selftests: fib_rule_tests: Test TOS matching with input routes

The TOS value reaches the FIB rule core via different call paths when an
input route is looked up compared to an output route.

Re-test TOS matching with input routes to exercise these code paths.

Pass the 'iif' and 'from' selectors separately from the 'get{,no}match'
variables as otherwise the test name is too long to be printed without
misalignments.

Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Link: https://patch.msgid.link/20240814111005.955359-6-idosch@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/tools/testing/selftests/net/fib_rule_tests.sh b/tools/testing/selftests/net/fib_rule_tests.sh
index a3b2c833f050b95949cf9ac6ca8f7a0eedc4a3ca..89034c5b69dc6a07b88598cbf076694e3eae24f4 100755 (executable)
--- a/tools/testing/selftests/net/fib_rule_tests.sh
+++ b/tools/testing/selftests/net/fib_rule_tests.sh
@@ -245,6 +245,19 @@ fib_rule6_test()
                        "$getnomatch no redirect to table"
        done
 
+       # Re-test TOS matching, but with input routes since they are handled
+       # differently from output routes.
+       match="tos 0x10"
+       for cnt in "0x10" "0x11" "0x12" "0x13"; do
+               getmatch="tos $cnt"
+               getnomatch="tos 0x20"
+               fib_rule6_test_match_n_redirect "$match" \
+                       "from $SRC_IP6 iif $DEV $getmatch" \
+                       "from $SRC_IP6 iif $DEV $getnomatch" \
+                       "iif $getmatch redirect to table" \
+                       "iif $getnomatch no redirect to table"
+       done
+
        match="fwmark 0x64"
        getmatch="mark 0x64"
        getnomatch="mark 0x63"
@@ -403,15 +416,14 @@ fib_rule4_test()
        fib_rule4_test_match_n_redirect "$match" "$match" "$getnomatch" \
                "oif redirect to table" "oif no redirect to table"
 
-       # need enable forwarding and disable rp_filter temporarily as all the
-       # addresses are in the same subnet and egress device == ingress device.
+       # Enable forwarding and disable rp_filter as all the addresses are in
+       # the same subnet and egress device == ingress device.
        ip netns exec $testns sysctl -qw net.ipv4.ip_forward=1
        ip netns exec $testns sysctl -qw net.ipv4.conf.$DEV.rp_filter=0
        match="from $SRC_IP iif $DEV"
        getnomatch="from $SRC_IP iif lo"
        fib_rule4_test_match_n_redirect "$match" "$match" "$getnomatch" \
                "iif redirect to table" "iif no redirect to table"
-       ip netns exec $testns sysctl -qw net.ipv4.ip_forward=0
 
        # Reject dsfield (tos) options which have ECN bits set
        for cnt in $(seq 1 3); do
@@ -431,6 +443,19 @@ fib_rule4_test()
                        "$getnomatch no redirect to table"
        done
 
+       # Re-test TOS matching, but with input routes since they are handled
+       # differently from output routes.
+       match="tos 0x10"
+       for cnt in "0x10" "0x11" "0x12" "0x13"; do
+               getmatch="tos $cnt"
+               getnomatch="tos 0x20"
+               fib_rule4_test_match_n_redirect "$match" \
+                       "from $SRC_IP iif $DEV $getmatch" \
+                       "from $SRC_IP iif $DEV $getnomatch" \
+                       "iif $getmatch redirect to table" \
+                       "iif $getnomatch no redirect to table"
+       done
+
        match="fwmark 0x64"
        getmatch="mark 0x64"
        getnomatch="mark 0x63"