| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aLRvoV33kUnzk_68@shredder>
Date: Sun, 31 Aug 2025 18:52:01 +0300
From: Ido Schimmel <idosch@...dia.com>
To: Hangbin Liu <liuhangbin@...il.com>
Cc: netdev@...r.kernel.org, Jay Vosburgh <jv@...sburgh.net>,
Andrew Lunn <andrew+netdev@...n.ch>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Sabrina Dubroca <sdubroca@...hat.com>,
Jiri Pirko <jiri@...nulli.us>, Simon Horman <horms@...nel.org>,
Nikolay Aleksandrov <razor@...ckwall.org>,
Shuah Khan <shuah@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>,
Kuniyuki Iwashima <kuniyu@...gle.com>,
Ahmed Zaki <ahmed.zaki@...el.com>,
Alexander Lobakin <aleksander.lobakin@...el.com>,
bridge@...ts.linux.dev, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH net-next 5/5] selftests/net: add offload checking test
for virtual interface
On Fri, Aug 29, 2025 at 09:54:30AM +0000, Hangbin Liu wrote:
> make sure the virtual interface offload setting is correct after
> changing lower devices.
>
> Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
> ---
> tools/testing/selftests/net/config | 2 +
> tools/testing/selftests/net/vdev_offload.sh | 174 ++++++++++++++++++++
> 2 files changed, 176 insertions(+)
> create mode 100755 tools/testing/selftests/net/vdev_offload.sh
Need to add to the Makefile
>
> diff --git a/tools/testing/selftests/net/config b/tools/testing/selftests/net/config
> index d548611e2698..0f3a64a86474 100644
> --- a/tools/testing/selftests/net/config
> +++ b/tools/testing/selftests/net/config
> @@ -117,6 +117,7 @@ CONFIG_IP_SCTP=m
> CONFIG_NETFILTER_XT_MATCH_POLICY=m
> CONFIG_CRYPTO_ARIA=y
> CONFIG_XFRM_INTERFACE=m
> +CONFIG_XFRM_OFFLOAD=y
> CONFIG_XFRM_USER=m
> CONFIG_IP_NF_MATCH_RPFILTER=m
> CONFIG_IP6_NF_MATCH_RPFILTER=m
> @@ -128,3 +129,4 @@ CONFIG_NETKIT=y
> CONFIG_NET_PKTGEN=m
> CONFIG_IPV6_ILA=m
> CONFIG_IPV6_RPL_LWTUNNEL=y
> +CONFIG_NET_TEAM=m
> diff --git a/tools/testing/selftests/net/vdev_offload.sh b/tools/testing/selftests/net/vdev_offload.sh
> new file mode 100755
> index 000000000000..4926774aef19
> --- /dev/null
> +++ b/tools/testing/selftests/net/vdev_offload.sh
> @@ -0,0 +1,174 @@
> +#!/bin/bash
> +# SPDX-License-Identifier: GPL-2.0
> +
> +# shellcheck disable=SC1091
> +source lib.sh
> +
> +# Set related offload on lower deivces and check if upper devices re-compute
> +# Some fatures are fixed on veth interface. Just list here in case we have a
s/fatures/features/ (:set spell)
> +# better way to test in future.
> +set_offload()
> +{
> + local dev="$1"
> + local state="$2"
> +
> + # VLAN features
> + # NETIF_F_FRAGLIST: tx-scatter-gather-fraglist
> + # shellcheck disable=SC2154
> + ip netns exec "$ns" ethtool -K "$dev" tx-scatter-gather-fraglist "$state"
> +
> + # ENC features
> + # NETIF_F_RXCSUM: rx-checksum (bond/team/bridge fixed)
> +
> + # XFRM features (veth fixed, netdevsim supports)
> + # NETIF_F_HW_ESP: esp-hw-offload
> + # NETIF_F_GSO_ESP: tx-esp-segmentation
> +
> + # GSO partial features
> + # NETIF_F_GSO_PARTIAL: tx-gso-partial (veth/bond fixed)
> +
> + # Common features
> + # NETIF_F_SG: tx-scatter-gather
> + ip netns exec "$ns" ethtool -K "$dev" tx-scatter-gather "$state" &> /dev/null
Why the redirection here? I don't see it in other places
> + # NETIF_F_GSO_SOFTWARE: NETIF_F_GSO_ACCECN: tx-tcp-accecn-segmentation
> + ip netns exec "$ns" ethtool -K "$dev" tx-tcp-accecn-segmentation "$state"
> + # NETIF_F_GSO_SOFTWARE: NETIF_F_GSO_SCTP: tx-sctp-segmentation
> + ip netns exec "$ns" ethtool -K "$dev" tx-sctp-segmentation "$state"
> + # NETIF_F_GSO_SOFTWARE: NETIF_F_GSO_FRAGLIST: tx-gso-list
> + ip netns exec "$ns" ethtool -K "$dev" tx-gso-list "$state"
> +}
> +
> +__check_offload()
> +{
> + local dev=$1
> + local opt=$2
> + local expect=$3
> +
> + ip netns exec "$ns" ethtool --json -k "$dev" | \
> + jq -r -e ".[].\"$opt\".active == ${expect}" >/dev/null
> +}
> +
> +check_offload()
> +{
> + local dev=$1
> + local state=$2
> + RET=0
> +
> + __check_offload "$dev" "tx-scatter-gather-fraglist" "$state" || RET=1
> + __check_offload "$dev" "tx-scatter-gather" "$state" || RET=1
> + __check_offload "$dev" "tx-tcp-accecn-segmentation" "$state" || RET=1
> + __check_offload "$dev" "tx-sctp-segmentation" "$state" || RET=1
> + __check_offload "$dev" "tx-gso-list" "$state" || RET=1
> +}
> +
> +setup_veth()
> +{
> + # Set up test netns
> + setup_ns ns switch
> +
> + # shellcheck disable=SC2154
> + ip -n "$ns" link add veth0 type veth peer name veth0 netns "$switch"
> + ip -n "$ns" link add veth1 type veth peer name veth1 netns "$switch"
> + ip -n "$switch" link set veth0 up
> + ip -n "$switch" link set veth1 up
> +
> + link_0=veth0
> + link_1=veth1
> +}
> +
> +setup_netdevsim()
> +{
> + setup_ns ns
> + # The create_netdevsim() function will set the interface up. Later,
> + # when it is added to bonded, we need to set it down first. And when
> + # set down, it will have no carrier. So we need to add netdevsim ourselves.
> + modprobe netdevsim
> + udevadm settle
> + echo "0 2" | ip netns exec "$ns" tee /sys/bus/netdevsim/new_device >/dev/null
> + link_0=$(ip netns exec "$ns" ls /sys/bus/netdevsim/devices/netdevsim0/net | head -n 1)
> + link_1=$(ip netns exec "$ns" ls /sys/bus/netdevsim/devices/netdevsim0/net | tail -n 1)
> +}
> +
> +cleanup()
> +{
> + cleanup_netdevsim 0
> + cleanup_all_ns
> +}
> +
> +setup_bond()
> +{
> + ip -n "$ns" link set "$link_0" nomaster
> + ip -n "$ns" link set "$link_1" nomaster
> + ip -n "$ns" link add bond0 type bond mode active-backup miimon 100
> + ip -n "$ns" link set "$link_0" master bond0
> + ip -n "$ns" link set "$link_1" master bond0
> + ip -n "$ns" link set bond0 up
> +}
> +
> +setup_team()
> +{
> + ip -n "$ns" link set "$link_0" nomaster
> + ip -n "$ns" link set "$link_1" nomaster
> + ip -n "$ns" link add team0 type team
> + ip -n "$ns" link set "$link_0" master team0
> + ip -n "$ns" link set "$link_1" master team0
> + ip -n "$ns" link set team0 up
> +}
> +
> +setup_bridge()
> +{
> + ip -n "$ns" link set "$link_0" nomaster
> + ip -n "$ns" link set "$link_1" nomaster
> + ip -n "$ns" link add br0 type bridge
> + ip -n "$ns" link set "$link_0" master br0
> + ip -n "$ns" link set "$link_1" master br0
> + ip -n "$ns" link set br0 up
> +}
> +
> +check_xfrm()
> +{
> + local dev=$1
> + local src=192.0.2.1
> + local dst=192.0.2.2
> + local key="0x3132333435363738393031323334353664636261"
> +
> + RET=0
> +
> + ip -n "$ns" xfrm state flush
> + ip -n "$ns" xfrm state add proto esp src "$src" dst "$dst" spi 9 \
> + mode transport reqid 42 aead "rfc4106(gcm(aes))" "$key" 128 \
> + sel src "$src"/24 dst "$dst"/24 offload dev "$dev" dir out
> +
> + # shellcheck disable=SC2034
> + ip -n "$ns" xfrm state list | grep -q "crypto offload parameters: dev $dev dir" || RET=1
> + log_test "$dev" "xfrm offload"
> +}
> +
> +do_test()
> +{
> + local dev=$1
IMO, it makes more sense to put "RET=0" in the same function that calls
log_test() (like you have it in check_xfrm()), so I would put it here...
> + set_offload veth0 "on"
> + set_offload veth1 "on"
> + check_offload "$dev" "true"
> + log_test "$dev" "enable offload"
> +
... and here (instead of in check_offload())
> + set_offload veth0 "off"
> + set_offload veth1 "off"
> + check_offload "$dev" "false"
> + log_test "$dev" "disable offload"
> +}
> +
> +trap cleanup EXIT
> +setup_veth
> +setup_bond
> +do_test bond0
> +setup_team
> +do_test team0
> +setup_bridge
> +do_test br0
> +
> +# Check NETIF_F_HW_ESP
> +# Only test bond as team and bridge haven't implemented xfrm offload
> +setup_netdevsim
> +setup_bond
> +check_xfrm bond0
> --
> 2.50.1
>
Powered by blists - more mailing lists