| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <27cc1c994a7388f8d53a0cdf8352db29c0f88d45.1691764353.git.petrm@nvidia.com>
Date: Fri, 11 Aug 2023 17:13:58 +0200
From: Petr Machata <petrm@...dia.com>
To: "David S. Miller" <davem@...emloft.net>, Eric Dumazet
<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
<pabeni@...hat.com>, <netdev@...r.kernel.org>
CC: Ido Schimmel <idosch@...dia.com>, Petr Machata <petrm@...dia.com>,
<mlxsw@...dia.com>, "Hans J . Schultz" <netdev@...io-technology.com>
Subject: [PATCH net-next 4/4] selftests: forwarding: Add test case for traffic redirection from a locked port
From: Ido Schimmel <idosch@...dia.com>
Check that traffic can be redirected from a locked bridge port and that
it does not create locked FDB entries.
Cc: Hans J. Schultz <netdev@...io-technology.com>
Signed-off-by: Ido Schimmel <idosch@...dia.com>
Reviewed-by: Petr Machata <petrm@...dia.com>
Signed-off-by: Petr Machata <petrm@...dia.com>
---
.../net/forwarding/bridge_locked_port.sh | 36 +++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
index dc92d32464f6..9af9f6964808 100755
--- a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
@@ -9,6 +9,7 @@ ALL_TESTS="
locked_port_mab_roam
locked_port_mab_config
locked_port_mab_flush
+ locked_port_mab_redirect
"
NUM_NETIFS=4
@@ -319,6 +320,41 @@ locked_port_mab_flush()
log_test "Locked port MAB FDB flush"
}
+# Check that traffic can be redirected from a locked bridge port and that it
+# does not create locked FDB entries.
+locked_port_mab_redirect()
+{
+ RET=0
+ check_port_mab_support || return 0
+
+ bridge link set dev $swp1 learning on locked on mab on
+ tc qdisc add dev $swp1 clsact
+ tc filter add dev $swp1 ingress protocol all pref 1 handle 101 flower \
+ action mirred egress redirect dev $swp2
+
+ ping_do $h1 192.0.2.2
+ check_err $? "Ping did not work with redirection"
+
+ bridge fdb get `mac_get $h1` br br0 vlan 1 2> /dev/null | \
+ grep "dev $swp1" | grep -q "locked"
+ check_fail $? "Locked entry created for redirected traffic"
+
+ tc filter del dev $swp1 ingress protocol all pref 1 handle 101 flower
+
+ ping_do $h1 192.0.2.2
+ check_fail $? "Ping worked without redirection"
+
+ bridge fdb get `mac_get $h1` br br0 vlan 1 2> /dev/null | \
+ grep "dev $swp1" | grep -q "locked"
+ check_err $? "Locked entry not created after deleting filter"
+
+ bridge fdb del `mac_get $h1` vlan 1 dev $swp1 master
+ tc qdisc del dev $swp1 clsact
+ bridge link set dev $swp1 learning off locked off mab off
+
+ log_test "Locked port MAB redirect"
+}
+
trap cleanup EXIT
setup_prepare
--
2.41.0
Powered by blists - more mailing lists