|
 |
bacbc8 |
From 802c96c0b2061dbab20694184bebbeba5eda4a03 Mon Sep 17 00:00:00 2001
|
|
|
bacbc8 |
From: Phil Sutter <phil@nwl.cc>
|
|
|
bacbc8 |
Date: Fri, 26 Oct 2018 11:42:05 +0200
|
|
|
bacbc8 |
Subject: [PATCH] tests/shell: Add testcase for cache update problems
|
|
|
bacbc8 |
|
|
|
bacbc8 |
The first test in there shows how the current cache update strategy
|
|
|
bacbc8 |
causes trouble. The second test shows that proposed "locking" of cache
|
|
|
bacbc8 |
when local entries are added is flawed, too.
|
|
|
bacbc8 |
|
|
|
bacbc8 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
bacbc8 |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
bacbc8 |
(cherry picked from commit 21d678639b28b99c301262c163128fdf67397ca6)
|
|
|
bacbc8 |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
bacbc8 |
---
|
|
|
bacbc8 |
.../shell/testcases/cache/0003_cache_update_0 | 29 +++++++++++++++++++
|
|
|
bacbc8 |
1 file changed, 29 insertions(+)
|
|
|
bacbc8 |
create mode 100755 tests/shell/testcases/cache/0003_cache_update_0
|
|
|
bacbc8 |
|
|
|
bacbc8 |
diff --git a/tests/shell/testcases/cache/0003_cache_update_0 b/tests/shell/testcases/cache/0003_cache_update_0
|
|
|
bacbc8 |
new file mode 100755
|
|
|
bacbc8 |
index 0000000000000..deb45db2c43be
|
|
|
bacbc8 |
--- /dev/null
|
|
|
bacbc8 |
+++ b/tests/shell/testcases/cache/0003_cache_update_0
|
|
|
bacbc8 |
@@ -0,0 +1,29 @@
|
|
|
bacbc8 |
+#!/bin/bash
|
|
|
bacbc8 |
+
|
|
|
bacbc8 |
+set -e
|
|
|
bacbc8 |
+
|
|
|
bacbc8 |
+# Expose how naive cache update logic (i.e., drop cache and repopulate from
|
|
|
bacbc8 |
+# kernel ruleset) may mess things up. The following input does:
|
|
|
bacbc8 |
+#
|
|
|
bacbc8 |
+# list ruleset -> populate the cache, cache->genid is non-zero
|
|
|
bacbc8 |
+# add table ip t -> make kernel's genid increment (cache->genid remains
|
|
|
bacbc8 |
+# unchanged)
|
|
|
bacbc8 |
+# add table ip t2; -> first command of batch, new table t2 is added to the cache
|
|
|
bacbc8 |
+# add chain ip t2 c -> second command of batch, triggers cache_update() which
|
|
|
bacbc8 |
+# removes table t2 from it
|
|
|
bacbc8 |
+
|
|
|
bacbc8 |
+$NFT -i >/dev/null <
|
|
|
bacbc8 |
+list ruleset
|
|
|
bacbc8 |
+add table ip t
|
|
|
bacbc8 |
+add table ip t2; add chain ip t2 c
|
|
|
bacbc8 |
+EOF
|
|
|
bacbc8 |
+
|
|
|
bacbc8 |
+# The following test exposes a problem with simple locking of cache when local
|
|
|
bacbc8 |
+# entries are added:
|
|
|
bacbc8 |
+#
|
|
|
bacbc8 |
+# add table ip t3 -> cache would be locked without previous update
|
|
|
bacbc8 |
+# add chain ip t c -> table t is not found due to no cache update happening
|
|
|
bacbc8 |
+
|
|
|
bacbc8 |
+$NFT -i >/dev/null <
|
|
|
bacbc8 |
+add table ip t3; add chain ip t c
|
|
|
bacbc8 |
+EOF
|
|
|
bacbc8 |
--
|
|
|
bacbc8 |
2.22.0
|
|
|
bacbc8 |
|