Commit e9c392a1 authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge branch 'selftests-net-configure-rp_filter-in-setup_ns' 

Hangbin Liu says:

====================
selftests: net: configure rp_filter in setup_ns

Some distributions enable rp_filter globally by default, which can interfere
with various test cases. To address this, many tests explicitly disable
rp_filter within their scripts.

To avoid duplication and ensure consistent behavior across tests, this patch
moves the rp_filter configuration into setup_ns, applied immediately after a
new namespace is created. This change ensures that all namespace-based tests
inherit the appropriate rp_filter settings, simplifying individual test
scripts and improving maintainability.
====================

Link: https://patch.msgid.link/20250508081910.84216-1-liuhangbin@gmail.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents c14e1ece b83d98c1

tools/testing/selftests/net/bareudp.sh

+7 −42
Original line number Diff line number Diff line
@@ -106,26 +106,16 @@ 
# |                                                                       |

# +-----------------------------------------------------------------------+



. ./lib.sh



ERR=4 # Return 4 by default, which is the SKIP code for kselftest

PING6="ping"

PAUSE_ON_FAIL="no"



readonly NS0=$(mktemp -u ns0-XXXXXXXX)

readonly NS1=$(mktemp -u ns1-XXXXXXXX)

readonly NS2=$(mktemp -u ns2-XXXXXXXX)

readonly NS3=$(mktemp -u ns3-XXXXXXXX)



# Exit the script after having removed the network namespaces it created

#

# Parameters:

#

#   * The list of network namespaces to delete before exiting.

#

exit_cleanup()

{

	for ns in "$@"; do

		ip netns delete "${ns}" 2>/dev/null || true

	done

	cleanup_all_ns



	if [ "${ERR}" -eq 4 ]; then

		echo "Error: Setting up the testing environment failed." >&2
@@ -140,17 +130,7 @@ exit_cleanup() 
# namespaces created by this script are deleted.

create_namespaces()

{

	ip netns add "${NS0}" || exit_cleanup

	ip netns add "${NS1}" || exit_cleanup "${NS0}"

	ip netns add "${NS2}" || exit_cleanup "${NS0}" "${NS1}"

	ip netns add "${NS3}" || exit_cleanup "${NS0}" "${NS1}" "${NS2}"

}



# The trap function handler

#

exit_cleanup_all()

{

	exit_cleanup "${NS0}" "${NS1}" "${NS2}" "${NS3}"

	setup_ns NS0 NS1 NS2 NS3 || exit_cleanup

}



# Configure a network interface using a host route
@@ -188,10 +168,6 @@ iface_config() 
#

setup_underlay()

{

	for ns in "${NS0}" "${NS1}" "${NS2}" "${NS3}"; do

		ip -netns "${ns}" link set dev lo up

	done;



	ip link add name veth01 netns "${NS0}" type veth peer name veth10 netns "${NS1}"

	ip link add name veth12 netns "${NS1}" type veth peer name veth21 netns "${NS2}"

	ip link add name veth23 netns "${NS2}" type veth peer name veth32 netns "${NS3}"
@@ -234,14 +210,6 @@ setup_overlay_ipv4() 
	ip netns exec "${NS2}" sysctl -qw net.ipv4.ip_forward=1

	ip -netns "${NS1}" route add 192.0.2.100/32 via 192.0.2.10

	ip -netns "${NS2}" route add 192.0.2.103/32 via 192.0.2.33



	# The intermediate namespaces don't have routes for the reverse path,

	# as it will be handled by tc. So we need to ensure that rp_filter is

	# not going to block the traffic.

	ip netns exec "${NS1}" sysctl -qw net.ipv4.conf.all.rp_filter=0

	ip netns exec "${NS2}" sysctl -qw net.ipv4.conf.all.rp_filter=0

	ip netns exec "${NS1}" sysctl -qw net.ipv4.conf.default.rp_filter=0

	ip netns exec "${NS2}" sysctl -qw net.ipv4.conf.default.rp_filter=0

}



setup_overlay_ipv6()
@@ -521,13 +489,10 @@ done 


check_features



# Create namespaces before setting up the exit trap.

# Otherwise, exit_cleanup_all() could delete namespaces that were not created

# by this script.

create_namespaces



set -e

trap exit_cleanup_all EXIT

trap exit_cleanup EXIT



create_namespaces



setup_underlay

setup_overlay_ipv4

tools/testing/selftests/net/fib_rule_tests.sh

+0 −3
Original line number Diff line number Diff line
@@ -516,10 +516,7 @@ fib_rule4_test() 
	fib_rule4_test_match_n_redirect "$match" "$match" "$getnomatch" \

		"oif redirect to table" "oif no redirect to table"



	# Enable forwarding and disable rp_filter as all the addresses are in

	# the same subnet and egress device == ingress device.

	ip netns exec $testns sysctl -qw net.ipv4.ip_forward=1

	ip netns exec $testns sysctl -qw net.ipv4.conf.$DEV.rp_filter=0

	match="from $SRC_IP iif $DEV"

	getnomatch="from $SRC_IP iif lo"

	fib_rule4_test_match_n_redirect "$match" "$match" "$getnomatch" \

tools/testing/selftests/net/fib_tests.sh

+0 −3
Original line number Diff line number Diff line
@@ -2560,9 +2560,6 @@ ipv4_mpath_list_test() 
	run_cmd "ip -n $ns2 route add 203.0.113.0/24

		nexthop via 172.16.201.2 nexthop via 172.16.202.2"

	run_cmd "ip netns exec $ns2 sysctl -qw net.ipv4.fib_multipath_hash_policy=1"

	run_cmd "ip netns exec $ns2 sysctl -qw net.ipv4.conf.veth2.rp_filter=0"

	run_cmd "ip netns exec $ns2 sysctl -qw net.ipv4.conf.all.rp_filter=0"

	run_cmd "ip netns exec $ns2 sysctl -qw net.ipv4.conf.default.rp_filter=0"

	set +e



	local dmac=$(ip -n $ns2 -j link show dev veth2 | jq -r '.[]["address"]')

tools/testing/selftests/net/icmp_redirect.sh

+0 −2
Original line number Diff line number Diff line
@@ -178,8 +178,6 @@ setup() 
		else

			ip netns exec $ns sysctl -q -w net.ipv4.ip_forward=1

			ip netns exec $ns sysctl -q -w net.ipv4.conf.all.send_redirects=1

			ip netns exec $ns sysctl -q -w net.ipv4.conf.default.rp_filter=0

			ip netns exec $ns sysctl -q -w net.ipv4.conf.all.rp_filter=0



			ip netns exec $ns sysctl -q -w net.ipv6.conf.all.forwarding=1

			ip netns exec $ns sysctl -q -w net.ipv6.route.mtu_expires=10

tools/testing/selftests/net/lib.sh

+2 −0
Original line number Diff line number Diff line
@@ -217,6 +217,8 @@ setup_ns() 
			return $ksft_skip

		fi

		ip -n "${!ns_name}" link set lo up

		ip netns exec "${!ns_name}" sysctl -wq net.ipv4.conf.all.rp_filter=0

		ip netns exec "${!ns_name}" sysctl -wq net.ipv4.conf.default.rp_filter=0

		ns_list+=("${!ns_name}")

	done

	NS_LIST+=("${ns_list[@]}")