selftests: netfilter: nft_concat_range.sh: add check for flush+reload bug

This test will fail without
the preceding commit ("netfilter: nft_set_pipapo_avx2: fix match retart if found element is expired"):

  reject overlapping range on add       0s                              [ OK ]
  reload with flush                 /dev/stdin:59:32-52: Error: Could not process rule: File exists
add element inet filter test { 10.0.0.29 . 10.0.2.29 }

Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/tools/testing/selftests/net/netfilter/nft_concat_range.sh b/tools/testing/selftests/net/netfilter/nft_concat_range.sh
index 394166f224a4b3f22103bfb5756f563864649d70..ffdc6ccc6511c2b0e142d2b68b079507832ba6ff 100755 (executable)
--- a/tools/testing/selftests/net/netfilter/nft_concat_range.sh
+++ b/tools/testing/selftests/net/netfilter/nft_concat_range.sh
@@ -29,7 +29,8 @@ TYPES="net_port port_net net6_port port_proto net6_port_mac net6_port_mac_proto
        net6_port_net6_port net_port_mac_proto_net"
 
 # Reported bugs, also described by TYPE_ variables below
-BUGS="flush_remove_add reload net_port_proto_match avx2_mismatch doublecreate insert_overlap"
+BUGS="flush_remove_add reload net_port_proto_match avx2_mismatch doublecreate
+      insert_overlap load_flush_load4 load_flush_load8"
 
 # List of possible paths to pktgen script from kernel tree for performance tests
 PKTGEN_SCRIPT_PATHS="
@@ -432,6 +433,30 @@ race_repeat        0
 perf_duration  0
 "
 
+TYPE_load_flush_load4="
+display                reload with flush, 4bit groups
+type_spec      ipv4_addr . ipv4_addr
+chain_spec     ip saddr . ip daddr
+dst            addr4
+proto          icmp
+
+race_repeat    0
+
+perf_duration  0
+"
+
+TYPE_load_flush_load8="
+display                reload with flush, 8bit groups
+type_spec      ipv4_addr . ipv4_addr
+chain_spec     ip saddr . ip daddr
+dst            addr4
+proto          icmp
+
+race_repeat    0
+
+perf_duration  0
+"
+
 # Set template for all tests, types and rules are filled in depending on test
 set_template='
 flush ruleset
@@ -1997,6 +2022,49 @@ test_bug_insert_overlap()
        return 0
 }
 
+test_bug_load_flush_load4()
+{
+       local i
+
+       setup veth send_"${proto}" set || return ${ksft_skip}
+
+       for i in $(seq 0 255); do
+               local addelem="add element inet filter test"
+               local j
+
+               for j in $(seq 0 20); do
+                       echo "$addelem { 10.$j.0.$i . 10.$j.1.$i }"
+                       echo "$addelem { 10.$j.0.$i . 10.$j.2.$i }"
+               done
+       done > "$tmp"
+
+       nft -f "$tmp" || return 1
+
+       ( echo "flush set inet filter test";cat "$tmp") | nft -f -
+       [ $? -eq 0 ] || return 1
+
+       return 0
+}
+
+test_bug_load_flush_load8()
+{
+       local i
+
+       setup veth send_"${proto}" set || return ${ksft_skip}
+
+       for i in $(seq 1 100); do
+               echo "add element inet filter test { 10.0.0.$i . 10.0.1.$i }"
+               echo "add element inet filter test { 10.0.0.$i . 10.0.2.$i }"
+       done > "$tmp"
+
+       nft -f "$tmp" || return 1
+
+       ( echo "flush set inet filter test";cat "$tmp") | nft -f -
+       [ $? -eq 0 ] || return 1
+
+       return 0
+}
+
 test_reported_issues() {
        eval test_bug_"${subtest}"
 }