22 Commits

Author SHA1 Message Date
Riccardo Paolo Bestetti
8ff978b8b2 ipv4/raw: support binding to nonlocal addresses
Add support to inet v4 raw sockets for binding to nonlocal addresses
through the IP_FREEBIND and IP_TRANSPARENT socket options, as well as
the ipv4.ip_nonlocal_bind kernel parameter.

Add helper function to inet_sock.h to check for bind address validity on
the base of the address type and whether nonlocal address are enabled
for the socket via any of the sockopts/sysctl, deduplicating checks in
ipv4/ping.c, ipv4/af_inet.c, ipv6/af_inet6.c (for mapped v4->v6
addresses), and ipv4/raw.c.

Add test cases with IP[V6]_FREEBIND verifying that both v4 and v6 raw
sockets support binding to nonlocal addresses after the change. Add
necessary support for the test cases to nettest.

Signed-off-by: Riccardo Paolo Bestetti <pbl@bestov.io>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20211117090010.125393-1-pbl@bestov.io
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-11-17 20:21:52 -08:00
Leonard Crestez
78a9cf6143 selftests: nettest: Add --{force,no}-bind-key-ifindex
These options allow explicit control over the TCP_MD5SIG_FLAG_IFINDEX
flag instead of always setting it based on binding to an interface.

Do this by converting to getopt_long because nettest has too many
single-character flags already and getopt_long is widely used in
selftests.

Signed-off-by: Leonard Crestez <cdleonard@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-10-15 14:36:57 +01:00
Vadim Fedorenko
ece1278a9b selftests: net: add ESP-in-UDP PMTU test
The case of ESP in UDP encapsulation was not covered before. Add
cases of local changes of MTU and difference on routed path.

Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-07-21 08:50:35 -07:00
David Ahern
5265a0142f selftests: Add separate option to nettest for address binding
Add separate option to nettest to specify local address
binding in client mode.

Signed-off-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-14 16:26:50 -08:00
David Ahern
f26a008c45 selftests: Remove exraneous newline in nettest
Signed-off-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-14 16:26:50 -08:00
David Ahern
8a909735fa selftests: Add separate options for server device bindings
Add new options to nettest to specify device binding and expected
device binding for server mode, and update fcnal-test script. This
is needed to allow a single instance of nettest running both server
and client modes to use different device bindings.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-14 16:26:49 -08:00
David Ahern
d3857b8f0d selftests: Add new option for client-side passwords
Add new option to nettest to specify MD5 password to use for client
side. Update fcnal-test script. This is needed for a single instance
running both server and client modes to test password mismatches.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-14 16:26:49 -08:00
David Ahern
a824e261d7 selftests: Consistently specify address for MD5 protection
nettest started with -r as the remote address for MD5 passwords.
The -m argument was added to use prefixes with a length when that
feature was added to the kernel. Since -r is used to specify
remote address for client mode, change nettest to only use -m
for MD5 passwords and update fcnal-test script.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-14 16:26:49 -08:00
David Ahern
9a8d584964 selftests: Make address validation apply only to client mode
When a single instance of nettest is used for client and server
make sure address validation is only done for client mode.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-14 16:26:49 -08:00
David Ahern
db9993359e selftests: Add missing newline in nettest error messages
A few logging lines are missing the newline, or need it moved up for
cleaner logging.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-14 16:26:48 -08:00
David Ahern
f222c37cf7 selftests: Use separate stdout and stderr buffers in nettest
When a single instance of nettest is doing both client and
server modes, stdout and stderr messages can get interlaced
and become unreadable. Allocate a new set of buffers for the
child process handling server mode.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-14 16:26:48 -08:00
David Ahern
6469403c97 selftests: Add support to nettest to run both client and server
Add option to nettest to run both client and server within a
single instance. Client forks a child process to run the server
code. A pipe is used for the server to tell the client it has
initialized and is ready or had an error. This avoid unnecessary
sleeps to handle such race when the commands are separately launched.

Signed-off-by: Seth David Schoen <schoen@loyalty.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-14 16:26:48 -08:00
David Ahern
092e0ceb12 selftests: Add options to set network namespace to nettest
Add options to specify server and client network namespace to
use before running respective functions.

Signed-off-by: Seth David Schoen <schoen@loyalty.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-14 16:26:48 -08:00
David Ahern
f2f575840a selftests: Move address validation in nettest
IPv6 addresses can have a device name to declare a scope (e.g.,
fe80::5054:ff:fe12:3456%eth0). The next patch adds support to
switch network namespace before running client or server code
(or both), so move the address validation to the server and
client functions.

IPv4 multicast groups do not have the device scope in the address
specification, so they can be validated inline with option parsing.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-14 16:26:47 -08:00
David Ahern
6fc90e1899 selftests: Move convert_addr up in nettest
convert_addr needs to be invoked in a different location. Move
the code up to avoid a forward declaration.

Code move only.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-14 16:26:47 -08:00
David Ahern
3a70a64515 selftests: Move device validation in nettest
Later patch adds support for switching network namespaces before
running client, server or both. Device validations need to be
done after the network namespace switch, so add a helper to do it
and invoke in server and client code versus inline with argument
parsing. Move related argument checks as well.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-14 16:26:47 -08:00
David Ahern
897217b9a0 selftests: Set default protocol for raw sockets in nettest
IPPROTO_IP (0) is not valid for raw sockets. Default the protocol for
raw sockets to IPPROTO_RAW if the protocol has not been set via the -P
option.

Signed-off-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-09-17 17:07:15 -07:00
David Ahern
eb09cf03b9 nettest: Add support for TCP_MD5 extensions
Update nettest to implement TCP_MD5SIG_EXT for a prefix and a device.

Add a new option, -m, to specify a prefix and length to use with MD5
auth. The device option comes from the existing -d option. If either
are set and MD5 auth is requested, TCP_MD5SIG_EXT is used instead of
TCP_MD5SIG.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-02 15:51:22 -08:00
David Ahern
1bfb45d860 nettest: Return 1 on MD5 failure for server mode
On failure to set MD5 password, do_server should return 1 so that the
program exits with 1 rather than 255. This used for negative testing
when adding MD5 with device option.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-02 15:51:22 -08:00
David Ahern
87caaaf2d1 selftests: Fix get_ifidx and callers in nettest.c
Dan reported:

    The patch acda655fefae: "selftests: Add nettest" from Aug 1, 2019,
    leads to the following static checker warning:

            ./tools/testing/selftests/net/nettest.c:1690 main()
            warn: unsigned 'tmp' is never less than zero.

    ./tools/testing/selftests/net/nettest.c
      1680                  case '1':
      1681                          args.has_expected_raddr = 1;
      1682                          if (convert_addr(&args, optarg,
      1683                                           ADDR_TYPE_EXPECTED_REMOTE))
      1684                                  return 1;
      1685
      1686                          break;
      1687                  case '2':
      1688                          if (str_to_uint(optarg, 0, 0x7ffffff, &tmp) != 0) {
      1689                                  tmp = get_ifidx(optarg);
      1690                                  if (tmp < 0) {

    "tmp" is unsigned so it can't be negative.  Also all the callers assume
    that get_ifidx() returns negatives on error but it looks like it really
    returns zero on error so it's a bit unclear to me.

Update get_ifidx to return -1 on errors and cleanup callers of it.

Fixes: acda655fefae ("selftests: Add nettest")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-08-16 15:25:34 -07:00
Colin Ian King
a9e21bea1f ][next] selftests: nettest: fix spelling mistake: "potocol" -> "protocol"
There is a spelling mistake in an error messgae. Fix it.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-08-05 10:27:53 -07:00
David Ahern
acda655fef selftests: Add nettest
Add nettest - a simple program with an implementation for various networking
APIs. nettest is used for tcp, udp and raw functional tests for both IPv4
and IPv6.

Point of this command versus existing utilities:
- controlled implementation of the APIs and the order in which they
  are called,
- ability to verify ingress device, local and remote addresses,
- timeout for controlled test length,
- ability to discriminate a timeout from a system call failure, and
- simplicity with test scripts.

The command returns:
  0  on success,
  1  for any system call failure, and
  2  on timeout.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-08-03 10:42:04 -07:00