* [PATCH 0/2] Fix ASCONF test and ensure it can be always run
@ 2020-10-21 21:44 Ondrej Mosnacek
2020-10-21 21:44 ` [PATCH 1/2] tests/sctp: fix a race condition in the new ASCONF test Ondrej Mosnacek
2020-10-21 21:44 ` [PATCH 2/2] tests/sctp: set up a GRE tunnel to activate ASCONF tests Ondrej Mosnacek
0 siblings, 2 replies; 6+ messages in thread
From: Ondrej Mosnacek @ 2020-10-21 21:44 UTC (permalink / raw)
To: selinux; +Cc: Richard Haines
First fix the unreliable ASCONF test and then make the SCTP test create
a GRE interface with an additional IPv4 address so that the ASCONF tests
can be run even on a machine with just one global IPv4 address.
Ondrej Mosnacek (2):
tests/sctp: fix a race condition in the new ASCONF test
tests/sctp: set up a GRE tunnel to activate ASCONF tests
tests/sctp/sctp_asconf_params_server.c | 7 +++++++
tests/sctp/test | 8 ++++++++
2 files changed, 15 insertions(+)
--
2.26.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/2] tests/sctp: fix a race condition in the new ASCONF test
2020-10-21 21:44 [PATCH 0/2] Fix ASCONF test and ensure it can be always run Ondrej Mosnacek
@ 2020-10-21 21:44 ` Ondrej Mosnacek
2020-10-22 14:09 ` Richard Haines
2020-10-21 21:44 ` [PATCH 2/2] tests/sctp: set up a GRE tunnel to activate ASCONF tests Ondrej Mosnacek
1 sibling, 1 reply; 6+ messages in thread
From: Ondrej Mosnacek @ 2020-10-21 21:44 UTC (permalink / raw)
To: selinux; +Cc: Richard Haines
The new ASCONF test introduced recently (see Fixes: tag) is unstable and
can randomly fail on slow machines. The problem seems to be triggered
when the server does the sctp_bindx() calls before the client starts
listening for a new message, so add a 1 second sleep before the bindx
calls.
It is possible that this delay will not be enough on some very slow
machines, but let's start with a small value and see how it goes. The
one second seems to be enough for the Travis CI at least.
Fixes: 841ccaabb366 ("selinux-testsuite: Update SCTP asconf client/server")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
tests/sctp/sctp_asconf_params_server.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/tests/sctp/sctp_asconf_params_server.c b/tests/sctp/sctp_asconf_params_server.c
index 18e2cb2..ded782e 100644
--- a/tests/sctp/sctp_asconf_params_server.c
+++ b/tests/sctp/sctp_asconf_params_server.c
@@ -225,6 +225,13 @@ int main(int argc, char **argv)
((struct sockaddr_in6 *)
new_pri_addr_res->ai_addr)->sin6_scope_id);
+ /*
+ * We can't do the sctp_bindx() calls too fast, otherwise the test
+ * that checks if these are denied would fail. Therefore, sleep for
+ * a bit to allow the client to catch up.
+ */
+ sleep(1);
+
/*
* Now call sctp_bindx(3) to add 'new_pri_addr'. This uses Dynamic
* Address Reconfiguration by sending an asconf chunk with
--
2.26.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/2] tests/sctp: set up a GRE tunnel to activate ASCONF tests
2020-10-21 21:44 [PATCH 0/2] Fix ASCONF test and ensure it can be always run Ondrej Mosnacek
2020-10-21 21:44 ` [PATCH 1/2] tests/sctp: fix a race condition in the new ASCONF test Ondrej Mosnacek
@ 2020-10-21 21:44 ` Ondrej Mosnacek
2020-10-22 14:11 ` Richard Haines
1 sibling, 1 reply; 6+ messages in thread
From: Ondrej Mosnacek @ 2020-10-21 21:44 UTC (permalink / raw)
To: selinux; +Cc: Richard Haines
Currently, the ASCONF tests will activate only if the test system has
two global IPv4 addresses, otherwise they are just skipped. Most
systems, including the VM in CI, don't fulfill this condition.
As it turns out, this second IPv4 address can be set up very easily by
creating a GRE trunnel interface over loopback. So make the SCTP test
create such interface so that the ASCONF tests can be always run.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
tests/sctp/test | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/tests/sctp/test b/tests/sctp/test
index eede42f..1170921 100755
--- a/tests/sctp/test
+++ b/tests/sctp/test
@@ -35,6 +35,12 @@ BEGIN {
else {
$test_count = 75;
+ # Set up a GRE tunnel over loopback to ensure we have enough addresses
+ # for the ASCONF tests.
+ system "ip link add mygre type gretap local 127.0.0.1 remote 127.0.0.1";
+ system "ip addr add 10.123.123.123 dev mygre";
+ system "ip link set mygre up";
+
# asconf parameter tests require two local non-loopback addresses.
$ipaddress_list = `ip -o addr show up scope global`;
$test_asconf = 0;
@@ -909,4 +915,6 @@ if ($test_nft) {
system "nft -f $basedir/nftables-flush";
}
+system "ip link del mygre";
+
exit;
--
2.26.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] tests/sctp: fix a race condition in the new ASCONF test
2020-10-21 21:44 ` [PATCH 1/2] tests/sctp: fix a race condition in the new ASCONF test Ondrej Mosnacek
@ 2020-10-22 14:09 ` Richard Haines
0 siblings, 0 replies; 6+ messages in thread
From: Richard Haines @ 2020-10-22 14:09 UTC (permalink / raw)
To: Ondrej Mosnacek, selinux
On Wed, 2020-10-21 at 23:44 +0200, Ondrej Mosnacek wrote:
> The new ASCONF test introduced recently (see Fixes: tag) is unstable
> and
> can randomly fail on slow machines. The problem seems to be triggered
> when the server does the sctp_bindx() calls before the client starts
> listening for a new message, so add a 1 second sleep before the bindx
> calls.
>
> It is possible that this delay will not be enough on some very slow
> machines, but let's start with a small value and see how it goes. The
> one second seems to be enough for the Travis CI at least.
>
> Fixes: 841ccaabb366 ("selinux-testsuite: Update SCTP asconf
> client/server")
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
> tests/sctp/sctp_asconf_params_server.c | 7 +++++++
> 1 file changed, 7 insertions(+)
Tested the three asconf tests over 1000 interations with no problems.
In the meantime I'll review these tests to find a more reliable way to
run them.
Acked-by: Richard Haines <richard_c_haines@btinternet.com>
>
> diff --git a/tests/sctp/sctp_asconf_params_server.c
> b/tests/sctp/sctp_asconf_params_server.c
> index 18e2cb2..ded782e 100644
> --- a/tests/sctp/sctp_asconf_params_server.c
> +++ b/tests/sctp/sctp_asconf_params_server.c
> @@ -225,6 +225,13 @@ int main(int argc, char **argv)
> ((struct sockaddr_in6 *)
> new_pri_addr_res->ai_addr)->sin6_scope_id);
>
> + /*
> + * We can't do the sctp_bindx() calls too fast, otherwise the
> test
> + * that checks if these are denied would fail. Therefore, sleep
> for
> + * a bit to allow the client to catch up.
> + */
> + sleep(1);
> +
> /*
> * Now call sctp_bindx(3) to add 'new_pri_addr'. This uses
> Dynamic
> * Address Reconfiguration by sending an asconf chunk with
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] tests/sctp: set up a GRE tunnel to activate ASCONF tests
2020-10-21 21:44 ` [PATCH 2/2] tests/sctp: set up a GRE tunnel to activate ASCONF tests Ondrej Mosnacek
@ 2020-10-22 14:11 ` Richard Haines
2020-10-23 14:55 ` Ondrej Mosnacek
0 siblings, 1 reply; 6+ messages in thread
From: Richard Haines @ 2020-10-22 14:11 UTC (permalink / raw)
To: Ondrej Mosnacek, selinux
On Wed, 2020-10-21 at 23:44 +0200, Ondrej Mosnacek wrote:
> Currently, the ASCONF tests will activate only if the test system has
> two global IPv4 addresses, otherwise they are just skipped. Most
> systems, including the VM in CI, don't fulfill this condition.
>
> As it turns out, this second IPv4 address can be set up very easily
> by
> creating a GRE trunnel interface over loopback. So make the SCTP test
> create such interface so that the ASCONF tests can be always run.
>
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
> tests/sctp/test | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
Acked-by: Richard Haines <richard_c_haines@btinternet.com>
> diff --git a/tests/sctp/test b/tests/sctp/test
> index eede42f..1170921 100755
> --- a/tests/sctp/test
> +++ b/tests/sctp/test
> @@ -35,6 +35,12 @@ BEGIN {
> else {
> $test_count = 75;
>
> + # Set up a GRE tunnel over loopback to ensure we have enough
> addresses
> + # for the ASCONF tests.
> + system "ip link add mygre type gretap local 127.0.0.1 remote
> 127.0.0.1";
> + system "ip addr add 10.123.123.123 dev mygre";
> + system "ip link set mygre up";
> +
> # asconf parameter tests require two local non-loopback
> addresses.
> $ipaddress_list = `ip -o addr show up scope global`;
> $test_asconf = 0;
> @@ -909,4 +915,6 @@ if ($test_nft) {
> system "nft -f $basedir/nftables-flush";
> }
>
> +system "ip link del mygre";
> +
> exit;
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] tests/sctp: set up a GRE tunnel to activate ASCONF tests
2020-10-22 14:11 ` Richard Haines
@ 2020-10-23 14:55 ` Ondrej Mosnacek
0 siblings, 0 replies; 6+ messages in thread
From: Ondrej Mosnacek @ 2020-10-23 14:55 UTC (permalink / raw)
To: Richard Haines; +Cc: SElinux list
On Thu, Oct 22, 2020 at 4:11 PM Richard Haines
<richard_c_haines@btinternet.com> wrote:
> On Wed, 2020-10-21 at 23:44 +0200, Ondrej Mosnacek wrote:
> > Currently, the ASCONF tests will activate only if the test system has
> > two global IPv4 addresses, otherwise they are just skipped. Most
> > systems, including the VM in CI, don't fulfill this condition.
> >
> > As it turns out, this second IPv4 address can be set up very easily
> > by
> > creating a GRE trunnel interface over loopback. So make the SCTP test
> > create such interface so that the ASCONF tests can be always run.
> >
> > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> > ---
> > tests/sctp/test | 8 ++++++++
> > 1 file changed, 8 insertions(+)
> >
>
> Acked-by: Richard Haines <richard_c_haines@btinternet.com>
Thanks! I applied both patches now.
>
> > diff --git a/tests/sctp/test b/tests/sctp/test
> > index eede42f..1170921 100755
> > --- a/tests/sctp/test
> > +++ b/tests/sctp/test
> > @@ -35,6 +35,12 @@ BEGIN {
> > else {
> > $test_count = 75;
> >
> > + # Set up a GRE tunnel over loopback to ensure we have enough
> > addresses
> > + # for the ASCONF tests.
> > + system "ip link add mygre type gretap local 127.0.0.1 remote
> > 127.0.0.1";
> > + system "ip addr add 10.123.123.123 dev mygre";
> > + system "ip link set mygre up";
> > +
> > # asconf parameter tests require two local non-loopback
> > addresses.
> > $ipaddress_list = `ip -o addr show up scope global`;
> > $test_asconf = 0;
> > @@ -909,4 +915,6 @@ if ($test_nft) {
> > system "nft -f $basedir/nftables-flush";
> > }
> >
> > +system "ip link del mygre";
> > +
> > exit;
>
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-10-23 14:55 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-21 21:44 [PATCH 0/2] Fix ASCONF test and ensure it can be always run Ondrej Mosnacek
2020-10-21 21:44 ` [PATCH 1/2] tests/sctp: fix a race condition in the new ASCONF test Ondrej Mosnacek
2020-10-22 14:09 ` Richard Haines
2020-10-21 21:44 ` [PATCH 2/2] tests/sctp: set up a GRE tunnel to activate ASCONF tests Ondrej Mosnacek
2020-10-22 14:11 ` Richard Haines
2020-10-23 14:55 ` Ondrej Mosnacek
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.