lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 30 Nov 2022 23:33:21 -0800
From:   Martin KaFai Lau <martin.lau@...ux.dev>
To:     Eyal Birger <eyal.birger@...il.com>
Cc:     netdev@...r.kernel.org, bpf@...r.kernel.org,
        linux-kselftest@...r.kernel.org, davem@...emloft.net,
        edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
        steffen.klassert@...unet.com, herbert@...dor.apana.org.au,
        andrii@...nel.org, daniel@...earbox.net, nicolas.dichtel@...nd.com,
        razor@...ckwall.org, mykolal@...com, ast@...nel.org,
        song@...nel.org, yhs@...com, john.fastabend@...il.com,
        kpsingh@...nel.org, sdf@...gle.com, haoluo@...gle.com,
        jolsa@...nel.org, shuah@...nel.org
Subject: Re: [PATCH ipsec-next,v2 3/3] selftests/bpf: add xfrm_info tests

On 11/30/22 9:34 PM, Eyal Birger wrote:
>>> +static int probe_iproute2(void)
>>> +{
>>> +     if (SYS_NOFAIL("ip link add type xfrm help 2>&1 | "
>>> +                    "grep external > /dev/null")) {
>>> +             fprintf(stdout, "%s:SKIP: iproute2 with xfrm external support needed for this test\n", __func__);
>>
>> Unfortunately, the BPF CI iproute2 does not have this support also :(
>> I am worry it will just stay SKIP for some time and rot.  Can you try to
>> directly use netlink here?
> 
> Yeah, I wasn't sure if adding a libmnl (or alternative) dependency
> was ok here, and also didn't want to copy all that nl logic here.
> So I figured it would get there eventually.
> 
> I noticed libmnl is used by the nf tests, so maybe its inclusion isn't too
> bad. Unless there's a better approach.

I wasn't thinking about including the libmnl.  I am thinking about something 
lightweight like the bpf_tc_hook_create() used in this test. 
bpf_tc_hook_create() is in libbpf's netlink.c.  Not sure if this netlink 
link-add helper belongs to libbpf though, so it will be better just stay here in 
this selftest for now.  If it is too complicated without libmnl, leave it as 
SKIP for now is an option and I will try to run it manually first with a newer 
iproute2.

will reply other comments tomorrow.

Powered by blists - more mailing lists