From patchwork Tue May 9 12:02:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 13235710 X-Patchwork-Delegate: kuba@kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F3709182B5 for ; Tue, 9 May 2023 12:02:43 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 41A191A4 for ; Tue, 9 May 2023 05:02:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683633761; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=mMSi69loZlQv+vSAkw/8FzHDDZFUzwS5MLW0SwisgX4=; b=DDBmADkIxj9m+o++0+ZrF4P+5F1Kcx92211w35lcWYOSJWdtLBjHShj3Tb4p6BC78qZQ57 erVQeTjFyxHy5/I8a8MfjaQlhlSpnyLV9yunZlftim5/psjuzhKwQ3ZMpp9/hMXgHDGpVA Xc5iiX2JK+3ZOzPDvjuE9R/6HeNXCr8= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-205-rkiskIDcPR-D7ozwTS3kPw-1; Tue, 09 May 2023 08:02:40 -0400 X-MC-Unique: rkiskIDcPR-D7ozwTS3kPw-1 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-307977ae703so1325003f8f.3 for ; Tue, 09 May 2023 05:02:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683633759; x=1686225759; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=mMSi69loZlQv+vSAkw/8FzHDDZFUzwS5MLW0SwisgX4=; b=kol+D8CKU8uZYfdhMCWIa7jGWzttI4mzstyW2lgrF8apKHVLDHU+yKR6Jl1gwOj99T nY9K8IWIE0Rf2c4/mid6Cu6lAqMMvrA5eEnYpGUCyLW6UxR2GVROiQ2nkZQidSeem2VN 21QMCbUwG0G5Lb85NxNhzKh8Hk6X3ytO42JUVnut50gvlPGZxAivX3RMtI8du/D5qwbE nGYkai9ik/jYnyovHjH8bT8l19aMVHXu3hX/MYrP5JhUsM0F/j2bpXJdkWduAjWCCIQ9 tVxx2R6eiyFA7CQXRqVZlF7tqUujetZkbE1DoFVw7/YvyR11s145aWjzG+m0vZ0k6EJX 5+nA== X-Gm-Message-State: AC+VfDxsX0st+GisZQSpwEx+etruC5xQ/IECuxrP5bRVRE6P/6V/7wRw zL8/8KEsz1R5qc4stiJ6ku0CmZ5b+gITAbb50NttaH2qA/TCTRnYZFEuJ87gXILCbGtIgFTMaFy xFZPQmItqK0ciJVDd X-Received: by 2002:a05:6000:cc:b0:307:95ac:a3f with SMTP id q12-20020a05600000cc00b0030795ac0a3fmr4199426wrx.23.1683633759083; Tue, 09 May 2023 05:02:39 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6LyUMAYECQ2mWFhvjel4rcl93hqmAEcXqRgzRMC5xeNshkDXiBrDVot+m3HUtlIjefIwoObw== X-Received: by 2002:a05:6000:cc:b0:307:95ac:a3f with SMTP id q12-20020a05600000cc00b0030795ac0a3fmr4199411wrx.23.1683633758839; Tue, 09 May 2023 05:02:38 -0700 (PDT) Received: from debian (2a01cb058918ce005a3b5dcb9dbff7d2.ipv6.abo.wanadoo.fr. [2a01:cb05:8918:ce00:5a3b:5dcb:9dbf:f7d2]) by smtp.gmail.com with ESMTPSA id u1-20020a5d4681000000b003062f894b64sm14442267wrq.22.2023.05.09.05.02.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 05:02:38 -0700 (PDT) Date: Tue, 9 May 2023 14:02:36 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski , Paolo Abeni , Eric Dumazet Cc: netdev@vger.kernel.org, David Ahern Subject: [PATCH net-next 1/4] selftests: Add SO_DONTROUTE option to nettest. Message-ID: <1b3d54c39af185c514a16cbd779b52a9cf9ef2de.1683626501.git.gnault@redhat.com> References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: kuba@kernel.org Add -G option to nettest. It allows to set the SO_DONTROUTE option to the created sockets. This will be used by the following patches to test the SO_DONTROUTE behaviour with TCP and UDP. Signed-off-by: Guillaume Nault Reviewed-by: David Ahern --- tools/testing/selftests/net/nettest.c | 32 +++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/nettest.c b/tools/testing/selftests/net/nettest.c index ee9a72982705..0b5b580e6eba 100644 --- a/tools/testing/selftests/net/nettest.c +++ b/tools/testing/selftests/net/nettest.c @@ -76,7 +76,8 @@ struct sock_args { has_grp:1, has_expected_laddr:1, has_expected_raddr:1, - bind_test_only:1; + bind_test_only:1, + dontroute:1; unsigned short port; @@ -611,6 +612,18 @@ static int set_dsfield(int sd, int version, int dsfield) return 0; } +static int set_dontroute(int sd) +{ + unsigned int one = 1; + + if (setsockopt(sd, SOL_SOCKET, SO_DONTROUTE, &one, sizeof(one)) < 0) { + log_err_errno("setsockopt(SO_DONTROUTE)"); + return -1; + } + + return 0; +} + static int str_to_uint(const char *str, int min, int max, unsigned int *value) { int number; @@ -1351,6 +1364,9 @@ static int msock_init(struct sock_args *args, int server) if (set_dsfield(sd, AF_INET, args->dsfield) != 0) goto out_err; + if (args->dontroute && set_dontroute(sd) != 0) + goto out_err; + if (args->dev && bind_to_device(sd, args->dev) != 0) goto out_err; else if (args->use_setsockopt && @@ -1482,6 +1498,9 @@ static int lsock_init(struct sock_args *args) if (set_dsfield(sd, args->version, args->dsfield) != 0) goto err; + if (args->dontroute && set_dontroute(sd) != 0) + goto err; + if (args->dev && bind_to_device(sd, args->dev) != 0) goto err; else if (args->use_setsockopt && @@ -1698,6 +1717,9 @@ static int connectsock(void *addr, socklen_t alen, struct sock_args *args) if (set_dsfield(sd, args->version, args->dsfield) != 0) goto err; + if (args->dontroute && set_dontroute(sd) != 0) + goto err; + if (args->dev && bind_to_device(sd, args->dev) != 0) goto err; else if (args->use_setsockopt && @@ -1902,7 +1924,7 @@ static int ipc_parent(int cpid, int fd, struct sock_args *args) return client_status; } -#define GETOPT_STR "sr:l:c:Q:p:t:g:P:DRn:M:X:m:d:I:BN:O:SUCi6xL:0:1:2:3:Fbqf" +#define GETOPT_STR "sr:l:c:Q:Gp:t:g:P:DRn:M:X:m:d:I:BN:O:SUCi6xL:0:1:2:3:Fbqf" #define OPT_FORCE_BIND_KEY_IFINDEX 1001 #define OPT_NO_BIND_KEY_IFINDEX 1002 @@ -1935,6 +1957,9 @@ static void print_usage(char *prog) " -c addr local address to bind to in client mode\n" " -Q dsfield DS Field value of the socket (the IP_TOS or\n" " IPV6_TCLASS socket option)\n" + " -G don't use gateways: send packets only if\n" + " destination is on link (see SO_DONTROUTE in\n" + " socket(7))\n" " -x configure XFRM policy on socket\n" "\n" " -d dev bind socket to given device name\n" @@ -2020,6 +2045,9 @@ int main(int argc, char *argv[]) } args.dsfield = tmp; break; + case 'G': + args.dontroute = 1; + break; case 'p': if (str_to_uint(optarg, 1, 65535, &tmp) != 0) { fprintf(stderr, "Invalid port\n"); From patchwork Tue May 9 12:02:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 13235711 X-Patchwork-Delegate: kuba@kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 08531182B5 for ; Tue, 9 May 2023 12:02:45 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B4886FA for ; Tue, 9 May 2023 05:02:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683633762; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=aVSefJv3UGBgJwbiyuokVG1nOTH+/IsF6e+/n0tlWcM=; b=ZPrcXv3U9dZRKuHCmnxXwWF9baU0flLmz3ohQ2rLHmOdeQoRbFnb8hb8gJUkMhcMf75M5t J4cCBhYeq+iU75B/QcTNeVrjfKjzkHhYdIjcZjwWPEAaYgt4sRfUqJkyjvTVTlLTQ+a+hl ztbg83Ya1JUPFUUND9QwS+bkTHfurS8= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-218-lufwFGHlM-KAHN3PDxvPZA-1; Tue, 09 May 2023 08:02:41 -0400 X-MC-Unique: lufwFGHlM-KAHN3PDxvPZA-1 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-3f3157128b4so135666945e9.0 for ; Tue, 09 May 2023 05:02:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683633760; x=1686225760; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=aVSefJv3UGBgJwbiyuokVG1nOTH+/IsF6e+/n0tlWcM=; b=DyUjvwv2pPzSrBY+STkywEL3X78QaF5+WDqccZ1ImfC55ZQm4g6E/9gMytSqm2na5N e8Zbumpyht96KvcMkmhAyVkRoH5GQW393tE5k3cWTZd+OVMYF9lJZ3LTilIYrZ//dWyD EPnDTY+HKr08puV35ieWzOBkJ08PjlPTaPuaepSOu0wtQRpn5Lv3eqRHIB496HHonuM5 PEn26GM+BdUVnAzofPXvDVfLA0RZx14R83GBiZlSQJmLadc7GK41KcZTzuhPId1QpAGe pIi7EZIiy9dqeXB6h6f4VZ7y4k5DbHd8OuI/1UXJtEoXE/7E8AdH7jz1+wfmz7qjS3kC s7BQ== X-Gm-Message-State: AC+VfDw/IuXkvaPC4tyoGjnOTKJ6JlaNCrH3oi2oKOP2Va4oDHlVGTUP W8/L2j/aE25SX9f0O8NVTvMarxQvlVte7XVhd3Egj5OYBV09mTc5+1fsHtg3g3lbiju/70j2PLK 7JyzJiCGf9PLSck+n X-Received: by 2002:a5d:6384:0:b0:2fa:abcd:59a2 with SMTP id p4-20020a5d6384000000b002faabcd59a2mr9534881wru.30.1683633759863; Tue, 09 May 2023 05:02:39 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7GP6whMq0YqFjyrM7/fi3cM7/g3qSHCDeHfIDcA/43Gek0Ibt7HmrMHft3oOFW6Tje5Fx/JQ== X-Received: by 2002:a5d:6384:0:b0:2fa:abcd:59a2 with SMTP id p4-20020a5d6384000000b002faabcd59a2mr9534868wru.30.1683633759657; Tue, 09 May 2023 05:02:39 -0700 (PDT) Received: from debian (2a01cb058918ce005a3b5dcb9dbff7d2.ipv6.abo.wanadoo.fr. [2a01:cb05:8918:ce00:5a3b:5dcb:9dbf:f7d2]) by smtp.gmail.com with ESMTPSA id s9-20020a5d5109000000b002ffbf2213d4sm14106651wrt.75.2023.05.09.05.02.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 05:02:39 -0700 (PDT) Date: Tue, 9 May 2023 14:02:37 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski , Paolo Abeni , Eric Dumazet Cc: netdev@vger.kernel.org, David Ahern Subject: [PATCH net-next 2/4] selftests: fcnal: Test SO_DONTROUTE on TCP sockets. Message-ID: References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: kuba@kernel.org Use nettest -G to test the kernel behaviour with TCP sockets having the SO_DONTROUTE option. Sending packets to a neighbour (on link) host, should work. When the host is behind a router, sending should fail. Client and server sockets are tested independently, so that we can cover different TCP kernel paths. SO_DONTROUTE also affects the syncookies path. So ipv4_tcp_dontroute() is made to work with or without syncookies, to cover both paths. Signed-off-by: Guillaume Nault --- tools/testing/selftests/net/fcnal-test.sh | 70 +++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 21ca91473c09..1f8939fbb021 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -1098,6 +1098,73 @@ test_ipv4_md5_vrf__global_server__bind_ifindex0() set_sysctl net.ipv4.tcp_l3mdev_accept="$old_tcp_l3mdev_accept" } +ipv4_tcp_dontroute() +{ + local syncookies=$1 + local nsa_syncookies + local nsb_syncookies + local a + + # + # Link local connection tests (SO_DONTROUTE). + # Connections should succeed only when the remote IP address is + # on link (doesn't need to be routed through a gateway). + # + + nsa_syncookies=$(ip netns exec "${NSA}" sysctl -n net.ipv4.tcp_syncookies) + nsb_syncookies=$(ip netns exec "${NSB}" sysctl -n net.ipv4.tcp_syncookies) + ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies} + ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies} + + # Test with eth1 address (on link). + + a=${NSB_IP} + log_start + run_cmd_nsb nettest -s & + sleep 1 + run_cmd nettest -r ${a} -G + log_test_addr ${a} $? 0 "SO_DONTROUTE client, syncookies=${syncookies}" + + a=${NSB_IP} + log_start + # Ensure previous nettest server exited, so that it won't respond (we + # really want to test the -G option on the server). + wait + run_cmd_nsb nettest -s -G & + sleep 1 + run_cmd nettest -r ${a} + log_test_addr ${a} $? 0 "SO_DONTROUTE server, syncookies=${syncookies}" + + # Test with loopback address (routed). + # + # The client would use the eth1 address as source IP by default. + # Therefore, we need to use the -c option here, to force the use of the + # routed (loopback) address as source IP (so that the server will try + # to respond to a routed address and not a link local one). + + a=${NSB_LO_IP} + log_start + show_hint "Should fail 'Network is unreachable' since server is not on link" + run_cmd_nsb nettest -s & + sleep 1 + run_cmd nettest -c ${NSA_LO_IP} -r ${a} -G + log_test_addr ${a} $? 1 "SO_DONTROUTE client, syncookies=${syncookies}" + + a=${NSB_LO_IP} + log_start + show_hint "Should timeout since server cannot respond (client is not on link)" + # Ensure previous nettest server exited, so that it won't respond (we + # really want to test the -G option on the server). + wait + run_cmd_nsb nettest -s -G & + sleep 1 + run_cmd nettest -c ${NSA_LO_IP} -r ${a} + log_test_addr ${a} $? 2 "SO_DONTROUTE server, syncookies=${syncookies}" + + ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${nsb_syncookies} + ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${nsa_syncookies} +} + ipv4_tcp_novrf() { local a @@ -1217,6 +1284,9 @@ ipv4_tcp_novrf() log_test_addr ${a} $? 1 "No server, device client, local conn" ipv4_tcp_md5_novrf + + ipv4_tcp_dontroute 0 + ipv4_tcp_dontroute 2 } ipv4_tcp_vrf() From patchwork Tue May 9 12:02:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 13235713 X-Patchwork-Delegate: kuba@kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6D41F171C7 for ; Tue, 9 May 2023 12:03:05 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 548CFDC for ; Tue, 9 May 2023 05:03:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683633783; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=phVfwRZ8/EVKTr1sC/M7k87pKle89PDg77IQ7sjzskY=; b=QBjGJLzUvi2LcvoyCinOYrYQq3lqnjiQ4gatngznf+0vpTq2w7azy5u4L0kcIhasA0NN+P OK43/N+A6pvXRESvlyFd2pY0JSf3iKpy5tvFCEmNldcdEBwCywKJ1tHa62hY+CIJjvVhEe gnMeQVKJHouhSnpfyaziSLcZFcFLfxI= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-623-xR33W2e0OxWOpLFANZplUg-1; Tue, 09 May 2023 08:03:00 -0400 X-MC-Unique: xR33W2e0OxWOpLFANZplUg-1 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-3064d0b726fso1987332f8f.0 for ; Tue, 09 May 2023 05:03:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683633779; x=1686225779; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=phVfwRZ8/EVKTr1sC/M7k87pKle89PDg77IQ7sjzskY=; b=HGUtO1qOUlLH88Dlf4yE2Ku/aPECsXGYthJbC05KKuMkcpQ51/vqjsgwM0O9QP+o/v RRXE5YXL/W3wG9EOIr1ymw8q7RC6vVKAQQLyfjY86goyffK1H2wWHo/GGAkczJ5xlGy9 eJKCay7wGQWy+g7v826E58/pKc4Vo95+p45+qqRil8nEJJo5CvuVefPC8ZEmjNaXXFwL eecfjdE+eAri/kC4hR+UCjcRQSEJROP+FktdZuRkCM4EDb79box83SSJQubhI0cDjkiU 6oJR7bflZlgPtjHHLPeVpktjPVSca+viWY0qrG4tCUSkJClsUjdL3BfYZguU4epAvGFP gGEw== X-Gm-Message-State: AC+VfDxzxg0KpKhs2JDdMIHmytgujxwR4kBcO6PhQ0yL7jI8yQpMVKoI Pdqkju72/t7hoCfs148tGR0lOIAQ6XybIcPAtANJCbXX48aV290b3oCZr2A6zSrMA+Dgrhyp1wK URgDBPq9Jk20C916B X-Received: by 2002:a05:6000:510:b0:306:2fab:1f81 with SMTP id a16-20020a056000051000b003062fab1f81mr10427048wrf.21.1683633779285; Tue, 09 May 2023 05:02:59 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7l2PPRovFyrt17RCorDlvUnSgEiqO1L1oY1hom87xiwkqJs7ByDI52VSRYOR9daUh8l86WIA== X-Received: by 2002:a05:6000:510:b0:306:2fab:1f81 with SMTP id a16-20020a056000051000b003062fab1f81mr10427006wrf.21.1683633778545; Tue, 09 May 2023 05:02:58 -0700 (PDT) Received: from debian (2a01cb058918ce005a3b5dcb9dbff7d2.ipv6.abo.wanadoo.fr. [2a01:cb05:8918:ce00:5a3b:5dcb:9dbf:f7d2]) by smtp.gmail.com with ESMTPSA id x14-20020adfec0e000000b002ca864b807csm14360308wrn.0.2023.05.09.05.02.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 05:02:58 -0700 (PDT) Date: Tue, 9 May 2023 14:02:56 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski , Paolo Abeni , Eric Dumazet Cc: netdev@vger.kernel.org, David Ahern Subject: [PATCH net-next 3/4] selftests: fcnal: Test SO_DONTROUTE on UDP sockets. Message-ID: References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: kuba@kernel.org Use nettest -G to test the kernel behaviour with UDP sockets having the SO_DONTROUTE option. Sending packets to a neighbour (on link) host, should work. When the host is behind a router, sending should fail. Signed-off-by: Guillaume Nault --- tools/testing/selftests/net/fcnal-test.sh | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 1f8939fbb021..23672cba8781 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -1655,6 +1655,27 @@ ipv4_udp_novrf() log_start run_cmd nettest -D -d ${NSA_DEV} -r ${a} log_test_addr ${a} $? 2 "No server, device client, local conn" + + # + # Link local connection tests (SO_DONTROUTE). + # Connections should succeed only when the remote IP address is + # on link (doesn't need to be routed through a gateway). + # + + a=${NSB_IP} + log_start + run_cmd_nsb nettest -D -s & + sleep 1 + run_cmd nettest -D -r ${a} -G + log_test_addr ${a} $? 0 "SO_DONTROUTE client" + + a=${NSB_LO_IP} + log_start + show_hint "Should fail 'Network is unreachable' since server is not on link" + run_cmd_nsb nettest -D -s & + sleep 1 + run_cmd nettest -D -r ${a} -G + log_test_addr ${a} $? 1 "SO_DONTROUTE client" } ipv4_udp_vrf() From patchwork Tue May 9 12:02:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 13235712 X-Patchwork-Delegate: kuba@kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DA724182A1 for ; Tue, 9 May 2023 12:02:48 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E25D1A4 for ; Tue, 9 May 2023 05:02:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683633766; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=aU43Qs7UjsRBZNgfEytJf+FfsXtk10SwHaLmkca1aWQ=; b=N3OmVEV7P7/ryxlX8+vfnilhOu/wlvuiFFtSQKBOyvKYi6LBlh72t89A9av69Q7SwcNu1y /DZusufYhAiInQGPnyQZTFGUQFjxQxA5GCQChkhXhYweeDCqtcOiraV4EgYvf2Pv51f+Ui +OlxTACEjmyabNS0idASH3qaNIW9ngY= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-195-17hI4DOLOqC6fMGGUXj3Og-1; Tue, 09 May 2023 08:02:44 -0400 X-MC-Unique: 17hI4DOLOqC6fMGGUXj3Og-1 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-3062e5d0cd3so2299263f8f.3 for ; Tue, 09 May 2023 05:02:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683633762; x=1686225762; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=aU43Qs7UjsRBZNgfEytJf+FfsXtk10SwHaLmkca1aWQ=; b=HDO98Cb4pwhraOYRw3908rwqL74sdXT6ikM8IiSeHQQbdoc8aUbnj84tYPyK5enHdy Srop0gfH/vfObf9FUgxvrhmyKoVrc16rtr/RKhNSmP7apRwLR70av5BTWOooEgB0JoG+ 9ZzujmPumuWwzaG1tgrj2UiOcFCUad6+bQzdGjnQQzkvNsiTKMbUQcSIaO5nsglfHToc yc9h8AKtfRL/xgNZI47e5q80YrBM362qr2YIRPV9SkPBtwz5xUuF7GARVjsU7KivWSYI xs5GqBRJJumQlBc94lI07twiE2032Iem41+b/fWtENuIWkOt0KAXppGdOQa2BHZBM5mK Uc5Q== X-Gm-Message-State: AC+VfDwfMXCR7k5Avq0+PNSsWlVT1upUpHmwnhU1PttuSp1ERnuJx949 bWtmpDMbD/b5VlM/MuEWi75t/skLdJdiAW2lEuDGYGT+6eAEjQ2vGT98rXV13O9Hmnfp7KNoUyL qJMjhQvdSEaEk3A4X X-Received: by 2002:a5d:6e81:0:b0:306:2f8e:d25f with SMTP id k1-20020a5d6e81000000b003062f8ed25fmr9368916wrz.16.1683633762411; Tue, 09 May 2023 05:02:42 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4PTc5BY7ay8+iZ6sF3vJzLijurw+woZq5XJFqrWHJ0I/mcBHLjJ/doZcQ7mRNxv97vU1IXBw== X-Received: by 2002:a5d:6e81:0:b0:306:2f8e:d25f with SMTP id k1-20020a5d6e81000000b003062f8ed25fmr9368901wrz.16.1683633762148; Tue, 09 May 2023 05:02:42 -0700 (PDT) Received: from debian (2a01cb058918ce005a3b5dcb9dbff7d2.ipv6.abo.wanadoo.fr. [2a01:cb05:8918:ce00:5a3b:5dcb:9dbf:f7d2]) by smtp.gmail.com with ESMTPSA id h1-20020a5d5481000000b0030647d1f34bsm14351106wrv.1.2023.05.09.05.02.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 05:02:41 -0700 (PDT) Date: Tue, 9 May 2023 14:02:39 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski , Paolo Abeni , Eric Dumazet Cc: netdev@vger.kernel.org, David Ahern Subject: [PATCH net-next 4/4] selftests: fcnal: Test SO_DONTROUTE on raw and ping sockets. Message-ID: References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: kuba@kernel.org Use ping -r to test the kernel behaviour with raw and ping sockets having the SO_DONTROUTE option. Since ipv4_ping_novrf() is called with different values of net.ipv4.ping_group_range, then it tests both raw and ping sockets (ping uses ping sockets if its user ID belongs to ping_group_range and raw sockets otherwise). With both socket types, sending packets to a neighbour (on link) host, should work. When the host is behind a router, sending should fail. Signed-off-by: Guillaume Nault --- tools/testing/selftests/net/fcnal-test.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 23672cba8781..3321d1971bd8 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -584,6 +584,20 @@ ipv4_ping_novrf() log_test_addr ${a} $? 0 "ping out, address bind" done + # + # out, but don't use gateway if peer is not on link + # + a=${NSB_IP} + log_start + run_cmd ping -c 1 -w 1 -r ${a} + log_test_addr ${a} $? 0 "ping out (don't route), peer on link" + + a=${NSB_LO_IP} + log_start + show_hint "Fails since peer is not on link" + run_cmd ping -c 1 -w 1 -r ${a} + log_test_addr ${a} $? 1 "ping out (don't route), peer not on link" + # # in #