lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aLRvoV33kUnzk_68@shredder>
Date: Sun, 31 Aug 2025 18:52:01 +0300
From: Ido Schimmel <idosch@...dia.com>
To: Hangbin Liu <liuhangbin@...il.com>
Cc: netdev@...r.kernel.org, Jay Vosburgh <jv@...sburgh.net>,
	Andrew Lunn <andrew+netdev@...n.ch>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Sabrina Dubroca <sdubroca@...hat.com>,
	Jiri Pirko <jiri@...nulli.us>, Simon Horman <horms@...nel.org>,
	Nikolay Aleksandrov <razor@...ckwall.org>,
	Shuah Khan <shuah@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>,
	Kuniyuki Iwashima <kuniyu@...gle.com>,
	Ahmed Zaki <ahmed.zaki@...el.com>,
	Alexander Lobakin <aleksander.lobakin@...el.com>,
	bridge@...ts.linux.dev, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH net-next 5/5] selftests/net: add offload checking test
 for virtual interface

On Fri, Aug 29, 2025 at 09:54:30AM +0000, Hangbin Liu wrote:
> make sure the virtual interface offload setting is correct after
> changing lower devices.
> 
> Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
> ---
>  tools/testing/selftests/net/config          |   2 +
>  tools/testing/selftests/net/vdev_offload.sh | 174 ++++++++++++++++++++
>  2 files changed, 176 insertions(+)
>  create mode 100755 tools/testing/selftests/net/vdev_offload.sh

Need to add to the Makefile

> 
> diff --git a/tools/testing/selftests/net/config b/tools/testing/selftests/net/config
> index d548611e2698..0f3a64a86474 100644
> --- a/tools/testing/selftests/net/config
> +++ b/tools/testing/selftests/net/config
> @@ -117,6 +117,7 @@ CONFIG_IP_SCTP=m
>  CONFIG_NETFILTER_XT_MATCH_POLICY=m
>  CONFIG_CRYPTO_ARIA=y
>  CONFIG_XFRM_INTERFACE=m
> +CONFIG_XFRM_OFFLOAD=y
>  CONFIG_XFRM_USER=m
>  CONFIG_IP_NF_MATCH_RPFILTER=m
>  CONFIG_IP6_NF_MATCH_RPFILTER=m
> @@ -128,3 +129,4 @@ CONFIG_NETKIT=y
>  CONFIG_NET_PKTGEN=m
>  CONFIG_IPV6_ILA=m
>  CONFIG_IPV6_RPL_LWTUNNEL=y
> +CONFIG_NET_TEAM=m
> diff --git a/tools/testing/selftests/net/vdev_offload.sh b/tools/testing/selftests/net/vdev_offload.sh
> new file mode 100755
> index 000000000000..4926774aef19
> --- /dev/null
> +++ b/tools/testing/selftests/net/vdev_offload.sh
> @@ -0,0 +1,174 @@
> +#!/bin/bash
> +# SPDX-License-Identifier: GPL-2.0
> +
> +# shellcheck disable=SC1091
> +source lib.sh
> +
> +# Set related offload on lower deivces and check if upper devices re-compute
> +# Some fatures are fixed on veth interface. Just list here in case we have a

s/fatures/features/ (:set spell)

> +# better way to test in future.
> +set_offload()
> +{
> +	local dev="$1"
> +	local state="$2"
> +
> +	# VLAN features
> +	# NETIF_F_FRAGLIST: tx-scatter-gather-fraglist
> +	# shellcheck disable=SC2154
> +	ip netns exec "$ns" ethtool -K "$dev" tx-scatter-gather-fraglist "$state"
> +
> +	# ENC features
> +	# NETIF_F_RXCSUM: rx-checksum (bond/team/bridge fixed)
> +
> +	# XFRM features (veth fixed, netdevsim supports)
> +	# NETIF_F_HW_ESP: esp-hw-offload
> +	# NETIF_F_GSO_ESP: tx-esp-segmentation
> +
> +	# GSO partial features
> +	# NETIF_F_GSO_PARTIAL: tx-gso-partial (veth/bond fixed)
> +
> +	# Common features
> +	# NETIF_F_SG: tx-scatter-gather
> +	ip netns exec "$ns" ethtool -K "$dev" tx-scatter-gather "$state" &> /dev/null

Why the redirection here? I don't see it in other places

> +	# NETIF_F_GSO_SOFTWARE: NETIF_F_GSO_ACCECN: tx-tcp-accecn-segmentation
> +	ip netns exec "$ns" ethtool -K "$dev" tx-tcp-accecn-segmentation "$state"
> +	# NETIF_F_GSO_SOFTWARE: NETIF_F_GSO_SCTP: tx-sctp-segmentation
> +	ip netns exec "$ns" ethtool -K "$dev" tx-sctp-segmentation "$state"
> +	# NETIF_F_GSO_SOFTWARE: NETIF_F_GSO_FRAGLIST: tx-gso-list
> +	ip netns exec "$ns" ethtool -K "$dev" tx-gso-list "$state"
> +}
> +
> +__check_offload()
> +{
> +	local dev=$1
> +	local opt=$2
> +	local expect=$3
> +
> +	ip netns exec "$ns" ethtool --json -k "$dev" | \
> +		jq -r -e ".[].\"$opt\".active == ${expect}" >/dev/null
> +}
> +
> +check_offload()
> +{
> +	local dev=$1
> +	local state=$2
> +	RET=0
> +
> +	__check_offload "$dev" "tx-scatter-gather-fraglist" "$state" || RET=1
> +	__check_offload "$dev" "tx-scatter-gather" "$state" || RET=1
> +	__check_offload "$dev" "tx-tcp-accecn-segmentation" "$state" || RET=1
> +	__check_offload "$dev" "tx-sctp-segmentation" "$state" || RET=1
> +	__check_offload "$dev" "tx-gso-list" "$state" || RET=1
> +}
> +
> +setup_veth()
> +{
> +	# Set up test netns
> +	setup_ns ns switch
> +
> +	# shellcheck disable=SC2154
> +	ip -n "$ns" link add veth0 type veth peer name veth0 netns "$switch"
> +	ip -n "$ns" link add veth1 type veth peer name veth1 netns "$switch"
> +	ip -n "$switch" link set veth0 up
> +	ip -n "$switch" link set veth1 up
> +
> +	link_0=veth0
> +	link_1=veth1
> +}
> +
> +setup_netdevsim()
> +{
> +	setup_ns ns
> +	# The create_netdevsim() function will set the interface up. Later,
> +	# when it is added to bonded, we need to set it down first. And when
> +	# set down, it will have no carrier. So we need to add netdevsim ourselves.
> +	modprobe netdevsim
> +	udevadm settle
> +	echo "0 2" | ip netns exec "$ns" tee /sys/bus/netdevsim/new_device >/dev/null
> +	link_0=$(ip netns exec "$ns" ls /sys/bus/netdevsim/devices/netdevsim0/net | head -n 1)
> +	link_1=$(ip netns exec "$ns" ls /sys/bus/netdevsim/devices/netdevsim0/net | tail -n 1)
> +}
> +
> +cleanup()
> +{
> +	cleanup_netdevsim 0
> +	cleanup_all_ns
> +}
> +
> +setup_bond()
> +{
> +	ip -n "$ns" link set "$link_0" nomaster
> +	ip -n "$ns" link set "$link_1" nomaster
> +	ip -n "$ns" link add bond0 type bond mode active-backup miimon 100
> +	ip -n "$ns" link set "$link_0" master bond0
> +	ip -n "$ns" link set "$link_1" master bond0
> +	ip -n "$ns" link set bond0 up
> +}
> +
> +setup_team()
> +{
> +	ip -n "$ns" link set "$link_0" nomaster
> +	ip -n "$ns" link set "$link_1" nomaster
> +	ip -n "$ns" link add team0 type team
> +	ip -n "$ns" link set "$link_0" master team0
> +	ip -n "$ns" link set "$link_1" master team0
> +	ip -n "$ns" link set team0 up
> +}
> +
> +setup_bridge()
> +{
> +	ip -n "$ns" link set "$link_0" nomaster
> +	ip -n "$ns" link set "$link_1" nomaster
> +	ip -n "$ns" link add br0 type bridge
> +	ip -n "$ns" link set "$link_0" master br0
> +	ip -n "$ns" link set "$link_1" master br0
> +	ip -n "$ns" link set br0 up
> +}
> +
> +check_xfrm()
> +{
> +	local dev=$1
> +	local src=192.0.2.1
> +	local dst=192.0.2.2
> +	local key="0x3132333435363738393031323334353664636261"
> +
> +	RET=0
> +
> +	ip -n "$ns" xfrm state flush
> +	ip -n "$ns" xfrm state add proto esp src "$src" dst "$dst" spi 9 \
> +		mode transport reqid 42 aead "rfc4106(gcm(aes))" "$key" 128 \
> +		sel src "$src"/24 dst "$dst"/24 offload dev "$dev" dir out
> +
> +	# shellcheck disable=SC2034
> +	ip -n "$ns" xfrm state list | grep -q "crypto offload parameters: dev $dev dir" || RET=1
> +	log_test "$dev" "xfrm offload"
> +}
> +
> +do_test()
> +{
> +	local dev=$1

IMO, it makes more sense to put "RET=0" in the same function that calls
log_test() (like you have it in check_xfrm()), so I would put it here...

> +	set_offload veth0 "on"
> +	set_offload veth1 "on"
> +	check_offload "$dev" "true"
> +	log_test "$dev" "enable offload"
> +

... and here (instead of in check_offload())

> +	set_offload veth0 "off"
> +	set_offload veth1 "off"
> +	check_offload "$dev" "false"
> +	log_test "$dev" "disable offload"
> +}
> +
> +trap cleanup EXIT
> +setup_veth
> +setup_bond
> +do_test bond0
> +setup_team
> +do_test team0
> +setup_bridge
> +do_test br0
> +
> +# Check NETIF_F_HW_ESP
> +# Only test bond as team and bridge haven't implemented xfrm offload
> +setup_netdevsim
> +setup_bond
> +check_xfrm bond0
> -- 
> 2.50.1
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ