| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250902072602.361122-6-liuhangbin@gmail.com>
Date: Tue, 2 Sep 2025 07:26:02 +0000
From: Hangbin Liu <liuhangbin@...il.com>
To: netdev@...r.kernel.org
Cc: Jay Vosburgh <jv@...sburgh.net>,
Andrew Lunn <andrew+netdev@...n.ch>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Sabrina Dubroca <sdubroca@...hat.com>,
Jiri Pirko <jiri@...nulli.us>,
Simon Horman <horms@...nel.org>,
Ido Schimmel <idosch@...dia.com>,
Shuah Khan <shuah@...nel.org>,
Stanislav Fomichev <sdf@...ichev.me>,
Kuniyuki Iwashima <kuniyu@...gle.com>,
Ahmed Zaki <ahmed.zaki@...el.com>,
Alexander Lobakin <aleksander.lobakin@...el.com>,
bridge@...ts.linux.dev,
linux-kselftest@...r.kernel.org,
Hangbin Liu <liuhangbin@...il.com>
Subject: [PATCHv2 net-next 5/5] selftests/net: add offload checking test for virtual interface
make sure the virtual interface offload setting is correct after
changing lower devices.
Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
---
tools/testing/selftests/net/Makefile | 1 +
tools/testing/selftests/net/config | 2 +
tools/testing/selftests/net/vdev_offload.sh | 176 ++++++++++++++++++++
3 files changed, 179 insertions(+)
create mode 100755 tools/testing/selftests/net/vdev_offload.sh
diff --git a/tools/testing/selftests/net/Makefile b/tools/testing/selftests/net/Makefile
index eef0b8f8a7b0..e195ab4038a0 100644
--- a/tools/testing/selftests/net/Makefile
+++ b/tools/testing/selftests/net/Makefile
@@ -118,6 +118,7 @@ TEST_PROGS += tfo_passive.sh
TEST_PROGS += broadcast_pmtu.sh
TEST_PROGS += ipv6_force_forwarding.sh
TEST_PROGS += route_hint.sh
+TEST_PROGS += vdev_offload.sh
# YNL files, must be before "include ..lib.mk"
YNL_GEN_FILES := busy_poller netlink-dumps
diff --git a/tools/testing/selftests/net/config b/tools/testing/selftests/net/config
index d548611e2698..0f3a64a86474 100644
--- a/tools/testing/selftests/net/config
+++ b/tools/testing/selftests/net/config
@@ -117,6 +117,7 @@ CONFIG_IP_SCTP=m
CONFIG_NETFILTER_XT_MATCH_POLICY=m
CONFIG_CRYPTO_ARIA=y
CONFIG_XFRM_INTERFACE=m
+CONFIG_XFRM_OFFLOAD=y
CONFIG_XFRM_USER=m
CONFIG_IP_NF_MATCH_RPFILTER=m
CONFIG_IP6_NF_MATCH_RPFILTER=m
@@ -128,3 +129,4 @@ CONFIG_NETKIT=y
CONFIG_NET_PKTGEN=m
CONFIG_IPV6_ILA=m
CONFIG_IPV6_RPL_LWTUNNEL=y
+CONFIG_NET_TEAM=m
diff --git a/tools/testing/selftests/net/vdev_offload.sh b/tools/testing/selftests/net/vdev_offload.sh
new file mode 100755
index 000000000000..78fc212efd4a
--- /dev/null
+++ b/tools/testing/selftests/net/vdev_offload.sh
@@ -0,0 +1,176 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+
+# shellcheck disable=SC1091
+source lib.sh
+
+# Set related offload on lower deivces and check if upper devices re-compute
+# Some features are fixed on veth interface. Just list here in case we have a
+# better way to test in future.
+set_offload()
+{
+ local dev="$1"
+ local state="$2"
+
+ # VLAN features
+ # NETIF_F_FRAGLIST: tx-scatter-gather-fraglist
+ # shellcheck disable=SC2154
+ ip netns exec "$ns" ethtool -K "$dev" tx-scatter-gather-fraglist "$state"
+
+ # ENC features
+ # NETIF_F_RXCSUM: rx-checksum (bond/team/bridge fixed)
+
+ # XFRM features (veth fixed, netdevsim supports)
+ # NETIF_F_HW_ESP: esp-hw-offload
+ # NETIF_F_GSO_ESP: tx-esp-segmentation
+
+ # GSO partial features
+ # NETIF_F_GSO_PARTIAL: tx-gso-partial (veth/bond fixed)
+
+ # Common features
+ # NETIF_F_SG: tx-scatter-gather
+ ip netns exec "$ns" ethtool -K "$dev" tx-scatter-gather "$state" &> /dev/null
+ # NETIF_F_GSO_SOFTWARE: NETIF_F_GSO_ACCECN: tx-tcp-accecn-segmentation
+ ip netns exec "$ns" ethtool -K "$dev" tx-tcp-accecn-segmentation "$state"
+ # NETIF_F_GSO_SOFTWARE: NETIF_F_GSO_SCTP: tx-sctp-segmentation
+ ip netns exec "$ns" ethtool -K "$dev" tx-sctp-segmentation "$state"
+ # NETIF_F_GSO_SOFTWARE: NETIF_F_GSO_FRAGLIST: tx-gso-list
+ ip netns exec "$ns" ethtool -K "$dev" tx-gso-list "$state"
+}
+
+__check_offload()
+{
+ local dev=$1
+ local opt=$2
+ local expect=$3
+
+ ip netns exec "$ns" ethtool --json -k "$dev" | \
+ jq -r -e ".[].\"$opt\".active == ${expect}" >/dev/null
+}
+
+check_offload()
+{
+ local dev=$1
+ local state=$2
+
+ __check_offload "$dev" "tx-scatter-gather-fraglist" "$state" || RET=1
+ __check_offload "$dev" "tx-scatter-gather" "$state" || RET=1
+ __check_offload "$dev" "tx-tcp-accecn-segmentation" "$state" || RET=1
+ __check_offload "$dev" "tx-sctp-segmentation" "$state" || RET=1
+ __check_offload "$dev" "tx-gso-list" "$state" || RET=1
+}
+
+setup_veth()
+{
+ # Set up test netns
+ setup_ns ns switch
+
+ # shellcheck disable=SC2154
+ ip -n "$ns" link add veth0 type veth peer name veth0 netns "$switch"
+ ip -n "$ns" link add veth1 type veth peer name veth1 netns "$switch"
+ ip -n "$switch" link set veth0 up
+ ip -n "$switch" link set veth1 up
+
+ link_0=veth0
+ link_1=veth1
+}
+
+setup_netdevsim()
+{
+ setup_ns ns
+ # The create_netdevsim() function will set the interface up. Later,
+ # when it is added to bonded, we need to set it down first. And when
+ # set down, it will have no carrier. So we need to add netdevsim ourselves.
+ modprobe netdevsim
+ udevadm settle
+ echo "0 2" | ip netns exec "$ns" tee /sys/bus/netdevsim/new_device >/dev/null
+ link_0=$(ip netns exec "$ns" ls /sys/bus/netdevsim/devices/netdevsim0/net | head -n 1)
+ link_1=$(ip netns exec "$ns" ls /sys/bus/netdevsim/devices/netdevsim0/net | tail -n 1)
+}
+
+cleanup()
+{
+ cleanup_netdevsim 0
+ cleanup_all_ns
+}
+
+setup_bond()
+{
+ ip -n "$ns" link set "$link_0" nomaster
+ ip -n "$ns" link set "$link_1" nomaster
+ ip -n "$ns" link add bond0 type bond mode active-backup miimon 100
+ ip -n "$ns" link set "$link_0" master bond0
+ ip -n "$ns" link set "$link_1" master bond0
+ ip -n "$ns" link set bond0 up
+}
+
+setup_team()
+{
+ ip -n "$ns" link set "$link_0" nomaster
+ ip -n "$ns" link set "$link_1" nomaster
+ ip -n "$ns" link add team0 type team
+ ip -n "$ns" link set "$link_0" master team0
+ ip -n "$ns" link set "$link_1" master team0
+ ip -n "$ns" link set team0 up
+}
+
+setup_bridge()
+{
+ ip -n "$ns" link set "$link_0" nomaster
+ ip -n "$ns" link set "$link_1" nomaster
+ ip -n "$ns" link add br0 type bridge
+ ip -n "$ns" link set "$link_0" master br0
+ ip -n "$ns" link set "$link_1" master br0
+ ip -n "$ns" link set br0 up
+}
+
+check_xfrm()
+{
+ local dev=$1
+ local src=192.0.2.1
+ local dst=192.0.2.2
+ local key="0x3132333435363738393031323334353664636261"
+
+ RET=0
+
+ ip -n "$ns" xfrm state flush
+ ip -n "$ns" xfrm state add proto esp src "$src" dst "$dst" spi 9 \
+ mode transport reqid 42 aead "rfc4106(gcm(aes))" "$key" 128 \
+ sel src "$src"/24 dst "$dst"/24 offload dev "$dev" dir out
+
+ # shellcheck disable=SC2034
+ ip -n "$ns" xfrm state list | grep -q "crypto offload parameters: dev $dev dir" || RET=1
+ log_test "$dev" "xfrm offload"
+}
+
+do_test()
+{
+ local dev=$1
+
+ RET=0
+ set_offload veth0 "on"
+ set_offload veth1 "on"
+ check_offload "$dev" "true"
+ log_test "$dev" "enable offload"
+
+ RET=0
+ set_offload veth0 "off"
+ set_offload veth1 "off"
+ check_offload "$dev" "false"
+ log_test "$dev" "disable offload"
+}
+
+trap cleanup EXIT
+setup_veth
+setup_bond
+do_test bond0
+setup_team
+do_test team0
+setup_bridge
+do_test br0
+
+# Check NETIF_F_HW_ESP
+# Only test bond as team and bridge haven't implemented xfrm offload
+setup_netdevsim
+setup_bond
+check_xfrm bond0
--
2.50.1
Powered by blists - more mailing lists