lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 27 Jun 2024 16:48:37 +0200
From: Petr Machata <petrm@...dia.com>
To: "David S. Miller" <davem@...emloft.net>, Eric Dumazet
	<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
	<pabeni@...hat.com>, <netdev@...r.kernel.org>
CC: Danielle Ratson <danieller@...dia.com>, Petr Machata <petrm@...dia.com>,
	Ido Schimmel <idosch@...dia.com>, Hangbin Liu <liuhangbin@...il.com>,
	Benjamin Poirier <bpoirier@...dia.com>, Shuah Khan <shuah@...nel.org>,
	<linux-kselftest@...r.kernel.org>, Simon Horman <horms@...nel.org>,
	<mlxsw@...dia.com>
Subject: [PATCH net-next 00/12] selftest: Clean-up and stabilize mirroring tests

The mirroring selftests work by sending ICMP traffic between two hosts.
Along the way, this traffic is mirrored to a gretap netdevice, and counter
taps are then installed strategically along the path of the mirrored
traffic to verify the mirroring took place.

The problem with this is that besides mirroring the primary traffic, any
other service traffic is mirrored as well. At the same time, because the
tests need to work in HW-offloaded scenarios, the ability of the device to
do arbitrary packet inspection should not be taken for granted. Most tests
therefore simply use matchall, one uses flower to match on IP address.
As a result, the selftests are noisy.

mirror_test() accommodated this noisiness by giving the counters an
allowance of several packets. But that only works up to a point, and on
busy systems won't be always enough.

In this patch set, clean up and stabilize the mirroring selftests. The
original intention was to port the tests over to UDP, but the logic of
ICMP ends up being so entangled in the mirroring selftests that the
changes feel overly invasive. Instead, ICMP is kept, but where possible,
we match on ICMP message type, thus filtering out hits by other ICMP
messages.

Where this is not practical (where the counter tap is put on a device
that carries encapsulated packets), switch the counter condition to _at
least_ X observed packets. This is less robust, but barely so --
probably the only scenario that this would not catch is something like
erroneous packet duplication, which would hopefully get caught by the
numerous other tests in this extensive suite.

- Patches #1 to #3 clean up parameters at various helpers.

- Patches #4 to #6 stabilize the mirroring selftests as described above.

- Mirroring tests currently allow testing SW datapath even on HW
  netdevices by trapping traffic to the SW datapath. This complicates
  the tests a bit without a good reason: to test SW datapath, just run
  the selftests on the veth topology. Thus in patch #7, drop support for
  this dual SW/HW testing.

- At this point, some cleanups were either made possible by the previous
  patches, or were always possible. In patches #8 to #11, realize these
  cleanups.

- In patch #12, fix mlxsw mirror_gre selftest to respect setting TESTS.

Petr Machata (12):
  selftests: libs: Expand "$@" where possible
  selftests: mirror: Drop direction argument from several functions
  selftests: lib: tc_rule_stats_get(): Move default to argument
    definition
  selftests: mirror_gre_lag_lacp: Check counters at tunnel
  selftests: mirror: do_test_span_dir_ips(): Install accurate taps
  selftests: mirror: mirror_test(): Allow exact count of packets
  selftests: mirror: Drop dual SW/HW testing
  selftests: mlxsw: mirror_gre: Simplify
  selftests: mirror_gre_lag_lacp: Drop unnecessary code
  selftests: libs: Drop slow_path_trap_install()/_uninstall()
  selftests: libs: Drop unused functions
  selftests: mlxsw: mirror_gre: Obey TESTS

 .../selftests/drivers/net/mlxsw/mirror_gre.sh | 71 ++++++---------
 .../drivers/net/mlxsw/mirror_gre_scale.sh     | 18 +---
 tools/testing/selftests/net/forwarding/lib.sh | 83 +++++++++++------
 .../selftests/net/forwarding/mirror_gre.sh    | 45 +++-------
 .../net/forwarding/mirror_gre_bound.sh        | 23 +----
 .../net/forwarding/mirror_gre_bridge_1d.sh    | 21 +----
 .../forwarding/mirror_gre_bridge_1d_vlan.sh   | 21 +----
 .../net/forwarding/mirror_gre_bridge_1q.sh    | 21 +----
 .../forwarding/mirror_gre_bridge_1q_lag.sh    | 29 ++----
 .../net/forwarding/mirror_gre_changes.sh      | 73 ++++++---------
 .../net/forwarding/mirror_gre_flower.sh       | 43 ++++-----
 .../net/forwarding/mirror_gre_lag_lacp.sh     | 65 ++++++--------
 .../net/forwarding/mirror_gre_lib.sh          | 90 ++++++++++++++-----
 .../net/forwarding/mirror_gre_neigh.sh        | 39 +++-----
 .../selftests/net/forwarding/mirror_gre_nh.sh | 35 ++------
 .../net/forwarding/mirror_gre_vlan.sh         | 21 +----
 .../forwarding/mirror_gre_vlan_bridge_1q.sh   | 69 ++++++--------
 .../selftests/net/forwarding/mirror_lib.sh    | 79 +++++++++++-----
 .../selftests/net/forwarding/mirror_vlan.sh   | 43 +++------
 tools/testing/selftests/net/lib.sh            |  4 +-
 20 files changed, 355 insertions(+), 538 deletions(-)

-- 
2.45.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ