lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 23 May 2019 18:17:04 +0200
From:   Stefano Brivio <sbrivio@...hat.com>
To:     David Ahern <dsahern@...il.com>
Cc:     David Ahern <dsahern@...nel.org>, davem@...emloft.net,
        netdev@...r.kernel.org
Subject: Re: [PATCH net-next] selftests: pmtu: Simplify cleanup and
 namespace names

On Thu, 23 May 2019 09:41:59 -0600
David Ahern <dsahern@...il.com> wrote:

> I have been using the namespace override for a while now. I did consider
> impacts to the above, but my thinking is this: exceptions are per FIB
> entry (per fib6_nh with my latest patch set, but point still holds), FIB
> entries are per FIB table, FIB tables are per network namespace. Running
> multiple pmtu.sh sessions in parallel can not trigger an interdependent
> bug because of that separation. The cleanup within a namespace teardown
> (reference count leaks) should not be affected.

I see, I guess it makes sense.

> Now that we have good set of functional tests, we do need more complex
> tests but those will still be contained within the namespace separation.
> If you look at my current patch set on the list I add an icmp_redirect
> test script. It actually does redirect, verify, mtu on top of redirect,
> verify and then resets and inverts the order - going after an exception
> entry with an update for both use cases.
> 
> For the pmtu script, perhaps the next step is something as simple as
> configuring the setup and routing once and then run all of the
> individual tests (or multiple of them) to generate multiple exceptions
> within a single FIB table and then tests to generate multiple exceptions
> with different addresses per entry.

I think, especially given your new icmp_redirect test script, that
another sensible next step would be turning the setup part in pmtu.sh
into some kind of library (also including the VRF setup) that could be
sourced from both scripts. Right now, that looks like a lot of
duplication.

-- 
Stefano

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ