| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250726105951.GJ1367887@horms.kernel.org>
Date: Sat, 26 Jul 2025 11:59:51 +0100
From: Simon Horman <horms@...nel.org>
To: Yi Chen <yiche@...hat.com>
Cc: netdev@...r.kernel.org, netfilter-devel@...r.kernel.org,
linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org,
pablo@...filter.org, kadlec@...filter.org, davem@...emloft.net,
edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
shuah@...nel.org, coreteam@...filter.org, fw@...len.de,
Hangbin Liu <haliu@...hat.com>
Subject: Re: [PATCH net v2] selftests: netfilter: ipvs.sh: Explicity disable
rp_filter on interface tunl0
+ Hangbin
On Thu, Jul 24, 2025 at 04:06:53PM +0800, Yi Chen wrote:
> Although setup_ns() set net.ipv4.conf.default.rp_filter=0,
> loading certain module such as ipip will automatically create a tunl0 interface
> in all netns including new created ones. In the script, this is before than
> default.rp_filter=0 applied, as a result tunl0.rp_filter remains set to 1
> which causes the test report FAIL when ipip module is preloaded.
>
> Before fix:
> Testing DR mode...
> Testing NAT mode...
> Testing Tunnel mode...
> ipvs.sh: FAIL
>
> After fix:
> Testing DR mode...
> Testing NAT mode...
> Testing Tunnel mode...
> ipvs.sh: PASS
>
> Fixes: 7c8b89ec506e ("selftests: netfilter: remove rp_filter configuration")
>
> v2: Fixed the format of Fixes tag.
> Signed-off-by: Yi Chen <yiche@...hat.com>
> ---
> tools/testing/selftests/net/netfilter/ipvs.sh | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
For future reference, there should be no blank line between
the Fixes and other tags. And, version information should go
below the scissors ('---').
Something like this:
Fixes: ...
Signed-off-by: ...
---
diffstat goes here
v2: Fixed the format of Fixes tag.
And it is ok to have multiple scissors ('---'), sometimes tooling does that.
The main point is that what is above the first scissors will, generally,
show up in Git history, while what is below won't. While everything ends
up in mailing list archives and so on.
Also, if you do end up posting a v3 for some reason.
Please consider correcting the spelling of Explicitly in the subject.
This is flagged by checkpatch.pl --codespell
And, please generate the CC list for patches using
get_maintainer.pl this.patch. Which will include people
involved in the commit cited in the Fixes tag.
I've CCed Hangbin, to follow that pattern.
The above notwithstanding, this looks good to me.
Reviewed-by: Simon Horman <horms@...nel.org>
>
> diff --git a/tools/testing/selftests/net/netfilter/ipvs.sh b/tools/testing/selftests/net/netfilter/ipvs.sh
> index 6af2ea3ad6b8..9c9d5b38ab71 100755
> --- a/tools/testing/selftests/net/netfilter/ipvs.sh
> +++ b/tools/testing/selftests/net/netfilter/ipvs.sh
> @@ -151,7 +151,7 @@ test_nat() {
> test_tun() {
> ip netns exec "${ns0}" ip route add "${vip_v4}" via "${gip_v4}" dev br0
>
> - ip netns exec "${ns1}" modprobe -q ipip
> + modprobe -q ipip
> ip netns exec "${ns1}" ip link set tunl0 up
> ip netns exec "${ns1}" sysctl -qw net.ipv4.ip_forward=0
> ip netns exec "${ns1}" sysctl -qw net.ipv4.conf.all.send_redirects=0
> @@ -160,10 +160,10 @@ test_tun() {
> ip netns exec "${ns1}" ipvsadm -a -i -t "${vip_v4}:${port}" -r ${rip_v4}:${port}
> ip netns exec "${ns1}" ip addr add ${vip_v4}/32 dev lo:1
>
> - ip netns exec "${ns2}" modprobe -q ipip
> ip netns exec "${ns2}" ip link set tunl0 up
> ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.all.arp_ignore=1
> ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.all.arp_announce=2
> + ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.tunl0.rp_filter=0
> ip netns exec "${ns2}" ip addr add "${vip_v4}/32" dev lo:1
>
> test_service
> --
> 2.50.1
>
Powered by blists - more mailing lists