| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Mar 2023 19:40:13 +0300
From: Ido Schimmel <idosch@...dia.com>
To: Hans Schultz <netdev@...io-technology.com>
Cc: davem@...emloft.net, kuba@...nel.org, netdev@...r.kernel.org,
Florian Fainelli <f.fainelli@...il.com>,
Andrew Lunn <andrew@...n.ch>,
Vladimir Oltean <olteanv@...il.com>,
Eric Dumazet <edumazet@...gle.com>,
Paolo Abeni <pabeni@...hat.com>,
Kurt Kanzenbach <kurt@...utronix.de>,
Hauke Mehrtens <hauke@...ke-m.de>,
Woojung Huh <woojung.huh@...rochip.com>,
"maintainer:MICROCHIP KSZ SERIES ETHERNET SWITCH DRIVER"
<UNGLinuxDriver@...rochip.com>, Sean Wang <sean.wang@...iatek.com>,
Landen Chao <Landen.Chao@...iatek.com>,
DENG Qingfang <dqfext@...il.com>,
Matthias Brugger <matthias.bgg@...il.com>,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@...labora.com>,
Claudiu Manoil <claudiu.manoil@....com>,
Alexandre Belloni <alexandre.belloni@...tlin.com>,
Clément Léger <clement.leger@...tlin.com>,
Jiri Pirko <jiri@...nulli.us>,
Ivan Vecera <ivecera@...hat.com>,
Roopa Prabhu <roopa@...dia.com>,
Nikolay Aleksandrov <razor@...ckwall.org>,
Shuah Khan <shuah@...nel.org>,
Christian Marangi <ansuelsmth@...il.com>,
open list <linux-kernel@...r.kernel.org>,
"moderated list:ARM/Mediatek SoC support"
<linux-arm-kernel@...ts.infradead.org>,
"moderated list:ARM/Mediatek SoC support"
<linux-mediatek@...ts.infradead.org>,
"open list:RENESAS RZ/N1 A5PSW SWITCH DRIVER"
<linux-renesas-soc@...r.kernel.org>,
"moderated list:ETHERNET BRIDGE" <bridge@...ts.linux-foundation.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@...r.kernel.org>
Subject: Re: [PATCH v2 net-next 6/6] selftests: forwarding: add dynamic FDB
test
On Sun, Mar 26, 2023 at 05:41:06PM +0200, Hans Schultz wrote:
> On Mon, Mar 20, 2023 at 10:44, Ido Schimmel <idosch@...dia.com> wrote:
> >> + $MZ $swp1 -c 1 -p 128 -t udp "sp=54321,dp=12345" \
> >> + -a $mac -b `mac_get $h2` -A 192.0.2.1 -B 192.0.2.2 -q
> >> + tc_check_packets "dev $swp2 egress" 1 1
> >> + check_fail $? "Dynamic FDB entry did not age out"
> >
> > Shouldn't this be check_err()? After the FDB entry was aged you want to
> > make sure that packets received via $swp1 with SMAC being $mac are no
> > longer forwarded by the bridge.
>
> I was thinking that check_fail() will pass when tc_check_packets() does
> not see any packets, thus the test passing here when no packets are forwarded?
What do you mean by "I was *thinking*"? How is it possible that you are
submitting a selftest that you didn't bother running?!
I see you trimmed my earlier question: "Does this actually work?"
I tried it and it passed:
# ./bridge_locked_port.sh
TEST: Locked port ipv4 [ OK ]
TEST: Locked port ipv6 [ OK ]
TEST: Locked port vlan [ OK ]
TEST: Locked port MAB [ OK ]
TEST: Locked port MAB roam [ OK ]
TEST: Locked port MAB configuration [ OK ]
TEST: Locked port MAB FDB flush [ OK ]
And I couldn't understand how that's even possible. Then I realized that
the entire test is dead code because the patch is missing this
fundamental hunk:
```
diff --git a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
index dbc7017fd45d..5bf6b2aa1098 100755
--- a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
@@ -9,6 +9,7 @@ ALL_TESTS="
locked_port_mab_roam
locked_port_mab_config
locked_port_mab_flush
+ locked_port_dyn_fdb
"
NUM_NETIFS=4
```
Which tells me that you didn't even try running it once. Now the test
failed as I expected:
# ./bridge_locked_port.sh
TEST: Locked port ipv4 [ OK ]
TEST: Locked port ipv6 [ OK ]
TEST: Locked port vlan [ OK ]
TEST: Locked port MAB [ OK ]
TEST: Locked port MAB roam [ OK ]
TEST: Locked port MAB configuration [ OK ]
TEST: Locked port MAB FDB flush [ OK ]
TEST: Locked port dyn FDB [FAIL]
Packet not seen on egress after adding dynamic FDB
Fixed by:
```
@@ -336,7 +337,7 @@ locked_port_dyn_fdb()
tc filter add dev $swp2 egress protocol ip pref 1 handle 1 flower \
dst_ip 192.0.2.2 ip_proto udp dst_port 12345 action pass
- $MZ $swp1 -c 1 -p 128 -t udp "sp=54321,dp=12345" \
+ $MZ $h1 -c 1 -p 128 -t udp "sp=54321,dp=12345" \
-a $mac -b `mac_get $h2` -A 192.0.2.1 -B 192.0.2.2 -q
tc_check_packets "dev $swp2 egress" 1 1
check_err $? "Packet not seen on egress after adding dynamic FDB"
```
Ran it again and it failed because of the second issue I pointed out:
# ./bridge_locked_port.sh
TEST: Locked port ipv4 [ OK ]
TEST: Locked port ipv6 [ OK ]
TEST: Locked port vlan [ OK ]
TEST: Locked port MAB [ OK ]
TEST: Locked port MAB roam [ OK ]
TEST: Locked port MAB configuration [ OK ]
TEST: Locked port MAB FDB flush [ OK ]
TEST: Locked port dyn FDB [FAIL]
Dynamic FDB entry did not age out
Fixed by:
```
@@ -346,7 +347,7 @@ locked_port_dyn_fdb()
$MZ $swp1 -c 1 -p 128 -t udp "sp=54321,dp=12345" \
-a $mac -b `mac_get $h2` -A 192.0.2.1 -B 192.0.2.2 -q
tc_check_packets "dev $swp2 egress" 1 1
- check_fail $? "Dynamic FDB entry did not age out"
+ check_err $? "Dynamic FDB entry did not age out"
ip link set dev br0 type bridge ageing_time $ageing_time
bridge link set dev $swp1 learning off locked off
```
# ./bridge_locked_port.sh
TEST: Locked port ipv4 [ OK ]
TEST: Locked port ipv6 [ OK ]
TEST: Locked port vlan [ OK ]
TEST: Locked port MAB [ OK ]
TEST: Locked port MAB roam [ OK ]
TEST: Locked port MAB configuration [ OK ]
TEST: Locked port MAB FDB flush [ OK ]
TEST: Locked port dyn FDB [ OK ]
Sigh
Powered by blists - more mailing lists