From patchwork Thu May 11 14:39:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 13238079 X-Patchwork-Delegate: kuba@kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F3A9F36D for ; Thu, 11 May 2023 14:39:35 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 389308E for ; Thu, 11 May 2023 07:39:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683815973; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=bTPhWMsRGfOJE7oIw5IMJbbyTPlYMqaoJbuyuu8PVWA=; b=VFslfgacGJQX/PaBqqhh16Y+6N1aXe+nxT+o+n/SBq6RblNORLtf0zI9YYYKo2rsBybUup VaiITWkY9mykHpdaHwgTHlZ/wjaYl01YK2sjP7skd1ySZIQHz5VxbLTeJAfXsM2MQqc8t7 ki8i8CgQ5+XKyV6F3mRzqkjSy0BMDuM= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-272--4IPmI1fMl-0RvtdcDVhUA-1; Thu, 11 May 2023 10:39:29 -0400 X-MC-Unique: -4IPmI1fMl-0RvtdcDVhUA-1 Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-306489b7585so3056051f8f.3 for ; Thu, 11 May 2023 07:39:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683815968; x=1686407968; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=bTPhWMsRGfOJE7oIw5IMJbbyTPlYMqaoJbuyuu8PVWA=; b=Viy0HlmHL/yTjq36tB5IOVMzVJ2KhQSwXor3VTTTLnBLKeuUeOSV8ccJBxeurjp21Q GIXYggHYbO+/0ppmjK0ZTV/LKUKOrp5PQguYfrf+D4tEHDbMn0NEgSeGN5je/d+Gkxae 2jW2n8bEl2ok7HWexX+OS2Jqdro209jC4n/DIjYFK93/1U45lLeVHUlKMzjEm7lrSrE8 6uhEOUkHHEvG1oTtRrV2i6CEmEpUIaGKwqrlrg3fhgD0JNUUEuHFZ3BOVzx+OFrOcloz 4Vf3FYy9qvX6s01fURubgl1LNKdq8JoEQrSUeaA2NvMwiprbzsxXu/wLIyM/XchSu/rl BN2A== X-Gm-Message-State: AC+VfDzl+vLpEv+MT7/b4Ii8Ffe07y0FxK44vY/+JbpgnO9QN8Ht2ROm e56ljwFKEqzITbuAouc8Z4TKCnw1N2SVOLW73rzTmkx1VKxmX/wMlZAjabR6A4GFFy0sXN1+Zx6 O5G+NBHglExMl8Iuh1LYvibf3 X-Received: by 2002:adf:e941:0:b0:307:a8e8:ca6c with SMTP id m1-20020adfe941000000b00307a8e8ca6cmr6514364wrn.35.1683815968176; Thu, 11 May 2023 07:39:28 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ55nQ0Tt4jnQQcnz5/0YGI0q3kRKPy+bMkwu/gzA47Fm5PhkDZcf9Lyr6Lm0klY1ega3utDFA== X-Received: by 2002:adf:e941:0:b0:307:a8e8:ca6c with SMTP id m1-20020adfe941000000b00307a8e8ca6cmr6514352wrn.35.1683815967970; Thu, 11 May 2023 07:39:27 -0700 (PDT) Received: from debian (2a01cb058918ce00af30fd5ba5292148.ipv6.abo.wanadoo.fr. [2a01:cb05:8918:ce00:af30:fd5b:a529:2148]) by smtp.gmail.com with ESMTPSA id b15-20020a5d4b8f000000b003064600cff9sm20600864wrt.38.2023.05.11.07.39.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 May 2023 07:39:27 -0700 (PDT) Date: Thu, 11 May 2023 16:39:25 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski , Paolo Abeni , Eric Dumazet Cc: netdev@vger.kernel.org, David Ahern Subject: [PATCH v2 net-next 1/4] selftests: Add SO_DONTROUTE option to nettest. Message-ID: <0b28378e6a34c9a1ffda95449a1a171491079f06.1683814269.git.gnault@redhat.com> References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: kuba@kernel.org Add --client-dontroute and --server-dontroute options to nettest. They allow to set the SO_DONTROUTE option to the client and server sockets respectively. This will be used by the following patches to test the SO_DONTROUTE kernel behaviour with TCP and UDP. Signed-off-by: Guillaume Nault Reviewed-by: David Ahern --- v2: Use two different options for setting SO_DONTROUTE either on the client or on the server socket. tools/testing/selftests/net/nettest.c | 46 ++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/nettest.c b/tools/testing/selftests/net/nettest.c index ee9a72982705..39a0e01f8554 100644 --- a/tools/testing/selftests/net/nettest.c +++ b/tools/testing/selftests/net/nettest.c @@ -76,7 +76,9 @@ struct sock_args { has_grp:1, has_expected_laddr:1, has_expected_raddr:1, - bind_test_only:1; + bind_test_only:1, + client_dontroute:1, + server_dontroute:1; unsigned short port; @@ -611,6 +613,18 @@ static int set_dsfield(int sd, int version, int dsfield) return 0; } +static int set_dontroute(int sd) +{ + unsigned int one = 1; + + if (setsockopt(sd, SOL_SOCKET, SO_DONTROUTE, &one, sizeof(one)) < 0) { + log_err_errno("setsockopt(SO_DONTROUTE)"); + return -1; + } + + return 0; +} + static int str_to_uint(const char *str, int min, int max, unsigned int *value) { int number; @@ -1351,6 +1365,14 @@ static int msock_init(struct sock_args *args, int server) if (set_dsfield(sd, AF_INET, args->dsfield) != 0) goto out_err; + if (server) { + if (args->server_dontroute && set_dontroute(sd) != 0) + goto out_err; + } else { + if (args->client_dontroute && set_dontroute(sd) != 0) + goto out_err; + } + if (args->dev && bind_to_device(sd, args->dev) != 0) goto out_err; else if (args->use_setsockopt && @@ -1482,6 +1504,9 @@ static int lsock_init(struct sock_args *args) if (set_dsfield(sd, args->version, args->dsfield) != 0) goto err; + if (args->server_dontroute && set_dontroute(sd) != 0) + goto err; + if (args->dev && bind_to_device(sd, args->dev) != 0) goto err; else if (args->use_setsockopt && @@ -1698,6 +1723,9 @@ static int connectsock(void *addr, socklen_t alen, struct sock_args *args) if (set_dsfield(sd, args->version, args->dsfield) != 0) goto err; + if (args->client_dontroute && set_dontroute(sd) != 0) + goto err; + if (args->dev && bind_to_device(sd, args->dev) != 0) goto err; else if (args->use_setsockopt && @@ -1905,10 +1933,14 @@ static int ipc_parent(int cpid, int fd, struct sock_args *args) #define GETOPT_STR "sr:l:c:Q:p:t:g:P:DRn:M:X:m:d:I:BN:O:SUCi6xL:0:1:2:3:Fbqf" #define OPT_FORCE_BIND_KEY_IFINDEX 1001 #define OPT_NO_BIND_KEY_IFINDEX 1002 +#define OPT_CLIENT_DONTROUTE 1003 +#define OPT_SERVER_DONTROUTE 1004 static struct option long_opts[] = { {"force-bind-key-ifindex", 0, 0, OPT_FORCE_BIND_KEY_IFINDEX}, {"no-bind-key-ifindex", 0, 0, OPT_NO_BIND_KEY_IFINDEX}, + {"client-dontroute", 0, 0, OPT_CLIENT_DONTROUTE}, + {"server-dontroute", 0, 0, OPT_SERVER_DONTROUTE}, {0, 0, 0, 0} }; @@ -1954,6 +1986,12 @@ static void print_usage(char *prog) " --no-bind-key-ifindex: Force TCP_MD5SIG_FLAG_IFINDEX off\n" " --force-bind-key-ifindex: Force TCP_MD5SIG_FLAG_IFINDEX on\n" " (default: only if -I is passed)\n" + " --client-dontroute: don't use gateways for client socket: send\n" + " packets only if destination is on link (see\n" + " SO_DONTROUTE in socket(7))\n" + " --server-dontroute: don't use gateways for server socket: send\n" + " packets only if destination is on link (see\n" + " SO_DONTROUTE in socket(7))\n" "\n" " -g grp multicast group (e.g., 239.1.1.1)\n" " -i interactive mode (default is echo and terminate)\n" @@ -2076,6 +2114,12 @@ int main(int argc, char *argv[]) case OPT_NO_BIND_KEY_IFINDEX: args.bind_key_ifindex = -1; break; + case OPT_CLIENT_DONTROUTE: + args.client_dontroute = 1; + break; + case OPT_SERVER_DONTROUTE: + args.server_dontroute = 1; + break; case 'X': args.client_pw = optarg; break; From patchwork Thu May 11 14:39:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 13238080 X-Patchwork-Delegate: kuba@kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7DF1336D for ; Thu, 11 May 2023 14:39:40 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 09D9213A for ; Thu, 11 May 2023 07:39:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683815978; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=beqfaC6OiZWnknb8MSz7RGlb6quTGCMq8b6XuBHQkik=; b=RWazumTySL6sb38ogib4y/SqPHp/lqLmkB94cckkT96eKNKt7SmCEQqKbZzB/lurhi6YEJ ducchdRqVQPgSUdmLPvf0tOjvROK0AA7dyA8AvY9ET3lGZEYt7ugJ/ko2CwlpW8a+FBlaB lx+XglgEgefX/EUDm7+0jf80CVy0eYA= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-131-khT-SY4DNTyFaPR68ZPcjw-1; Thu, 11 May 2023 10:39:36 -0400 X-MC-Unique: khT-SY4DNTyFaPR68ZPcjw-1 Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-3f422dc5ee5so29821685e9.0 for ; Thu, 11 May 2023 07:39:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683815975; x=1686407975; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=beqfaC6OiZWnknb8MSz7RGlb6quTGCMq8b6XuBHQkik=; b=goZd46h2n4BLOp22R6bXy7RByH1HBt3dOKZZNwuWEyuLSnFBK0+2XgFnqqakvit0eo Vl10uOyxggPh56n0TktpzSvKaA8kWWjZ1WX7wQZS3HsclcYoHVgM/PJUGR69814CLSJJ ZPYG6Q+s8ZxPe7H4LmkBzWMk0j9IJ330HFjqOb/9uanr5ICOVAuLy1Td6o1MqEbtDQ48 ITrQMoa+zRPFvSKhYfkfJ0hv6H3EDQzflkm1LXehMkfJqAbSSMVfz10y+6wIsNvTdaFA bb/2u8T2rLXR3z4dS41sLfN4pa+pyR/USQjvvExYDFybJwY9CS0PRhjJQrvMtJGvXiw0 CjCg== X-Gm-Message-State: AC+VfDyDpJSFkLXmhSr8MVYQnAMmJMSUyrDyyQh/de5W9rpnzt4UNauC a/iwONo3WJ6KZBLqz5BywcG3v95Dug0EJ0VISalSaMqaVhPJvOXEBLZedAiSItICp79Vzh1tjLP dBx0gajnyFAtLBHzu X-Received: by 2002:a05:600c:228e:b0:3f4:2174:b28a with SMTP id 14-20020a05600c228e00b003f42174b28amr13420227wmf.15.1683815975624; Thu, 11 May 2023 07:39:35 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7+y28Bl7bB10C3fyQtaC95xoWD2pb3TfmNHNU83MF1yoUFCZwenAZcLiaKsIeQaoLhueA4sA== X-Received: by 2002:a05:600c:228e:b0:3f4:2174:b28a with SMTP id 14-20020a05600c228e00b003f42174b28amr13420200wmf.15.1683815975287; Thu, 11 May 2023 07:39:35 -0700 (PDT) Received: from debian (2a01cb058918ce00af30fd5ba5292148.ipv6.abo.wanadoo.fr. [2a01:cb05:8918:ce00:af30:fd5b:a529:2148]) by smtp.gmail.com with ESMTPSA id p20-20020a1c7414000000b003f435652aaesm5924051wmc.11.2023.05.11.07.39.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 May 2023 07:39:34 -0700 (PDT) Date: Thu, 11 May 2023 16:39:32 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski , Paolo Abeni , Eric Dumazet Cc: netdev@vger.kernel.org, David Ahern Subject: [PATCH v2 net-next 2/4] selftests: fcnal: Test SO_DONTROUTE on TCP sockets. Message-ID: References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: kuba@kernel.org Use nettest --{client,server}-dontroute to test the kernel behaviour with TCP sockets having the SO_DONTROUTE option. Sending packets to a neighbour (on link) host, should work. When the host is behind a router, sending should fail. Client and server sockets are tested independently, so that we can cover different TCP kernel paths. SO_DONTROUTE also affects the syncookies path. So ipv4_tcp_dontroute() is made to work with or without syncookies, to cover both paths. Signed-off-by: Guillaume Nault Reviewed-by: David Ahern --- v2: Use 'nettest -B' instead of invoking two nettest instances for client and server. tools/testing/selftests/net/fcnal-test.sh | 56 +++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 21ca91473c09..3a1f3051321f 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -1098,6 +1098,59 @@ test_ipv4_md5_vrf__global_server__bind_ifindex0() set_sysctl net.ipv4.tcp_l3mdev_accept="$old_tcp_l3mdev_accept" } +ipv4_tcp_dontroute() +{ + local syncookies=$1 + local nsa_syncookies + local nsb_syncookies + local a + + # + # Link local connection tests (SO_DONTROUTE). + # Connections should succeed only when the remote IP address is + # on link (doesn't need to be routed through a gateway). + # + + nsa_syncookies=$(ip netns exec "${NSA}" sysctl -n net.ipv4.tcp_syncookies) + nsb_syncookies=$(ip netns exec "${NSB}" sysctl -n net.ipv4.tcp_syncookies) + ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies} + ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies} + + # Test with eth1 address (on link). + + a=${NSB_IP} + log_start + do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute + log_test_addr ${a} $? 0 "SO_DONTROUTE client, syncookies=${syncookies}" + + a=${NSB_IP} + log_start + do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --server-dontroute + log_test_addr ${a} $? 0 "SO_DONTROUTE server, syncookies=${syncookies}" + + # Test with loopback address (routed). + # + # The client would use the eth1 address as source IP by default. + # Therefore, we need to use the -c option here, to force the use of the + # routed (loopback) address as source IP (so that the server will try + # to respond to a routed address and not a link local one). + + a=${NSB_LO_IP} + log_start + show_hint "Should fail 'Network is unreachable' since server is not on link" + do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --client-dontroute + log_test_addr ${a} $? 1 "SO_DONTROUTE client, syncookies=${syncookies}" + + a=${NSB_LO_IP} + log_start + show_hint "Should timeout since server cannot respond (client is not on link)" + do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --server-dontroute + log_test_addr ${a} $? 2 "SO_DONTROUTE server, syncookies=${syncookies}" + + ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${nsb_syncookies} + ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${nsa_syncookies} +} + ipv4_tcp_novrf() { local a @@ -1217,6 +1270,9 @@ ipv4_tcp_novrf() log_test_addr ${a} $? 1 "No server, device client, local conn" ipv4_tcp_md5_novrf + + ipv4_tcp_dontroute 0 + ipv4_tcp_dontroute 2 } ipv4_tcp_vrf() From patchwork Thu May 11 14:39:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 13238081 X-Patchwork-Delegate: kuba@kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 82606801 for ; Thu, 11 May 2023 14:39:46 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2B1E42102 for ; Thu, 11 May 2023 07:39:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683815984; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Aa3z44yU0DxyJitqNmKNyE7RxW0goYpKNcBwEUkPSqs=; b=bmB9acd2wFibZlyP69YvmdYjdf/Pi7j1RTSTX7hHNovE4lnXhmnm3ut7LJkOULkAO1shCf lPwociZ2pH9S18r8E9MPkkAF4WXX2D7TcZgFninlEJ6bAuPFx6HDRpfRetHY+xLsVJ9ePC /WCpZZaFll31Fi3/uQcufXmYLmMpKn8= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-589-crIb_Y7EPauQG53yVdixjg-1; Thu, 11 May 2023 10:39:43 -0400 X-MC-Unique: crIb_Y7EPauQG53yVdixjg-1 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-30793c16c78so3342934f8f.3 for ; Thu, 11 May 2023 07:39:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683815982; x=1686407982; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Aa3z44yU0DxyJitqNmKNyE7RxW0goYpKNcBwEUkPSqs=; b=IW2Snt8yRee3lstu+2XCnwWXsgyFTLkkLAkNJkqjW1wVKrXjOuX9VlPFRYBDFw2ncz FIbwV4jiLFBXtPQTdlWsjbyriVBj41wvMo6L8Z3dqRnxbe+0VogpEzymN5QCnVMcel/Q ySPGc40PkTvtYvIwLnFCYolgdZBuXwvU3mdFTmMW5SZvcR/SscsscJPtumokn++Y1RaS uclRohfuOSsgVXHPnwR3vssRjbEVNk+EJ0XaG07u/PIGBs6cNEhk4Ic8MhCbS5jsaTVr 0Cwird2oJY3JXtB819Vj3+gBgugbm7TUHUbZWpTfYBOqxE0B3dDSSrk0pmwL7QyxNgsM QPhQ== X-Gm-Message-State: AC+VfDzSEnVhRyYILcGXxk5+q/jOvZCyBT03NfyUpQcTDxgSfHC3oFzH DFWCt+tmmvRV6lKZvzLbnfcJehSj3RQY1cCrf8F6psCmFIzIKpS9xX4yjjBWBbXjNlJVqvrlcGx 4b8gJdRoGPWaF3Ldn X-Received: by 2002:adf:fa8b:0:b0:307:a4ee:4a25 with SMTP id h11-20020adffa8b000000b00307a4ee4a25mr7514251wrr.28.1683815982106; Thu, 11 May 2023 07:39:42 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5GpzAFtPo1MBqiX+OEtjbzmygs7Ku/V2kTllt2P9A6tTFuxSQPdAPPG4Zibwyk6uq/7A8jIg== X-Received: by 2002:adf:fa8b:0:b0:307:a4ee:4a25 with SMTP id h11-20020adffa8b000000b00307a4ee4a25mr7514232wrr.28.1683815981783; Thu, 11 May 2023 07:39:41 -0700 (PDT) Received: from debian (2a01cb058918ce00af30fd5ba5292148.ipv6.abo.wanadoo.fr. [2a01:cb05:8918:ce00:af30:fd5b:a529:2148]) by smtp.gmail.com with ESMTPSA id o4-20020a5d4a84000000b003062b6a522bsm20792700wrq.96.2023.05.11.07.39.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 May 2023 07:39:41 -0700 (PDT) Date: Thu, 11 May 2023 16:39:39 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski , Paolo Abeni , Eric Dumazet Cc: netdev@vger.kernel.org, David Ahern Subject: [PATCH v2 net-next 3/4] selftests: fcnal: Test SO_DONTROUTE on UDP sockets. Message-ID: References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: kuba@kernel.org Use nettest --client-dontroute to test the kernel behaviour with UDP sockets having the SO_DONTROUTE option. Sending packets to a neighbour (on link) host, should work. When the host is behind a router, sending should fail. Signed-off-by: Guillaume Nault Reviewed-by: David Ahern --- v2: Use 'nettest -B' instead of invoking two nettest instances for client and server. tools/testing/selftests/net/fcnal-test.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 3a1f3051321f..08b4b96cbd63 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -1641,6 +1641,23 @@ ipv4_udp_novrf() log_start run_cmd nettest -D -d ${NSA_DEV} -r ${a} log_test_addr ${a} $? 2 "No server, device client, local conn" + + # + # Link local connection tests (SO_DONTROUTE). + # Connections should succeed only when the remote IP address is + # on link (doesn't need to be routed through a gateway). + # + + a=${NSB_IP} + log_start + do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute + log_test_addr ${a} $? 0 "SO_DONTROUTE client" + + a=${NSB_LO_IP} + log_start + show_hint "Should fail 'Network is unreachable' since server is not on link" + do_run_cmd nettest -B -D -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute + log_test_addr ${a} $? 1 "SO_DONTROUTE client" } ipv4_udp_vrf() From patchwork Thu May 11 14:39:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 13238083 X-Patchwork-Delegate: kuba@kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2591C20F3 for ; Thu, 11 May 2023 14:39:58 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C16EA132AB for ; Thu, 11 May 2023 07:39:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683815991; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ZOwKO+nSihscajbsF1ZZgeSFKg4ceOoF1DHSWFSqCrA=; b=OKvETkp2Oa3OhpnUz3iQbE7lj2WVmqU4LoMctHt0MNyWcbRF78vV8I4D38fnqZ39GPPsRJ nLsTinB1hrk8aFUqsBnJOlmirU9ipkFilJ3mERU60eKZDkJptJZ8T99sg6erNiGutRZtvB BgFBWfHig8MRbOgDBSf93K6PzCEG6Yk= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-136-W3-4GVA9NTScGlzi6EOxPg-1; Thu, 11 May 2023 10:39:50 -0400 X-MC-Unique: W3-4GVA9NTScGlzi6EOxPg-1 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-3f315735edeso188928355e9.1 for ; Thu, 11 May 2023 07:39:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683815989; x=1686407989; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ZOwKO+nSihscajbsF1ZZgeSFKg4ceOoF1DHSWFSqCrA=; b=FV0g4ihsawuiKQEJWwcu1bYosMbG3GQhA1DFqXVOXjDXkrZz4XnCh91Gc3lBSPUZv6 9TpTtIdN9T7hwKQZDJPxyxeF+SbIuAd73ymynygbHDmEq0SCfrFGXchk7uO2z4W5BSes iSr0T6W90UYQkimmbL+xBS1OazObZeP71o1k59nfkOrkbn40r0efbYSdp7kYl9jmVZvo F8a5GOL/rCjsFpRn4B5WdcC9wKwuB9hhGOgeQuvf6Z/R0WO3BgwOxZoJpalAov7EWO3j I+uiUINHaN+0ndIIT7M8AmEqtoblhdLZUaKdM0yDeCvAXaMoqNllWrViRLcETaRBa3+C 9WXg== X-Gm-Message-State: AC+VfDxnI2InMpSK7YaNAdkb+ujaLwX52hGLCOK59F7cz0t5X2Fi5z4X 1GlM7fQuT+kNzV/BP52vc4gpql002DH+4IJHQ/S+LP5aqPqo3JBWTcXRJENj30+qqXDo+kmB5sI zPaYlp+tfvApRlI6k X-Received: by 2002:adf:feca:0:b0:2fb:92c7:b169 with SMTP id q10-20020adffeca000000b002fb92c7b169mr18949552wrs.10.1683815989323; Thu, 11 May 2023 07:39:49 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4UtaD4tXuSOvbvua6VaEz8ogxG+hbyKuMBWMbz7iHOjTktxBJ0JWXyhFlMAtmNAcT9zMvk/A== X-Received: by 2002:adf:feca:0:b0:2fb:92c7:b169 with SMTP id q10-20020adffeca000000b002fb92c7b169mr18949542wrs.10.1683815989144; Thu, 11 May 2023 07:39:49 -0700 (PDT) Received: from debian (2a01cb058918ce00af30fd5ba5292148.ipv6.abo.wanadoo.fr. [2a01:cb05:8918:ce00:af30:fd5b:a529:2148]) by smtp.gmail.com with ESMTPSA id f5-20020a1c6a05000000b003f4266965fbsm11529199wmc.5.2023.05.11.07.39.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 May 2023 07:39:48 -0700 (PDT) Date: Thu, 11 May 2023 16:39:46 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski , Paolo Abeni , Eric Dumazet Cc: netdev@vger.kernel.org, David Ahern Subject: [PATCH v2 net-next 4/4] selftests: fcnal: Test SO_DONTROUTE on raw and ping sockets. Message-ID: References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: kuba@kernel.org Use ping -r to test the kernel behaviour with raw and ping sockets having the SO_DONTROUTE option. Since ipv4_ping_novrf() is called with different values of net.ipv4.ping_group_range, then it tests both raw and ping sockets (ping uses ping sockets if its user ID belongs to ping_group_range and raw sockets otherwise). With both socket types, sending packets to a neighbour (on link) host, should work. When the host is behind a router, sending should fail. Signed-off-by: Guillaume Nault Reviewed-by: David Ahern --- tools/testing/selftests/net/fcnal-test.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 08b4b96cbd63..05b5c4af7a08 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -584,6 +584,20 @@ ipv4_ping_novrf() log_test_addr ${a} $? 0 "ping out, address bind" done + # + # out, but don't use gateway if peer is not on link + # + a=${NSB_IP} + log_start + run_cmd ping -c 1 -w 1 -r ${a} + log_test_addr ${a} $? 0 "ping out (don't route), peer on link" + + a=${NSB_LO_IP} + log_start + show_hint "Fails since peer is not on link" + run_cmd ping -c 1 -w 1 -r ${a} + log_test_addr ${a} $? 1 "ping out (don't route), peer not on link" + # # in #