lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240131080137.50870aa4@kernel.org>
Date: Wed, 31 Jan 2024 08:01:37 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: Ido Schimmel <idosch@...sch.org>
Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
 "netdev-driver-reviewers@...r.kernel.org"
 <netdev-driver-reviewers@...r.kernel.org>
Subject: Re: [TEST] bridge tests (was: net-next is OPEN)

On Wed, 31 Jan 2024 15:23:50 +0200 Ido Schimmel wrote:
> > Hm. Looks like our versions match. I put the entire tools root dir up on
> > HTTP now: https://netdev-2.bots.linux.dev/tools/fs/ in case you wanna
> > fetch the exact binary, it only links with libc, it seems.  
> 
> I tried with your binary and on other setups and I'm unable to reproduce
> the failure. From the test output it seems the NS is never sent. If you
> can, attaching the verbose test output might help:
> 
> ./test_bridge_neigh_suppress.sh -t neigh_suppress_ns -v

FWIW I started two new instances on bare metal one with the same kernel
as the nested VM and one with debug options enabled.

selftests-net/test-bridge-neigh-suppress-sh
 - fails across all, so must be the OS rather than the "speed"

selftests-net/test-bridge-backup-port-sh
  - passes on VM, metal-dbg
  - fails on metal :S very reliably / every time:
https://netdev.bots.linux.dev/contest.html?test=test-bridge-backup-port-sh

  # TEST: No forwarding out of swp1                    [FAIL]

selftests-net/drop-monitor-tests-sh 
 - passes everywhere now

The info you asked for:

# ./test_bridge_neigh_suppress.sh -t neigh_suppress_ns -v
[   49.621534] eth0: renamed from veth0
[   49.654673] swp1: renamed from veth1
[   49.676235] ip (235) used greatest stack depth: 12032 bytes left
[   49.721434] veth0: renamed from veth1
[   49.739521] ip (241) used greatest stack depth: 11880 bytes left
[   49.760463] eth0: renamed from veth0
[   49.787523] swp1: renamed from veth1
[   50.019197] br0: port 1(swp1) entered blocking state
[   50.019610] br0: port 1(swp1) entered disabled state
[   50.019949] swp1: entered allmulticast mode
[   50.020307] swp1: entered promiscuous mode
[   50.021035] br0: port 1(swp1) entered blocking state
[   50.021415] br0: port 1(swp1) entered forwarding state
[   50.076445] br0: port 2(vx0) entered blocking state
[   50.076805] br0: port 2(vx0) entered disabled state
[   50.077139] vx0: entered allmulticast mode
[   50.077492] vx0: entered promiscuous mode
[   50.077812] br0: port 2(vx0) entered blocking state
[   50.078172] br0: port 2(vx0) entered forwarding state
[   50.238364] br0: port 1(swp1) entered blocking state
[   50.238735] br0: port 1(swp1) entered disabled state
[   50.239077] swp1: entered allmulticast mode
[   50.239434] swp1: entered promiscuous mode
[   50.240046] br0: port 1(swp1) entered blocking state
[   50.240395] br0: port 1(swp1) entered forwarding state
[   50.269453] br0: port 2(vx0) entered blocking state
[   50.269812] br0: port 2(vx0) entered disabled state
[   50.270142] vx0: entered allmulticast mode
[   50.270597] vx0: entered promiscuous mode
[   50.270893] br0: port 2(vx0) entered blocking state
[   50.271222] br0: port 2(vx0) entered forwarding state

Per-port NS suppression - VLAN 10
---------------------------------
COMMAND: tc -n sw1-hF6GFk qdisc replace dev vx0 clsact
COMMAND: tc -n sw1-hF6GFk filter replace dev vx0 egress pref 1 handle 101 proto ipv6 flower indev swp1 ip_proto icmpv6 dst_ip ff02::1:ff00:2 src_ip 2001:db8:1::1 type 135 code 0 action pass
[   55.411592] GACT probability NOT on
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:1::1 -w 5000 2001:db8:1::2 eth0.10
Raw IPv6 socket: Operation not permitted
TEST: ndisc6                                                        [FAIL]
    rc=1, expected 0

TEST: NS suppression                                                [FAIL]
    rc=1, expected 0

COMMAND: bridge -n sw1-hF6GFk link set dev vx0 neigh_suppress on
COMMAND: bridge -n sw1-hF6GFk -d link show dev vx0 | grep "neigh_suppress on"
        hairpin off guard off root_block off fastleave off learning off flood on mcast_flood on bcast_flood on mcast_router 1 mcast_to_unicast off neigh_suppress on neigh_vlan_suppress off vlan_tunnel on isolated off locked off mab off mcast_n_groups 0 mcast_max_groups 0 
TEST: "neigh_suppress" is on                                        [ OK ]

COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:1::1 -w 5000 2001:db8:1::2 eth0.10
Raw IPv6 socket: Operation not permitted
TEST: ndisc6                                                        [FAIL]
    rc=1, expected 0

TEST: NS suppression                                                [FAIL]
    rc=1, expected 0

COMMAND: bridge -n sw1-hF6GFk fdb replace 5a:1d:b4:4b:25:16 dev vx0 master static vlan 10
TEST: FDB entry installation                                        [ OK ]

COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:1::1 -w 5000 2001:db8:1::2 eth0.10
Raw IPv6 socket: Operation not permitted
TEST: ndisc6                                                        [FAIL]
    rc=1, expected 0

TEST: NS suppression                                                [FAIL]
    rc=1, expected 0

COMMAND: ip -n sw1-hF6GFk neigh replace 2001:db8:1::2 lladdr 5a:1d:b4:4b:25:16 nud permanent dev br0.10
TEST: Neighbor entry installation                                   [ OK ]

COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:1::1 -w 5000 2001:db8:1::2 eth0.10
Raw IPv6 socket: Operation not permitted
TEST: ndisc6                                                        [FAIL]
    rc=1, expected 0

TEST: NS suppression                                                [FAIL]
    rc=1, expected 0

COMMAND: ip -n h2-g0sh0Q link set dev eth0.10 down
TEST: H2 down                                                       [ OK ]

COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:1::1 -w 5000 2001:db8:1::2 eth0.10
Raw IPv6 socket: Operation not permitted
TEST: ndisc6                                                        [FAIL]
    rc=1, expected 0

TEST: NS suppression                                                [FAIL]
    rc=1, expected 0

COMMAND: ip -n h2-g0sh0Q link set dev eth0.10 up
TEST: H2 up                                                         [ OK ]

COMMAND: bridge -n sw1-hF6GFk link set dev vx0 neigh_suppress off
COMMAND: bridge -n sw1-hF6GFk -d link show dev vx0 | grep "neigh_suppress off"
        hairpin off guard off root_block off fastleave off learning off flood on mcast_flood on bcast_flood on mcast_router 1 mcast_to_unicast off neigh_suppress off neigh_vlan_suppress off vlan_tunnel on isolated off locked off mab off mcast_n_groups 0 mcast_max_groups 0 
TEST: "neigh_suppress" is off                                       [ OK ]

COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:1::1 -w 5000 2001:db8:1::2 eth0.10
Raw IPv6 socket: Operation not permitted
TEST: ndisc6                                                        [FAIL]
    rc=1, expected 0

TEST: NS suppression                                                [FAIL]
    rc=1, expected 0

COMMAND: ip -n h2-g0sh0Q link set dev eth0.10 down
TEST: H2 down                                                       [ OK ]

COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:1::1 -w 5000 2001:db8:1::2 eth0.10
Raw IPv6 socket: Operation not permitted
TEST: ndisc6                                                        [FAIL]
    rc=1, expected 2

TEST: NS suppression                                                [FAIL]
    rc=1, expected 0


Per-port NS suppression - VLAN 20
---------------------------------
COMMAND: tc -n sw1-hF6GFk qdisc replace dev vx0 clsact
COMMAND: tc -n sw1-hF6GFk filter replace dev vx0 egress pref 1 handle 101 proto ipv6 flower indev swp1 ip_proto icmpv6 dst_ip ff02::1:ff00:2 src_ip 2001:db8:2::1 type 135 code 0 action pass
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:2::1 -w 5000 2001:db8:2::2 eth0.20
Raw IPv6 socket: Operation not permitted
TEST: ndisc6                                                        [FAIL]
    rc=1, expected 0

TEST: NS suppression                                                [FAIL]
    rc=1, expected 0

COMMAND: bridge -n sw1-hF6GFk link set dev vx0 neigh_suppress on
COMMAND: bridge -n sw1-hF6GFk -d link show dev vx0 | grep "neigh_suppress on"
        hairpin off guard off root_block off fastleave off learning off flood on mcast_flood on bcast_flood on mcast_router 1 mcast_to_unicast off neigh_suppress on neigh_vlan_suppress off vlan_tunnel on isolated off locked off mab off mcast_n_groups 0 mcast_max_groups 0 
TEST: "neigh_suppress" is on                                        [ OK ]

COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:2::1 -w 5000 2001:db8:2::2 eth0.20
Raw IPv6 socket: Operation not permitted
TEST: ndisc6                                                        [FAIL]
    rc=1, expected 0

TEST: NS suppression                                                [FAIL]
    rc=1, expected 0

COMMAND: bridge -n sw1-hF6GFk fdb replace 5a:1d:b4:4b:25:16 dev vx0 master static vlan 20
TEST: FDB entry installation                                        [ OK ]

COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:2::1 -w 5000 2001:db8:2::2 eth0.20
Raw IPv6 socket: Operation not permitted
TEST: ndisc6                                                        [FAIL]
    rc=1, expected 0

TEST: NS suppression                                                [FAIL]
    rc=1, expected 0

COMMAND: ip -n sw1-hF6GFk neigh replace 2001:db8:2::2 lladdr 5a:1d:b4:4b:25:16 nud permanent dev br0.20
TEST: Neighbor entry installation                                   [ OK ]

COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:2::1 -w 5000 2001:db8:2::2 eth0.20
Raw IPv6 socket: Operation not permitted
TEST: ndisc6                                                        [FAIL]
    rc=1, expected 0

TEST: NS suppression                                                [FAIL]
    rc=1, expected 0

COMMAND: ip -n h2-g0sh0Q link set dev eth0.20 down
TEST: H2 down                                                       [ OK ]

COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:2::1 -w 5000 2001:db8:2::2 eth0.20
Raw IPv6 socket: Operation not permitted
TEST: ndisc6                                                        [FAIL]
    rc=1, expected 0

TEST: NS suppression                                                [FAIL]
    rc=1, expected 0

COMMAND: ip -n h2-g0sh0Q link set dev eth0.20 up
TEST: H2 up                                                         [ OK ]

COMMAND: bridge -n sw1-hF6GFk link set dev vx0 neigh_suppress off
COMMAND: bridge -n sw1-hF6GFk -d link show dev vx0 | grep "neigh_suppress off"
        hairpin off guard off root_block off fastleave off learning off flood on mcast_flood on bcast_flood on mcast_router 1 mcast_to_unicast off neigh_suppress off neigh_vlan_suppress off vlan_tunnel on isolated off locked off mab off mcast_n_groups 0 mcast_max_groups 0 
TEST: "neigh_suppress" is off                                       [ OK ]

COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:2::1 -w 5000 2001:db8:2::2 eth0.20
Raw IPv6 socket: Operation not permitted
TEST: ndisc6                                                        [FAIL]
    rc=1, expected 0

TEST: NS suppression                                                [FAIL]
    rc=1, expected 0

COMMAND: ip -n h2-g0sh0Q link set dev eth0.20 down
TEST: H2 down                                                       [ OK ]

COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:2::1 -w 5000 2001:db8:2::2 eth0.20
Raw IPv6 socket: Operation not permitted
TEST: ndisc6                                                        [FAIL]
    rc=1, expected 2

TEST: NS suppression                                                [FAIL]
    rc=1, expected 0

[   57.883133] br0: port 1(swp1) entered disabled state
[   57.884754] swp1 (unregistering): left allmulticast mode
[   57.885191] swp1 (unregistering): left promiscuous mode
[   57.885580] br0: port 1(swp1) entered disabled state

Tests passed:  14
Tests failed:  28
[   57.966498] vx0: left allmulticast mode
[   57.966802] vx0: left promiscuous mode
[   57.967091] br0: port 2(vx0) entered disabled state
[   57.992675] br0: port 1(swp1) entered disabled state
[   58.017115] swp1 (unregistering): left allmulticast mode
[   58.017520] swp1 (unregistering): left promiscuous mode
[   58.017898] br0: port 1(swp1) entered disabled state
bash-5.2# [   58.092405] vx0: left allmulticast mode
[   58.092704] vx0: left promiscuous mode
[   58.092972] br0: port 2(vx0) entered disabled state


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ