lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c66248f2825a2669898534b0034da85ea4f94e5a.1719497773.git.petrm@nvidia.com>
Date: Thu, 27 Jun 2024 16:48:42 +0200
From: Petr Machata <petrm@...dia.com>
To: "David S. Miller" <davem@...emloft.net>, Eric Dumazet
	<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
	<pabeni@...hat.com>, <netdev@...r.kernel.org>
CC: Danielle Ratson <danieller@...dia.com>, Petr Machata <petrm@...dia.com>,
	Ido Schimmel <idosch@...dia.com>, Hangbin Liu <liuhangbin@...il.com>,
	Benjamin Poirier <bpoirier@...dia.com>, Shuah Khan <shuah@...nel.org>,
	<linux-kselftest@...r.kernel.org>, Simon Horman <horms@...nel.org>,
	<mlxsw@...dia.com>
Subject: [PATCH net-next 05/12] selftests: mirror: do_test_span_dir_ips(): Install accurate taps

The mirroring selftests work by sending ICMP traffic between two hosts.
Along the way, this traffic is mirrored to a gretap netdevice, and counter
taps are then installed strategically along the path of the mirrored
traffic to verify the mirroring took place.

The problem with this is that besides mirroring the primary traffic, any
other service traffic is mirrored as well. At the same time, because the
tests need to work in HW-offloaded scenarios, the ability of the device to
do arbitrary packet inspection should not be taken for granted. Most tests
therefore simply use matchall, one uses flower to match on IP address.

As a result, the selftests are noisy, because besides the primary ICMP
traffic, any amount of other service traffic is mirrored as well.

However, often the counter tap is installed at the remote end of the gretap
tunnel. Since this is a SW-datapath scenario anyway, we can make the filter
arbitrarily accurate.

Thus in this patch, add parameters forward_type and backward_type to
several mirroring test helpers, as some other helpers already have. Then
change do_test_span_dir_ips() to instead of installing one generic tap and
using it for test in both directions, install the tap for each direction
separately, matching on the ICMP type given by these parameters.

Signed-off-by: Petr Machata <petrm@...dia.com>
Reviewed-by: Danielle Ratson <danieller@...dia.com>
---
 .../selftests/net/forwarding/mirror_gre.sh    | 12 +++++-----
 .../net/forwarding/mirror_gre_lib.sh          | 23 +++++++++++++++----
 .../net/forwarding/mirror_gre_neigh.sh        | 14 ++++++-----
 .../selftests/net/forwarding/mirror_lib.sh    | 15 +++++++++---
 4 files changed, 44 insertions(+), 20 deletions(-)

diff --git a/tools/testing/selftests/net/forwarding/mirror_gre.sh b/tools/testing/selftests/net/forwarding/mirror_gre.sh
index 00def4b04145..b645cb8d696a 100755
--- a/tools/testing/selftests/net/forwarding/mirror_gre.sh
+++ b/tools/testing/selftests/net/forwarding/mirror_gre.sh
@@ -91,17 +91,17 @@ test_two_spans()
 
 	mirror_install $swp1 ingress gt4 "matchall $tcflags"
 	mirror_install $swp1 egress gt6 "matchall $tcflags"
-	quick_test_span_gre_dir gt4
-	quick_test_span_gre_dir gt6
+	quick_test_span_gre_dir gt4 8 0
+	quick_test_span_gre_dir gt6 0 8
 
 	mirror_uninstall $swp1 ingress
-	fail_test_span_gre_dir gt4
-	quick_test_span_gre_dir gt6
+	fail_test_span_gre_dir gt4 8 0
+	quick_test_span_gre_dir gt6 0 8
 
 	mirror_install $swp1 ingress gt4 "matchall $tcflags"
 	mirror_uninstall $swp1 egress
-	quick_test_span_gre_dir gt4
-	fail_test_span_gre_dir gt6
+	quick_test_span_gre_dir gt4 8 0
+	fail_test_span_gre_dir gt6 0 8
 
 	mirror_uninstall $swp1 ingress
 	log_test "two simultaneously configured mirrors ($tcflags)"
diff --git a/tools/testing/selftests/net/forwarding/mirror_gre_lib.sh b/tools/testing/selftests/net/forwarding/mirror_gre_lib.sh
index 2bed2a4013aa..e49535ce1cdd 100644
--- a/tools/testing/selftests/net/forwarding/mirror_gre_lib.sh
+++ b/tools/testing/selftests/net/forwarding/mirror_gre_lib.sh
@@ -7,8 +7,11 @@ quick_test_span_gre_dir_ips()
 	local tundev=$1; shift
 	local ip1=$1; shift
 	local ip2=$1; shift
+	local forward_type=$1; shift
+	local backward_type=$1; shift
 
-	do_test_span_dir_ips 10 h3-$tundev "$ip1" "$ip2"
+	do_test_span_dir_ips 10 h3-$tundev "$ip1" "$ip2" \
+			     "$forward_type" "$backward_type"
 }
 
 fail_test_span_gre_dir_ips()
@@ -84,8 +87,11 @@ full_test_span_gre_dir_vlan_ips()
 quick_test_span_gre_dir()
 {
 	local tundev=$1; shift
+	local forward_type=${1-8}; shift
+	local backward_type=${1-0}; shift
 
-	quick_test_span_gre_dir_ips "$tundev" 192.0.2.1 192.0.2.2
+	quick_test_span_gre_dir_ips "$tundev" 192.0.2.1 192.0.2.2 \
+				    "$forward_type" "$backward_type"
 }
 
 fail_test_span_gre_dir()
@@ -139,12 +145,15 @@ full_test_span_gre_stp_ips()
 	local what=$1; shift
 	local ip1=$1; shift
 	local ip2=$1; shift
+	local forward_type=$1; shift
+	local backward_type=$1; shift
 	local h3mac=$(mac_get $h3)
 
 	RET=0
 
 	mirror_install $swp1 ingress $tundev "matchall $tcflags"
-	quick_test_span_gre_dir_ips $tundev $ip1 $ip2
+	quick_test_span_gre_dir_ips $tundev $ip1 $ip2 \
+				    "$forward_type" "$backward_type"
 
 	bridge link set dev $nbpdev state disabled
 	sleep 1
@@ -152,7 +161,8 @@ full_test_span_gre_stp_ips()
 
 	bridge link set dev $nbpdev state forwarding
 	sleep 1
-	quick_test_span_gre_dir_ips $tundev $ip1 $ip2
+	quick_test_span_gre_dir_ips $tundev $ip1 $ip2 \
+				    "$forward_type" "$backward_type"
 
 	mirror_uninstall $swp1 ingress
 
@@ -164,7 +174,10 @@ full_test_span_gre_stp()
 	local tundev=$1; shift
 	local nbpdev=$1; shift
 	local what=$1; shift
+	local forward_type=${1-8}; shift
+	local backward_type=${1-0}; shift
 
 	full_test_span_gre_stp_ips "$tundev" "$nbpdev" "$what" \
-				   192.0.2.1 192.0.2.2
+				   192.0.2.1 192.0.2.2 \
+				   "$forward_type" "$backward_type"
 }
diff --git a/tools/testing/selftests/net/forwarding/mirror_gre_neigh.sh b/tools/testing/selftests/net/forwarding/mirror_gre_neigh.sh
index 0f2c38eca2a3..0615f9244406 100755
--- a/tools/testing/selftests/net/forwarding/mirror_gre_neigh.sh
+++ b/tools/testing/selftests/net/forwarding/mirror_gre_neigh.sh
@@ -60,15 +60,17 @@ test_span_gre_neigh()
 	local addr=$1; shift
 	local tundev=$1; shift
 	local direction=$1; shift
+	local forward_type=$1; shift
+	local backward_type=$1; shift
 	local what=$1; shift
 
 	RET=0
 
 	ip neigh replace dev $swp3 $addr lladdr 00:11:22:33:44:55
 	mirror_install $swp1 $direction $tundev "matchall $tcflags"
-	fail_test_span_gre_dir $tundev
+	fail_test_span_gre_dir $tundev "$forward_type" "$backward_type"
 	ip neigh del dev $swp3 $addr
-	quick_test_span_gre_dir $tundev
+	quick_test_span_gre_dir $tundev "$forward_type" "$backward_type"
 	mirror_uninstall $swp1 $direction
 
 	log_test "$direction $what: neighbor change ($tcflags)"
@@ -76,14 +78,14 @@ test_span_gre_neigh()
 
 test_gretap()
 {
-	test_span_gre_neigh 192.0.2.130 gt4 ingress "mirror to gretap"
-	test_span_gre_neigh 192.0.2.130 gt4 egress "mirror to gretap"
+	test_span_gre_neigh 192.0.2.130 gt4 ingress 8 0 "mirror to gretap"
+	test_span_gre_neigh 192.0.2.130 gt4 egress 0 8 "mirror to gretap"
 }
 
 test_ip6gretap()
 {
-	test_span_gre_neigh 2001:db8:2::2 gt6 ingress "mirror to ip6gretap"
-	test_span_gre_neigh 2001:db8:2::2 gt6 egress "mirror to ip6gretap"
+	test_span_gre_neigh 2001:db8:2::2 gt6 ingress 8 0 "mirror to ip6gretap"
+	test_span_gre_neigh 2001:db8:2::2 gt6 egress 0 8 "mirror to ip6gretap"
 }
 
 test_all()
diff --git a/tools/testing/selftests/net/forwarding/mirror_lib.sh b/tools/testing/selftests/net/forwarding/mirror_lib.sh
index ee0fd71ad2fd..6a0c66d7ba7f 100644
--- a/tools/testing/selftests/net/forwarding/mirror_lib.sh
+++ b/tools/testing/selftests/net/forwarding/mirror_lib.sh
@@ -61,9 +61,14 @@ do_test_span_dir_ips()
 	local dev=$1; shift
 	local ip1=$1; shift
 	local ip2=$1; shift
+	local forward_type=${1-8}; shift
+	local backward_type=${1-0}; shift
 
-	icmp_capture_install $dev
+	icmp_capture_install $dev "type $forward_type"
 	mirror_test v$h1 $ip1 $ip2 $dev 100 $expect
+	icmp_capture_uninstall $dev
+
+	icmp_capture_install $dev "type $backward_type"
 	mirror_test v$h2 $ip2 $ip1 $dev 100 $expect
 	icmp_capture_uninstall $dev
 }
@@ -73,8 +78,11 @@ quick_test_span_dir_ips()
 	local dev=$1; shift
 	local ip1=$1; shift
 	local ip2=$1; shift
+	local forward_type=${1-8}; shift
+	local backward_type=${1-0}; shift
 
-	do_test_span_dir_ips 10 "$dev" "$ip1" "$ip2"
+	do_test_span_dir_ips 10 "$dev" "$ip1" "$ip2" \
+			     "$forward_type" "$backward_type"
 }
 
 fail_test_span_dir_ips()
@@ -95,7 +103,8 @@ test_span_dir_ips()
 	local ip1=$1; shift
 	local ip2=$1; shift
 
-	quick_test_span_dir_ips "$dev" "$ip1" "$ip2"
+	quick_test_span_dir_ips "$dev" "$ip1" "$ip2" \
+				"$forward_type" "$backward_type"
 
 	icmp_capture_install $dev "type $forward_type"
 	mirror_test v$h1 $ip1 $ip2 $dev 100 10
-- 
2.45.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ