| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Jul 2021 08:46:46 +0300
From: Ido Schimmel <idosch@...sch.org>
To: Guillaume Nault <gnault@...hat.com>
Cc: David Miller <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
David Ahern <dsahern@...il.com>, Shuah Khan <shuah@...nel.org>,
linux-kselftest@...r.kernel.org
Subject: Re: [PATCH net-next 1/4] selftests: forwarding: Test redirecting gre
or ipip packets to Ethernet
On Wed, Jun 30, 2021 at 02:51:38PM +0200, Guillaume Nault wrote:
> diff --git a/tools/testing/selftests/net/forwarding/topo_nschain_lib.sh b/tools/testing/selftests/net/forwarding/topo_nschain_lib.sh
> new file mode 100644
> index 000000000000..4c0bf2d7328a
> --- /dev/null
> +++ b/tools/testing/selftests/net/forwarding/topo_nschain_lib.sh
> @@ -0,0 +1,267 @@
> +#!/bin/bash
> +# SPDX-License-Identifier: GPL-2.0
> +
> +# A chain of 4 nodes connected with veth pairs.
> +# Each node lives in its own network namespace.
Hi,
The tests under tools/testing/selftests/net/forwarding/ are meant to use
VRFs as lightweight namespaces. This allows us to run the tests on both
physical switches with loopback cables and veth pairs, thereby
validating both the hardware and software datapaths.
See tools/testing/selftests/net/forwarding/README
If the tests cannot be converted to VRFs, then I suggest moving them to
tools/testing/selftests/net/
> +# Each veth interface has an IPv4 and an IPv6 address. A host route provides
> +# connectivity to the adjacent node. This base network only allows nodes to
> +# communicate with their immediate neighbours.
> +#
> +# The two nodes at the extremities of the chain also have 4 host IPs on their
> +# loopback device:
> +# * An IPv4 address, routed as is to the adjacent router.
> +# * An IPv4 address, routed over MPLS to the adjacent router.
> +# * An IPv6 address, routed as is to the adjacent router.
> +# * An IPv6 address, routed over MPLS to the adjacent router.
> +#
> +# This topology doesn't define how RTA and RTB handle these packets: users of
> +# this script are responsible for the plumbing between RTA and RTB.
> +#
> +# As each veth connects two different namespaces, their MAC and IP addresses
> +# are defined depending on the local and remote namespaces. For example
> +# veth-h1-rta, which sits in H1 and links to RTA, has MAC address
> +# 00:00:5e:00:53:1a, IPv4 192.0.2.0x1a and IPv6 2001:db8::1a, where "1a" means
> +# that it's in H1 and links to RTA (the rest of each address is always built
> +# from a IANA documentation prefix).
> +#
> +# Routed addresses in H1 and H2 on the other hand encode the routing type (with
> +# or without MPLS encapsulation) and the namespace the address resides in. For
> +# example H2 has 198.51.100.2 and 2001:db8::1:2, that are routed as is through
> +# RTB. It also has 198.51.100.0x12 and 2001:db8::1:12, that are routed through
> +# RTB with MPLS encapsulation.
> +#
> +# For clarity, the prefixes used for host IPs are different from the ones used
> +# on the veths.
> +#
> +# The MPLS labels follow a similar principle: the first digit represents the
> +# IP version of the encapsulated packet ("4" for IPv4, "6" for IPv6), the
> +# second digit represents the destination host ("1" for H1, "2" for H2).
> +#
> +# +----------------------------------------------------+
> +# | Host 1 (H1) |
> +# | |
> +# | lo |
> +# | 198.51.100.1 (for plain IPv4) |
> +# | 2001:db8::1:1 (for plain IPv6) |
> +# | 198.51.100.0x11 (for IPv4 over MPLS, label 42) |
> +# | 2001:db8::1:11 (for IPv6 over MPLS, label 62) |
> +# | |
> +# | + veth-h1-rta |
> +# | | 192.0.2.0x1a |
> +# | | 2001:db8::1a |
> +# +-|--------------------------------------------------+
> +# |
> +# +-|--------------------+
> +# | | Router A (RTA) |
> +# | | |
> +# | + veth-rta-h1 |
> +# | 192.0.2.0xa1 |
> +# | 2001:db8::a1 |
> +# | |
> +# | + veth-rta-rtb |
> +# | | 192.0.2.0xab |
> +# | | 2001:db8::ab |
> +# +-|--------------------+
> +# |
> +# +-|--------------------+
> +# | | Router B (RTB) |
> +# | | |
> +# | + veth-rtb-rta |
> +# | 192.0.2.0xba |
> +# | 2001:db8::ba |
> +# | |
> +# | + veth-rtb-h2 |
> +# | | 192.0.2.0xb2 |
> +# | | 2001:db8::b2 |
> +# +-|--------------------+
> +# |
> +# +-|--------------------------------------------------+
> +# | | Host 2 (H2) |
> +# | | |
> +# | + veth-h2-rtb |
> +# | 192.0.2.0x2b |
> +# | 2001:db8::2b |
> +# | |
> +# | lo |
> +# | 198.51.100.2 (for plain IPv4) |
> +# | 2001:db8::1:2 (for plain IPv6) |
> +# | 198.51.100.0x12 (for IPv4 over MPLS, label 41) |
> +# | 2001:db8::1:12 (for IPv6 over MPLS, label 61) |
> +# +----------------------------------------------------+
> +#
> +# This topology can be used for testing different routing or switching
> +# scenarios, as H1 and H2 are pre-configured for sending different kinds of
> +# packets (IPv4, IPv6, with or without MPLS encapsulation), which RTA and RTB
> +# can easily match and process according to the forwarding mechanism to test.
Powered by blists - more mailing lists