| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Jan 2024 08:01:37 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: Ido Schimmel <idosch@...sch.org>
Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"netdev-driver-reviewers@...r.kernel.org"
<netdev-driver-reviewers@...r.kernel.org>
Subject: Re: [TEST] bridge tests (was: net-next is OPEN)
On Wed, 31 Jan 2024 15:23:50 +0200 Ido Schimmel wrote:
> > Hm. Looks like our versions match. I put the entire tools root dir up on
> > HTTP now: https://netdev-2.bots.linux.dev/tools/fs/ in case you wanna
> > fetch the exact binary, it only links with libc, it seems.
>
> I tried with your binary and on other setups and I'm unable to reproduce
> the failure. From the test output it seems the NS is never sent. If you
> can, attaching the verbose test output might help:
>
> ./test_bridge_neigh_suppress.sh -t neigh_suppress_ns -v
FWIW I started two new instances on bare metal one with the same kernel
as the nested VM and one with debug options enabled.
selftests-net/test-bridge-neigh-suppress-sh
- fails across all, so must be the OS rather than the "speed"
selftests-net/test-bridge-backup-port-sh
- passes on VM, metal-dbg
- fails on metal :S very reliably / every time:
https://netdev.bots.linux.dev/contest.html?test=test-bridge-backup-port-sh
# TEST: No forwarding out of swp1 [FAIL]
selftests-net/drop-monitor-tests-sh
- passes everywhere now
The info you asked for:
# ./test_bridge_neigh_suppress.sh -t neigh_suppress_ns -v
[ 49.621534] eth0: renamed from veth0
[ 49.654673] swp1: renamed from veth1
[ 49.676235] ip (235) used greatest stack depth: 12032 bytes left
[ 49.721434] veth0: renamed from veth1
[ 49.739521] ip (241) used greatest stack depth: 11880 bytes left
[ 49.760463] eth0: renamed from veth0
[ 49.787523] swp1: renamed from veth1
[ 50.019197] br0: port 1(swp1) entered blocking state
[ 50.019610] br0: port 1(swp1) entered disabled state
[ 50.019949] swp1: entered allmulticast mode
[ 50.020307] swp1: entered promiscuous mode
[ 50.021035] br0: port 1(swp1) entered blocking state
[ 50.021415] br0: port 1(swp1) entered forwarding state
[ 50.076445] br0: port 2(vx0) entered blocking state
[ 50.076805] br0: port 2(vx0) entered disabled state
[ 50.077139] vx0: entered allmulticast mode
[ 50.077492] vx0: entered promiscuous mode
[ 50.077812] br0: port 2(vx0) entered blocking state
[ 50.078172] br0: port 2(vx0) entered forwarding state
[ 50.238364] br0: port 1(swp1) entered blocking state
[ 50.238735] br0: port 1(swp1) entered disabled state
[ 50.239077] swp1: entered allmulticast mode
[ 50.239434] swp1: entered promiscuous mode
[ 50.240046] br0: port 1(swp1) entered blocking state
[ 50.240395] br0: port 1(swp1) entered forwarding state
[ 50.269453] br0: port 2(vx0) entered blocking state
[ 50.269812] br0: port 2(vx0) entered disabled state
[ 50.270142] vx0: entered allmulticast mode
[ 50.270597] vx0: entered promiscuous mode
[ 50.270893] br0: port 2(vx0) entered blocking state
[ 50.271222] br0: port 2(vx0) entered forwarding state
Per-port NS suppression - VLAN 10
---------------------------------
COMMAND: tc -n sw1-hF6GFk qdisc replace dev vx0 clsact
COMMAND: tc -n sw1-hF6GFk filter replace dev vx0 egress pref 1 handle 101 proto ipv6 flower indev swp1 ip_proto icmpv6 dst_ip ff02::1:ff00:2 src_ip 2001:db8:1::1 type 135 code 0 action pass
[ 55.411592] GACT probability NOT on
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:1::1 -w 5000 2001:db8:1::2 eth0.10
Raw IPv6 socket: Operation not permitted
TEST: ndisc6 [FAIL]
rc=1, expected 0
TEST: NS suppression [FAIL]
rc=1, expected 0
COMMAND: bridge -n sw1-hF6GFk link set dev vx0 neigh_suppress on
COMMAND: bridge -n sw1-hF6GFk -d link show dev vx0 | grep "neigh_suppress on"
hairpin off guard off root_block off fastleave off learning off flood on mcast_flood on bcast_flood on mcast_router 1 mcast_to_unicast off neigh_suppress on neigh_vlan_suppress off vlan_tunnel on isolated off locked off mab off mcast_n_groups 0 mcast_max_groups 0
TEST: "neigh_suppress" is on [ OK ]
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:1::1 -w 5000 2001:db8:1::2 eth0.10
Raw IPv6 socket: Operation not permitted
TEST: ndisc6 [FAIL]
rc=1, expected 0
TEST: NS suppression [FAIL]
rc=1, expected 0
COMMAND: bridge -n sw1-hF6GFk fdb replace 5a:1d:b4:4b:25:16 dev vx0 master static vlan 10
TEST: FDB entry installation [ OK ]
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:1::1 -w 5000 2001:db8:1::2 eth0.10
Raw IPv6 socket: Operation not permitted
TEST: ndisc6 [FAIL]
rc=1, expected 0
TEST: NS suppression [FAIL]
rc=1, expected 0
COMMAND: ip -n sw1-hF6GFk neigh replace 2001:db8:1::2 lladdr 5a:1d:b4:4b:25:16 nud permanent dev br0.10
TEST: Neighbor entry installation [ OK ]
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:1::1 -w 5000 2001:db8:1::2 eth0.10
Raw IPv6 socket: Operation not permitted
TEST: ndisc6 [FAIL]
rc=1, expected 0
TEST: NS suppression [FAIL]
rc=1, expected 0
COMMAND: ip -n h2-g0sh0Q link set dev eth0.10 down
TEST: H2 down [ OK ]
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:1::1 -w 5000 2001:db8:1::2 eth0.10
Raw IPv6 socket: Operation not permitted
TEST: ndisc6 [FAIL]
rc=1, expected 0
TEST: NS suppression [FAIL]
rc=1, expected 0
COMMAND: ip -n h2-g0sh0Q link set dev eth0.10 up
TEST: H2 up [ OK ]
COMMAND: bridge -n sw1-hF6GFk link set dev vx0 neigh_suppress off
COMMAND: bridge -n sw1-hF6GFk -d link show dev vx0 | grep "neigh_suppress off"
hairpin off guard off root_block off fastleave off learning off flood on mcast_flood on bcast_flood on mcast_router 1 mcast_to_unicast off neigh_suppress off neigh_vlan_suppress off vlan_tunnel on isolated off locked off mab off mcast_n_groups 0 mcast_max_groups 0
TEST: "neigh_suppress" is off [ OK ]
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:1::1 -w 5000 2001:db8:1::2 eth0.10
Raw IPv6 socket: Operation not permitted
TEST: ndisc6 [FAIL]
rc=1, expected 0
TEST: NS suppression [FAIL]
rc=1, expected 0
COMMAND: ip -n h2-g0sh0Q link set dev eth0.10 down
TEST: H2 down [ OK ]
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:1::1 -w 5000 2001:db8:1::2 eth0.10
Raw IPv6 socket: Operation not permitted
TEST: ndisc6 [FAIL]
rc=1, expected 2
TEST: NS suppression [FAIL]
rc=1, expected 0
Per-port NS suppression - VLAN 20
---------------------------------
COMMAND: tc -n sw1-hF6GFk qdisc replace dev vx0 clsact
COMMAND: tc -n sw1-hF6GFk filter replace dev vx0 egress pref 1 handle 101 proto ipv6 flower indev swp1 ip_proto icmpv6 dst_ip ff02::1:ff00:2 src_ip 2001:db8:2::1 type 135 code 0 action pass
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:2::1 -w 5000 2001:db8:2::2 eth0.20
Raw IPv6 socket: Operation not permitted
TEST: ndisc6 [FAIL]
rc=1, expected 0
TEST: NS suppression [FAIL]
rc=1, expected 0
COMMAND: bridge -n sw1-hF6GFk link set dev vx0 neigh_suppress on
COMMAND: bridge -n sw1-hF6GFk -d link show dev vx0 | grep "neigh_suppress on"
hairpin off guard off root_block off fastleave off learning off flood on mcast_flood on bcast_flood on mcast_router 1 mcast_to_unicast off neigh_suppress on neigh_vlan_suppress off vlan_tunnel on isolated off locked off mab off mcast_n_groups 0 mcast_max_groups 0
TEST: "neigh_suppress" is on [ OK ]
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:2::1 -w 5000 2001:db8:2::2 eth0.20
Raw IPv6 socket: Operation not permitted
TEST: ndisc6 [FAIL]
rc=1, expected 0
TEST: NS suppression [FAIL]
rc=1, expected 0
COMMAND: bridge -n sw1-hF6GFk fdb replace 5a:1d:b4:4b:25:16 dev vx0 master static vlan 20
TEST: FDB entry installation [ OK ]
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:2::1 -w 5000 2001:db8:2::2 eth0.20
Raw IPv6 socket: Operation not permitted
TEST: ndisc6 [FAIL]
rc=1, expected 0
TEST: NS suppression [FAIL]
rc=1, expected 0
COMMAND: ip -n sw1-hF6GFk neigh replace 2001:db8:2::2 lladdr 5a:1d:b4:4b:25:16 nud permanent dev br0.20
TEST: Neighbor entry installation [ OK ]
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:2::1 -w 5000 2001:db8:2::2 eth0.20
Raw IPv6 socket: Operation not permitted
TEST: ndisc6 [FAIL]
rc=1, expected 0
TEST: NS suppression [FAIL]
rc=1, expected 0
COMMAND: ip -n h2-g0sh0Q link set dev eth0.20 down
TEST: H2 down [ OK ]
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:2::1 -w 5000 2001:db8:2::2 eth0.20
Raw IPv6 socket: Operation not permitted
TEST: ndisc6 [FAIL]
rc=1, expected 0
TEST: NS suppression [FAIL]
rc=1, expected 0
COMMAND: ip -n h2-g0sh0Q link set dev eth0.20 up
TEST: H2 up [ OK ]
COMMAND: bridge -n sw1-hF6GFk link set dev vx0 neigh_suppress off
COMMAND: bridge -n sw1-hF6GFk -d link show dev vx0 | grep "neigh_suppress off"
hairpin off guard off root_block off fastleave off learning off flood on mcast_flood on bcast_flood on mcast_router 1 mcast_to_unicast off neigh_suppress off neigh_vlan_suppress off vlan_tunnel on isolated off locked off mab off mcast_n_groups 0 mcast_max_groups 0
TEST: "neigh_suppress" is off [ OK ]
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:2::1 -w 5000 2001:db8:2::2 eth0.20
Raw IPv6 socket: Operation not permitted
TEST: ndisc6 [FAIL]
rc=1, expected 0
TEST: NS suppression [FAIL]
rc=1, expected 0
COMMAND: ip -n h2-g0sh0Q link set dev eth0.20 down
TEST: H2 down [ OK ]
COMMAND: ip netns exec h1-n8Aaip ndisc6 -q -r 1 -s 2001:db8:2::1 -w 5000 2001:db8:2::2 eth0.20
Raw IPv6 socket: Operation not permitted
TEST: ndisc6 [FAIL]
rc=1, expected 2
TEST: NS suppression [FAIL]
rc=1, expected 0
[ 57.883133] br0: port 1(swp1) entered disabled state
[ 57.884754] swp1 (unregistering): left allmulticast mode
[ 57.885191] swp1 (unregistering): left promiscuous mode
[ 57.885580] br0: port 1(swp1) entered disabled state
Tests passed: 14
Tests failed: 28
[ 57.966498] vx0: left allmulticast mode
[ 57.966802] vx0: left promiscuous mode
[ 57.967091] br0: port 2(vx0) entered disabled state
[ 57.992675] br0: port 1(swp1) entered disabled state
[ 58.017115] swp1 (unregistering): left allmulticast mode
[ 58.017520] swp1 (unregistering): left promiscuous mode
[ 58.017898] br0: port 1(swp1) entered disabled state
bash-5.2# [ 58.092405] vx0: left allmulticast mode
[ 58.092704] vx0: left promiscuous mode
[ 58.092972] br0: port 2(vx0) entered disabled state
Powered by blists - more mailing lists