Commit c1a9d47b authored by Florian Westphal's avatar Florian Westphal Committed by Jakub Kicinski
Browse files

selftests: netfilter: nft_zones_many.sh: move to lib.sh infra 



Also do shellcheck cleanups here, no functional changes intended.
When running tests via vng tool, the packetpath insertion test fails:
dd: failed to open '/dev/stdout': Device or resource busy

Just omit 'of=' and this will work as intended.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Link: https://lore.kernel.org/r/20240418152744.15105-5-fw@strlen.de


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent a849e06c

tools/testing/selftests/net/netfilter/nft_zones_many.sh

+45 −48
Original line number Diff line number Diff line
@@ -3,11 +3,7 @@ 
# Test insertion speed for packets with identical addresses/ports

# that are all placed in distinct conntrack zones.



sfx=$(mktemp -u "XXXXXXXX")

ns="ns-$sfx"



# Kselftest framework requirement - SKIP code is 4.

ksft_skip=4

source lib.sh



zones=2000

have_ct_tool=0
@@ -15,35 +11,25 @@ ret=0 


cleanup()

{

	ip netns del $ns

}



checktool (){

	if ! $1 > /dev/null 2>&1; then

		echo "SKIP: Could not $2"

		exit $ksft_skip

	fi

	cleanup_all_ns

}



checktool "nft --version" "run test without nft tool"

checktool "ip -Version" "run test without ip tool"

checktool "socat -V" "run test without socat tool"

checktool "ip netns add $ns" "create net namespace"



setup_ns ns1



trap cleanup EXIT



conntrack -V > /dev/null 2>&1

if [ $? -eq 0 ];then

if conntrack -V > /dev/null 2>&1; then

	have_ct_tool=1

fi



ip -net "$ns" link set lo up



test_zones() {

	local max_zones=$1



ip netns exec $ns sysctl -q net.netfilter.nf_conntrack_udp_timeout=3600

ip netns exec $ns nft -f /dev/stdin<<EOF

ip netns exec "$ns1" sysctl -q net.netfilter.nf_conntrack_udp_timeout=3600

ip netns exec "$ns1" nft -f /dev/stdin<<EOF

flush ruleset

table inet raw {

	map rndzone {
@@ -56,29 +42,36 @@ table inet raw { 
	}

}

EOF

if [ "$?" -ne 0 ];then

	echo "SKIP: Cannot add nftables rules"

	exit $ksft_skip

fi

	(

		echo "add element inet raw rndzone {"

	for i in $(seq 1 $max_zones);do

	for i in $(seq 1 "$max_zones");do

		echo -n "$i : $i"

		if [ $i -lt $max_zones ]; then

		if [ "$i" -lt "$max_zones" ]; then

			echo ","

		else

			echo "}"

		fi

	done

	) | ip netns exec $ns nft -f /dev/stdin

	) | ip netns exec "$ns1" nft -f /dev/stdin



	local i=0

	local j=0

	local outerstart=$(date +%s%3N)

	local stop=$outerstart



	while [ $i -lt $max_zones ]; do

		local start=$(date +%s%3N)

	local outerstart

	local stop

	outerstart=$(date +%s%3N)

	stop=$outerstart



	while [ "$i" -lt "$max_zones" ]; do

		local start

		start=$(date +%s%3N)

		i=$((i + 1000))

		j=$((j + 1))

		# nft rule in output places each packet in a different zone.

		dd if=/dev/zero of=/dev/stdout bs=8k count=1000 2>/dev/null | ip netns exec "$ns" socat STDIN UDP:127.0.0.1:12345,sourceport=12345

		dd if=/dev/zero bs=8k count=1000 2>/dev/null | ip netns exec "$ns1" socat -u STDIN UDP:127.0.0.1:12345,sourceport=12345

		if [ $? -ne 0 ] ;then

			ret=1

			break
@@ -89,14 +82,15 @@ EOF 
		echo "PASS: added 1000 entries in $duration ms (now $i total, loop $j)"

	done



	if [ $have_ct_tool -eq 1 ]; then

		local count=$(ip netns exec "$ns" conntrack -C)

		local duration=$((stop-outerstart))

	if [ "$have_ct_tool" -eq 1 ]; then

		local count duration

		count=$(ip netns exec "$ns1" conntrack -C)

		duration=$((stop-outerstart))



		if [ $count -eq $max_zones ]; then

		if [ "$count" -eq "$max_zones" ]; then

			echo "PASS: inserted $count entries from packet path in $duration ms total"

		else

			ip netns exec $ns conntrack -S 1>&2

			ip netns exec "$ns1" conntrack -S 1>&2

			echo "FAIL: inserted $count entries from packet path in $duration ms total, expected $max_zones entries"

			ret=1

		fi
@@ -110,18 +104,19 @@ EOF 
test_conntrack_tool() {

	local max_zones=$1



	ip netns exec $ns conntrack -F >/dev/null 2>/dev/null

	ip netns exec "$ns1" conntrack -F >/dev/null 2>/dev/null



	local outerstart=$(date +%s%3N)

	local start=$(date +%s%3N)

	local stop=$start

	local i=0

	while [ $i -lt $max_zones ]; do

	local outerstart start stop i

	outerstart=$(date +%s%3N)

	start=$(date +%s%3N)

	stop="$start"

	i=0

	while [ "$i" -lt "$max_zones" ]; do

		i=$((i + 1))

		ip netns exec "$ns" conntrack -I -s 1.1.1.1 -d 2.2.2.2 --protonum 6 \

		ip netns exec "$ns1" conntrack -I -s 1.1.1.1 -d 2.2.2.2 --protonum 6 \

	                 --timeout 3600 --state ESTABLISHED --sport 12345 --dport 1000 --zone $i >/dev/null 2>&1

		if [ $? -ne 0 ];then

			ip netns exec "$ns" conntrack -I -s 1.1.1.1 -d 2.2.2.2 --protonum 6 \

			ip netns exec "$ns1" conntrack -I -s 1.1.1.1 -d 2.2.2.2 --protonum 6 \

	                 --timeout 3600 --state ESTABLISHED --sport 12345 --dport 1000 --zone $i > /dev/null

			echo "FAIL: conntrack -I returned an error"

			ret=1
@@ -137,13 +132,15 @@ test_conntrack_tool() { 
		fi

	done



	local count=$(ip netns exec "$ns" conntrack -C)

	local duration=$((stop-outerstart))

	local count

	local duration

	count=$(ip netns exec "$ns1" conntrack -C)

	duration=$((stop-outerstart))



	if [ $count -eq $max_zones ]; then

	if [ "$count" -eq "$max_zones" ]; then

		echo "PASS: inserted $count entries via ctnetlink in $duration ms"

	else

		ip netns exec $ns conntrack -S 1>&2

		ip netns exec "$ns1" conntrack -S 1>&2

		echo "FAIL: inserted $count entries via ctnetlink in $duration ms, expected $max_zones entries ($duration ms)"

		ret=1

	fi
@@ -151,7 +148,7 @@ test_conntrack_tool() { 


test_zones $zones



if [ $have_ct_tool -eq 1 ];then

if [ "$have_ct_tool" -eq 1 ];then

	test_conntrack_tool $zones

else

	echo "SKIP: Could not run ctnetlink insertion test without conntrack tool"