All of lore.kernel.org
 help / color / mirror / Atom feed
* [LTP] [PATCH] netns: Fix duplicate address detection (dad)
@ 2017-11-21 21:36 Dan Rue
  2017-11-22  3:09 ` Li Wang
  2017-11-22 12:40 ` Alexey Kodanev
  0 siblings, 2 replies; 4+ messages in thread
From: Dan Rue @ 2017-11-21 21:36 UTC (permalink / raw)
  To: ltp

Symptoms (+ command, error):
    netns_comm_ip_ipv6_ioctl:
        + ip netns exec tst_net_ns1 ping6 -q -c2 -I veth1 fd00::2
        connect: Cannot assign requested address

    netns_comm_ip_ipv6_netlink:
        + ip netns exec tst_net_ns0 ping6 -q -c2 -I veth0 fd00::3
        connect: Cannot assign requested address

    netns_comm_ns_exec_ipv6_ioctl:
        + ns_exec 6689 net ping6 -q -c2 -I veth0 fd00::3
        connect: Cannot assign requested address

    netns_comm_ns_exec_ipv6_netlin:
        + ns_exec 6891 net ping6 -q -c2 -I veth0 fd00::3
        connect: Cannot assign requested address

The error is coming from ping6, which is trying to get an IP address for
veth0 (due to -I veth0), but cannot, because the interface is not
immediately available due to dad. The existing code to disable dad is
disables it for the virtual interfaces, but it needs to be disabled for
all interfaces in the network namespace to be effective.

Also, changed it to use sysctl -w because I think it is a little cleaner
to read and understand.

Lastly, dropped setting accept_ra. It does not seem to be necessary to
disable.

Signed-off-by: Dan Rue <dan.rue@linaro.org>
---
 testcases/kernel/containers/netns/netns_helper.sh | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/testcases/kernel/containers/netns/netns_helper.sh b/testcases/kernel/containers/netns/netns_helper.sh
index a95cdf206..95add0544 100755
--- a/testcases/kernel/containers/netns/netns_helper.sh
+++ b/testcases/kernel/containers/netns/netns_helper.sh
@@ -256,12 +256,10 @@ netns_set_ip()
 	# there is no other host with the same address, the address is
 	# considered to be "tentative" (attempts to bind() to the address fail
 	# with EADDRNOTAVAIL) which may cause problems for tests using ipv6.
-	echo 0 | $NS_EXEC $NS_HANDLE0 $NS_TYPE \
-		tee /proc/sys/net/ipv6/conf/veth0/accept_dad \
-		/proc/sys/net/ipv6/conf/veth0/accept_ra >/dev/null
-	echo 0 | $NS_EXEC $NS_HANDLE1 $NS_TYPE \
-		tee /proc/sys/net/ipv6/conf/veth1/accept_dad \
-		/proc/sys/net/ipv6/conf/veth1/accept_ra >/dev/null
+	$NS_EXEC $NS_HANDLE0 $NS_TYPE sysctl -w net.ipv6.conf.all.accept_dad=0
+	$NS_EXEC $NS_HANDLE0 $NS_TYPE sysctl -w net.ipv6.conf.veth0.accept_dad=0
+	$NS_EXEC $NS_HANDLE1 $NS_TYPE sysctl -w net.ipv6.conf.all.accept_dad=0
+	$NS_EXEC $NS_HANDLE1 $NS_TYPE sysctl -w net.ipv6.conf.veth1.accept_dad=0
 
 	case $USE_IFCONFIG in
 	1)
-- 
2.14.3


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [LTP] [PATCH] netns: Fix duplicate address detection (dad)
  2017-11-21 21:36 [LTP] [PATCH] netns: Fix duplicate address detection (dad) Dan Rue
@ 2017-11-22  3:09 ` Li Wang
  2017-11-22 12:40 ` Alexey Kodanev
  1 sibling, 0 replies; 4+ messages in thread
From: Li Wang @ 2017-11-22  3:09 UTC (permalink / raw)
  To: ltp

On Wed, Nov 22, 2017 at 5:36 AM, Dan Rue <dan.rue@linaro.org> wrote:
> Symptoms (+ command, error):
>     netns_comm_ip_ipv6_ioctl:
>         + ip netns exec tst_net_ns1 ping6 -q -c2 -I veth1 fd00::2
>         connect: Cannot assign requested address
>
>     netns_comm_ip_ipv6_netlink:
>         + ip netns exec tst_net_ns0 ping6 -q -c2 -I veth0 fd00::3
>         connect: Cannot assign requested address
>
>     netns_comm_ns_exec_ipv6_ioctl:
>         + ns_exec 6689 net ping6 -q -c2 -I veth0 fd00::3
>         connect: Cannot assign requested address
>
>     netns_comm_ns_exec_ipv6_netlin:
>         + ns_exec 6891 net ping6 -q -c2 -I veth0 fd00::3
>         connect: Cannot assign requested address
>
> The error is coming from ping6, which is trying to get an IP address for
> veth0 (due to -I veth0), but cannot, because the interface is not
> immediately available due to dad. The existing code to disable dad is
> disables it for the virtual interfaces, but it needs to be disabled for
> all interfaces in the network namespace to be effective.
>
> Also, changed it to use sysctl -w because I think it is a little cleaner
> to read and understand.
>
> Lastly, dropped setting accept_ra. It does not seem to be necessary to
> disable.
>
> Signed-off-by: Dan Rue <dan.rue@linaro.org>
> ---
>  testcases/kernel/containers/netns/netns_helper.sh | 10 ++++------
>  1 file changed, 4 insertions(+), 6 deletions(-)
>
> diff --git a/testcases/kernel/containers/netns/netns_helper.sh b/testcases/kernel/containers/netns/netns_helper.sh
> index a95cdf206..95add0544 100755
> --- a/testcases/kernel/containers/netns/netns_helper.sh
> +++ b/testcases/kernel/containers/netns/netns_helper.sh
> @@ -256,12 +256,10 @@ netns_set_ip()
>         # there is no other host with the same address, the address is
>         # considered to be "tentative" (attempts to bind() to the address fail
>         # with EADDRNOTAVAIL) which may cause problems for tests using ipv6.
> -       echo 0 | $NS_EXEC $NS_HANDLE0 $NS_TYPE \
> -               tee /proc/sys/net/ipv6/conf/veth0/accept_dad \
> -               /proc/sys/net/ipv6/conf/veth0/accept_ra >/dev/null
> -       echo 0 | $NS_EXEC $NS_HANDLE1 $NS_TYPE \
> -               tee /proc/sys/net/ipv6/conf/veth1/accept_dad \
> -               /proc/sys/net/ipv6/conf/veth1/accept_ra >/dev/null
> +       $NS_EXEC $NS_HANDLE0 $NS_TYPE sysctl -w net.ipv6.conf.all.accept_dad=0
> +       $NS_EXEC $NS_HANDLE0 $NS_TYPE sysctl -w net.ipv6.conf.veth0.accept_dad=0

Seems we have already disabled DAD for all interfaces via
'net.ipv6.conf.all.accept_dad=0', I wonder if it's necessary to do the
repeat setting for veth0 device?

> +       $NS_EXEC $NS_HANDLE1 $NS_TYPE sysctl -w net.ipv6.conf.all.accept_dad=0
> +       $NS_EXEC $NS_HANDLE1 $NS_TYPE sysctl -w net.ipv6.conf.veth1.accept_dad=0

Here as well.


>
>         case $USE_IFCONFIG in
>         1)
> --
> 2.14.3

Anyway, this method works to me.



-- 
Li Wang
liwang@redhat.com

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [LTP] [PATCH] netns: Fix duplicate address detection (dad)
  2017-11-21 21:36 [LTP] [PATCH] netns: Fix duplicate address detection (dad) Dan Rue
  2017-11-22  3:09 ` Li Wang
@ 2017-11-22 12:40 ` Alexey Kodanev
  2017-11-22 15:08   ` Dan Rue
  1 sibling, 1 reply; 4+ messages in thread
From: Alexey Kodanev @ 2017-11-22 12:40 UTC (permalink / raw)
  To: ltp

On 11/22/2017 12:36 AM, Dan Rue wrote:
> Symptoms (+ command, error):
>     netns_comm_ip_ipv6_ioctl:
>         + ip netns exec tst_net_ns1 ping6 -q -c2 -I veth1 fd00::2
>         connect: Cannot assign requested address
>
>     netns_comm_ip_ipv6_netlink:
>         + ip netns exec tst_net_ns0 ping6 -q -c2 -I veth0 fd00::3
>         connect: Cannot assign requested address
>
>     netns_comm_ns_exec_ipv6_ioctl:
>         + ns_exec 6689 net ping6 -q -c2 -I veth0 fd00::3
>         connect: Cannot assign requested address
>
>     netns_comm_ns_exec_ipv6_netlin:
>         + ns_exec 6891 net ping6 -q -c2 -I veth0 fd00::3
>         connect: Cannot assign requested address
>
> The error is coming from ping6, which is trying to get an IP address for
> veth0 (due to -I veth0), but cannot, because the interface is not
> immediately available due to dad. The existing code to disable dad is
> disables it for the virtual interfaces, but it needs to be disabled for
> all interfaces in the network namespace to be effective.


Looks like Linux 4.14 specific and it's fixed with the following patch:
094009531612 ("ipv6: set all.accept_dad to 0 by default")

I'm not sure if we need to change the test-case if we want to catch
similar bug with backward compatibility...

Thanks,
Alexey

> Also, changed it to use sysctl -w because I think it is a little cleaner
> to read and understand.
>
> Lastly, dropped setting accept_ra. It does not seem to be necessary to
> disable.
>
> Signed-off-by: Dan Rue <dan.rue@linaro.org>
> ---
>  testcases/kernel/containers/netns/netns_helper.sh | 10 ++++------
>  1 file changed, 4 insertions(+), 6 deletions(-)
>
> diff --git a/testcases/kernel/containers/netns/netns_helper.sh b/testcases/kernel/containers/netns/netns_helper.sh
> index a95cdf206..95add0544 100755
> --- a/testcases/kernel/containers/netns/netns_helper.sh
> +++ b/testcases/kernel/containers/netns/netns_helper.sh
> @@ -256,12 +256,10 @@ netns_set_ip()
>  	# there is no other host with the same address, the address is
>  	# considered to be "tentative" (attempts to bind() to the address fail
>  	# with EADDRNOTAVAIL) which may cause problems for tests using ipv6.
> -	echo 0 | $NS_EXEC $NS_HANDLE0 $NS_TYPE \
> -		tee /proc/sys/net/ipv6/conf/veth0/accept_dad \
> -		/proc/sys/net/ipv6/conf/veth0/accept_ra >/dev/null
> -	echo 0 | $NS_EXEC $NS_HANDLE1 $NS_TYPE \
> -		tee /proc/sys/net/ipv6/conf/veth1/accept_dad \
> -		/proc/sys/net/ipv6/conf/veth1/accept_ra >/dev/null
> +	$NS_EXEC $NS_HANDLE0 $NS_TYPE sysctl -w net.ipv6.conf.all.accept_dad=0
> +	$NS_EXEC $NS_HANDLE0 $NS_TYPE sysctl -w net.ipv6.conf.veth0.accept_dad=0
> +	$NS_EXEC $NS_HANDLE1 $NS_TYPE sysctl -w net.ipv6.conf.all.accept_dad=0
> +	$NS_EXEC $NS_HANDLE1 $NS_TYPE sysctl -w net.ipv6.conf.veth1.accept_dad=0

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [LTP] [PATCH] netns: Fix duplicate address detection (dad)
  2017-11-22 12:40 ` Alexey Kodanev
@ 2017-11-22 15:08   ` Dan Rue
  0 siblings, 0 replies; 4+ messages in thread
From: Dan Rue @ 2017-11-22 15:08 UTC (permalink / raw)
  To: ltp

On Wed, Nov 22, 2017 at 03:40:10PM +0300, Alexey Kodanev wrote:
> On 11/22/2017 12:36 AM, Dan Rue wrote:
> > Symptoms (+ command, error):
> >     netns_comm_ip_ipv6_ioctl:
> >         + ip netns exec tst_net_ns1 ping6 -q -c2 -I veth1 fd00::2
> >         connect: Cannot assign requested address
> >
> >     netns_comm_ip_ipv6_netlink:
> >         + ip netns exec tst_net_ns0 ping6 -q -c2 -I veth0 fd00::3
> >         connect: Cannot assign requested address
> >
> >     netns_comm_ns_exec_ipv6_ioctl:
> >         + ns_exec 6689 net ping6 -q -c2 -I veth0 fd00::3
> >         connect: Cannot assign requested address
> >
> >     netns_comm_ns_exec_ipv6_netlin:
> >         + ns_exec 6891 net ping6 -q -c2 -I veth0 fd00::3
> >         connect: Cannot assign requested address
> >
> > The error is coming from ping6, which is trying to get an IP address for
> > veth0 (due to -I veth0), but cannot, because the interface is not
> > immediately available due to dad. The existing code to disable dad is
> > disables it for the virtual interfaces, but it needs to be disabled for
> > all interfaces in the network namespace to be effective.
> 
> 
> Looks like Linux 4.14 specific and it's fixed with the following patch:
> 094009531612 ("ipv6: set all.accept_dad to 0 by default")
> 
> I'm not sure if we need to change the test-case if we want to catch
> similar bug with backward compatibility...

Good find! I'm happy withdrawing this patch.

> 
> Thanks,
> Alexey
> 
> > Also, changed it to use sysctl -w because I think it is a little cleaner
> > to read and understand.
> >
> > Lastly, dropped setting accept_ra. It does not seem to be necessary to
> > disable.
> >
> > Signed-off-by: Dan Rue <dan.rue@linaro.org>
> > ---
> >  testcases/kernel/containers/netns/netns_helper.sh | 10 ++++------
> >  1 file changed, 4 insertions(+), 6 deletions(-)
> >
> > diff --git a/testcases/kernel/containers/netns/netns_helper.sh b/testcases/kernel/containers/netns/netns_helper.sh
> > index a95cdf206..95add0544 100755
> > --- a/testcases/kernel/containers/netns/netns_helper.sh
> > +++ b/testcases/kernel/containers/netns/netns_helper.sh
> > @@ -256,12 +256,10 @@ netns_set_ip()
> >  	# there is no other host with the same address, the address is
> >  	# considered to be "tentative" (attempts to bind() to the address fail
> >  	# with EADDRNOTAVAIL) which may cause problems for tests using ipv6.
> > -	echo 0 | $NS_EXEC $NS_HANDLE0 $NS_TYPE \
> > -		tee /proc/sys/net/ipv6/conf/veth0/accept_dad \
> > -		/proc/sys/net/ipv6/conf/veth0/accept_ra >/dev/null
> > -	echo 0 | $NS_EXEC $NS_HANDLE1 $NS_TYPE \
> > -		tee /proc/sys/net/ipv6/conf/veth1/accept_dad \
> > -		/proc/sys/net/ipv6/conf/veth1/accept_ra >/dev/null
> > +	$NS_EXEC $NS_HANDLE0 $NS_TYPE sysctl -w net.ipv6.conf.all.accept_dad=0
> > +	$NS_EXEC $NS_HANDLE0 $NS_TYPE sysctl -w net.ipv6.conf.veth0.accept_dad=0
> > +	$NS_EXEC $NS_HANDLE1 $NS_TYPE sysctl -w net.ipv6.conf.all.accept_dad=0
> > +	$NS_EXEC $NS_HANDLE1 $NS_TYPE sysctl -w net.ipv6.conf.veth1.accept_dad=0

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-11-22 15:08 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-11-21 21:36 [LTP] [PATCH] netns: Fix duplicate address detection (dad) Dan Rue
2017-11-22  3:09 ` Li Wang
2017-11-22 12:40 ` Alexey Kodanev
2017-11-22 15:08   ` Dan Rue

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.