| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Aug 2023 13:08:06 +0200
From: Petr Machata <petrm@...dia.com>
To: Ido Schimmel <idosch@...sch.org>
CC: Mirsad Todorovac <mirsad.todorovac@....unizg.hr>,
<petrm@...dia.com>, <razor@...ckwall.org>,
Ido Schimmel <idosch@...dia.com>, <netdev@...r.kernel.org>,
<linux-kselftest@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
"David S. Miller" <davem@...emloft.net>,
"Eric Dumazet" <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, Shuah Khan <shuah@...nel.org>
Subject: Re: [PATCH v1 01/11] selftests: forwarding:
custom_multipath_hash.sh: add cleanup for SIGTERM sent by timeout
Ido Schimmel <idosch@...sch.org> writes:
> On Thu, Jul 27, 2023 at 09:26:03PM +0200, Mirsad Todorovac wrote:
>> not ok 49 selftests: net/forwarding: mirror_gre_changes.sh # exit=1
>
> Petr, please take a look. Probably need to make the filters more
> specific. The failure is:
>
> # TEST: mirror to gretap: TTL change (skip_hw) [FAIL]
> # Expected to capture 10 packets, got 14.
Yeah, this reproduces easily on my laptop. The switches are somehow much
more quiet and do not really hit the issue.
Mirsad, can you please try this patch? It fixes the issue for me.
>From 77461c209eb0067dca7fdf4431a907b2a1ce8c6a Mon Sep 17 00:00:00 2001
Message-ID: <77461c209eb0067dca7fdf4431a907b2a1ce8c6a.1690887929.git.petrm@...dia.com>
From: Petr Machata <petrm@...dia.com>
Date: Tue, 1 Aug 2023 12:57:53 +0200
Subject: [PATCH net-next] selftests: mirror_gre_changes: Tighten up the TTL
test match
To: <netdev@...r.kernel.org>
This test verifies whether the encapsulated packets have the correct
configured TTL. It does so by sending ICMP packets through the test
topology and mirroring them to a gretap netdevice. On a busy host
however, more than just the test ICMP packets may end up flowing
through the topology, get mirrored, and counted. This leads to
potential spurious failures as the test observes much more mirrored
packets than the sent test packets, and assumes a bug.
Fix this by tightening up the mirror action match. Change it from
matchall to a flower classifier matching on ICMP packets specifically.
Signed-off-by: Petr Machata <petrm@...dia.com>
---
tools/testing/selftests/net/forwarding/mirror_gre_changes.sh | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/net/forwarding/mirror_gre_changes.sh b/tools/testing/selftests/net/forwarding/mirror_gre_changes.sh
index aff88f78e339..5ea9d63915f7 100755
--- a/tools/testing/selftests/net/forwarding/mirror_gre_changes.sh
+++ b/tools/testing/selftests/net/forwarding/mirror_gre_changes.sh
@@ -72,7 +72,8 @@ test_span_gre_ttl()
RET=0
- mirror_install $swp1 ingress $tundev "matchall $tcflags"
+ mirror_install $swp1 ingress $tundev \
+ "prot ip flower $tcflags ip_prot icmp"
tc filter add dev $h3 ingress pref 77 prot $prot \
flower skip_hw ip_ttl 50 action pass
--
2.41.0
Powered by blists - more mailing lists