="$?" diff --git a/tools/testing/selftests/net/srv6_hencap_red_l3vpn_test.sh b/tools/testing/selftests/net/srv6_hencap_red_l3vpn_test.sh index 28a775654b92..3efce1718c5f 100755 --- a/tools/testing/selftests/net/srv6_hencap_red_l3vpn_test.sh +++ b/tools/testing/selftests/net/srv6_hencap_red_l3vpn_test.sh @@ -166,10 +166,8 @@ # hs-4->hs-3 |IPv6 DA=fcff:1::e|SRH SIDs=fcff:3::d46|IPv6|...| (i.d) #

-# Kselftest framework requirement - SKIP code is 4. -readonly ksft_skip=4 +source lib.sh

-readonly RDMSUFF="$(mktemp -u XXXXXXXX)" readonly VRF_TID=100 readonly VRF_DEVNAME="vrf-${VRF_TID}" readonly RT2HS_DEVNAME="veth-t${VRF_TID}" @@ -248,32 +246,18 @@ test_command_or_ksft_skip() fi }

-get_nodename() -{ - local name="$1" - - echo "${name}-${RDMSUFF}" -} - get_rtname() { local rtid="$1"

- get_nodename "rt-${rtid}" + echo "rt_${rtid}" }

get_hsname() { local hsid="$1"

- get_nodename "hs-${hsid}" -} - -__create_namespace() -{ - local name="$1" - - ip netns add "${name}" + echo "hs_${hsid}" }

create_router() @@ -282,8 +266,7 @@ create_router() local nsname

nsname="$(get_rtname "${rtid}")" - - __create_namespace "${nsname}" + setup_ns "${nsname}" }

create_host() @@ -292,29 +275,12 @@ create_host() local nsname

nsname="$(get_hsname "${hsid}")" - - __create_namespace "${nsname}" + setup_ns "${nsname}" }

cleanup() { - local nsname - local i - - # destroy routers - for i in ${ROUTERS}; do - nsname="$(get_rtname "${i}")" - - ip netns del "${nsname}" &>/dev/null || true - done - - # destroy hosts - for i in ${HOSTS}; do - nsname="$(get_hsname "${i}")" - - ip netns del "${nsname}" &>/dev/null || true - done - + cleanup_all_ns # check whether the setup phase was completed successfully or not. In # case of an error during the setup phase of the testing environment, # the selftest is considered as "skipped". @@ -334,10 +300,10 @@ add_link_rt_pairs() local nsname local neigh_nsname

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

for neigh in ${rt_neighs}; do - neigh_nsname="$(get_rtname "${neigh}")" + eval neigh_nsname=${$(get_rtname "${neigh}")}

ip link add "veth-rt-${rt}-${neigh}" netns "${nsname}" \ type veth peer name "veth-rt-${neigh}-${rt}" \ @@ -369,7 +335,7 @@ setup_rt_networking() local devname local neigh

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

for neigh in ${rt_neighs}; do devname="veth-rt-${rt}-${neigh}" @@ -387,9 +353,6 @@ setup_rt_networking() ip netns exec "${nsname}" sysctl -wq net.ipv6.conf.all.accept_dad=0 ip netns exec "${nsname}" sysctl -wq net.ipv6.conf.default.accept_dad=0 ip netns exec "${nsname}" sysctl -wq net.ipv6.conf.all.forwarding=1 - - ip netns exec "${nsname}" sysctl -wq net.ipv4.conf.all.rp_filter=0 - ip netns exec "${nsname}" sysctl -wq net.ipv4.conf.default.rp_filter=0 ip netns exec "${nsname}" sysctl -wq net.ipv4.ip_forward=1 }

@@ -403,7 +366,7 @@ setup_rt_local_sids() local nsname local neigh

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

for neigh in ${rt_neighs}; do devname="veth-rt-${rt}-${neigh}" @@ -469,7 +432,7 @@ __setup_rt_policy() local policy='' local n

- nsname="$(get_rtname "${encap_rt}")" + eval nsname=${$(get_rtname "${encap_rt}")}

for n in ${end_rts}; do policy="${policy}${VPN_LOCATOR_SERVICE}:${n}::${END_FUNC}," @@ -516,8 +479,8 @@ setup_hs() local hsname local rtname

- hsname="$(get_hsname "${hs}")" - rtname="$(get_rtname "${rt}")" + eval hsname=${$(get_hsname "${hs}")} + eval rtname=${$(get_rtname "${rt}")}

ip netns exec "${hsname}" sysctl -wq net.ipv6.conf.all.accept_dad=0 ip netns exec "${hsname}" sysctl -wq net.ipv6.conf.default.accept_dad=0 @@ -555,11 +518,6 @@ setup_hs() ip netns exec "${rtname}" \ sysctl -wq net.ipv4.conf."${RT2HS_DEVNAME}".proxy_arp=1

@@ -656,7 +614,7 @@ check_rt_connectivity() local prefix local rtsrc_nsname

- rtsrc_nsname="$(get_rtname "${rtsrc}")" + eval rtsrc_nsname=${$(get_rtname "${rtsrc}")}

prefix="$(get_network_prefix "${rtsrc}" "${rtdst}")"

@@ -679,7 +637,7 @@ check_hs_ipv6_connectivity() local hsdst="$2" local hssrc_nsname

- hssrc_nsname="$(get_hsname "${hssrc}")" + eval hssrc_nsname=${$(get_hsname "${hssrc}")}

ip netns exec "${hssrc_nsname}" ping -c 1 -W "${PING_TIMEOUT_SEC}" \ "${IPv6_HS_NETWORK}::${hsdst}" >/dev/null 2>&1 @@ -691,7 +649,7 @@ check_hs_ipv4_connectivity() local hsdst="$2" local hssrc_nsname

- hssrc_nsname="$(get_hsname "${hssrc}")" + eval hssrc_nsname=${$(get_hsname "${hssrc}")}

ip netns exec "${hssrc_nsname}" ping -c 1 -W "${PING_TIMEOUT_SEC}" \ "${IPv4_HS_NETWORK}.${hsdst}" >/dev/null 2>&1 diff --git a/tools/testing/selftests/net/srv6_hl2encap_red_l2vpn_test.sh b/tools/testing/selftests/net/srv6_hl2encap_red_l2vpn_test.sh index cb4177d41b21..c08a744bf404 100755 --- a/tools/testing/selftests/net/srv6_hl2encap_red_l2vpn_test.sh +++ b/tools/testing/selftests/net/srv6_hl2encap_red_l2vpn_test.sh @@ -116,10 +116,8 @@ # hs-2->hs-1 |IPv6 DA=fcff:4::e|SRH SIDs=fcff:3::e,fcff:1::d2|eth|...| (i.b) #

-# Kselftest framework requirement - SKIP code is 4. -readonly ksft_skip=4 +source lib.sh

-readonly RDMSUFF="$(mktemp -u XXXXXXXX)" readonly DUMMY_DEVNAME="dum0" readonly RT2HS_DEVNAME="veth-hs" readonly HS_VETH_NAME="veth0" @@ -199,32 +197,18 @@ test_command_or_ksft_skip() fi }

-get_nodename() -{ - local name="$1" - - echo "${name}-${RDMSUFF}" -} - get_rtname() { local rtid="$1"

- get_nodename "rt-${rtid}" + echo "rt_${rtid}" }

get_hsname() { local hsid="$1"

- get_nodename "hs-${hsid}" -} - -__create_namespace() -{ - local name="$1" - - ip netns add "${name}" + echo "hs_${hsid}" }

create_router() @@ -233,8 +217,7 @@ create_router() local nsname

nsname="$(get_rtname "${rtid}")" - - __create_namespace "${nsname}" + setup_ns "${nsname}" }

create_host() @@ -243,28 +226,12 @@ create_host() local nsname

nsname="$(get_hsname "${hsid}")" - - __create_namespace "${nsname}" + setup_ns "${nsname}" }

# check whether the setup phase was completed successfully or not. In # case of an error during the setup phase of the testing environment, @@ -285,10 +252,10 @@ add_link_rt_pairs() local nsname local neigh_nsname

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

for neigh in ${rt_neighs}; do - neigh_nsname="$(get_rtname "${neigh}")" + eval neigh_nsname=${$(get_rtname "${neigh}")}

ip link add "veth-rt-${rt}-${neigh}" netns "${nsname}" \ type veth peer name "veth-rt-${neigh}-${rt}" \ @@ -320,7 +287,7 @@ setup_rt_networking() local devname local neigh

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

for neigh in ${rt_neighs}; do devname="veth-rt-${rt}-${neigh}" @@ -341,9 +308,6 @@ setup_rt_networking() ip netns exec "${nsname}" sysctl -wq net.ipv6.conf.all.accept_dad=0 ip netns exec "${nsname}" sysctl -wq net.ipv6.conf.default.accept_dad=0 ip netns exec "${nsname}" sysctl -wq net.ipv6.conf.all.forwarding=1 - - ip netns exec "${nsname}" sysctl -wq net.ipv4.conf.all.rp_filter=0 - ip netns exec "${nsname}" sysctl -wq net.ipv4.conf.default.rp_filter=0 ip netns exec "${nsname}" sysctl -wq net.ipv4.ip_forward=1 }

@@ -357,7 +321,7 @@ setup_rt_local_sids() local nsname local neigh

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

for neigh in ${rt_neighs}; do devname="veth-rt-${rt}-${neigh}" @@ -407,7 +371,7 @@ __setup_rt_policy() local policy='' local n

- nsname="$(get_rtname "${encap_rt}")" + eval nsname=${$(get_rtname "${encap_rt}")}

for n in ${end_rts}; do policy="${policy}${VPN_LOCATOR_SERVICE}:${n}::${END_FUNC}," @@ -446,7 +410,7 @@ setup_decap() local rt="$1" local nsname

- nsname="$(get_rtname "${rt}")" + eval nsname=${$(get_rtname "${rt}")}

# Local End.DX2 behavior ip -netns "${nsname}" -6 route \ @@ -463,8 +427,8 @@ setup_hs() local hsname local rtname

- hsname="$(get_hsname "${hs}")" - rtname="$(get_rtname "${rt}")" + eval hsname=${$(get_hsname "${hs}")} + eval rtname=${$(get_rtname "${rt}")}

ip netns exec "${hsname}" sysctl -wq net.ipv6.conf.all.accept_dad=0 ip netns exec "${hsname}" sysctl -wq net.ipv6.conf.default.accept_dad=0 @@ -486,11 +450,6 @@ setup_hs() add "${IPv4_HS_NETWORK}.254/24" dev "${RT2HS_DEVNAME}"

ip -netns "${rtname}" link set "${RT2HS_DEVNAME}" up - - # disable the rp_filter otherwise the kernel gets confused about how - # to route decap ipv4 packets. - ip netns exec "${rtname}" \ - sysctl -wq net.ipv4.conf."${RT2HS_DEVNAME}".rp_filter=0 }

# set an auto-generated mac address @@ -532,7 +491,7 @@ set_host_l2peer() local hssrc_name local ipaddr

- hssrc_name="$(get_hsname "${hssrc}")" + eval hssrc_name=${$(get_hsname "${hssrc}")}

if [ "${proto}" -eq 6 ]; then ipaddr="${ipprefix}::${hsdst}" @@ -647,7 +606,7 @@ check_rt_connectivity() local prefix local rtsrc_nsname

- rtsrc_nsname="$(get_rtname "${rtsrc}")" + eval rtsrc_nsname=${$(get_rtname "${rtsrc}")}

prefix="$(get_network_prefix "${rtsrc}" "${rtdst}")"

@@ -670,7 +629,7 @@ check_hs_ipv6_connectivity() local hsdst="$2" local hssrc_nsname

- hssrc_nsname="$(get_hsname "${hssrc}")" + eval hssrc_nsname=${$(get_hsname "${hssrc}")}

ip netns exec "${hssrc_nsname}" ping -c 1 -W "${PING_TIMEOUT_SEC}" \ "${IPv6_HS_NETWORK}::${hsdst}" >/dev/null 2>&1 @@ -682,7 +641,7 @@ check_hs_ipv4_connectivity() local hsdst="$2" local hssrc_nsname

- hssrc_nsname="$(get_hsname "${hssrc}")" + eval hssrc_nsname=${$(get_hsname "${hssrc}")}

ip netns exec "${hssrc_nsname}" ping -c 1 -W "${PING_TIMEOUT_SEC}" \ "${IPv4_HS_NETWORK}.${hsdst}" >/dev/null 2>&1

-- 2.46.0

Jakub Kicinski

11:39 p.m.

New subject: [PATCH net-next 4/6] selftests: net: use setup_ns for SRv6 tests and remove rp_filter configuration

On Wed, 7 May 2025 13:18:54 +0000 Hangbin Liu wrote:

...

Some SRv6 tests manually set up network namespaces and disable rp_filter. Since the setup_ns library function already handles rp_filter configuration, convert these SRv6 tests to use setup_ns and remove the redundant rp_filter settings.

Missed some get_nodename calls, I think?

# ./srv6_hl2encap_red_l2vpn_test.sh: line 470: get_nodename: command not found # SKIP: Setting up the testing environment failed ok 1 selftests: net: srv6_hl2encap_red_l2vpn_test.sh # SKIP

-- pw-bot: cr

Hangbin Liu

8 May 8 May

2:15 a.m.

New subject: [PATCH net-next 4/6] selftests: net: use setup_ns for SRv6 tests and remove rp_filter configuration

On Wed, May 07, 2025 at 04:39:04PM -0700, Jakub Kicinski wrote:

...

On Wed, 7 May 2025 13:18:54 +0000 Hangbin Liu wrote:

...
Some SRv6 tests manually set up network namespaces and disable rp_filter. Since the setup_ns library function already handles rp_filter configuration, convert these SRv6 tests to use setup_ns and remove the redundant rp_filter settings.

Missed some get_nodename calls, I think?

# ./srv6_hl2encap_red_l2vpn_test.sh: line 470: get_nodename: command not found # SKIP: Setting up the testing environment failed ok 1 selftests: net: srv6_hl2encap_red_l2vpn_test.sh # SKIP

Hmm, somehow I missed testing this one before posting the patch...

I will fix it and post a v2 patch. Sorry for taking up your time.

Thanks Hangbin

Hangbin Liu

7 May 7 May

1:18 p.m.

New subject: [PATCH net-next 5/6] selftests: netfilter: remove rp_filter configuration

Remove the manual rp_filter configuration, as setup_ns already sets it appropriately by default

Signed-off-by: Hangbin Liu liuhangbin@gmail.com --- .../selftests/net/netfilter/br_netfilter.sh | 3 --- .../selftests/net/netfilter/bridge_brouter.sh | 2 -- .../selftests/net/netfilter/conntrack_vrf.sh | 3 --- tools/testing/selftests/net/netfilter/ipvs.sh | 6 ------ .../testing/selftests/net/netfilter/nft_fib.sh | 2 -- .../selftests/net/netfilter/nft_nat_zones.sh | 2 -- tools/testing/selftests/net/netfilter/rpath.sh | 18 +++++------------- 7 files changed, 5 insertions(+), 31 deletions(-)

diff --git a/tools/testing/selftests/net/netfilter/br_netfilter.sh b/tools/testing/selftests/net/netfilter/br_netfilter.sh index 1559ba275105..011de8763094 100755 --- a/tools/testing/selftests/net/netfilter/br_netfilter.sh +++ b/tools/testing/selftests/net/netfilter/br_netfilter.sh @@ -60,9 +60,6 @@ bcast_ping() done }

-ip netns exec "$ns0" sysctl -q net.ipv4.conf.all.rp_filter=0 -ip netns exec "$ns0" sysctl -q net.ipv4.conf.default.rp_filter=0 - if ! ip link add veth1 netns "$ns0" type veth peer name eth0 netns "$ns1"; then echo "SKIP: Can't create veth device" exit $ksft_skip diff --git a/tools/testing/selftests/net/netfilter/bridge_brouter.sh b/tools/testing/selftests/net/netfilter/bridge_brouter.sh index 2549b6590693..ea76f2bc2f59 100755 --- a/tools/testing/selftests/net/netfilter/bridge_brouter.sh +++ b/tools/testing/selftests/net/netfilter/bridge_brouter.sh @@ -22,8 +22,6 @@ trap cleanup EXIT

setup_ns nsbr ns1 ns2

-ip netns exec "$nsbr" sysctl -q net.ipv4.conf.default.rp_filter=0 -ip netns exec "$nsbr" sysctl -q net.ipv4.conf.all.rp_filter=0 if ! ip link add veth0 netns "$nsbr" type veth peer name eth0 netns "$ns1"; then echo "SKIP: Can't create veth device" exit $ksft_skip diff --git a/tools/testing/selftests/net/netfilter/conntrack_vrf.sh b/tools/testing/selftests/net/netfilter/conntrack_vrf.sh index e95ecb37c2b1..025b58f2ae91 100755 --- a/tools/testing/selftests/net/netfilter/conntrack_vrf.sh +++ b/tools/testing/selftests/net/netfilter/conntrack_vrf.sh @@ -52,9 +52,6 @@ trap cleanup EXIT

setup_ns ns0 ns1

-ip netns exec "$ns0" sysctl -q -w net.ipv4.conf.default.rp_filter=0 -ip netns exec "$ns0" sysctl -q -w net.ipv4.conf.all.rp_filter=0 -ip netns exec "$ns0" sysctl -q -w net.ipv4.conf.all.rp_filter=0 ip netns exec "$ns0" sysctl -q -w net.ipv4.conf.all.forwarding=1

if ! ip link add veth0 netns "$ns0" type veth peer name veth0 netns "$ns1" > /dev/null 2>&1; then diff --git a/tools/testing/selftests/net/netfilter/ipvs.sh b/tools/testing/selftests/net/netfilter/ipvs.sh index d3edb16cd4b3..6af2ea3ad6b8 100755 --- a/tools/testing/selftests/net/netfilter/ipvs.sh +++ b/tools/testing/selftests/net/netfilter/ipvs.sh @@ -129,9 +129,6 @@ test_dr() { # avoid incorrect arp response ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.all.arp_ignore=1 ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.all.arp_announce=2 - # avoid reverse route lookup - ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.all.rp_filter=0 - ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.veth21.rp_filter=0 ip netns exec "${ns2}" ip addr add "${vip_v4}/32" dev lo:1

test_service @@ -167,9 +164,6 @@ test_tun() { ip netns exec "${ns2}" ip link set tunl0 up ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.all.arp_ignore=1 ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.all.arp_announce=2 - ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.all.rp_filter=0 - ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.tunl0.rp_filter=0 - ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.veth21.rp_filter=0 ip netns exec "${ns2}" ip addr add "${vip_v4}/32" dev lo:1

test_service diff --git a/tools/testing/selftests/net/netfilter/nft_fib.sh b/tools/testing/selftests/net/netfilter/nft_fib.sh index ea47dd246a08..82780b39277c 100755 --- a/tools/testing/selftests/net/netfilter/nft_fib.sh +++ b/tools/testing/selftests/net/netfilter/nft_fib.sh @@ -167,8 +167,6 @@ test_ping() { ip netns exec "$nsrouter" sysctl net.ipv6.conf.all.forwarding=1 > /dev/null ip netns exec "$nsrouter" sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null ip netns exec "$nsrouter" sysctl net.ipv4.conf.veth1.forwarding=1 > /dev/null -ip netns exec "$nsrouter" sysctl net.ipv4.conf.all.rp_filter=0 > /dev/null -ip netns exec "$nsrouter" sysctl net.ipv4.conf.veth0.rp_filter=0 > /dev/null

test_ping 10.0.2.1 dead:2::1 || exit 1 check_drops || exit 1 diff --git a/tools/testing/selftests/net/netfilter/nft_nat_zones.sh b/tools/testing/selftests/net/netfilter/nft_nat_zones.sh index 3b81d88bdde3..9f200f80253a 100755 --- a/tools/testing/selftests/net/netfilter/nft_nat_zones.sh +++ b/tools/testing/selftests/net/netfilter/nft_nat_zones.sh @@ -88,7 +88,6 @@ for i in $(seq 1 "$maxclients");do echo netns exec "$cl" sysctl -q net.ipv4.tcp_syn_retries=2 echo netns exec "$gw" ip link set "veth$i" up echo netns exec "$gw" sysctl -q net.ipv4.conf.veth"$i".arp_ignore=2 - echo netns exec "$gw" sysctl -q net.ipv4.conf.veth"$i".rp_filter=0

# clients have same IP addresses. echo netns exec "$cl" ip addr add 10.1.0.3/24 dev eth0 @@ -178,7 +177,6 @@ fi

ip netns exec "$gw" sysctl -q net.ipv4.conf.all.forwarding=1 > /dev/null ip netns exec "$gw" sysctl -q net.ipv6.conf.all.forwarding=1 > /dev/null -ip netns exec "$gw" sysctl -q net.ipv4.conf.all.rp_filter=0 >/dev/null

# useful for debugging: allows to use 'ping' from clients to gateway. ip netns exec "$gw" sysctl -q net.ipv4.fwmark_reflect=1 > /dev/null diff --git a/tools/testing/selftests/net/netfilter/rpath.sh b/tools/testing/selftests/net/netfilter/rpath.sh index 86ec4e68594d..24ad41d526d9 100755 --- a/tools/testing/selftests/net/netfilter/rpath.sh +++ b/tools/testing/selftests/net/netfilter/rpath.sh @@ -1,8 +1,7 @@ #!/bin/bash # SPDX-License-Identifier: GPL-2.0

-# return code to signal skipped test -ksft_skip=4 +source lib.sh

# search for legacy iptables (it uses the xtables extensions if iptables-legacy --version >/dev/null 2>&1; then @@ -32,17 +31,10 @@ if [ -z "$iptables$ip6tables$nft" ]; then exit $ksft_skip fi

-sfx=$(mktemp -u "XXXXXXXX") -ns1="ns1-$sfx" -ns2="ns2-$sfx" -trap "ip netns del $ns1; ip netns del $ns2" EXIT - -# create two netns, disable rp_filter in ns2 and -# keep IPv6 address when moving into VRF -ip netns add "$ns1" -ip netns add "$ns2" -ip netns exec "$ns2" sysctl -q net.ipv4.conf.all.rp_filter=0 -ip netns exec "$ns2" sysctl -q net.ipv4.conf.default.rp_filter=0 +trap cleanup_all_ns EXIT + +# create two netns, keep IPv6 address when moving into VRF +setup_ns ns1 ns2 ip netns exec "$ns2" sysctl -q net.ipv6.conf.all.keep_addr_on_down=1

# a standard connection between the netns, should not trigger rp filter

-- 2.46.0

Florian Westphal

2:38 p.m.

New subject: [PATCH net-next 5/6] selftests: netfilter: remove rp_filter configuration

Hangbin Liu liuhangbin@gmail.com wrote:

...

Remove the manual rp_filter configuration, as setup_ns already sets it appropriately by default

Acked-by: Florian Westphal fw@strlen.de

Hangbin Liu

1:18 p.m.

New subject: [PATCH net-next 6/6] selftests: mptcp: remove rp_filter configuration

Remove the manual rp_filter configuration from MPTCP tests, as it is now handled by setup_ns.

Signed-off-by: Hangbin Liu liuhangbin@gmail.com --- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 2 -- 1 file changed, 2 deletions(-)

diff --git a/tools/testing/selftests/net/mptcp/mptcp_lib.sh b/tools/testing/selftests/net/mptcp/mptcp_lib.sh index 99c87cd6e255..55212188871e 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_lib.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_lib.sh @@ -479,8 +479,6 @@ mptcp_lib_ns_init() { local netns for netns in "${@}"; do ip netns exec "${!netns}" sysctl -q net.mptcp.enabled=1 - ip netns exec "${!netns}" sysctl -q net.ipv4.conf.all.rp_filter=0 - ip netns exec "${!netns}" sysctl -q net.ipv4.conf.default.rp_filter=0 done }

-- 2.46.0

Matthieu Baerts

2:13 p.m.

New subject: [PATCH net-next 6/6] selftests: mptcp: remove rp_filter configuration

Hi Hangbin,

On 07/05/2025 15:18, Hangbin Liu wrote:

...

Remove the manual rp_filter configuration from MPTCP tests, as it is now handled by setup_ns.

Thanks!

Acked-by: Matthieu Baerts (NGI0) matttbe@kernel.org

Cheers, Matt

-- Sponsored by the NGI0 Core fund.

days inactive

days old

linux-kselftest-mirror@lists.linaro.org

10 comments

participants

tags (0)

participants (4)

Florian Westphal
Hangbin Liu
Jakub Kicinski
Matthieu Baerts