| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+3n-TprC7Fs0HiBndR+OpYmy2vq=raiuSE=_R49LVxjax8Aug@mail.gmail.com> Date: Thu, 29 Jan 2026 19:28:22 +0100 From: Marc Sune <marcdevel@...il.com> To: Jakub Kicinski <kuba@...nel.org> Cc: willemdebruijn.kernel@...il.com, pabeni@...hat.com, netdev@...r.kernel.org, dborkman@...nel.org, vadim.fedorenko@...ux.dev Subject: Re: [PATCH net v2 2/4] selftests/net: add no ARP b/mcast,null poison test Missatge de Jakub Kicinski <kuba@...nel.org> del dia dj., 29 de gen. 2026 a les 5:27: > > On Tue, 27 Jan 2026 00:53:03 +0100 Marc Suñé wrote: > > Add a selftest to test that ARP bcast/mcast/null poisioning checks > > are never bypassed. > > > diff --git a/tools/testing/selftests/net/Makefile b/tools/testing/selftests/net/Makefile > > index 45c4ea381bc3..a765f1800752 100644 > > --- a/tools/testing/selftests/net/Makefile > > +++ b/tools/testing/selftests/net/Makefile > > @@ -9,6 +9,7 @@ CFLAGS += -I../ > > TEST_PROGS := \ > > altnames.sh \ > > amt.sh \ > > + arp_no_invalid_sha_poision.sh \ > > alphabetical sort pls > > > arp_ndisc_evict_nocarrier.sh \ > > arp_ndisc_untracked_subnets.sh \ > > bareudp.sh \ > > > +readonly V4_ADDR0="10.0.10.1" > > +readonly V4_ADDR1="10.0.10.2" > > +readonly BCAST_MAC="ff:ff:ff:ff:ff:ff" > > +readonly MCAST_MAC="01:00:5e:00:00:00" > > +readonly NULL_MAC="00:00:00:00:00:00" > > +readonly VALID_MAC="02:01:02:03:04:05" > > +readonly ARP_REQ=1 > > +readonly ARP_REPLY=2 > > +nsid=100 > > unused? (please run shellcheck) Errors fixed in v3. > > > +ret=0 > > +veth0_ifindex=0 > > +veth1_mac= > > > diff --git a/tools/testing/selftests/net/arp_send.c b/tools/testing/selftests/net/arp_send.c > > new file mode 100644 > > Could you check if mausezahn from netsniff-ng can send these > packets already? We already depend on mausezahn for other tests. > > Similar comments on patch 4, I'm not gonna repeat. I can do that for ARP, but not for NDP apparently. Only basic ICMPv6 echo req/reply is supported. For NDP (ICMPv6), it needs to be specified using -P (hex). Kind of ugly... In RFC v1 I proposed to use a scapy (https://lore.kernel.org/netdev/3cfd28edb2c2b055e74b975623a3d38ade0237f1.1766349632.git.marcdevel@gmail.com/), which is substantially smaller than arp_send/ndisc_send.c. I dropped it based on the v1 review I got. I see scapy is used in bpf/ and tc-testing/ self-tests. What's your preference? a) use mausezahn only for ARP, use ndisc_send.c for NDP b) use only .c progs for consistency c) recover the scapy patch and squash it in patches 2/4 Thanks
Powered by blists - more mailing lists