mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-15 15:15:47 +00:00
Code Issues Releases Wiki Activity
linux-stable/tools/testing/selftests/netfilter
History
Florian Westphal a64d558d8c selftests: netfilter: add nfqueue test case 
Add a test case to check nf queue infrastructure.
Could be extended in the future to also cover serialization of
conntrack, uid and secctx attributes in nfqueue.

For now, this checks that 'queue bypass' works, that a queue rule with
no bypass option blocks traffic and that userspace receives the expected
number of packets.
For this we add two queues and hook all of
prerouting/input/forward/output/postrouting.

Packets get queued twice with a dummy base chain in between:
This passes with current nf tree, but reverting
commit 946c0d8e6e ("netfilter: nf_queue: fix reinject verdict handling")
makes this trip (it processes 30 instead of expected 20 packets).

v2: update config file with queue and other options missing/needed for
other tests.
v3: also test with tcp, this reveals problem with commit
28f8bfd1ac ("netfilter: Support iif matches in POSTROUTING"), due to
skb->dev pointing at another skb in the retransmit rbtree (skb->dev
aliases to rbnode child).

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-03-24 20:00:12 +01:00
..
bridge_brouter.sh selftests: netfilter: add ebtables broute test case 2019-04-12 01:45:58 +02:00
config selftests: netfilter: add nfqueue test case 2020-03-24 20:00:12 +01:00
conntrack_icmp_related.sh selftests: netfilter: check icmp pkttoobig errors are set as related 2019-04-13 14:52:57 +02:00
ipvs.sh selftests: netfilter: add ipvs tunnel test case 2019-10-11 10:05:27 +02:00
Makefile selftests: netfilter: add nfqueue test case 2020-03-24 20:00:12 +01:00
nf-queue.c selftests: netfilter: add nfqueue test case 2020-03-24 20:00:12 +01:00
nft_concat_range.sh selftests: nft_concat_range: Add test for reported add/flush/add issue 2020-02-26 14:33:09 +01:00
nft_flowtable.sh selftests: netfilter: extend flowtable test script with dnat rule 2019-12-20 02:12:27 +01:00
nft_nat.sh selftests: netfilter: use randomized netns names 2019-12-07 19:50:39 +01:00
nft_queue.sh selftests: netfilter: add nfqueue test case 2020-03-24 20:00:12 +01:00
nft_trans_stress.sh