| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Aug 2023 21:43:07 -0700
From: Yonghong Song <yonghong.song@...ux.dev>
To: Geliang Tang <geliang.tang@...e.com>, Alexei Starovoitov
<ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau
<martin.lau@...ux.dev>, Song Liu <song@...nel.org>,
Yonghong Song <yhs@...com>, John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...gle.com>,
Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
Florent Revest <revest@...omium.org>, Brendan Jackman
<jackmanb@...omium.org>, Matthieu Baerts <matthieu.baerts@...sares.net>,
Mat Martineau <martineau@...nel.org>, "David S. Miller"
<davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
John Johansen <john.johansen@...onical.com>, Paul Moore
<paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Eric Paris <eparis@...isplace.org>, Mykola Lysenko <mykolal@...com>,
Shuah Khan <shuah@...nel.org>, Simon Horman <horms@...nel.org>
Cc: bpf@...r.kernel.org, netdev@...r.kernel.org, mptcp@...ts.linux.dev,
apparmor@...ts.ubuntu.com, linux-security-module@...r.kernel.org,
selinux@...r.kernel.org, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH bpf-next v10 5/5] selftests/bpf: Add mptcpify test
On 8/3/23 6:55 PM, Geliang Tang wrote:
> Implement a new test program mptcpify: if the family is AF_INET or
> AF_INET6, the type is SOCK_STREAM, and the protocol ID is 0 or
> IPPROTO_TCP, set it to IPPROTO_MPTCP. It will be hooked in
> update_socket_protocol().
>
> Extend the MPTCP test base, add a selftest test_mptcpify() for the
> mptcpify case. Open and load the mptcpify test prog to mptcpify the
> TCP sockets dynamically, then use start_server() and connect_to_fd()
> to create a TCP socket, but actually what's created is an MPTCP
> socket, which can be verified through the outputs of 'ss' and 'nstat'
> commands.
>
> Reviewed-by: Matthieu Baerts <matthieu.baerts@...sares.net>
> Signed-off-by: Geliang Tang <geliang.tang@...e.com>
Ack with a minor nit below.
Acked-by: Yonghong Song <yonghong.song@...ux.dev>
> ---
> .../testing/selftests/bpf/prog_tests/mptcp.c | 88 +++++++++++++++++++
> tools/testing/selftests/bpf/progs/mptcpify.c | 20 +++++
> 2 files changed, 108 insertions(+)
> create mode 100644 tools/testing/selftests/bpf/progs/mptcpify.c
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/mptcp.c b/tools/testing/selftests/bpf/prog_tests/mptcp.c
> index 3dc0ba2e7590..e5ac2c3aab7d 100644
> --- a/tools/testing/selftests/bpf/prog_tests/mptcp.c
> +++ b/tools/testing/selftests/bpf/prog_tests/mptcp.c
> @@ -6,6 +6,7 @@
> #include "cgroup_helpers.h"
> #include "network_helpers.h"
> #include "mptcp_sock.skel.h"
> +#include "mptcpify.skel.h"
>
> char NS_TEST[32];
>
> @@ -185,8 +186,95 @@ static void test_base(void)
> close(cgroup_fd);
> }
>
> +static void send_byte(int fd)
> +{
> + char b = 0x55;
> +
> + ASSERT_EQ(write(fd, &b, sizeof(b)), 1, "send single byte");
> +}
> +
> +static int verify_mptcpify(void)
> +{
> + char cmd[256];
> + int err = 0;
> +
> + snprintf(cmd, sizeof(cmd),
> + "ip netns exec %s ss -tOni | grep -q '%s'",
> + NS_TEST, "tcp-ulp-mptcp");
> + if (!ASSERT_OK(system(cmd), "No tcp-ulp-mptcp found!"))
> + err++;
> +
> + snprintf(cmd, sizeof(cmd),
> + "ip netns exec %s nstat -asz %s | awk '%s' | grep -q '%s'",
> + NS_TEST, "MPTcpExtMPCapableSYNACKRX",
> + "NR==1 {next} {print $2}", "1");
> + if (!ASSERT_OK(system(cmd), "No MPTcpExtMPCapableSYNACKRX found!"))
> + err++;
> +
> + return err;
> +}
> +
> +static int run_mptcpify(int cgroup_fd)
> +{
> + int server_fd, client_fd, err = 0;
> + struct mptcpify *mptcpify_skel;
> +
> + mptcpify_skel = mptcpify__open_and_load();
> + if (!ASSERT_OK_PTR(mptcpify_skel, "skel_open_load"))
> + return -EIO;
> +
> + err = mptcpify__attach(mptcpify_skel);
> + if (!ASSERT_OK(err, "skel_attach"))
> + goto out;
> +
> + /* without MPTCP */
> + server_fd = start_server(AF_INET, SOCK_STREAM, NULL, 0, 0);
> + if (!ASSERT_GE(server_fd, 0, "start_server")) {
> + err = -EIO;
> + goto out;
> + }
> +
> + client_fd = connect_to_fd(server_fd, 0);
> + if (!ASSERT_GE(client_fd, 0, "connect to fd")) {
> + err = -EIO;
> + goto close_server;
> + }
> +
> + send_byte(client_fd);
> + err += verify_mptcpify();
The above code essentially equals to
err = verify_mptcpify()
since err must be 0 before the above code.
I think it is worthwhile to change the above to
err = verify_mptcpify();
Otherwise, people may confuse that maybe err could be
non-zero before send_byte(client_fd)? If this is the
case, why we did not return earlier? The code
err = verify_mptcpify()
will make it clear that all previous error
conditions have been handled properly.
> +
> + close(client_fd);
> +close_server:
> + close(server_fd);
> +out:
> + mptcpify__destroy(mptcpify_skel);
> + return err;
> +}
> +
[...]
Powered by blists - more mailing lists