nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

selftests: fcnal: Test SO_DONTROUTE on TCP sockets.

Browse source 
Use nettest --{client,server}-dontroute to test the kernel behaviour
with TCP sockets having the SO_DONTROUTE option. Sending packets to a
neighbour (on link) host, should work. When the host is behind a
router, sending should fail.

Client and server sockets are tested independently, so that we can
cover different TCP kernel paths.

SO_DONTROUTE also affects the syncookies path. So ipv4_tcp_dontroute()
is made to work with or without syncookies, to cover both paths.

Signed-off-by: Guillaume Nault <gnault@redhat.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Guillaume Nault 2023-05-11 16:39:32 +02:00 committed by David S. Miller
parent aeefbb574c
commit dd017c72dd
1 changed files with 56 additions and 0 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

56
tools/testing/selftests/net/fcnal-test.sh
View file

@ -1098,6 +1098,59 @@ test_ipv4_md5_vrf__global_server__bind_ifindex0()
set_sysctl net.ipv4.tcp_l3mdev_accept="$old_tcp_l3mdev_accept" set_sysctl net.ipv4.tcp_l3mdev_accept="$old_tcp_l3mdev_accept"
} }
ipv4_tcp_dontroute()
{
local syncookies=$1
local nsa_syncookies
local nsb_syncookies
local a
#
# Link local connection tests (SO_DONTROUTE).
# Connections should succeed only when the remote IP address is
# on link (doesn't need to be routed through a gateway).
#
nsa_syncookies=$(ip netns exec "${NSA}" sysctl -n net.ipv4.tcp_syncookies)
nsb_syncookies=$(ip netns exec "${NSB}" sysctl -n net.ipv4.tcp_syncookies)
ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies}
ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${syncookies}
# Test with eth1 address (on link).
a=${NSB_IP}
log_start
do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --client-dontroute
log_test_addr ${a} $? 0 "SO_DONTROUTE client, syncookies=${syncookies}"
a=${NSB_IP}
log_start
do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -r ${a} --server-dontroute
log_test_addr ${a} $? 0 "SO_DONTROUTE server, syncookies=${syncookies}"
# Test with loopback address (routed).
#
# The client would use the eth1 address as source IP by default.
# Therefore, we need to use the -c option here, to force the use of the
# routed (loopback) address as source IP (so that the server will try
# to respond to a routed address and not a link local one).
a=${NSB_LO_IP}
log_start
show_hint "Should fail 'Network is unreachable' since server is not on link"
do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --client-dontroute
log_test_addr ${a} $? 1 "SO_DONTROUTE client, syncookies=${syncookies}"
a=${NSB_LO_IP}
log_start
show_hint "Should timeout since server cannot respond (client is not on link)"
do_run_cmd nettest -B -N "${NSA}" -O "${NSB}" -c "${NSA_LO_IP}" -r ${a} --server-dontroute
log_test_addr ${a} $? 2 "SO_DONTROUTE server, syncookies=${syncookies}"
ip netns exec "${NSB}" sysctl -wq net.ipv4.tcp_syncookies=${nsb_syncookies}
ip netns exec "${NSA}" sysctl -wq net.ipv4.tcp_syncookies=${nsa_syncookies}
}
ipv4_tcp_novrf() ipv4_tcp_novrf()
{ {
local a local a
@ -1217,6 +1270,9 @@ ipv4_tcp_novrf()
log_test_addr ${a} $? 1 "No server, device client, local conn" log_test_addr ${a} $? 1 "No server, device client, local conn"
ipv4_tcp_md5_novrf ipv4_tcp_md5_novrf
ipv4_tcp_dontroute 0
ipv4_tcp_dontroute 2
} }
ipv4_tcp_vrf() ipv4_tcp_vrf()