lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aJ2RvybsdTpRZ27k@shredder>
Date: Thu, 14 Aug 2025 10:35:27 +0300
From: Ido Schimmel <idosch@...dia.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: Petr Machata <petrm@...dia.com>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
	Andrew Lunn <andrew+netdev@...n.ch>, netdev@...r.kernel.org,
	Simon Horman <horms@...nel.org>, Jiri Pirko <jiri@...nulli.us>,
	mlxsw@...dia.com
Subject: Re: [PATCH net 2/2] selftest: forwarding: router: Add a test case
 for IPv4 link-local source IP

On Wed, Aug 13, 2025 at 01:40:37PM -0700, Jakub Kicinski wrote:
> On Wed, 13 Aug 2025 13:47:09 +0200 Petr Machata wrote:
> > From: Ido Schimmel <idosch@...dia.com>
> > 
> > Add a test case which checks that packets with an IPv4 link-local source
> > IP are forwarded and not dropped.
> 
> The new test case doesn't pass for us:
> 
> # 22.73 [+2.13] TEST: IPv4 source IP is link-local                                  [FAIL]
> # 22.74 [+0.01] Packets were dropped
> not ok 1 selftests: net/forwarding: router.sh # exit=1
> 
> https://netdev-3.bots.linux.dev/vmksft-forwarding-dbg/results/251622/97-router-sh/stdout
> 
> LMK if this is an infra problem, I'll hide the series for now:
> pw-bot: cr

Seems that we need to disable rp_filter to prevent packets from getting
dropped on ingress. Can you test the following diff or should we just
post a v2?

diff --git a/tools/testing/selftests/net/forwarding/router.sh b/tools/testing/selftests/net/forwarding/router.sh
index 50d362ced430..b409680bec1d 100755
--- a/tools/testing/selftests/net/forwarding/router.sh
+++ b/tools/testing/selftests/net/forwarding/router.sh
@@ -337,6 +337,10 @@ ipv4_sip_link_local()
 
 	RET=0
 
+	# Disable rpfilter to prevent packets to be dropped because of it.
+	sysctl_set net.ipv4.conf.all.rp_filter 0
+	sysctl_set net.ipv4.conf."$rp1".rp_filter 0
+
 	tc filter add dev "$rp2" egress protocol ip pref 1 handle 101 \
 		flower src_ip "$sip" action pass
 
@@ -349,6 +353,8 @@ ipv4_sip_link_local()
 	log_test "IPv4 source IP is link-local"
 
 	tc filter del dev "$rp2" egress protocol ip pref 1 handle 101 flower
+	sysctl_restore net.ipv4.conf."$rp1".rp_filter
+	sysctl_restore net.ipv4.conf.all.rp_filter
 }
 
 trap cleanup EXIT

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ