Hi,
On Thu, 2024-02-29 at 01:01 +0100, Pablo Neira Ayuso wrote:
> diff --git a/tools/testing/selftests/netfilter/bridge_netfilter.sh b/tools/testing/selftests/netfilter/bridge_netfilter.sh
> new file mode 100644
> index 000000000000..659b3ab02c8b
> --- /dev/null
> +++ b/tools/testing/selftests/netfilter/bridge_netfilter.sh
> @@ -0,0 +1,188 @@
> +#!/bin/bash
> +# SPDX-License-Identifier: GPL-2.0
> +#
> +# Test bridge netfilter + conntrack, a combination that doesn't really work,
> +# with multicast/broadcast packets racing for hash table insertion.
> +
> +# eth0 br0 eth0
> +# setup is: ns1 <->,ns0 <-> ns3
> +# ns2 <-' `'-> ns4
> +
> +# Kselftest framework requirement - SKIP code is 4.
> +ksft_skip=4
> +ret=0
> +
> +sfx=$(mktemp -u "XXXXXXXX")
> +ns0="ns0-$sfx"
> +ns1="ns1-$sfx"
> +ns2="ns2-$sfx"
> +ns3="ns3-$sfx"
> +ns4="ns4-$sfx"
> +
> +ebtables -V > /dev/null 2>&1
> +if [ $? -ne 0 ];then
> + echo "SKIP: Could not run test without ebtables"
> + exit $ksft_skip
> +fi
> +
> +ip -Version > /dev/null 2>&1
> +if [ $? -ne 0 ];then
> + echo "SKIP: Could not run test without ip tool"
> + exit $ksft_skip
> +fi
> +
> +for i in $(seq 0 4); do
> + eval ip netns add \$ns$i
[Not intended to block this series] I thing this patch could use a
'next' follow-up to clean-up the style a bit (e.g. indentation above
and other places below...)
Also I'm wondering if in the long term we could converge to use the
same infra here and in 'net' self tests for netns setup.
> +done
> +
> +cleanup() {
> + for i in $(seq 0 4); do eval ip netns del \$ns$i;done
> +}
> +
> +trap cleanup EXIT
> +
> +do_ping()
> +{
> + fromns="$1"
> + dstip="$2"
> +
> + ip netns exec $fromns ping -c 1 -q $dstip > /dev/null
> + if [ $? -ne 0 ]; then
> + echo "ERROR: ping from $fromns to $dstip"
> + ip netns exec ${ns0} nft list ruleset
> + ret=1
> + fi
> +}
> +
> +bcast_ping()
> +{
> + fromns="$1"
> + dstip="$2"
> +
> + for i in $(seq 1 1000); do
> + ip netns exec $fromns ping -q -f -b -c 1 -q $dstip > /dev/null 2>&1
[Not intended to block this series] repeated '-q' argument here
Cheers,
Paolo
