| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Aug 2023 18:45:47 +0200
From: Adrian Moreno <amorenoz@...hat.com>
To: netdev@...r.kernel.org
Cc: Adrian Moreno <amorenoz@...hat.com>,
aconole@...hat.com,
i.maximets@....org,
eric@...ver.life,
dev@...nvswitch.org
Subject: [net-next v3 6/7] selftests: openvswitch: add drop reason testcase
Test if the correct drop reason is reported when OVS drops a packet due
to an explicit flow.
Signed-off-by: Adrian Moreno <amorenoz@...hat.com>
---
.../selftests/net/openvswitch/openvswitch.sh | 67 ++++++++++++++++++-
1 file changed, 66 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/net/openvswitch/openvswitch.sh b/tools/testing/selftests/net/openvswitch/openvswitch.sh
index dced4f612a78..a10c345f40ef 100755
--- a/tools/testing/selftests/net/openvswitch/openvswitch.sh
+++ b/tools/testing/selftests/net/openvswitch/openvswitch.sh
@@ -16,7 +16,8 @@ tests="
connect_v4 ip4-xon: Basic ipv4 ping between two NS
nat_connect_v4 ip4-nat-xon: Basic ipv4 tcp connection via NAT
netlink_checks ovsnl: validate netlink attrs and settings
- upcall_interfaces ovs: test the upcall interfaces"
+ upcall_interfaces ovs: test the upcall interfaces
+ drop_reason drop: test drop reasons are emitted"
info() {
[ $VERBOSE = 0 ] || echo $*
@@ -141,6 +142,25 @@ ovs_add_flow () {
return 0
}
+ovs_drop_record_and_run () {
+ local sbx=$1
+ shift
+
+ perf record -a -q -e skb:kfree_skb -o ${ovs_dir}/perf.data $* \
+ >> ${ovs_dir}/stdout 2>> ${ovs_dir}/stderr
+ return $?
+}
+
+ovs_drop_reason_count()
+{
+ local reason=$1
+
+ local perf_output=`perf script -i ${ovs_dir}/perf.data -F trace:event,trace`
+ local pattern="skb:kfree_skb:.*reason: $reason"
+
+ return `echo "$perf_output" | grep "$pattern" | wc -l`
+}
+
usage() {
echo
echo "$0 [OPTIONS] [TEST]..."
@@ -155,6 +175,51 @@ usage() {
exit 1
}
+# drop_reason test
+# - drop packets and verify the right drop reason is reported
+test_drop_reason() {
+ which perf >/dev/null 2>&1 || return $ksft_skip
+
+ sbx_add "test_drop_reason" || return $?
+
+ ovs_add_dp "test_drop_reason" dropreason || return 1
+
+ info "create namespaces"
+ for ns in client server; do
+ ovs_add_netns_and_veths "test_drop_reason" "dropreason" "$ns" \
+ "${ns:0:1}0" "${ns:0:1}1" || return 1
+ done
+
+ # Setup client namespace
+ ip netns exec client ip addr add 172.31.110.10/24 dev c1
+ ip netns exec client ip link set c1 up
+
+ # Setup server namespace
+ ip netns exec server ip addr add 172.31.110.20/24 dev s1
+ ip netns exec server ip link set s1 up
+
+ # Allow ARP
+ ovs_add_flow "test_drop_reason" dropreason \
+ 'in_port(1),eth(),eth_type(0x0806),arp()' '2' || return 1
+ ovs_add_flow "test_drop_reason" dropreason \
+ 'in_port(2),eth(),eth_type(0x0806),arp()' '1' || return 1
+
+ # Allow client ICMP traffic but drop return path
+ ovs_add_flow "test_drop_reason" dropreason \
+ "in_port(1),eth(),eth_type(0x0800),ipv4(src=172.31.110.10,proto=1),icmp()" '2'
+ ovs_add_flow "test_drop_reason" dropreason \
+ "in_port(2),eth(),eth_type(0x0800),ipv4(src=172.31.110.20,proto=1),icmp()" 'drop'
+
+ ovs_drop_record_and_run "test_drop_reason" ip netns exec client ping -c 2 172.31.110.20
+ ovs_drop_reason_count 0x30001 # OVS_DROP_FLOW_ACTION
+ if [[ "$?" -ne "2" ]]; then
+ info "Did not detect expected drops: $?"
+ return 1
+ fi
+
+ return 0
+}
+
# arp_ping test
# - client has 1500 byte MTU
# - server has 1500 byte MTU
--
2.41.0
Powered by blists - more mailing lists