lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAFTs51XM3XUTCSGbhP=Xr+8__ezvMNVabMmGPbHk393rXazABw@mail.gmail.com>
Date:   Wed, 10 Apr 2019 21:38:05 -0700
From:   Peter Oskolkov <posk@...k.io>
To:     David Ahern <dsahern@...il.com>
Cc:     Peter Oskolkov <posk@...gle.com>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org,
        bpf@...r.kernel.org
Subject: Re: [PATCH bpf-next] selftests: bpf: add VRF test cases to
 lwt_ip_encap test.

Your test output tells me that everything is OK - see below.

On Wed, Apr 10, 2019 at 9:17 PM David Ahern <dsahern@...il.com> wrote:
>
> On 4/10/19 6:26 PM, Peter Oskolkov wrote:
> > On Wed, Apr 10, 2019 at 6:19 PM David Ahern <dsahern@...il.com> wrote:
> >>
> >> On 4/3/19 8:43 AM, Peter Oskolkov wrote:
> >>> This patch adds tests validating that VRF and BPF-LWT
> >>> encap work together well, as requested by David Ahern.
> >>>
> >>> Signed-off-by: Peter Oskolkov <posk@...gle.com>
> >>> ---
> >>>  .../selftests/bpf/test_lwt_ip_encap.sh        | 134 +++++++++++-------
> >>>  1 file changed, 86 insertions(+), 48 deletions(-)
> >>>
> >>
> >> Peter: What OS are you using to run this test script?
> >
> > Debian Testing with a net-next kernel. What kind of errors do you see?
> >
>
> This is on Debian Stretch.
>
> 1. nc is not installed
>
> ###
> $ ./test_lwt_ip_encap.sh
> starting egress IPv4 encap test
> nc is not available: skipping TSO tests
> nc is not available: skipping TSO tests
> ping: sendmsg: No route to host
> PASS
> starting egress IPv6 encap test
> nc is not available: skipping TSO tests
> nc is not available: skipping TSO tests
> ping: sendmsg: No route to host
> PASS
> starting ingress IPv4 encap test
> PASS
> starting ingress IPv6 encap test
> PASS
> starting egress IPv4 encap test vrf red
> ping: sendmsg: No route to host
> ping: sendmsg: No route to host
> PASS
> starting egress IPv6 encap test vrf red
> ping: sendmsg: No route to host
> ping: sendmsg: No route to host
> PASS
> starting ingress IPv4 encap test vrf red
> PASS
> starting ingress IPv6 encap test vrf red
> PASS
>
> ###
>
> Notice the "No route to host" errors.

"No route to host" is OK: there are negative tests, as you requested a
couple of months ago... :), and these tests correctly trigger "no
route to host".

This output basically tell me that the test passes, both with and without VRF.

>
>
> 2. install netcat
>
> $ apt-get install netcat
> ...
> ###
> $  ./test_lwt_ip_encap.sh
> starting egress IPv4 encap test
> nc: invalid option -- '4'
> nc -h for help
> bash: connect: Connection refused
> bash: /dev/tcp/172.16.4.100/9000: Connection refused
>     test_gso failed: IPv4
> nc: invalid option -- '6'
> nc -h for help
> bash: connect: Connection refused
> bash: /dev/tcp/fb04::1/9000: Connection refused
>     test_gso failed: IPv6
> ping: sendmsg: No route to host
> FAIL
> starting egress IPv6 encap test
> nc: invalid option -- '4'
> nc -h for help
> bash: connect: Connection refused
> bash: /dev/tcp/172.16.4.100/9000: Connection refused
>     test_gso failed: IPv4
> nc: invalid option -- '6'
> nc -h for help
> bash: connect: Connection refused
> bash: /dev/tcp/fb04::1/9000: Connection refused
>     test_gso failed: IPv6
> ping: sendmsg: No route to host
> FAIL
> starting ingress IPv4 encap test
> PASS
> starting ingress IPv6 encap test
> PASS
> starting egress IPv4 encap test vrf red
> ping: sendmsg: No route to host
> ping: sendmsg: No route to host
> PASS
> starting egress IPv6 encap test vrf red
> ping: sendmsg: No route to host
> ping: sendmsg: No route to host
> PASS
> starting ingress IPv4 encap test vrf red
> PASS
> starting ingress IPv6 encap test vrf red
> PASS
> passed tests: 6
> failed tests: 2
>
> ###
>
> so netcat is not the right package. 'apt-cache search netcat' shows
> another package, so try it.

I guess Debian Stretch has a too old version of netcat that does not
support the flags used in the test.

>
>
> 3. remove netcat and install netcat-openbsd
>
> ###
>
> $  ./test_lwt_ip_encap.sh
> starting egress IPv4 encap test
> nc: cannot use -s and -l
> bash: connect: Connection refused
> bash: /dev/tcp/172.16.4.100/9000: Connection refused
>     test_gso failed: IPv4
> nc: cannot use -s and -l
> bash: connect: Connection refused
> bash: /dev/tcp/fb04::1/9000: Connection refused
>     test_gso failed: IPv6
> ping: sendmsg: No route to host
> FAIL
> starting egress IPv6 encap test
> nc: cannot use -s and -l
> bash: connect: Connection refused
> bash: /dev/tcp/172.16.4.100/9000: Connection refused
>     test_gso failed: IPv4
> nc: cannot use -s and -l
> bash: connect: Connection refused
> bash: /dev/tcp/fb04::1/9000: Connection refused
>     test_gso failed: IPv6
> ping: sendmsg: No route to host
> FAIL
> starting ingress IPv4 encap test
> PASS
> starting ingress IPv6 encap test
> PASS
> starting egress IPv4 encap test vrf red
> ...
>
> ###
>
> still not the right nc command.
>
> This is when I started instrumenting the script.
>
> So really we need the existing (pre-VRF version) to work without errors
> and then add the VRF tests. And the ability to see what is failing is
> important.
>
> Compare the above output to pmtu.sh and fib_tests.sh for example -- and
> the options fib_tests.sh has to help a user when a test fails (verbose
> mode and pause on fail).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ