mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 05:44:11 +00:00
Code Issues Releases Wiki Activity

selftest/net/xfrm: Add test for ipsec tunnel

Browse source 
It's an exhaustive testing for ipsec: covering all encryption/
authentication/compression algorithms. The tests are run in two
network namespaces, connected by veth interfaces. To make exhaustive
testing less time-consuming, the tests are run in parallel tasks,
specified by parameter to the selftest.

As the patches set adds support for xfrm in compatible tasks, there are
tests to check structures that differ in size between 64-bit and 32-bit
applications.
The selftest doesn't use libnl so that it can be easily compiled as
compatible application and don't require compatible .so.

Here is a diagram of the selftest:

                           ---------------
                           |  selftest   |
                           |  (parent)   |
                           ---------------
                              |        |
                              | (pipe) |
                              ----------
                             /   |  |   \
               /-------------   /    \   -------------\
               |          /-----      -----\          |
      ---------|----------|----------------|----------|---------
      |   ---------   ---------        ---------   ---------   |
      |   | child |   | child |  NS A  | child |   | child |   |
      |   ---------   ---------        ---------   ---------   |
      -------|------------|----------------|-------------|------
           veth0        veth1            veth2         vethN
    ---------|------------|----------------|-------------|----------
    | ------------  ------------       ------------   ------------ |
    | | gr.child |  | gr.child | NS B  | gr.child |   | gr.child | |
    | ------------  ------------       ------------   ------------ |
    ----------------------------------------------------------------

The parent sends the description of a test (xfrm parameters) to the
child, the child and grand child setup a tunnel over veth interface and
test it by sending udp packets.

Cc: Shuah Khan <shuah@kernel.org>
Cc: linux-kselftest@vger.kernel.org
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
Dmitry Safonov 2020-09-21 15:36:57 +01:00 committed by Steffen Klassert
parent 96392ee5a1
commit bc2652b7ae
4 changed files with 2198 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
MAINTAINERS
View file

@ -12145,6 +12145,7 @@ F: net/ipv6/ipcomp6.c
F: net/ipv6/xfrm*
F: net/key/
F: net/xfrm/
F: tools/testing/selftests/net/ipsec.c
NETWORKING [IPv4/IPv6]
M: "David S. Miller" <davem@davemloft.net>

1
tools/testing/selftests/net/.gitignore vendored
View file

@ -1,4 +1,5 @@
# SPDX-License-Identifier: GPL-2.0-only
ipsec
msg_zerocopy
socket
psock_fanout

1
tools/testing/selftests/net/Makefile
View file

@ -29,6 +29,7 @@ TEST_GEN_FILES += tcp_fastopen_backup_key
TEST_GEN_FILES += fin_ack_lat
TEST_GEN_FILES += reuseaddr_ports_exhausted
TEST_GEN_FILES += hwtstamp_config rxtimestamp timestamping txtimestamp
TEST_GEN_FILES += ipsec
TEST_GEN_PROGS = reuseport_bpf reuseport_bpf_cpu reuseport_bpf_numa
TEST_GEN_PROGS += reuseport_dualstack reuseaddr_conflict tls

2195
tools/testing/selftests/net/ipsec.c Normal file
View file

File diff suppressed because it is too large Load diff