| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <061a4df2-2ccd-449f-a21b-4ffa03be4533@suse.de>
Date: Tue, 20 Jan 2026 20:24:50 +0100
From: Fernando Fernandez Mancera <fmancera@...e.de>
To: David Ahern <dsahern@...nel.org>, netdev@...r.kernel.org
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
horms@...nel.org, shuah@...nel.org, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH 2/2 net-next v2] selftests: ipv6_icmp: add tests for
ICMPv6 handling
On 1/8/26 4:20 PM, David Ahern wrote:
> On 1/8/26 4:24 AM, Fernando Fernandez Mancera wrote:
>> On 1/7/26 5:41 PM, David Ahern wrote:
>>> On 1/7/26 8:38 AM, Fernando Fernandez Mancera wrote:
>>>> +icmpv6_to_vrf_based_local_address()
>>>> +{
>>>> + local rc
>>>> + local lldummy
>>>> +
>>>> + echo
>>>> + echo "ICMPv6 to VRF based local address"
>>>> +
>>>> + setup
>>>> +
>>>> + lldummy=$(get_linklocal dummy0)
>>>> +
>>>> + if [ -z "$lldummy" ]; then
>>>> + echo "Failed to get link local address for dummy0"
>>>> + return 1
>>>> + fi
>>>> +
>>>> + run_cmd "$NS_EXEC sysctl -w net.ipv6.conf.all.keep_addr_on_down=1"
>>>> +
>>>> + # create VRF and setup
>>>> + run_cmd "$IP link add vrf0 type vrf table 10"
>>>> + run_cmd "$IP link set vrf0 up"
>>>> + run_cmd "$IP link set dummy0 master vrf0"
>>>
>>> run_cmd "$IP -6 addr add ::1 dev vrf0 nodad"
>>>
>>> makes the VRF device the loopback.
>>>
>>>> +
>>>> + # route to reach 2001:db8::1/128 on VRF device and back to ::1
>>>> + run_cmd "$IP -6 route add 2001:db8:1::1/64 dev vrf0"
>>>> + run_cmd "$IP -6 route add ::1/128 dev vrf0 table 10"
>>>
>>> and then this route add should not be needed. This is how fcnal-test.sh
>>> works.
>>>
>>
>> Oh neat! Thanks.
>>
>>>> +
>>>> + # ping6 to link local address
>>>> + run_cmd "$NS_EXEC ${ping6} -c 3 $lldummy%dummy0"
>>>> + log_test $? 0 "Ping to link local address on VRF context"
>>>> +
>>>> + # ping6 to link local address from localhost (::1)
>>>> + run_cmd "$NS_EXEC ${ping6} -c 3 -I ::1 $lldummy%dummy0"
>>>
>>> -I vrf0 should be needed for all VRF tests. I suspect your current
>>> passing tests are because you have a single setup step and then run
>>> non-VRF test followed by VRF test. Really you need to do the setup,
>>> run_test, cleanup for each test.
>>>
>>
>> You are right here about the cleanup, although the tests are passing
>> even if the cleanup is properly done or if `-t
>> icmpv6_to_vrf_based_local_address`. I don't see why they should not pass.
>
> Without ::1 on the vrf device there is no valid address. ie., ::1 is in
> the default vrf and dummy0 is in the VRF so it should not be allowed.
> Something is off.
Yes, what is off is the setup but see comment below, please disregard
the test file I created.
>>
>> I am changing them to use `-I vrf0` because it makes more sense.
>
> I should have asked yesterday: how do these tests differ from what is
> done in fcnal-test.sh - ipv4_ping and ipv6_ping? Those tests cover
> loopback, linklocal address and global address combined with vrf and no vrf.
>
>
Sorry for my late reply. About fcnal-test.sh - ipv6_ping, I didn't know
this existed, sorry. The main difference is that they do not use -I ::1.
Indeed, if `-I ::1` case is added for pinging a configured local address
it fails. Both, vrf and no vrf.
I am preparing a v3 adding a scenario to that test instead of creating
new ones.
Thank you very much David for all this feedback,
Fernando.
Powered by blists - more mailing lists