lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 9 May 2023 09:32:46 -0600
From: David Ahern <dsahern@...nel.org>
To: Guillaume Nault <gnault@...hat.com>
Cc: David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>, Eric Dumazet <edumazet@...gle.com>,
	netdev@...r.kernel.org
Subject: Re: [PATCH net-next 2/4] selftests: fcnal: Test SO_DONTROUTE on TCP
 sockets.

On Tue, May 09, 2023 at 02:02:37PM +0200, Guillaume Nault wrote:
> diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh
> index 21ca91473c09..1f8939fbb021 100755
> --- a/tools/testing/selftests/net/fcnal-test.sh
> +++ b/tools/testing/selftests/net/fcnal-test.sh
> @@ -1098,6 +1098,73 @@ test_ipv4_md5_vrf__global_server__bind_ifindex0()
>  	set_sysctl net.ipv4.tcp_l3mdev_accept="$old_tcp_l3mdev_accept"
>  }
>  
> +ipv4_tcp_dontroute()
> +{
> +	local syncookies=$1
> +	local nsa_syncookies
> +	local nsb_syncookies
> +	local a
> +
> +	#
> +	# Link local connection tests (SO_DONTROUTE).
> +	# Connections should succeed only when the remote IP address is
> +	# on link (doesn't need to be routed through a gateway).
> +	#
> +
> +	nsa_syncookies=$(ip netns exec "${NSA}" sysctl -n net.ipv4.tcp_syncookies)
> +	nsb_syncookies=$(ip netns exec "${NSB}" sysctl -n net.ipv4.tcp_syncookies)
> +	ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies}
> +	ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies}
> +
> +	# Test with eth1 address (on link).
> +
> +	a=${NSB_IP}
> +	log_start
> +	run_cmd_nsb nettest -s &
> +	sleep 1

rather than propagate the sleep for new tests, you try adding these
tests using a single nettest instance that takes both server and client
arguments and does the netns switch internally.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ