lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZINPuawVp2KKoCjS@debian>
Date: Fri, 9 Jun 2023 18:13:45 +0200
From: Guillaume Nault <gnault@...hat.com>
To: Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>
Cc: netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Shuah Khan <shuah@...nel.org>, linux-kernel@...r.kernel.org,
	linux-kselftest@...r.kernel.org
Subject: Re: POSSIBLE BUG: selftests/net/fcnal-test.sh: [FAIL][FIX TESTED] in
 vrf "bind - ns-B IPv6 LLA" test

On Thu, Jun 08, 2023 at 07:37:15AM +0200, Mirsad Goran Todorovac wrote:
> On 6/7/23 18:51, Guillaume Nault wrote:
> > On Wed, Jun 07, 2023 at 12:04:52AM +0200, Mirsad Goran Todorovac wrote:
> > > [...]
> > > TEST: ping local, VRF bind - ns-A IP                                          [ OK ]
> > > TEST: ping local, VRF bind - VRF IP                                           [FAIL]
> > > TEST: ping local, VRF bind - loopback                                         [ OK ]
> > > TEST: ping local, device bind - ns-A IP                                       [FAIL]
> > > TEST: ping local, device bind - VRF IP                                        [ OK ]
> > > [...]
> > > TEST: ping local, VRF bind - ns-A IP                                          [ OK ]
> > > TEST: ping local, VRF bind - VRF IP                                           [FAIL]
> > > TEST: ping local, VRF bind - loopback                                         [ OK ]
> > > TEST: ping local, device bind - ns-A IP                                       [FAIL]
> > > TEST: ping local, device bind - VRF IP                                        [ OK ]
> > > [...]
> > 
> > I have the same failures here. They don't seem to be recent.
> > I'll take a look.
> 
> Certainly. I thought it might be something architecture-specific?
> 
> I have reproduced it also on a Lenovo IdeaPad 3 with Ubuntu 22.10,
> but on Lenovo desktop with AlmaLinux 8.8 (CentOS fork), the result
> was "888/888 passed".

I've taken a deeper look at these failures. That's actually a problem in
ping. That's probably why you have different results depending on the
distribution.

The problem is that, for some versions, 'ping -I netdev ...' doesn't
bind the socket to 'netdev' if the IPv4 address to ping is set on that
same device. The VRF tests depend on this socket binding, so they fail
when ping refuses to bind. That was fixed upstream with commit
92ce8ef21393 ("Revert "ping: do not bind to device when destination IP
is on device"") (https://github.com/iputils/iputils/commit/92ce8ef2139353da3bf55fe2280bd4abd2155c9f).

Long story short, the tests should pass with the latest upstream ping
version.

Alternatively, you can modify the commands run by fcnal-test.sh and
provide the -I option twice: one for setting the device binding and one
for setting the source IPv4 address. This way ping should accept to
bind its socket.

Something like (not tested):

-                run_cmd ping -c1 -w1 -I ${VRF} ${a}
+                run_cmd ping -c1 -w1 -I ${VRF} -I ${a} ${a}
[...]
-        run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a}
+        run_cmd ping -c1 -w1 -I ${NSA_DEV} -I ${a} ${a}

> However, I have a question:
> 
> In the ping + "With VRF" section, the tests with net.ipv4.raw_l3mdev_accept=1
> are repeated twice, while "No VRF" section has the versions:
> 
> SYSCTL: net.ipv4.raw_l3mdev_accept=0
> 
> and
> 
> SYSCTL: net.ipv4.raw_l3mdev_accept=1
> 
> The same happens with the IPv6 ping tests.
> 
> In that case, it could be that we have only 2 actual FAIL cases,
> because the error is reported twice.
> 
> Is this intentional?

I don't know why the non-VRF tests are run once with raw_l3mdev_accept=0
and once with raw_l3mdev_accept=1. Unless I'm missing something, this
option shouldn't affect non-VRF users. Maybe the objective is to make
sure that it really doesn't affect them. David certainly knows better.

> Thanks,
> Mirsad
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ