| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Sep 2022 18:04:18 -0700
From: Song Liu <song@...nel.org>
To: Lorenzo Bianconi <lorenzo@...nel.org>
Cc: bpf <bpf@...r.kernel.org>, Networking <netdev@...r.kernel.org>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
"David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Eric Dumazet <edumazet@...gle.com>,
Paolo Abeni <pabeni@...hat.com>, pablo@...filter.org,
fw@...len.de, netfilter-devel@...r.kernel.org,
lorenzo.bianconi@...hat.com,
Jesper Dangaard Brouer <brouer@...hat.com>,
Toke Høiland-Jørgensen <toke@...hat.com>,
Kumar Kartikeya Dwivedi <memxor@...il.com>
Subject: Re: [PATCH bpf-next] selftests/bpf: fix ct status check in bpf_nf selftests
On Wed, Sep 7, 2022 at 3:56 AM Lorenzo Bianconi <lorenzo@...nel.org> wrote:
>
> Check properly the connection tracking entry status configured running
> bpf_ct_change_status kfunc.
> Remove unnecessary IPS_CONFIRMED status configuration since it is
> already done during entry allocation.
>
> Fixes: 6eb7fba007a7 ("selftests/bpf: Add tests for new nf_conntrack kfuncs")
> Signed-off-by: Lorenzo Bianconi <lorenzo@...nel.org>
> ---
> tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 4 ++--
> tools/testing/selftests/bpf/progs/test_bpf_nf.c | 8 +++++---
> 2 files changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_nf.c b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
> index 544bf90ac2a7..903d16e3abed 100644
> --- a/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
> +++ b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
> @@ -111,8 +111,8 @@ static void test_bpf_nf_ct(int mode)
> /* allow some tolerance for test_delta_timeout value to avoid races. */
> ASSERT_GT(skel->bss->test_delta_timeout, 8, "Test for min ct timeout update");
> ASSERT_LE(skel->bss->test_delta_timeout, 10, "Test for max ct timeout update");
> - /* expected status is IPS_SEEN_REPLY */
> - ASSERT_EQ(skel->bss->test_status, 2, "Test for ct status update ");
> + /* expected status is IPS_CONFIRMED | IPS_SEEN_REPLY */
> + ASSERT_EQ(skel->bss->test_status, 0xa, "Test for ct status update ");
Why do we use 0xa instead of IPS_CONFIRMED | IPS_SEEN_REPLY?
To avoid dependency on the header file?
Thanks,
Song
Powered by blists - more mailing lists