| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f22691c9-63c6-444a-899f-adac93a2bbbf@suse.de>
Date: Tue, 20 Jan 2026 20:44:48 +0100
From: Fernando Fernandez Mancera <fmancera@...e.de>
To: David Ahern <dsahern@...nel.org>, netdev@...r.kernel.org
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
horms@...nel.org, shuah@...nel.org, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH 2/2 net-next v2] selftests: ipv6_icmp: add tests for
ICMPv6 handling
On 1/20/26 8:24 PM, Fernando Fernandez Mancera wrote:
> On 1/8/26 4:20 PM, David Ahern wrote:
>> On 1/8/26 4:24 AM, Fernando Fernandez Mancera wrote:
>>> On 1/7/26 5:41 PM, David Ahern wrote:
>>>> On 1/7/26 8:38 AM, Fernando Fernandez Mancera wrote:
>>>>> +icmpv6_to_vrf_based_local_address()
>>>>> +{
>>>>> + local rc
>>>>> + local lldummy
>>>>> +
>>>>> + echo
>>>>> + echo "ICMPv6 to VRF based local address"
>>>>> +
>>>>> + setup
>>>>> +
>>>>> + lldummy=$(get_linklocal dummy0)
>>>>> +
>>>>> + if [ -z "$lldummy" ]; then
>>>>> + echo "Failed to get link local address for dummy0"
>>>>> + return 1
>>>>> + fi
>>>>> +
>>>>> + run_cmd "$NS_EXEC sysctl -w
>>>>> net.ipv6.conf.all.keep_addr_on_down=1"
>>>>> +
>>>>> + # create VRF and setup
>>>>> + run_cmd "$IP link add vrf0 type vrf table 10"
>>>>> + run_cmd "$IP link set vrf0 up"
>>>>> + run_cmd "$IP link set dummy0 master vrf0"
>>>>
>>>> run_cmd "$IP -6 addr add ::1 dev vrf0 nodad"
>>>>
>>>> makes the VRF device the loopback.
>>>>
>>>>> +
>>>>> + # route to reach 2001:db8::1/128 on VRF device and back to ::1
>>>>> + run_cmd "$IP -6 route add 2001:db8:1::1/64 dev vrf0"
>>>>> + run_cmd "$IP -6 route add ::1/128 dev vrf0 table 10"
>>>>
>>>> and then this route add should not be needed. This is how fcnal-test.sh
>>>> works.
>>>>
>>>
>>> Oh neat! Thanks.
>>>
>>>>> +
>>>>> + # ping6 to link local address
>>>>> + run_cmd "$NS_EXEC ${ping6} -c 3 $lldummy%dummy0"
>>>>> + log_test $? 0 "Ping to link local address on VRF context"
>>>>> +
>>>>> + # ping6 to link local address from localhost (::1)
>>>>> + run_cmd "$NS_EXEC ${ping6} -c 3 -I ::1 $lldummy%dummy0"
>>>>
>>>> -I vrf0 should be needed for all VRF tests. I suspect your current
>>>> passing tests are because you have a single setup step and then run
>>>> non-VRF test followed by VRF test. Really you need to do the setup,
>>>> run_test, cleanup for each test.
>>>>
>>>
>>> You are right here about the cleanup, although the tests are passing
>>> even if the cleanup is properly done or if `-t
>>> icmpv6_to_vrf_based_local_address`. I don't see why they should not
>>> pass.
>>
>> Without ::1 on the vrf device there is no valid address. ie., ::1 is in
>> the default vrf and dummy0 is in the VRF so it should not be allowed.
>> Something is off.
>
> Yes, what is off is the setup but see comment below, please disregard
> the test file I created.
>
>>>
>>> I am changing them to use `-I vrf0` because it makes more sense.
>>
>> I should have asked yesterday: how do these tests differ from what is
>> done in fcnal-test.sh - ipv4_ping and ipv6_ping? Those tests cover
>> loopback, linklocal address and global address combined with vrf and
>> no vrf.
>>
>>
>
> Sorry for my late reply. About fcnal-test.sh - ipv6_ping, I didn't know
> this existed, sorry. The main difference is that they do not use -I ::1.
> Indeed, if `-I ::1` case is added for pinging a configured local address
> it fails. Both, vrf and no vrf.
>
Correction: only on no-vrf scenario, as vrf scenario uses `-I $VRF` it
is fine.
> I am preparing a v3 adding a scenario to that test instead of creating
> new ones.
>
> Thank you very much David for all this feedback,
> Fernando.
>
Powered by blists - more mailing lists