Commit d31c1caf authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

selftests: netfilter: nft_concat_range.sh: add coverage for 4bit group representation 



Pipapo supports a more compact '4 bit group' format that is chosen when
the memory needed for the default exceeds a threshold (2mb).

Add coverage for those code paths, the existing tests use small sets that
are handled by the default representation.

This comes with a test script run-time increase, but I think its ok:

 normal: 2m35s -> 3m9s
 debug:  3m24s -> 5m29s (with KSFT_MACHINE_SLOW=yes).

Cc: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Reviewed-by: default avatarStefano Brivio <sbrivio@redhat.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent f685204c

tools/testing/selftests/net/netfilter/nft_concat_range.sh

+161 −4
Original line number Diff line number Diff line
@@ -15,10 +15,12 @@ source lib.sh 
# Available test groups:

# - reported_issues: check for issues that were reported in the past

# - correctness: check that packets match given entries, and only those

# - correctness_large: same but with additional non-matching entries

# - concurrency: attempt races between insertion, deletion and lookup

# - timeout: check that packets match entries until they expire

# - performance: estimate matching rate, compare with rbtree and hash baselines

TESTS="reported_issues correctness concurrency timeout"

TESTS="reported_issues correctness correctness_large concurrency timeout"



[ -n "$NFT_CONCAT_RANGE_TESTS" ] && TESTS="${NFT_CONCAT_RANGE_TESTS}"



# Set types, defined by TYPE_ variables below
@@ -1257,9 +1259,7 @@ send_nomatch() { 
# - add ranged element, check that packets match it

# - check that packets outside range don't match it

# - remove some elements, check that packets don't match anymore

test_correctness() {

	setup veth send_"${proto}" set || return ${ksft_skip}



test_correctness_main() {

	range_size=1

	for i in $(seq "${start}" $((start + count))); do

		end=$((start + range_size))
@@ -1293,6 +1293,163 @@ test_correctness() { 
	done

}



test_correctness() {

	setup veth send_"${proto}" set || return ${ksft_skip}



	test_correctness_main

}



# Repeat the correctness tests, but add extra non-matching entries.

# This exercises the more compact '4 bit group' representation that

# gets picked when the default 8-bit representation exceed

# NFT_PIPAPO_LT_SIZE_HIGH bytes of memory.

# See usage of NFT_PIPAPO_LT_SIZE_HIGH in pipapo_lt_bits_adjust().

#

# The format() helper is way too slow when generating lots of

# entries so its not used here.

test_correctness_large() {

	setup veth send_"${proto}" set || return ${ksft_skip}

	# number of dummy (filler) entries to add.

	local dcount=16385



	(

	echo -n "add element inet filter test { "



	case "$type_spec" in

	"ether_addr . ipv4_addr")

		for i in $(seq 1 $dcount); do

			[ $i -gt 1 ] && echo ", "

			format_mac $((1000000 + i))

			printf ". 172.%i.%i.%i " $((RANDOM%256)) $((RANDOM%256)) $((i%256))

		done

		;;

	"inet_proto . ipv6_addr")

		for i in $(seq 1 $dcount); do

			[ $i -gt 1 ] && echo ", "

			printf "%i . " $((RANDOM%256))

			format_addr6 $((1000000 + i))

		done

		;;

	"inet_service . inet_proto")

		# smaller key sizes, need more entries to hit the

		# 4-bit threshold.

		dcount=65536

		for i in $(seq 1 $dcount); do

			local proto=$((RANDOM%256))



			# Test uses UDP to match, as it also fails when matching

			# an entry that doesn't exist, so skip 'udp' entries

			# to not trigger a wrong failure.

			[ $proto -eq 17 ] && proto=18

			[ $i -gt 1 ] && echo ", "

			printf "%i . %i " $(((i%65534) + 1)) $((proto))

		done

		;;

	"inet_service . ipv4_addr")

		dcount=32768

		for i in $(seq 1 $dcount); do

			[ $i -gt 1 ] && echo ", "

			printf "%i . 172.%i.%i.%i " $(((RANDOM%65534) + 1)) $((RANDOM%256)) $((RANDOM%256)) $((i%256))

		done

		;;

	"ipv4_addr . ether_addr")

		for i in $(seq 1 $dcount); do

			[ $i -gt 1 ] && echo ", "

			printf "172.%i.%i.%i . " $((RANDOM%256)) $((RANDOM%256)) $((i%256))

			format_mac $((1000000 + i))

		done

		;;

	"ipv4_addr . inet_service")

		dcount=32768

		for i in $(seq 1 $dcount); do

			[ $i -gt 1 ] && echo ", "

			printf "172.%i.%i.%i . %i" $((RANDOM%256)) $((RANDOM%256)) $((i%256)) $(((RANDOM%65534) + 1))

		done

		;;

	"ipv4_addr . inet_service . ether_addr . inet_proto . ipv4_addr")

		dcount=65536

		for i in $(seq 1 $dcount); do

			[ $i -gt 1 ] && echo ", "

			printf "172.%i.%i.%i . %i . " $((RANDOM%256)) $((RANDOM%256)) $((i%256)) $(((RANDOM%65534) + 1))

			format_mac $((1000000 + i))

			printf ". %i . 192.168.%i.%i" $((RANDOM%256)) $((RANDOM%256)) $((i%256))

		done

		;;

	"ipv4_addr . inet_service . inet_proto")

		for i in $(seq 1 $dcount); do

			[ $i -gt 1 ] && echo ", "

			printf "172.%i.%i.%i . %i . %i " $((RANDOM%256)) $((RANDOM%256)) $((i%256)) $(((RANDOM%65534) + 1)) $((RANDOM%256))

		done

		;;

	"ipv4_addr . inet_service . inet_proto . ipv4_addr")

		for i in $(seq 1 $dcount); do

			[ $i -gt 1 ] && echo ", "

			printf "172.%i.%i.%i . %i . %i . 192.168.%i.%i " $((RANDOM%256)) $((RANDOM%256)) $((i%256)) $(((RANDOM%65534) + 1)) $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256))

		done

		;;

	"ipv4_addr . inet_service . ipv4_addr")

		dcount=32768

		for i in $(seq 1 $dcount); do

			[ $i -gt 1 ] && echo ", "

			printf "172.%i.%i.%i . %i . 192.168.%i.%i " $((RANDOM%256)) $((RANDOM%256)) $((i%256)) $(((RANDOM%65534) + 1)) $((RANDOM%256)) $((RANDOM%256))

		done

		;;

	"ipv6_addr . ether_addr")

		for i in $(seq 1 $dcount); do

			[ $i -gt 1 ] && echo ", "

			format_addr6 $((i + 1000000))

			echo -n " . "

			format_mac $((1000000 + i))

		done

		;;

	"ipv6_addr . inet_service")

		dcount=32768

		for i in $(seq 1 $dcount); do

			[ $i -gt 1 ] && echo ", "

			format_addr6 $((i + 1000000))

			echo -n " .  $(((RANDOM%65534) + 1))"

		done

		;;

	"ipv6_addr . inet_service . ether_addr")

		dcount=32768

		for i in $(seq 1 $dcount); do

			[ $i -gt 1 ] && echo ", "

			format_addr6 $((i + 1000000))

			echo -n " .  $(((RANDOM%65534) + 1)) . "

			format_mac $((i + 1000000))

		done

		;;

	"ipv6_addr . inet_service . ether_addr . inet_proto")

		dcount=65536

		for i in $(seq 1 $dcount); do

			[ $i -gt 1 ] && echo ", "

			format_addr6 $((i + 1000000))

			echo -n " .  $(((RANDOM%65534) + 1)) . "

			format_mac $((i + 1000000))

			echo -n " .  $((RANDOM%256))"

		done

		;;

	"ipv6_addr . inet_service . ipv6_addr . inet_service")

		dcount=32768

		for i in $(seq 1 $dcount); do

			[ $i -gt 1 ] && echo ", "

			format_addr6 $((i + 1000000))

			echo -n " .  $(((RANDOM%65534) + 1)) . "

			format_addr6 $((i + 2123456))

			echo -n " .  $((RANDOM%256))"

		done

		;;

	*)

		"Unhandled $type_spec"

		return 1

	esac

	echo -n "}"



	) | nft -f - || return 1



	test_correctness_main

}



# Concurrency test template:

# - add all the elements

# - start a thread for each physical thread that: