lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190518213335.8115-1-fw@strlen.de>
Date:   Sat, 18 May 2019 23:33:35 +0200
From:   Florian Westphal <fw@...len.de>
To:     <netdev@...r.kernel.org>
Cc:     pablo@...filter.org, Florian Westphal <fw@...len.de>
Subject: [PATCH net] kselftests: netfilter: fix leftover net/net-next merge conflict

In nf-next, I had extended this script to also cover NAT support for the
inet family.

In nf, I extended it to cover a regression with 'fully-random' masquerade.

Make this script work again by resolving the conflicts as needed.

Fixes: 8b4483658364f0 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net")
Signed-off-by: Florian Westphal <fw@...len.de>
---
 David, could you please take this directly?

 Thanks!

 tools/testing/selftests/netfilter/nft_nat.sh | 77 +++++++-------------
 1 file changed, 26 insertions(+), 51 deletions(-)

diff --git a/tools/testing/selftests/netfilter/nft_nat.sh b/tools/testing/selftests/netfilter/nft_nat.sh
index 21159f5f3362..14fcf3104c77 100755
--- a/tools/testing/selftests/netfilter/nft_nat.sh
+++ b/tools/testing/selftests/netfilter/nft_nat.sh
@@ -8,6 +8,11 @@ ksft_skip=4
 ret=0
 test_inet_nat=true
 
+cleanup()
+{
+	for i in 0 1 2; do ip netns del ns$i;done
+}
+
 nft --version > /dev/null 2>&1
 if [ $? -ne 0 ];then
 	echo "SKIP: Could not run test without nft tool"
@@ -21,6 +26,13 @@ if [ $? -ne 0 ];then
 fi
 
 ip netns add ns0
+if [ $? -ne 0 ];then
+	echo "SKIP: Could not create net namespace"
+	exit $ksft_skip
+fi
+
+trap cleanup EXIT
+
 ip netns add ns1
 ip netns add ns2
 
@@ -347,7 +359,7 @@ EOF
 test_masquerade6()
 {
 	local family=$1
-	local natflags=$1
+	local natflags=$2
 	local lret=0
 
 	ip netns exec ns0 sysctl net.ipv6.conf.all.forwarding=1 > /dev/null
@@ -392,18 +404,13 @@ EOF
 
 	ip netns exec ns2 ping -q -c 1 dead:1::99 > /dev/null # ping ns2->ns1
 	if [ $? -ne 0 ] ; then
-<<<<<<< HEAD
-		echo "ERROR: cannot ping ns1 from ns2 with active $family masquerading"
-=======
-		echo "ERROR: cannot ping ns1 from ns2 with active ipv6 masquerade $natflags"
->>>>>>> cd8dead0c39457e58ec1d36db93aedca811d48f1
+		echo "ERROR: cannot ping ns1 from ns2 with active $family masquerade $natflags"
 		lret=1
 	fi
 
 	# ns1 should have seen packets from ns0, due to masquerade
 	expect="packets 1 bytes 104"
 	for dir in "in6" "out6" ; do
-
 		cnt=$(ip netns exec ns1 nft list counter inet filter ns0${dir} | grep -q "$expect")
 		if [ $? -ne 0 ]; then
 			bad_counter ns1 ns0$dir "$expect"
@@ -433,38 +440,27 @@ EOF
 		fi
 	done
 
-<<<<<<< HEAD
-	ip netns exec ns0 nft flush chain $family nat postrouting
-=======
 	ip netns exec ns2 ping -q -c 1 dead:1::99 > /dev/null # ping ns2->ns1
 	if [ $? -ne 0 ] ; then
 		echo "ERROR: cannot ping ns1 from ns2 with active ipv6 masquerade $natflags (attempt 2)"
 		lret=1
 	fi
 
-	ip netns exec ns0 nft flush chain ip6 nat postrouting
->>>>>>> cd8dead0c39457e58ec1d36db93aedca811d48f1
+	ip netns exec ns0 nft flush chain $family nat postrouting
 	if [ $? -ne 0 ]; then
 		echo "ERROR: Could not flush $family nat postrouting" 1>&2
 		lret=1
 	fi
 
-<<<<<<< HEAD
-	test $lret -eq 0 && echo "PASS: $family IPv6 masquerade for ns2"
-=======
-	test $lret -eq 0 && echo "PASS: IPv6 masquerade $natflags for ns2"
->>>>>>> cd8dead0c39457e58ec1d36db93aedca811d48f1
+	test $lret -eq 0 && echo "PASS: $family IPv6 masquerade $natflags for ns2"
 
 	return $lret
 }
 
 test_masquerade()
 {
-<<<<<<< HEAD
 	local family=$1
-=======
-	local natflags=$1
->>>>>>> cd8dead0c39457e58ec1d36db93aedca811d48f1
+	local natflags=$2
 	local lret=0
 
 	ip netns exec ns0 sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null
@@ -509,11 +505,7 @@ EOF
 
 	ip netns exec ns2 ping -q -c 1 10.0.1.99 > /dev/null # ping ns2->ns1
 	if [ $? -ne 0 ] ; then
-<<<<<<< HEAD
-		echo "ERROR: cannot ping ns1 from ns2 with active $family masquerading"
-=======
-		echo "ERROR: cannot ping ns1 from ns2 with active ip masquere $natflags"
->>>>>>> cd8dead0c39457e58ec1d36db93aedca811d48f1
+		echo "ERROR: cannot ping ns1 from ns2 with active $family masquerade $natflags"
 		lret=1
 	fi
 
@@ -549,27 +541,19 @@ EOF
 		fi
 	done
 
-<<<<<<< HEAD
-	ip netns exec ns0 nft flush chain $family nat postrouting
-=======
 	ip netns exec ns2 ping -q -c 1 10.0.1.99 > /dev/null # ping ns2->ns1
 	if [ $? -ne 0 ] ; then
 		echo "ERROR: cannot ping ns1 from ns2 with active ip masquerade $natflags (attempt 2)"
 		lret=1
 	fi
 
-	ip netns exec ns0 nft flush chain ip nat postrouting
->>>>>>> cd8dead0c39457e58ec1d36db93aedca811d48f1
+	ip netns exec ns0 nft flush chain $family nat postrouting
 	if [ $? -ne 0 ]; then
 		echo "ERROR: Could not flush $family nat postrouting" 1>&2
 		lret=1
 	fi
 
-<<<<<<< HEAD
-	test $lret -eq 0 && echo "PASS: $family IP masquerade for ns2"
-=======
-	test $lret -eq 0 && echo "PASS: IP masquerade $natflags for ns2"
->>>>>>> cd8dead0c39457e58ec1d36db93aedca811d48f1
+	test $lret -eq 0 && echo "PASS: $family IP masquerade $natflags for ns2"
 
 	return $lret
 }
@@ -842,21 +826,14 @@ reset_counters
 $test_inet_nat && test_local_dnat inet
 $test_inet_nat && test_local_dnat6 inet
 
+for flags in "" "fully-random"; do
 reset_counters
-<<<<<<< HEAD
-test_masquerade ip
-test_masquerade6 ip6
+test_masquerade ip $flags
+test_masquerade6 ip6 $flags
 reset_counters
-$test_inet_nat && test_masquerade inet
-$test_inet_nat && test_masquerade6 inet
-=======
-test_masquerade ""
-test_masquerade6 ""
-
-reset_counters
-test_masquerade "fully-random"
-test_masquerade6 "fully-random"
->>>>>>> cd8dead0c39457e58ec1d36db93aedca811d48f1
+$test_inet_nat && test_masquerade inet $flags
+$test_inet_nat && test_masquerade6 inet $flags
+done
 
 reset_counters
 test_redirect ip
@@ -865,6 +842,4 @@ reset_counters
 $test_inet_nat && test_redirect inet
 $test_inet_nat && test_redirect6 inet
 
-for i in 0 1 2; do ip netns del ns$i;done
-
 exit $ret
-- 
2.21.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ