| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250614030708.e08c2b4a6044b6a010cffb4d@uniroma2.it>
Date: Sat, 14 Jun 2025 03:07:08 +0200
From: Andrea Mayer <andrea.mayer@...roma2.it>
To: Ido Schimmel <idosch@...dia.com>
Cc: <netdev@...r.kernel.org>, <davem@...emloft.net>, <kuba@...nel.org>,
<pabeni@...hat.com>, <edumazet@...gle.com>, <dsahern@...nel.org>,
<horms@...nel.org>, <petrm@...dia.com>,
Andrea Mayer
<andrea.mayer@...roma2.it>, stefano.salsano@...roma2.it,
<paolo.lungaroni@...roma2.it>
Subject: Re: [PATCH net-next 4/4] selftests: seg6: Add test cases for End.X
with link-local nexthop
On Thu, 12 Jun 2025 15:23:23 +0300
Ido Schimmel <idosch@...dia.com> wrote:
> In the current test topology, all the routers are connected to each
> other via dedicated links with addresses of the form fcf0:0:x:y::/64.
>
> The test configures rt-3 with an adjacency with rt-4 and rt-4 with an
> adjacency with rt-1:
>
> # ip -n rt_3-IgWSBJ -6 route show tab 90 fcbb:0:300::/48
> fcbb:0:300::/48 encap seg6local action End.X nh6 fcf0:0:3:4::4 flavors next-csid lblen 32 nflen 16 dev dum0 metric 1024 pref medium
> # ip -n rt_4-JdCunK -6 route show tab 90 fcbb:0:400::/48
> fcbb:0:400::/48 encap seg6local action End.X nh6 fcf0:0:1:4::1 flavors next-csid lblen 32 nflen 16 dev dum0 metric 1024 pref medium
>
> The routes are used when pinging hs-2 from hs-1 and vice-versa.
>
> Extend the test to also cover End.X behavior with an IPv6 link-local
> nexthop address and an output interface. Configure every router
> interface with an IPv6 link-local address of the form fe80::x:y/64 and
> before re-running the ping tests, replace the previous End.X routes with
> routes that use the new IPv6 link-local addresses:
>
> # ip -n rt_3-IgWSBJ -6 route show tab 90 fcbb:0:300::/48
> fcbb:0:300::/48 encap seg6local action End.X nh6 fe80::4:3 oif veth-rt-3-4 flavors next-csid lblen 32 nflen 16 dev dum0 metric 1024 pref medium
> # ip -n rt_4-JdCunK -6 route show tab 90 fcbb:0:400::/48
> fcbb:0:400::/48 encap seg6local action End.X nh6 fe80::1:4 oif veth-rt-4-1 flavors next-csid lblen 32 nflen 16 dev dum0 metric 1024 pref medium
>
> The new test cases fail without the previous patch ("seg6: Allow End.X
> behavior to accept an oif"):
>
> # ./srv6_end_x_next_csid_l3vpn_test.sh
> [...]
> ################################################################################
> TEST SECTION: SRv6 VPN connectivity test hosts (h1 <-> h2, IPv6), link-local
> ################################################################################
>
> TEST: IPv6 Hosts connectivity: hs-1 -> hs-2 [FAIL]
>
> TEST: IPv6 Hosts connectivity: hs-2 -> hs-1 [FAIL]
>
> ################################################################################
> TEST SECTION: SRv6 VPN connectivity test hosts (h1 <-> h2, IPv4), link-local
> ################################################################################
>
> TEST: IPv4 Hosts connectivity: hs-1 -> hs-2 [FAIL]
>
> TEST: IPv4 Hosts connectivity: hs-2 -> hs-1 [FAIL]
>
> Tests passed: 40
> Tests failed: 4
>
> And pass with it:
>
> # ./srv6_end_x_next_csid_l3vpn_test.sh
> [...]
> ################################################################################
> TEST SECTION: SRv6 VPN connectivity test hosts (h1 <-> h2, IPv6), link-local
> ################################################################################
>
> TEST: IPv6 Hosts connectivity: hs-1 -> hs-2 [ OK ]
>
> TEST: IPv6 Hosts connectivity: hs-2 -> hs-1 [ OK ]
>
> ################################################################################
> TEST SECTION: SRv6 VPN connectivity test hosts (h1 <-> h2, IPv4), link-local
> ################################################################################
>
> TEST: IPv4 Hosts connectivity: hs-1 -> hs-2 [ OK ]
>
> TEST: IPv4 Hosts connectivity: hs-2 -> hs-1 [ OK ]
Thank you for updating the self-test. The changes seem good to me. This way, we
can test both the legacy End.X and the new version with "oif" at the same time. This
also allows us to manage link-locals (through the use of oif).
In this regard, the only thing I would have added is a mention of the use of "oif"
in the description of the new tests, something like:
################################################################################
TEST SECTION: SRv6 VPN connectivity test hosts (h1 <-> h2, IPv4), link-local+oif
################################################################################
(However, I don't think this small change is enough to require a new version of
this patch.)
>
> Tests passed: 44
> Tests failed: 0
>
> Without the previous patch, rt-3 and rt-4 resolve the wrong routes for
> the link-local nexthops, with the output interface being the input
> interface:
>
> # perf script
> [...]
> ping 1067 [001] 37.554486: fib6:fib6_table_lookup: table 254 oif 0 iif 11 proto 41 cafe::254/0 -> fe80::4:3/0 flowlabel 0xb7973 tos 0 scope 0 flags 2 ==> dev veth-rt-3-1 gw :: err 0
> [...]
> ping 1069 [002] 41.573360: fib6:fib6_table_lookup: table 254 oif 0 iif 12 proto 41 cafe::254/0 -> fe80::1:4/0 flowlabel 0xb7973 tos 0 scope 0 flags 2 ==> dev veth-rt-4-2 gw :: err 0
>
> But the correct routes are resolved with the patch:
>
> # perf script
> [...]
> ping 1066 [006] 30.672355: fib6:fib6_table_lookup: table 254 oif 13 iif 1 proto 41 cafe::254/0 -> fe80::4:3/0 flowlabel 0x85941 tos 0 scope 0 flags 6 ==> dev veth-rt-3-4 gw :: err 0
> [...]
> ping 1066 [006] 30.672411: fib6:fib6_table_lookup: table 254 oif 11 iif 1 proto 41 cafe::254/0 -> fe80::1:4/0 flowlabel 0x91de0 tos 0 scope 0 flags 6 ==> dev veth-rt-4-1 gw :: err 0
>
> Reviewed-by: Petr Machata <petrm@...dia.com>
> Signed-off-by: Ido Schimmel <idosch@...dia.com>
> ---
> .../net/srv6_end_x_next_csid_l3vpn_test.sh | 48 +++++++++++++++++++
> 1 file changed, 48 insertions(+)
Reviewed-by: Andrea Mayer <andrea.mayer@...roma2.it>
Powered by blists - more mailing lists