wireguard-linux/tools, branch devel

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2026-04-14T19:04:00Z

Merge in late fixes in preparation for the net-next PR. Conflicts: include/net/sch_generic.h a6bd339dbb351 ("net_sched: fix skb memory leak in deferred qdisc drops") ff2998f29f390 ("net: sched: introduce qdisc-specific drop reason tracing") https://lore.kernel.org/adz0iX85FHMz0HdO@sirena.org.uk drivers/net/ethernet/airoha/airoha_eth.c 1acdfbdb516b ("net: airoha: Fix VIP configuration for AN7583 SoC") bf3471e6e6c0 ("net: airoha: Make flow control source port mapping dependent on nbq parameter") Adjacent changes: drivers/net/ethernet/airoha/airoha_ppe.c f44218cd5e6a ("net: airoha: Reset PPE cpu port configuration in airoha_ppe_hw_init()") 7da62262ec96 ("inet: add ip_local_port_step_width sysctl to improve port usage distribution") Signed-off-by: Jakub Kicinski

tools: ynl: add sample for wireguard

2026-04-14T18:48:04Z

Add a sample application for WireGuard, using the generated C library. The main benefit of this is to exercise the generated library, which might be useful for future self-tests. Example: $ make -C tools/net/ynl/lib $ make -C tools/net/ynl/generated $ make -C tools/net/ynl/tests wireguard $ ./tools/net/ynl/tests/wireguard usage: ./tools/net/ynl/tests/wireguard $ sudo ./tools/net/ynl/tests/wireguard wg-test Interface 3: wg-test Peer 6adfb183a4a2c94a2f92dab5ade762a4788[...]: Data: rx: 42 / tx: 42 bytes Allowed IPs: 0.0.0.0/0 ::/0 Signed-off-by: Asbjørn Sloth Tønnesen Signed-off-by: Jason A. Donenfeld Link: https://patch.msgid.link/20260414153944.2742252-3-Jason@zx2c4.com Signed-off-by: Jakub Kicinski

selftests/net: Add additional test coverage in nk_qlease

2026-04-14T15:17:02Z

Add further netkit queue-lease coverage for netns lifecycle of the guest and physical halves, channel resize across active leases, single-device and multi-lessee scenarios, L3 mode operation, lease capacity exhaustion, and corner-cases of e.g. queue-create rejection paths. Also make the tests more robust by removing the time.sleep(0.1) after netns deletion and turn them into a wait loop. Full test run: # ./nk_qlease.py TAP version 13 1..45 ok 1 nk_qlease.test_remove_phys ok 2 nk_qlease.test_double_lease ok 3 nk_qlease.test_virtual_lessor ok 4 nk_qlease.test_phys_lessee ok 5 nk_qlease.test_different_lessors ok 6 nk_qlease.test_queue_out_of_range ok 7 nk_qlease.test_resize_leased ok 8 nk_qlease.test_self_lease ok 9 nk_qlease.test_create_tx_type ok 10 nk_qlease.test_create_primary ok 11 nk_qlease.test_create_limit ok 12 nk_qlease.test_link_flap_phys ok 13 nk_qlease.test_queue_get_virtual ok 14 nk_qlease.test_remove_virt_first ok 15 nk_qlease.test_multiple_leases ok 16 nk_qlease.test_lease_queue_tx_type ok 17 nk_qlease.test_invalid_netns ok 18 nk_qlease.test_invalid_phys_ifindex ok 19 nk_qlease.test_multi_netkit_remove_phys ok 20 nk_qlease.test_single_remove_phys ok 21 nk_qlease.test_link_flap_virt ok 22 nk_qlease.test_phys_queue_no_lease ok 23 nk_qlease.test_same_ns_lease ok 24 nk_qlease.test_resize_after_unlease ok 25 nk_qlease.test_lease_queue_zero ok 26 nk_qlease.test_release_and_reuse ok 27 nk_qlease.test_veth_queue_create ok 28 nk_qlease.test_two_netkits_same_queue ok 29 nk_qlease.test_l3_mode_lease ok 30 nk_qlease.test_single_double_lease ok 31 nk_qlease.test_single_different_lessors ok 32 nk_qlease.test_cross_ns_netns_id ok 33 nk_qlease.test_delete_guest_netns ok 34 nk_qlease.test_move_guest_netns ok 35 nk_qlease.test_resize_phys_no_reduction ok 36 nk_qlease.test_delete_one_netkit_of_two ok 37 nk_qlease.test_bind_rx_leased_phys_queue ok 38 nk_qlease.test_resize_phys_shrink_past_leased ok 39 nk_qlease.test_resize_virt_not_supported ok 40 nk_qlease.test_lease_devices_down ok 41 nk_qlease.test_lease_capacity_exhaustion ok 42 nk_qlease.test_resize_phys_up ok 43 nk_qlease.test_multi_ns_lease ok 44 nk_qlease.test_multi_ns_delete_one ok 45 nk_qlease.test_move_phys_netns # Totals: pass:45 fail:0 xfail:0 xpass:0 skip:0 error:0 Signed-off-by: Daniel Borkmann Reviewed-by: Nikolay Aleksandrov Link: https://patch.msgid.link/20260413220809.604592-4-daniel@iogearbox.net Signed-off-by: Jakub Kicinski

selftests/net: Split netdevsim tests from HW tests in nk_qlease

2026-04-14T15:17:01Z

As pointed out in 3d2c3d2eea9a ("selftests: net: py: explicitly forbid multiple ksft_run() calls"), ksft_run() cannot be called multiple times. Move the netdevsim-based queue lease tests to selftests/net/ so that each file has exactly one ksft_run() call. The HW tests (io_uring ZC RX, queue attrs, XDP with MP, destroy) remain in selftests/drivers/net/hw/. Fixes: 65d657d80684 ("selftests/net: Add queue leasing tests with netkit") Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/netdev/20260409181950.7e099b6c@kernel.org Reviewed-by: Nikolay Aleksandrov Link: https://patch.msgid.link/20260413220809.604592-3-daniel@iogearbox.net Signed-off-by: Jakub Kicinski

tools/ynl: Make YnlFamily closeable as a context manager

2026-04-14T15:17:01Z

YnlFamily opens an AF_NETLINK socket in __init__ but has no way to release it other than leaving it to the GC. YnlFamily holds a self reference cycle through SpecFamily's self.family = self in its super().__init__() call, so refcount GC cannot reclaim it and the socket stays open until the cyclic GC runs. If a test creates a guest netns, instantiates a YnlFamily inside it via NetNSEnter(), performs some test case work via Ynl, and then deletes the netns, then the 'ip netns del' only drops the mount binding and cleanup_net in the kernel never runs, so any subsequent test case assertions that objects got cleaned up would fail given this only gets triggered later via cyclic GC run. Add an explicit close() that closes the netlink socket and wire up the __enter__/__exit__ so callers can scope the instance deterministically via 'with YnlFamily(...) as ynl: ...'. Signed-off-by: Daniel Borkmann Reviewed-by: Nikolay Aleksandrov Link: https://patch.msgid.link/20260413220809.604592-2-daniel@iogearbox.net Signed-off-by: Jakub Kicinski

selftests/bpf: add test for xdp_master_redirect with bond not up

2026-04-14T08:39:24Z

Add a selftest that reproduces the null-ptr-deref in bond_rr_gen_slave_id() when XDP redirect targets a bond device in round-robin mode that was never brought up. The test verifies the fix by ensuring no crash occurs. Test setup: - bond0: active-backup mode, UP, with native XDP (enables bpf_master_redirect_enabled_key globally) - bond1: round-robin mode, never UP - veth1: slave of bond1, with generic XDP (XDP_TX) - BPF_PROG_TEST_RUN with live frames triggers the redirect path Signed-off-by: Jiayuan Chen Link: https://patch.msgid.link/20260411005524.201200-3-jiayuan.chen@linux.dev Signed-off-by: Paolo Abeni

selftests: net: Add tests for team driver decoupled tx and rx control

2026-04-13T13:09:49Z

Use ping and tcpdump to verify that independent rx and tx enablement of team driver member interfaces works as intended. Signed-off-by: Marc Harvey Reviewed-by: Kuniyuki Iwashima Link: https://patch.msgid.link/20260409-teaming-driver-internal-v7-10-f47e7589685d@google.com Signed-off-by: Paolo Abeni

selftests: net: Add test for enablement of ports with teamd

2026-04-13T13:09:49Z

There are no tests that verify enablement and disablement of team driver ports with teamd. This should work even with changes to the enablement option, so it is important to test. This test sets up an active-backup network configuration across two network namespaces, and tries to send traffic while changing which link is the active one. Also increase the team test timeout to 300 seconds, because gracefully killing teamd can take 30 seconds for each instance. Signed-off-by: Marc Harvey Reviewed-by: Kuniyuki Iwashima Link: https://patch.msgid.link/20260409-teaming-driver-internal-v7-5-f47e7589685d@google.com Signed-off-by: Paolo Abeni

selftests: net: Add tests for failover of team-aggregated ports

2026-04-13T13:09:49Z

There are currently no kernel tests that verify the effect of setting the enabled team driver option. In a followup patch, there will be changes to this option, so it will be important to make sure it still behaves as it does now. The test verifies that tcp continues to work across two different team devices in separate network namespaces, even when member links are manually disabled. Signed-off-by: Marc Harvey Reviewed-by: Kuniyuki Iwashima Link: https://patch.msgid.link/20260409-teaming-driver-internal-v7-4-f47e7589685d@google.com Signed-off-by: Paolo Abeni

selftests/bpf: Add tests for sock_ops ctx access with same src/dst register

2026-04-12T19:28:05Z

Add selftests to verify SOCK_OPS_GET_SK() and SOCK_OPS_GET_FIELD() correctly return NULL/zero when dst_reg == src_reg and is_fullsock == 0. Three subtests are included: - get_sk: ctx->sk with same src/dst register (SOCK_OPS_GET_SK) - get_field: ctx->snd_cwnd with same src/dst register (SOCK_OPS_GET_FIELD) - get_sk_diff_reg: ctx->sk with different src/dst register (baseline) Each BPF program uses inline asm (__naked) to force specific register allocation, reads is_fullsock first, then loads the field using the same (or different) register. The test triggers TCP_NEW_SYN_RECV via a TCP handshake and checks that the result is NULL/zero when is_fullsock == 0. Reviewed-by: Sun Jian Signed-off-by: Jiayuan Chen Acked-by: Martin KaFai Lau Link: https://patch.msgid.link/20260407022720.162151-3-jiayuan.chen@linux.dev Signed-off-by: Jakub Kicinski