lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CADvbK_f8Uz82t96jXWFB-72A1_+qJGysfAhFKA1aWssiwdO+ww@mail.gmail.com>
Date: Sun, 20 Jul 2025 12:32:49 -0400
From: Xin Long <lucien.xin@...il.com>
To: shuali@...hat.com
Cc: "David S . Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, 
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Shuah Khan <shuah@...nel.org>, 
	Simon Horman <horms@...nel.org>, xiyou.wangcong@...il.com, netdev@...r.kernel.org, 
	linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next] selftests: tc: Add generic erspan_opts matching
 support for tc-flower

On Fri, Jul 18, 2025 at 10:16 AM <shuali@...hat.com> wrote:
>
> From: Li Shuang <shuali@...hat.com>
>
> Add test cases to tc_flower.sh to validate generic matching on ERSPAN
> options. Both ERSPAN Type II and Type III are covered.
>
> Also add check_tc_erspan_support() to verify whether tc supports
> erspan_opts.
>
> Signed-off-by: Li Shuang <shuali@...hat.com>
> ---
>  tools/testing/selftests/net/forwarding/lib.sh | 14 +++++
>  .../selftests/net/forwarding/tc_flower.sh     | 52 ++++++++++++++++++-
>  2 files changed, 65 insertions(+), 1 deletion(-)
>
> diff --git a/tools/testing/selftests/net/forwarding/lib.sh b/tools/testing/selftests/net/forwarding/lib.sh
> index 9308b2f77fed..890b3374dacd 100644
> --- a/tools/testing/selftests/net/forwarding/lib.sh
> +++ b/tools/testing/selftests/net/forwarding/lib.sh
> @@ -142,6 +142,20 @@ check_tc_version()
>         fi
>  }
>
> +check_tc_erspan_support()
> +{
> +       local dev=$1; shift
> +
> +       tc filter add dev $dev ingress pref 1 handle 1 flower \
> +               erspan_opts 1:0:0:0 &> /dev/null
> +       if [[ $? -ne 0 ]]; then
> +               echo "SKIP: iproute2 too old; tc is missing erspan support"
> +               return $ksft_skip
> +       fi
> +       tc filter del dev $dev ingress pref 1 handle 1 flower \
> +               erspan_opts 1:0:0:0 &> /dev/null
> +}
> +
>  # Old versions of tc don't understand "mpls_uc"
>  check_tc_mpls_support()
>  {
> diff --git a/tools/testing/selftests/net/forwarding/tc_flower.sh b/tools/testing/selftests/net/forwarding/tc_flower.sh
> index b1daad19b01e..b58909a93112 100755
> --- a/tools/testing/selftests/net/forwarding/tc_flower.sh
> +++ b/tools/testing/selftests/net/forwarding/tc_flower.sh
> @@ -6,7 +6,7 @@ ALL_TESTS="match_dst_mac_test match_src_mac_test match_dst_ip_test \
>         match_ip_tos_test match_indev_test match_ip_ttl_test
>         match_mpls_label_test \
>         match_mpls_tc_test match_mpls_bos_test match_mpls_ttl_test \
> -       match_mpls_lse_test"
> +       match_mpls_lse_test match_erspan_opts_test"
>  NUM_NETIFS=2
>  source tc_common.sh
>  source lib.sh
> @@ -676,6 +676,56 @@ match_mpls_lse_test()
>         log_test "mpls lse match ($tcflags)"
>  }
>
> +match_erspan_opts_test()
> +{
> +       RET=0
> +
> +       check_tc_erspan_support $h2 || return 0
> +
> +       # h1 erspan setup
> +       tunnel_create erspan1 erspan 192.0.2.1 192.0.2.2 dev $h1 seq key 1001 \
> +               tos C ttl 64 erspan_ver 1 erspan 6789 # ERSPAN Type II
> +       tunnel_create erspan2 erspan 192.0.2.1 192.0.2.2 dev $h1 seq key 1002 \
> +               tos C ttl 64 erspan_ver 2 erspan_dir egress erspan_hwid 63 \
> +               # ERSPAN Type III
> +       ip link set dev erspan1 master v$h1
> +       ip link set dev erspan2 master v$h1
> +       # h2 erspan setup
> +       ip link add ep-ex type erspan ttl 64 external # To collect tunnel info
> +       ip link set ep-ex up
> +       ip link set dev ep-ex master v$h2
> +       tc qdisc add dev ep-ex clsact
> +
> +       # ERSPAN Type II [decap direction]
> +       tc filter add dev ep-ex ingress protocol ip  handle 101 flower \
> +               $tcflags enc_src_ip 192.0.2.1 enc_dst_ip 192.0.2.2 \
> +               enc_key_id 1001 erspan_opts 1:6789:0:0 \
> +               action drop
> +       # ERSPAN Type III [decap direction]
> +       tc filter add dev ep-ex ingress protocol ip  handle 102 flower \
> +               $tcflags enc_src_ip 192.0.2.1 enc_dst_ip 192.0.2.2 \
> +               enc_key_id 1002 erspan_opts 2:0:1:63 action drop
> +
> +       ep1mac=$(mac_get erspan1)
> +       $MZ erspan1 -c 1 -p 64 -a $ep1mac -b $h2mac -t ip -q
> +       tc_check_packets "dev ep-ex ingress" 101 1
> +       check_err $? "ERSPAN Type II"
> +
> +       ep2mac=$(mac_get erspan2)
> +       $MZ erspan2 -c 1 -p 64 -a $ep1mac -b $h2mac -t ip -q
> +       tc_check_packets "dev ep-ex ingress" 102 1
> +       check_err $? "ERSPAN Type III"
> +
> +       # h2 erspan cleanup
> +       tc qdisc del dev ep-ex clsact
> +       tunnel_destroy ep-ex
> +       # h1 erspan cleanup
> +       tunnel_destroy erspan2 # ERSPAN Type III
> +       tunnel_destroy erspan1 # ERSPAN Type II
> +
> +       log_test "erspan_opts match ($tcflags)"
> +}
> +
>  setup_prepare()
>  {
>         h1=${NETIFS[p1]}
> --
> 2.50.1
>
Reviewed-by: Xin Long <lucien.xin@...il.com>

It would be great to also add test cases for matching VXLAN and
GENEVE options in tc flower in the future.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ