lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e89a3bb0-87c0-bb66-38a7-ac3bba1755e6@gmail.com>
Date:   Wed, 10 Apr 2019 21:17:04 -0700
From:   David Ahern <dsahern@...il.com>
To:     Peter Oskolkov <posk@...k.io>
Cc:     Peter Oskolkov <posk@...gle.com>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org,
        bpf@...r.kernel.org
Subject: Re: [PATCH bpf-next] selftests: bpf: add VRF test cases to
 lwt_ip_encap test.

On 4/10/19 6:26 PM, Peter Oskolkov wrote:
> On Wed, Apr 10, 2019 at 6:19 PM David Ahern <dsahern@...il.com> wrote:
>>
>> On 4/3/19 8:43 AM, Peter Oskolkov wrote:
>>> This patch adds tests validating that VRF and BPF-LWT
>>> encap work together well, as requested by David Ahern.
>>>
>>> Signed-off-by: Peter Oskolkov <posk@...gle.com>
>>> ---
>>>  .../selftests/bpf/test_lwt_ip_encap.sh        | 134 +++++++++++-------
>>>  1 file changed, 86 insertions(+), 48 deletions(-)
>>>
>>
>> Peter: What OS are you using to run this test script?
> 
> Debian Testing with a net-next kernel. What kind of errors do you see?
> 

This is on Debian Stretch.

1. nc is not installed

###
$ ./test_lwt_ip_encap.sh
starting egress IPv4 encap test
nc is not available: skipping TSO tests
nc is not available: skipping TSO tests
ping: sendmsg: No route to host
PASS
starting egress IPv6 encap test
nc is not available: skipping TSO tests
nc is not available: skipping TSO tests
ping: sendmsg: No route to host
PASS
starting ingress IPv4 encap test
PASS
starting ingress IPv6 encap test
PASS
starting egress IPv4 encap test vrf red
ping: sendmsg: No route to host
ping: sendmsg: No route to host
PASS
starting egress IPv6 encap test vrf red
ping: sendmsg: No route to host
ping: sendmsg: No route to host
PASS
starting ingress IPv4 encap test vrf red
PASS
starting ingress IPv6 encap test vrf red
PASS

###

Notice the "No route to host" errors.


2. install netcat

$ apt-get install netcat
...
###
$  ./test_lwt_ip_encap.sh
starting egress IPv4 encap test
nc: invalid option -- '4'
nc -h for help
bash: connect: Connection refused
bash: /dev/tcp/172.16.4.100/9000: Connection refused
    test_gso failed: IPv4
nc: invalid option -- '6'
nc -h for help
bash: connect: Connection refused
bash: /dev/tcp/fb04::1/9000: Connection refused
    test_gso failed: IPv6
ping: sendmsg: No route to host
FAIL
starting egress IPv6 encap test
nc: invalid option -- '4'
nc -h for help
bash: connect: Connection refused
bash: /dev/tcp/172.16.4.100/9000: Connection refused
    test_gso failed: IPv4
nc: invalid option -- '6'
nc -h for help
bash: connect: Connection refused
bash: /dev/tcp/fb04::1/9000: Connection refused
    test_gso failed: IPv6
ping: sendmsg: No route to host
FAIL
starting ingress IPv4 encap test
PASS
starting ingress IPv6 encap test
PASS
starting egress IPv4 encap test vrf red
ping: sendmsg: No route to host
ping: sendmsg: No route to host
PASS
starting egress IPv6 encap test vrf red
ping: sendmsg: No route to host
ping: sendmsg: No route to host
PASS
starting ingress IPv4 encap test vrf red
PASS
starting ingress IPv6 encap test vrf red
PASS
passed tests: 6
failed tests: 2

###

so netcat is not the right package. 'apt-cache search netcat' shows
another package, so try it.


3. remove netcat and install netcat-openbsd

###

$  ./test_lwt_ip_encap.sh
starting egress IPv4 encap test
nc: cannot use -s and -l
bash: connect: Connection refused
bash: /dev/tcp/172.16.4.100/9000: Connection refused
    test_gso failed: IPv4
nc: cannot use -s and -l
bash: connect: Connection refused
bash: /dev/tcp/fb04::1/9000: Connection refused
    test_gso failed: IPv6
ping: sendmsg: No route to host
FAIL
starting egress IPv6 encap test
nc: cannot use -s and -l
bash: connect: Connection refused
bash: /dev/tcp/172.16.4.100/9000: Connection refused
    test_gso failed: IPv4
nc: cannot use -s and -l
bash: connect: Connection refused
bash: /dev/tcp/fb04::1/9000: Connection refused
    test_gso failed: IPv6
ping: sendmsg: No route to host
FAIL
starting ingress IPv4 encap test
PASS
starting ingress IPv6 encap test
PASS
starting egress IPv4 encap test vrf red
...

###

still not the right nc command.

This is when I started instrumenting the script.

So really we need the existing (pre-VRF version) to work without errors
and then add the VRF tests. And the ability to see what is failing is
important.

Compare the above output to pmtu.sh and fib_tests.sh for example -- and
the options fib_tests.sh has to help a user when a test fails (verbose
mode and pause on fail).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ