lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ZFrK4CXsCrfmBG7T@debian>
Date: Wed, 10 May 2023 00:36:16 +0200
From: Guillaume Nault <gnault@...hat.com>
To: David Ahern <dsahern@...nel.org>
Cc: David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>, Eric Dumazet <edumazet@...gle.com>,
	netdev@...r.kernel.org
Subject: Re: [PATCH net-next 2/4] selftests: fcnal: Test SO_DONTROUTE on TCP
 sockets.

On Tue, May 09, 2023 at 09:32:46AM -0600, David Ahern wrote:
> On Tue, May 09, 2023 at 02:02:37PM +0200, Guillaume Nault wrote:
> > diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh
> > index 21ca91473c09..1f8939fbb021 100755
> > --- a/tools/testing/selftests/net/fcnal-test.sh
> > +++ b/tools/testing/selftests/net/fcnal-test.sh
> > @@ -1098,6 +1098,73 @@ test_ipv4_md5_vrf__global_server__bind_ifindex0()
> >  	set_sysctl net.ipv4.tcp_l3mdev_accept="$old_tcp_l3mdev_accept"
> >  }
> >  
> > +ipv4_tcp_dontroute()
> > +{
> > +	local syncookies=$1
> > +	local nsa_syncookies
> > +	local nsb_syncookies
> > +	local a
> > +
> > +	#
> > +	# Link local connection tests (SO_DONTROUTE).
> > +	# Connections should succeed only when the remote IP address is
> > +	# on link (doesn't need to be routed through a gateway).
> > +	#
> > +
> > +	nsa_syncookies=$(ip netns exec "${NSA}" sysctl -n net.ipv4.tcp_syncookies)
> > +	nsb_syncookies=$(ip netns exec "${NSB}" sysctl -n net.ipv4.tcp_syncookies)
> > +	ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies}
> > +	ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies}
> > +
> > +	# Test with eth1 address (on link).
> > +
> > +	a=${NSB_IP}
> > +	log_start
> > +	run_cmd_nsb nettest -s &
> > +	sleep 1
> 
> rather than propagate the sleep for new tests, you try adding these
> tests using a single nettest instance that takes both server and client
> arguments and does the netns switch internally.

Okay. That also means adding more options to nettest, to independently
set SO_DONTROUTE on the server or on the client. We're getting short of
one letter options, so I'll probably use long ones.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ