lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 16 Apr 2018 13:41:38 -0700
From:   Roopa Prabhu <roopa@...ulusnetworks.com>
To:     davem@...emloft.net
Cc:     netdev@...r.kernel.org, dsa@...ulusnetworks.com
Subject: [PATCH net-next 5/5] selftests: net: initial fib rule tests

From: Roopa Prabhu <roopa@...ulusnetworks.com>

This adds a first set of tests for fib rule match/action for
ipv4 and ipv6. Initial tests only cover action table.
can be extended to cover other actions in the future.
Uses ip route get to validate the rule lookup.

Signed-off-by: Roopa Prabhu <roopa@...ulusnetworks.com>
---
 tools/testing/selftests/net/Makefile          |   2 +-
 tools/testing/selftests/net/fib_rule_tests.sh | 208 ++++++++++++++++++++++++++
 2 files changed, 209 insertions(+), 1 deletion(-)
 create mode 100755 tools/testing/selftests/net/fib_rule_tests.sh

diff --git a/tools/testing/selftests/net/Makefile b/tools/testing/selftests/net/Makefile
index 785fc18..f02ab70 100644
--- a/tools/testing/selftests/net/Makefile
+++ b/tools/testing/selftests/net/Makefile
@@ -5,7 +5,7 @@ CFLAGS =  -Wall -Wl,--no-as-needed -O2 -g
 CFLAGS += -I../../../../usr/include/
 
 TEST_PROGS := run_netsocktests run_afpackettests test_bpf.sh netdevice.sh rtnetlink.sh
-TEST_PROGS += fib_tests.sh fib-onlink-tests.sh pmtu.sh
+TEST_PROGS += fib_tests.sh fib-onlink-tests.sh pmtu.sh fib_rule_tests.sh
 TEST_GEN_FILES =  socket
 TEST_GEN_FILES += psock_fanout psock_tpacket msg_zerocopy
 TEST_GEN_PROGS = reuseport_bpf reuseport_bpf_cpu reuseport_bpf_numa
diff --git a/tools/testing/selftests/net/fib_rule_tests.sh b/tools/testing/selftests/net/fib_rule_tests.sh
new file mode 100755
index 0000000..b28fbc1
--- /dev/null
+++ b/tools/testing/selftests/net/fib_rule_tests.sh
@@ -0,0 +1,208 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+
+# This test is for checking IPv4 and IPv6 FIB rules API
+
+ret=0
+
+PAUSE_ON_FAIL=${PAUSE_ON_FAIL:=no}
+
+RTABLE=100
+GW_IP4=192.51.100.2
+SRC_IP=192.51.100.3
+GW_IP6=2001:db8:1::2
+SRC_IP6=2001:db8:1::3
+
+DEV_ADDR=192.51.100.1
+DEV=dummy0
+
+log_test()
+{
+	local rc=$1
+	local expected=$2
+	local msg="$3"
+
+	if [ ${rc} -eq ${expected} ]; then
+		printf "        %-60s  [ OK ]\n" "${msg}"
+	else
+		ret=1
+		printf "        %-60s  [FAIL]\n" "${msg}"
+		if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
+		echo
+			echo "hit enter to continue, 'q' to quit"
+			read a
+			[ "$a" = "q" ] && exit 1
+		fi
+	fi
+}
+
+setup()
+{
+	set -e
+	ip netns add testns
+	ip -netns testns link set dev lo up
+
+	ip -netns testns link add dummy0 type dummy
+	ip -netns testns link set dev dummy0 up
+	ip -netns testns address add 198.51.100.1/24 dev dummy0
+	ip -netns testns -6 address add 2001:db8:1::1/64 dev dummy0
+
+	set +e
+}
+
+cleanup()
+{
+	ip -netns testns link del dev dummy0 &> /dev/null
+	ip netns del testns
+}
+
+fib_check_iproute_support()
+{
+    ip rule help 2>&1 | grep -q $1
+    if [ $? -ne 0 ]; then
+	    echo "SKIP: iproute2 get too old, missing $1 match"
+        return 1
+    fi
+
+    ip route get help 2>&1 | grep -q $2
+    if [ $? -ne 0 ]; then
+	    echo "SKIP: iproute2 get too old, missing $2 match"
+        return 1
+    fi
+
+    return 0
+}
+
+fib_rule6_del()
+{
+    ip -netns testns -6 rule del $1
+	log_test $? 0 "rule6 del $1"
+}
+
+fib_rule6_del_by_pref()
+{
+	pref=$(ip -netns testns -6 rule show | grep "$1 lookup $TABLE" | cut -d ":" -f 1)
+	ip -netns testns -6 rule del pref $pref
+}
+
+fib_rule6_test_match_n_redirect()
+{
+    match="$1"
+    getmatch="$2"
+
+	ip -netns testns -6 rule add $match table $RTABLE
+	ip -netns testns -6 route get $GW_IP6 $getmatch | grep -q "table $RTABLE"
+	log_test $? 0 "rule6 check: $1"
+
+	fib_rule6_del_by_pref "$match"
+	log_test $? 0 "rule6 del by pref: $match"
+}
+
+fib_rule6_test()
+{
+	# setup the pbr redirect route
+	ip -netns testns -6 route add table $RTABLE default via $GW_IP6 dev $DEV onlink
+	# test oif match
+	match="oif $DEV"
+	fib_rule6_test_match_n_redirect "$match" "$match" "oif redirect to table"
+
+	match="from $SRC_IP6 iif $DEV"
+	fib_rule6_test_match_n_redirect "$match" "$match" "iif redirect to table"
+
+    match="tos 0x10"
+    fib_rule6_test_match_n_redirect "$match" "$match" "tos redirect to table"
+
+    match="fwmark 0x64"
+    getmatch="mark 0x64"
+    fib_rule6_test_match_n_redirect "$match" "$getmatch" "fwmark redirect to table"
+
+    fib_check_iproute_support "uidrange" "uid"
+    if [ $? -eq 0 ]; then
+        match="uidrange 100-100"
+        getmatch="uid 100"
+        fib_rule6_test_match_n_redirect "$match" "$getmatch" "uid redirect to table"
+    fi
+
+    fib_check_iproute_support "sport" "sport"
+    if [ $? -eq 0 ]; then
+        match="sport 666 dport 777"
+        fib_rule6_test_match_n_redirect "$match" "$match" "sport and dport redirect to table"
+    fi
+}
+
+fib_rule4_del()
+{
+    ip -netns testns rule del $1
+	log_test $? 0 "del $1"
+}
+
+fib_rule4_del_by_pref()
+{
+	pref=$(ip -netns testns rule show | grep "$1 lookup $TABLE" | cut -d ":" -f 1)
+	ip -netns testns rule del pref $pref
+}
+
+fib_rule4_test_match_n_redirect()
+{
+	match="$1"
+    getmatch="$2"
+
+	ip -netns testns rule add $match table $RTABLE
+	ip -netns testns route get $GW_IP4 $getmatch | grep -q "table $RTABLE"
+	log_test $? 0 "rule4 check: $1"
+
+	fib_rule4_del_by_pref "$match"
+	log_test $? 0 "rule4 del by pref: $match"
+}
+
+fib_rule4_test()
+{
+	# setup the pbr redirect route
+	ip -netns testns route add table $RTABLE default via $GW_IP4 dev $DEV onlink
+
+	# test oif match
+	match="oif $DEV"
+	fib_rule4_test_match_n_redirect "$match" "$match" "oif redirect to table"
+
+	match="from $SRC_IP iif $DEV"
+	fib_rule4_test_match_n_redirect "$match" "$match" "iif redirect to table"
+
+    match="tos 0x10"
+    fib_rule4_test_match_n_redirect "$match" "$match" "tos redirect to table"
+
+    match="fwmark 0x64"
+    getmatch="mark 0x64"
+    fib_rule4_test_match_n_redirect "$match" "$getmatch" "fwmark redirect to table"
+
+    fib_check_iproute_support "uidrange" "uid"
+    if [ $? -eq 0 ]; then
+        match="uidrange 100-100"
+        getmatch="uid 100"
+        fib_rule4_test_match_n_redirect "$match" "$getmatch" "uid redirect to table"
+    fi
+
+    fib_check_iproute_support "sport" "sport"
+    if [ $? -eq 0 ]; then
+        match="sport 666 dport 777"
+        fib_rule4_test_match_n_redirect "$match" "$match" "sport and dport redirect to table"
+    fi
+}
+
+if [ "$(id -u)" -ne 0 ];then
+	echo "SKIP: Need root privileges"
+	exit 0
+fi
+
+if [ ! -x "$(command -v ip)" ]; then
+	echo "SKIP: Could not run test without ip tool"
+	exit 0
+fi
+
+# start clean
+cleanup &> /dev/null
+setup
+fib_rule4_test
+fib_rule6_test
+cleanup
+
+exit $ret
-- 
2.1.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ