This series resolves various issues with the FIB expression
when used with VRFs.
First patch adds 'fib type' tests.
Second patch moves a VRF+fib test to nft_fib.sh where it belongs.
The 3rd patch fixes an inconistency where, in a VRF setup,
ipv4 and ipv6 fib provide different results for the same address
type (locally configured); this changes nft_fib_ipv6 to behave like ipv4.
4th patch fixes l3mdev handling in FIB, especially 'fib type' insist
a locally configured addess in the VRF is not local (result is
'unicast') unless the 'iif' keyword is given because of conditional
initialisation of the .l3mdev member.
Last patch adds more type and oif fib tests for VRFs, both when incoming
interface is part of a VRF and when its not.
I'm targetting nf-next because we're too late in this cycle.
Florian Westphal (5):
selftests: netfilter: nft_fib.sh: add 'type' mode tests
selftests: netfilter: move fib vrf test to nft_fib.sh
netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result
discrepancy
netfilter: nf_tables: nft_fib: consistent l3mdev handling
selftests: netfilter: nft_fib.sh: add type and oif tests with and
without VRFs
include/net/netfilter/nft_fib.h | 16 +
net/ipv4/netfilter/nft_fib_ipv4.c | 11 +-
net/ipv6/netfilter/nft_fib_ipv6.c | 17 +-
.../selftests/net/netfilter/conntrack_vrf.sh | 33 -
.../selftests/net/netfilter/nft_fib.sh | 612 +++++++++++++++++-
5 files changed, 637 insertions(+), 52 deletions(-)
--
2.49.0
