From: David Ahern <dsahern@kernel.org>
To: netdev@vger.kernel.org
Cc: davem@davemloft.net, kuba@kernel.org, schoen@loyalty.org,
David Ahern <dsahern@gmail.com>
Subject: [PATCH net-next v4 09/13] selftests: Consistently specify address for MD5 protection
Date: Wed, 13 Jan 2021 20:09:45 -0700
Message-ID: <20210114030949.54425-10-dsahern@kernel.org> (raw)
In-Reply-To: <20210114030949.54425-1-dsahern@kernel.org>
From: David Ahern <dsahern@gmail.com>
nettest started with -r as the remote address for MD5 passwords.
The -m argument was added to use prefixes with a length when that
feature was added to the kernel. Since -r is used to specify
remote address for client mode, change nettest to only use -m
for MD5 passwords and update fcnal-test script.
Signed-off-by: David Ahern <dsahern@gmail.com>
---
tools/testing/selftests/net/fcnal-test.sh | 60 +++++++++++------------
tools/testing/selftests/net/nettest.c | 6 +--
2 files changed, 33 insertions(+), 33 deletions(-)
diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh
index 02b0b9ead40b..edd33f83f80e 100755
--- a/tools/testing/selftests/net/fcnal-test.sh
+++ b/tools/testing/selftests/net/fcnal-test.sh
@@ -801,7 +801,7 @@ ipv4_tcp_md5_novrf()
# basic use case
log_start
- run_cmd nettest -s -M ${MD5_PW} -r ${NSB_IP} &
+ run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 0 "MD5: Single address config"
@@ -817,7 +817,7 @@ ipv4_tcp_md5_novrf()
# wrong password
log_start
show_hint "Should timeout since client uses wrong password"
- run_cmd nettest -s -M ${MD5_PW} -r ${NSB_IP} &
+ run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: Client uses wrong password"
@@ -825,7 +825,7 @@ ipv4_tcp_md5_novrf()
# client from different address
log_start
show_hint "Should timeout due to MD5 mismatch"
- run_cmd nettest -s -M ${MD5_PW} -r ${NSB_LO_IP} &
+ run_cmd nettest -s -M ${MD5_PW} -m ${NSB_LO_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 2 "MD5: Client address does not match address configured with password"
@@ -869,7 +869,7 @@ ipv4_tcp_md5()
# basic use case
log_start
- run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
+ run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config"
@@ -885,7 +885,7 @@ ipv4_tcp_md5()
# wrong password
log_start
show_hint "Should timeout since client uses wrong password"
- run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
+ run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Client uses wrong password"
@@ -893,7 +893,7 @@ ipv4_tcp_md5()
# client from different address
log_start
show_hint "Should timeout since server config differs from client"
- run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_LO_IP} &
+ run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
@@ -930,31 +930,31 @@ ipv4_tcp_md5()
#
log_start
- run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
- run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
+ run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
+ run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
log_start
- run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
- run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
+ run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
+ run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
sleep 1
run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
log_start
show_hint "Should timeout since client in default VRF uses VRF password"
- run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
- run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
+ run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
+ run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
sleep 1
run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
log_start
show_hint "Should timeout since client in VRF uses default VRF password"
- run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} &
- run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} &
+ run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
+ run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
@@ -993,7 +993,7 @@ ipv4_tcp_md5()
# negative tests
#
log_start
- run_cmd nettest -s -d ${NSA_DEV} -M ${MD5_PW} -r ${NSB_IP}
+ run_cmd nettest -s -d ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP}
log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
log_start
@@ -2265,7 +2265,7 @@ ipv6_tcp_md5_novrf()
# basic use case
log_start
- run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_IP6} &
+ run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 0 "MD5: Single address config"
@@ -2281,7 +2281,7 @@ ipv6_tcp_md5_novrf()
# wrong password
log_start
show_hint "Should timeout since client uses wrong password"
- run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_IP6} &
+ run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: Client uses wrong password"
@@ -2289,7 +2289,7 @@ ipv6_tcp_md5_novrf()
# client from different address
log_start
show_hint "Should timeout due to MD5 mismatch"
- run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_LO_IP6} &
+ run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 2 "MD5: Client address does not match address configured with password"
@@ -2333,7 +2333,7 @@ ipv6_tcp_md5()
# basic use case
log_start
- run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
+ run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config"
@@ -2349,7 +2349,7 @@ ipv6_tcp_md5()
# wrong password
log_start
show_hint "Should timeout since client uses wrong password"
- run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
+ run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Client uses wrong password"
@@ -2357,7 +2357,7 @@ ipv6_tcp_md5()
# client from different address
log_start
show_hint "Should timeout since server config differs from client"
- run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_LO_IP6} &
+ run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
@@ -2394,31 +2394,31 @@ ipv6_tcp_md5()
#
log_start
- run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
- run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
+ run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
+ run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
log_start
- run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
- run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
+ run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
+ run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
sleep 1
run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
log_start
show_hint "Should timeout since client in default VRF uses VRF password"
- run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
- run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
+ run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
+ run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
sleep 1
run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
log_start
show_hint "Should timeout since client in VRF uses default VRF password"
- run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} &
- run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} &
+ run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
+ run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
@@ -2457,7 +2457,7 @@ ipv6_tcp_md5()
# negative tests
#
log_start
- run_cmd nettest -6 -s -d ${NSA_DEV} -M ${MD5_PW} -r ${NSB_IP6}
+ run_cmd nettest -6 -s -d ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP6}
log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
log_start
diff --git a/tools/testing/selftests/net/nettest.c b/tools/testing/selftests/net/nettest.c
index 0e01a7447521..4c8d4570872d 100644
--- a/tools/testing/selftests/net/nettest.c
+++ b/tools/testing/selftests/net/nettest.c
@@ -291,13 +291,13 @@ static int tcp_md5_remote(int sd, struct sock_args *args)
switch (args->version) {
case AF_INET:
sin.sin_port = htons(args->port);
- sin.sin_addr = args->remote_addr.in;
+ sin.sin_addr = args->md5_prefix.v4.sin_addr;
addr = &sin;
alen = sizeof(sin);
break;
case AF_INET6:
sin6.sin6_port = htons(args->port);
- sin6.sin6_addr = args->remote_addr.in6;
+ sin6.sin6_addr = args->md5_prefix.v6.sin6_addr;
addr = &sin6;
alen = sizeof(sin6);
break;
@@ -725,7 +725,7 @@ static int convert_addr(struct sock_args *args, const char *_str,
return 1;
}
} else {
- args->prefix_len = pfx_len_max;
+ args->prefix_len = 0;
}
break;
default:
--
2.24.3 (Apple Git-128)
next prev parent reply index
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-14 3:09 [PATCH net-next v4 00/13] selftests: Updates to allow single instance of nettest for client and server David Ahern
2021-01-14 3:09 ` [PATCH net-next v4 01/13] selftests: Move device validation in nettest David Ahern
2021-01-14 3:09 ` [PATCH net-next v4 02/13] selftests: Move convert_addr up " David Ahern
2021-01-14 3:09 ` [PATCH net-next v4 03/13] selftests: Move address validation " David Ahern
2021-01-14 3:09 ` [PATCH net-next v4 04/13] selftests: Add options to set network namespace to nettest David Ahern
2021-01-14 3:09 ` [PATCH net-next v4 05/13] selftests: Add support to nettest to run both client and server David Ahern
2021-01-14 3:09 ` [PATCH net-next v4 06/13] selftests: Use separate stdout and stderr buffers in nettest David Ahern
2021-01-14 3:09 ` [PATCH net-next v4 07/13] selftests: Add missing newline in nettest error messages David Ahern
2021-01-14 3:09 ` [PATCH net-next v4 08/13] selftests: Make address validation apply only to client mode David Ahern
2021-01-14 3:09 ` David Ahern [this message]
2021-01-14 3:09 ` [PATCH net-next v4 10/13] selftests: Add new option for client-side passwords David Ahern
2021-01-14 3:09 ` [PATCH net-next v4 11/13] selftests: Add separate options for server device bindings David Ahern
2021-01-14 3:09 ` [PATCH net-next v4 12/13] selftests: Remove exraneous newline in nettest David Ahern
2021-01-14 3:09 ` [PATCH net-next v4 13/13] selftests: Add separate option to nettest for address binding David Ahern
2021-01-15 0:30 ` [PATCH net-next v4 00/13] selftests: Updates to allow single instance of nettest for client and server patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210114030949.54425-10-dsahern@kernel.org \
--to=dsahern@kernel.org \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=schoen@loyalty.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Netdev Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/netdev/0 netdev/git/0.git
git clone --mirror https://lore.kernel.org/netdev/1 netdev/git/1.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 netdev netdev/ https://lore.kernel.org/netdev \
netdev@vger.kernel.org
public-inbox-index netdev
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.netdev
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git