diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2023-02-27 14:05:08 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2023-02-27 14:05:08 -0800 |
| commit | 5ca26d6039a6b42341f7f5cc8d10d30ca1561a7b (patch) | |
| tree | 58ade31b75cea2f1a32b1dd0d3576017f1dd2a88 /tools/testing | |
| parent | 982818426a0ffaf93b0621826ed39a84be3d7d62 (diff) | |
| parent | 580f98cc33a260bb8c6a39ae2921b29586b84fdf (diff) | |
| download | linux-stable-5ca26d6039a6b42341f7f5cc8d10d30ca1561a7b.tar.gz linux-stable-5ca26d6039a6b42341f7f5cc8d10d30ca1561a7b.tar.bz2 linux-stable-5ca26d6039a6b42341f7f5cc8d10d30ca1561a7b.zip | |
Merge tag 'net-6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Jakub Kicinski:
"Including fixes from wireless and netfilter.
The notable fixes here are the EEE fix which restores boot for many
embedded platforms (real and QEMU); WiFi warning suppression and the
ICE Kconfig cleanup.
Current release - regressions:
- phy: multiple fixes for EEE rework
- wifi: wext: warn about usage only once
- wifi: ath11k: allow system suspend to survive ath11k
Current release - new code bugs:
- mlx5: Fix memory leak in IPsec RoCE creation
- ibmvnic: assign XPS map to correct queue index
Previous releases - regressions:
- netfilter: ip6t_rpfilter: Fix regression with VRF interfaces
- netfilter: ctnetlink: make event listener tracking global
- nf_tables: allow to fetch set elements when table has an owner
- mlx5:
- fix skb leak while fifo resync and push
- fix possible ptp queue fifo use-after-free
Previous releases - always broken:
- sched: fix action bind logic
- ptp: vclock: use mutex to fix "sleep on atomic" bug if driver also
uses a mutex
- netfilter: conntrack: fix rmmod double-free race
- netfilter: xt_length: use skb len to match in length_mt6, avoid
issues with BIG TCP
Misc:
- ice: remove unnecessary CONFIG_ICE_GNSS
- mlx5e: remove hairpin write debugfs files
- sched: act_api: move TCA_EXT_WARN_MSG to the correct hierarchy"
* tag 'net-6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (53 commits)
tcp: tcp_check_req() can be called from process context
net: phy: c45: fix network interface initialization failures on xtensa, arm:cubieboard
xen-netback: remove unused variables pending_idx and index
net/sched: act_api: move TCA_EXT_WARN_MSG to the correct hierarchy
net: dsa: ocelot_ext: remove unnecessary phylink.h include
net: mscc: ocelot: fix duplicate driver name error
net: dsa: felix: fix internal MDIO controller resource length
net: dsa: seville: ignore mscc-miim read errors from Lynx PCS
net/sched: act_sample: fix action bind logic
net/sched: act_mpls: fix action bind logic
net/sched: act_pedit: fix action bind logic
wifi: wext: warn about usage only once
wifi: mt76: usb: fix use-after-free in mt76u_free_rx_queue
qede: avoid uninitialized entries in coal_entry array
nfc: fix memory leak of se_io context in nfc_genl_se_io
ice: remove unnecessary CONFIG_ICE_GNSS
net/sched: cls_api: Move call to tcf_exts_miss_cookie_base_destroy()
ibmvnic: Assign XPS map to correct queue index
docs: net: fix inaccuracies in msg_zerocopy.rst
tools: net: add __pycache__ to gitignore
...
Diffstat (limited to 'tools/testing')
| -rwxr-xr-x | tools/testing/selftests/net/fib_tests.sh | 96 | ||||
| -rwxr-xr-x | tools/testing/selftests/netfilter/rpath.sh | 32 |
2 files changed, 121 insertions, 7 deletions
diff --git a/tools/testing/selftests/net/fib_tests.sh b/tools/testing/selftests/net/fib_tests.sh index 70ea8798b1f6..7da8ec838c63 100755 --- a/tools/testing/selftests/net/fib_tests.sh +++ b/tools/testing/selftests/net/fib_tests.sh @@ -9,7 +9,7 @@ ret=0 ksft_skip=4 # all tests in this script. Can be overridden with -t option -TESTS="unregister down carrier nexthop suppress ipv6_rt ipv4_rt ipv6_addr_metric ipv4_addr_metric ipv6_route_metrics ipv4_route_metrics ipv4_route_v6_gw rp_filter ipv4_del_addr ipv4_mangle ipv6_mangle ipv4_bcast_neigh" +TESTS="unregister down carrier nexthop suppress ipv6_notify ipv4_notify ipv6_rt ipv4_rt ipv6_addr_metric ipv4_addr_metric ipv6_route_metrics ipv4_route_metrics ipv4_route_v6_gw rp_filter ipv4_del_addr ipv4_mangle ipv6_mangle ipv4_bcast_neigh" VERBOSE=0 PAUSE_ON_FAIL=no @@ -655,6 +655,98 @@ fib_nexthop_test() cleanup } +fib6_notify_test() +{ + setup + + echo + echo "Fib6 info length calculation in route notify test" + set -e + + for i in 10 20 30 40 50 60 70; + do + $IP link add dummy_$i type dummy + $IP link set dev dummy_$i up + $IP -6 address add 2001:$i::1/64 dev dummy_$i + done + + $NS_EXEC ip monitor route &> errors.txt & + sleep 2 + + $IP -6 route add 2001::/64 \ + nexthop via 2001:10::2 dev dummy_10 \ + nexthop encap ip6 dst 2002::20 via 2001:20::2 dev dummy_20 \ + nexthop encap ip6 dst 2002::30 via 2001:30::2 dev dummy_30 \ + nexthop encap ip6 dst 2002::40 via 2001:40::2 dev dummy_40 \ + nexthop encap ip6 dst 2002::50 via 2001:50::2 dev dummy_50 \ + nexthop encap ip6 dst 2002::60 via 2001:60::2 dev dummy_60 \ + nexthop encap ip6 dst 2002::70 via 2001:70::2 dev dummy_70 + + set +e + + err=`cat errors.txt |grep "Message too long"` + if [ -z "$err" ];then + ret=0 + else + ret=1 + fi + + log_test $ret 0 "ipv6 route add notify" + + { kill %% && wait %%; } 2>/dev/null + + #rm errors.txt + + cleanup &> /dev/null +} + + +fib_notify_test() +{ + setup + + echo + echo "Fib4 info length calculation in route notify test" + + set -e + + for i in 10 20 30 40 50 60 70; + do + $IP link add dummy_$i type dummy + $IP link set dev dummy_$i up + $IP address add 20.20.$i.2/24 dev dummy_$i + done + + $NS_EXEC ip monitor route &> errors.txt & + sleep 2 + + $IP route add 10.0.0.0/24 \ + nexthop via 20.20.10.1 dev dummy_10 \ + nexthop encap ip dst 192.168.10.20 via 20.20.20.1 dev dummy_20 \ + nexthop encap ip dst 192.168.10.30 via 20.20.30.1 dev dummy_30 \ + nexthop encap ip dst 192.168.10.40 via 20.20.40.1 dev dummy_40 \ + nexthop encap ip dst 192.168.10.50 via 20.20.50.1 dev dummy_50 \ + nexthop encap ip dst 192.168.10.60 via 20.20.60.1 dev dummy_60 \ + nexthop encap ip dst 192.168.10.70 via 20.20.70.1 dev dummy_70 + + set +e + + err=`cat errors.txt |grep "Message too long"` + if [ -z "$err" ];then + ret=0 + else + ret=1 + fi + + log_test $ret 0 "ipv4 route add notify" + + { kill %% && wait %%; } 2>/dev/null + + rm errors.txt + + cleanup &> /dev/null +} + fib_suppress_test() { echo @@ -2111,6 +2203,8 @@ do fib_carrier_test|carrier) fib_carrier_test;; fib_rp_filter_test|rp_filter) fib_rp_filter_test;; fib_nexthop_test|nexthop) fib_nexthop_test;; + fib_notify_test|ipv4_notify) fib_notify_test;; + fib6_notify_test|ipv6_notify) fib6_notify_test;; fib_suppress_test|suppress) fib_suppress_test;; ipv6_route_test|ipv6_rt) ipv6_route_test;; ipv4_route_test|ipv4_rt) ipv4_route_test;; diff --git a/tools/testing/selftests/netfilter/rpath.sh b/tools/testing/selftests/netfilter/rpath.sh index f7311e66d219..5289c8447a41 100755 --- a/tools/testing/selftests/netfilter/rpath.sh +++ b/tools/testing/selftests/netfilter/rpath.sh @@ -62,10 +62,16 @@ ip -net "$ns1" a a fec0:42::2/64 dev v0 nodad ip -net "$ns2" a a fec0:42::1/64 dev d0 nodad # firewall matches to test -[ -n "$iptables" ] && ip netns exec "$ns2" \ - "$iptables" -t raw -A PREROUTING -s 192.168.0.0/16 -m rpfilter -[ -n "$ip6tables" ] && ip netns exec "$ns2" \ - "$ip6tables" -t raw -A PREROUTING -s fec0::/16 -m rpfilter +[ -n "$iptables" ] && { + common='-t raw -A PREROUTING -s 192.168.0.0/16' + ip netns exec "$ns2" "$iptables" $common -m rpfilter + ip netns exec "$ns2" "$iptables" $common -m rpfilter --invert +} +[ -n "$ip6tables" ] && { + common='-t raw -A PREROUTING -s fec0::/16' + ip netns exec "$ns2" "$ip6tables" $common -m rpfilter + ip netns exec "$ns2" "$ip6tables" $common -m rpfilter --invert +} [ -n "$nft" ] && ip netns exec "$ns2" $nft -f - <<EOF table inet t { chain c { @@ -89,6 +95,11 @@ ipt_zero_rule() { # (command) [ -n "$1" ] || return 0 ip netns exec "$ns2" "$1" -t raw -vS | grep -q -- "-m rpfilter -c 0 0" } +ipt_zero_reverse_rule() { # (command) + [ -n "$1" ] || return 0 + ip netns exec "$ns2" "$1" -t raw -vS | \ + grep -q -- "-m rpfilter --invert -c 0 0" +} nft_zero_rule() { # (family) [ -n "$nft" ] || return 0 ip netns exec "$ns2" "$nft" list chain inet t c | \ @@ -101,8 +112,7 @@ netns_ping() { # (netns, args...) ip netns exec "$netns" ping -q -c 1 -W 1 "$@" >/dev/null } -testrun() { - # clear counters first +clear_counters() { [ -n "$iptables" ] && ip netns exec "$ns2" "$iptables" -t raw -Z [ -n "$ip6tables" ] && ip netns exec "$ns2" "$ip6tables" -t raw -Z if [ -n "$nft" ]; then @@ -111,6 +121,10 @@ testrun() { ip netns exec "$ns2" $nft -s list table inet t; ) | ip netns exec "$ns2" $nft -f - fi +} + +testrun() { + clear_counters # test 1: martian traffic should fail rpfilter matches netns_ping "$ns1" -I v0 192.168.42.1 && \ @@ -120,9 +134,13 @@ testrun() { ipt_zero_rule "$iptables" || die "iptables matched martian" ipt_zero_rule "$ip6tables" || die "ip6tables matched martian" + ipt_zero_reverse_rule "$iptables" && die "iptables not matched martian" + ipt_zero_reverse_rule "$ip6tables" && die "ip6tables not matched martian" nft_zero_rule ip || die "nft IPv4 matched martian" nft_zero_rule ip6 || die "nft IPv6 matched martian" + clear_counters + # test 2: rpfilter match should pass for regular traffic netns_ping "$ns1" 192.168.23.1 || \ die "regular ping 192.168.23.1 failed" @@ -131,6 +149,8 @@ testrun() { ipt_zero_rule "$iptables" && die "iptables match not effective" ipt_zero_rule "$ip6tables" && die "ip6tables match not effective" + ipt_zero_reverse_rule "$iptables" || die "iptables match over-effective" + ipt_zero_reverse_rule "$ip6tables" || die "ip6tables match over-effective" nft_zero_rule ip && die "nft IPv4 match not effective" nft_zero_rule ip6 && die "nft IPv6 match not effective" |