3 # This test is for stress-testing the nf_tables config plane path vs.
4 # packet path processing: Make sure we never release rules that are
5 # still visible to other cpus.
9 # Kselftest framework requirement - SKIP code is 4.
12 testns=testns-$(mktemp -u "XXXXXXXX")
15 tables="foo bar baz quux"
21 ip netns pids "$testns" | xargs kill 2>/dev/null
22 ip netns del "$testns"
37 echo "$OK: nft $2 test returned $r"
42 nft --version > /dev/null 2>&1
44 echo "SKIP: Could not run test without nft tool"
48 ip -Version > /dev/null 2>&1
50 echo "SKIP: Could not run test without ip tool"
57 for table in $tables; do
58 echo add table inet "$table" >> "$tmp"
59 echo flush table inet "$table" >> "$tmp"
61 echo "add chain inet $table INPUT { type filter hook input priority 0; }" >> "$tmp"
62 echo "add chain inet $table OUTPUT { type filter hook output priority 0; }" >> "$tmp"
63 for c in $(seq 1 400); do
64 chain=$(printf "chain%03u" "$c")
65 echo "add chain inet $table $chain" >> "$tmp"
68 for c in $(seq 1 400); do
69 chain=$(printf "chain%03u" "$c")
70 for BASE in INPUT OUTPUT; do
71 echo "add rule inet $table $BASE counter jump $chain" >> "$tmp"
73 echo "add rule inet $table $chain counter return" >> "$tmp"
77 ip netns add "$testns"
78 ip -netns "$testns" link set lo up
80 lscpu | grep ^CPU\(s\): | ( read cpu cpunum ;
82 for i in $(seq 0 $cpunum);do
83 mask=$(printf 0x%x $((1<<$i)))
84 ip netns exec "$testns" taskset $mask ping -4 127.0.0.1 -fq > /dev/null &
85 ip netns exec "$testns" taskset $mask ping -6 ::1 -fq > /dev/null &
90 ip netns exec "$testns" nft -f "$tmp"
91 for i in $(seq 1 10) ; do ip netns exec "$testns" nft -f "$tmp" & done
93 for table in $tables;do
94 randsleep=$((RANDOM%2))
96 ip netns exec "$testns" nft delete table inet $table
98 if [ $lret -ne 0 ]; then
103 check_result $eret "add/delete"
105 for i in $(seq 1 10) ; do
106 (echo "flush ruleset"; cat "$tmp") | ip netns exec "$testns" nft -f /dev/stdin
109 if [ $lret -ne 0 ]; then
114 check_result $eret "reload"
116 for i in $(seq 1 10) ; do
117 (echo "flush ruleset"; cat "$tmp"
118 echo "insert rule inet foo INPUT meta nftrace set 1"
119 echo "insert rule inet foo OUTPUT meta nftrace set 1"
120 ) | ip netns exec "$testns" nft -f /dev/stdin
122 if [ $lret -ne 0 ]; then
126 (echo "flush ruleset"; cat "$tmp"
127 ) | ip netns exec "$testns" nft -f /dev/stdin
130 if [ $lret -ne 0 ]; then
135 check_result $eret "add/delete with nftrace enabled"
137 echo "insert rule inet foo INPUT meta nftrace set 1" >> $tmp
138 echo "insert rule inet foo OUTPUT meta nftrace set 1" >> $tmp
140 for i in $(seq 1 10) ; do
141 (echo "flush ruleset"; cat "$tmp") | ip netns exec "$testns" nft -f /dev/stdin
144 if [ $lret -ne 0 ]; then
149 check_result $lret "add/delete with nftrace enabled"