git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Andrea Mayer <andrea.mayer@uniroma2.it>
	Sat, 4 Apr 2026 00:44:05 +0000 (02:44 +0200)
committer	Jakub Kicinski <kuba@kernel.org>
	Wed, 8 Apr 2026 03:20:56 +0000 (20:20 -0700)
commit	32dfd742f06a68fac6499a58f52025990c854031
tree	8015badc6619dc635972bc7d47c2e2f6d88bc7fd	tree \| snapshot
parent	c3812651b522fe8437ebb7063b75ddb95b571643	commit \| diff

selftests: seg6: add test for dst_cache isolation in seg6 lwtunnel

Add a selftest that verifies the dst_cache in seg6 lwtunnel is not
shared between the input (forwarding) and output (locally generated)
paths.

The test creates three namespaces (ns_src, ns_router, ns_dst)
connected in a line. An SRv6 encap route on ns_router encapsulates
traffic destined to cafe::1 with SID fc00::100. The SID is
reachable only for forwarded traffic (from ns_src) via an ip rule
matching the ingress interface (iif veth-r0 lookup 100), and
blackholed in the main table.

The test verifies that:

  1. A packet generated locally on ns_router does not reach
     ns_dst with an empty cache, since the SID is blackholed;
  2. A forwarded packet from ns_src populates the input cache
     from table 100 and reaches ns_dst;
  3. A packet generated locally on ns_router still does not
     reach ns_dst after the input cache is populated,
     confirming the output path does not reuse the input
     cache entry.

Both the forwarded and local packets are pinned to the same CPU
with taskset, since dst_cache is per-cpu.

Cc: Shuah Khan <shuah@kernel.org>
Signed-off-by: Andrea Mayer <andrea.mayer@uniroma2.it>
Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Reviewed-by: Justin Iurman <justin.iurman@gmail.com>
Link: https://patch.msgid.link/20260404004405.4057-3-andrea.mayer@uniroma2.it
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

tools/testing/selftests/net/Makefile		diff \| blob \| blame \| history
tools/testing/selftests/net/srv6_iptunnel_cache.sh	[new file with mode: 0755]	blob