lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YN1Wxm0mOFFhbuTl@shredder>
Date:   Thu, 1 Jul 2021 08:46:46 +0300
From:   Ido Schimmel <idosch@...sch.org>
To:     Guillaume Nault <gnault@...hat.com>
Cc:     David Miller <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
        David Ahern <dsahern@...il.com>, Shuah Khan <shuah@...nel.org>,
        linux-kselftest@...r.kernel.org
Subject: Re: [PATCH net-next 1/4] selftests: forwarding: Test redirecting gre
 or ipip packets to Ethernet

On Wed, Jun 30, 2021 at 02:51:38PM +0200, Guillaume Nault wrote:
> diff --git a/tools/testing/selftests/net/forwarding/topo_nschain_lib.sh b/tools/testing/selftests/net/forwarding/topo_nschain_lib.sh
> new file mode 100644
> index 000000000000..4c0bf2d7328a
> --- /dev/null
> +++ b/tools/testing/selftests/net/forwarding/topo_nschain_lib.sh
> @@ -0,0 +1,267 @@
> +#!/bin/bash
> +# SPDX-License-Identifier: GPL-2.0
> +
> +# A chain of 4 nodes connected with veth pairs.
> +# Each node lives in its own network namespace.

Hi,

The tests under tools/testing/selftests/net/forwarding/ are meant to use
VRFs as lightweight namespaces. This allows us to run the tests on both
physical switches with loopback cables and veth pairs, thereby
validating both the hardware and software datapaths.

See tools/testing/selftests/net/forwarding/README

If the tests cannot be converted to VRFs, then I suggest moving them to
tools/testing/selftests/net/

> +# Each veth interface has an IPv4 and an IPv6 address. A host route provides
> +# connectivity to the adjacent node. This base network only allows nodes to
> +# communicate with their immediate neighbours.
> +#
> +# The two nodes at the extremities of the chain also have 4 host IPs on their
> +# loopback device:
> +#   * An IPv4 address, routed as is to the adjacent router.
> +#   * An IPv4 address, routed over MPLS to the adjacent router.
> +#   * An IPv6 address, routed as is to the adjacent router.
> +#   * An IPv6 address, routed over MPLS to the adjacent router.
> +#
> +# This topology doesn't define how RTA and RTB handle these packets: users of
> +# this script are responsible for the plumbing between RTA and RTB.
> +#
> +# As each veth connects two different namespaces, their MAC and IP addresses
> +# are defined depending on the local and remote namespaces. For example
> +# veth-h1-rta, which sits in H1 and links to RTA, has MAC address
> +# 00:00:5e:00:53:1a, IPv4 192.0.2.0x1a and IPv6 2001:db8::1a, where "1a" means
> +# that it's in H1 and links to RTA (the rest of each address is always built
> +# from a IANA documentation prefix).
> +#
> +# Routed addresses in H1 and H2 on the other hand encode the routing type (with
> +# or without MPLS encapsulation) and the namespace the address resides in. For
> +# example H2 has 198.51.100.2 and 2001:db8::1:2, that are routed as is through
> +# RTB. It also has 198.51.100.0x12 and 2001:db8::1:12, that are routed through
> +# RTB with MPLS encapsulation.
> +#
> +# For clarity, the prefixes used for host IPs are different from the ones used
> +# on the veths.
> +#
> +# The MPLS labels follow a similar principle: the first digit represents the
> +# IP version of the encapsulated packet ("4" for IPv4, "6" for IPv6), the
> +# second digit represents the destination host ("1" for H1, "2" for H2).
> +#
> +# +----------------------------------------------------+
> +# |                    Host 1 (H1)                     |
> +# |                                                    |
> +# |   lo                                               |
> +# |     198.51.100.1    (for plain IPv4)               |
> +# |     2001:db8::1:1   (for plain IPv6)               |
> +# |     198.51.100.0x11 (for IPv4 over MPLS, label 42) |
> +# |     2001:db8::1:11  (for IPv6 over MPLS, label 62) |
> +# |                                                    |
> +# | + veth-h1-rta                                      |
> +# | |   192.0.2.0x1a                                   |
> +# | |   2001:db8::1a                                   |
> +# +-|--------------------------------------------------+
> +#   |
> +# +-|--------------------+
> +# | |  Router A (RTA)    |
> +# | |                    |
> +# | + veth-rta-h1        |
> +# |     192.0.2.0xa1     |
> +# |     2001:db8::a1     |
> +# |                      |
> +# | + veth-rta-rtb       |
> +# | |   192.0.2.0xab     |
> +# | |   2001:db8::ab     |
> +# +-|--------------------+
> +#   |
> +# +-|--------------------+
> +# | |  Router B (RTB)    |
> +# | |                    |
> +# | + veth-rtb-rta       |
> +# |     192.0.2.0xba     |
> +# |     2001:db8::ba     |
> +# |                      |
> +# | + veth-rtb-h2        |
> +# | |   192.0.2.0xb2     |
> +# | |   2001:db8::b2     |
> +# +-|--------------------+
> +#   |
> +# +-|--------------------------------------------------+
> +# | |                  Host 2 (H2)                     |
> +# | |                                                  |
> +# | + veth-h2-rtb                                      |
> +# |     192.0.2.0x2b                                   |
> +# |     2001:db8::2b                                   |
> +# |                                                    |
> +# |   lo                                               |
> +# |     198.51.100.2    (for plain IPv4)               |
> +# |     2001:db8::1:2   (for plain IPv6)               |
> +# |     198.51.100.0x12 (for IPv4 over MPLS, label 41) |
> +# |     2001:db8::1:12  (for IPv6 over MPLS, label 61) |
> +# +----------------------------------------------------+
> +#
> +# This topology can be used for testing different routing or switching
> +# scenarios, as H1 and H2 are pre-configured for sending different kinds of
> +# packets (IPv4, IPv6, with or without MPLS encapsulation), which RTA and RTB
> +# can easily match and process according to the forwarding mechanism to test.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ