Message ID | 20201124002345.GA42222@ubuntu |
---|---|
State | New |
Headers | show |
Series | VRF NS for lladdr sent on the wrong interface | expand |
On 11/23/20 5:23 PM, Stephen Suryaputra wrote: > Hi, > > I'm running into a problem with lladdr pinging all-host mcast all nodes > addr. The ping intially works but after cycling the interface that > receives the ping, the echo request packet causes a neigh solicitation > being sent on a different interface. > > To repro, I included the attached namespace scripts. This is the > topology and an output of my test. Can you run your test script on 4.14-4.17 kernel? I am wondering if the changes in 4.19-next changed this behavior.
On Tue, Nov 24, 2020 at 01:43:54PM -0700, David Ahern wrote: > On 11/23/20 5:23 PM, Stephen Suryaputra wrote: > > Hi, > > > > I'm running into a problem with lladdr pinging all-host mcast all nodes > > addr. The ping intially works but after cycling the interface that > > receives the ping, the echo request packet causes a neigh solicitation > > being sent on a different interface. > > > > To repro, I included the attached namespace scripts. This is the > > topology and an output of my test. > > Can you run your test script on 4.14-4.17 kernel? I am wondering if the > changes in 4.19-next changed this behavior. > We found the issue on 4.14.200-based kernel.
On Tue, Nov 24, 2020 at 03:57:48PM -0500, Stephen Suryaputra wrote: > On Tue, Nov 24, 2020 at 01:43:54PM -0700, David Ahern wrote: > > On 11/23/20 5:23 PM, Stephen Suryaputra wrote: > > > Hi, > > > > > > I'm running into a problem with lladdr pinging all-host mcast all nodes > > > addr. The ping intially works but after cycling the interface that > > > receives the ping, the echo request packet causes a neigh solicitation > > > being sent on a different interface. > > > > > > To repro, I included the attached namespace scripts. This is the > > > topology and an output of my test. > > > > Can you run your test script on 4.14-4.17 kernel? I am wondering if the > > changes in 4.19-next changed this behavior. > > > We found the issue on 4.14.200-based kernel. To be clear, our platform is based on 4.14.200 kernel. We found the issue there and I reproduced it on the net tree using the scripts I provided. Looks to me that it is a day 1 problem. Regards, Stephen.
On 11/23/20 5:23 PM, Stephen Suryaputra wrote: > Hi, > > I'm running into a problem with lladdr pinging all-host mcast all nodes > addr. The ping intially works but after cycling the interface that > receives the ping, the echo request packet causes a neigh solicitation > being sent on a different interface. > > To repro, I included the attached namespace scripts. This is the > topology and an output of my test. > > # +-------+ +----------+ +-------+ > # | h0 | | r0 | | h1 | > # | v00+-----+v00 v01+---+v10 | > # | | | | | | > # +-------+ +----------+ +-------+ > after setup, ip netns exec h0 ping -c 1 ff02::1%h0_v00 works, but ip netns exec h1 ping -c 1 ff02::1%h1_v10 does not. No surprise then that cycling v00 in r0 causes the reverse. The problem is the route order changes: root@ubuntu-c-2-4gib-sfo3-01:~# diff -U3 /tmp/1 /tmp/2 --- /tmp/1 2020-12-01 01:07:39.795361392 +0000 +++ /tmp/2 2020-12-01 01:07:51.991808848 +0000 @@ -1,6 +1,6 @@ local fe80::8466:b3ff:fecc:3a4f dev r0_v01 table 10 proto kernel metric 0 pref medium local fe80::b4ec:a8ff:fec3:33d9 dev r0_v00 table 10 proto kernel metric 0 pref medium -fe80::/64 dev r0_v00 table 10 proto kernel metric 256 pref medium fe80::/64 dev r0_v01 table 10 proto kernel metric 256 pref medium -ff00::/8 dev r0_v00 table 10 metric 256 pref medium +fe80::/64 dev r0_v00 table 10 proto kernel metric 256 pref medium ff00::/8 dev r0_v01 table 10 metric 256 pref medium +ff00::/8 dev r0_v00 table 10 metric 256 pref medium With your patch does ping from both hosts work? What about all of the tests in tools/testing/selftests/net/fcnal-test.sh? specifically curious about the 'LLA to GUA' tests (link local to global). Perhaps those tests need a second interface (e.g., a dummy) that is brought up first to cause the ordering to be different.
On Mon, Nov 30, 2020 at 06:15:06PM -0700, David Ahern wrote: > On 11/23/20 5:23 PM, Stephen Suryaputra wrote: > > Hi, > > > > I'm running into a problem with lladdr pinging all-host mcast all nodes > > addr. The ping intially works but after cycling the interface that > > receives the ping, the echo request packet causes a neigh solicitation > > being sent on a different interface. > > > > To repro, I included the attached namespace scripts. This is the > > topology and an output of my test. > > > > # +-------+ +----------+ +-------+ > > # | h0 | | r0 | | h1 | > > # | v00+-----+v00 v01+---+v10 | > > # | | | | | | > > # +-------+ +----------+ +-------+ > > > > > > after setup, > > ip netns exec h0 ping -c 1 ff02::1%h0_v00 > > works, but > > ip netns exec h1 ping -c 1 ff02::1%h1_v10 > > does not. No surprise then that cycling v00 in r0 causes the reverse. > The problem is the route order changes: > > root@ubuntu-c-2-4gib-sfo3-01:~# diff -U3 /tmp/1 /tmp/2 > --- /tmp/1 2020-12-01 01:07:39.795361392 +0000 > +++ /tmp/2 2020-12-01 01:07:51.991808848 +0000 > @@ -1,6 +1,6 @@ > local fe80::8466:b3ff:fecc:3a4f dev r0_v01 table 10 proto kernel metric > 0 pref medium > local fe80::b4ec:a8ff:fec3:33d9 dev r0_v00 table 10 proto kernel metric > 0 pref medium > -fe80::/64 dev r0_v00 table 10 proto kernel metric 256 pref medium > fe80::/64 dev r0_v01 table 10 proto kernel metric 256 pref medium > -ff00::/8 dev r0_v00 table 10 metric 256 pref medium > +fe80::/64 dev r0_v00 table 10 proto kernel metric 256 pref medium > ff00::/8 dev r0_v01 table 10 metric 256 pref medium > +ff00::/8 dev r0_v00 table 10 metric 256 pref medium > > With your patch does ping from both hosts work? Yes, it does. > What about all of the tests in > tools/testing/selftests/net/fcnal-test.sh? specifically curious about > the 'LLA to GUA' tests (link local to global). Perhaps those tests need > a second interface (e.g., a dummy) that is brought up first to cause the > ordering to be different. The script needs nettest to be in the path... Thanks, Stephen.
On 12/1/20 12:00 PM, Stephen Suryaputra wrote: > On Mon, Nov 30, 2020 at 06:15:06PM -0700, David Ahern wrote: >> On 11/23/20 5:23 PM, Stephen Suryaputra wrote: >>> Hi, >>> >>> I'm running into a problem with lladdr pinging all-host mcast all nodes >>> addr. The ping intially works but after cycling the interface that >>> receives the ping, the echo request packet causes a neigh solicitation >>> being sent on a different interface. >>> >>> To repro, I included the attached namespace scripts. This is the >>> topology and an output of my test. >>> >>> # +-------+ +----------+ +-------+ >>> # | h0 | | r0 | | h1 | >>> # | v00+-----+v00 v01+---+v10 | >>> # | | | | | | >>> # +-------+ +----------+ +-------+ >>> >> >> >> >> after setup, >> >> ip netns exec h0 ping -c 1 ff02::1%h0_v00 >> >> works, but >> >> ip netns exec h1 ping -c 1 ff02::1%h1_v10 >> >> does not. No surprise then that cycling v00 in r0 causes the reverse. >> The problem is the route order changes: >> >> root@ubuntu-c-2-4gib-sfo3-01:~# diff -U3 /tmp/1 /tmp/2 >> --- /tmp/1 2020-12-01 01:07:39.795361392 +0000 >> +++ /tmp/2 2020-12-01 01:07:51.991808848 +0000 >> @@ -1,6 +1,6 @@ >> local fe80::8466:b3ff:fecc:3a4f dev r0_v01 table 10 proto kernel metric >> 0 pref medium >> local fe80::b4ec:a8ff:fec3:33d9 dev r0_v00 table 10 proto kernel metric >> 0 pref medium >> -fe80::/64 dev r0_v00 table 10 proto kernel metric 256 pref medium >> fe80::/64 dev r0_v01 table 10 proto kernel metric 256 pref medium >> -ff00::/8 dev r0_v00 table 10 metric 256 pref medium >> +fe80::/64 dev r0_v00 table 10 proto kernel metric 256 pref medium >> ff00::/8 dev r0_v01 table 10 metric 256 pref medium >> +ff00::/8 dev r0_v00 table 10 metric 256 pref medium >> >> With your patch does ping from both hosts work? > > Yes, it does. > >> What about all of the tests in >> tools/testing/selftests/net/fcnal-test.sh? specifically curious about >> the 'LLA to GUA' tests (link local to global). Perhaps those tests need >> a second interface (e.g., a dummy) that is brought up first to cause the >> ordering to be different. > > The script needs nettest to be in the path... > nettest is in the same directory. Build it and then run the script - with your patch applied. We need to see if it affects existing tests.
On Tue, Dec 01, 2020 at 06:06:53PM -0700, David Ahern wrote: > >> > >> With your patch does ping from both hosts work? > > > > Yes, it does. > > > >> What about all of the tests in > >> tools/testing/selftests/net/fcnal-test.sh? specifically curious about > >> the 'LLA to GUA' tests (link local to global). Perhaps those tests need > >> a second interface (e.g., a dummy) that is brought up first to cause the > >> ordering to be different. > > > > The script needs nettest to be in the path... > > > > nettest is in the same directory. Build it and then run the script - > with your patch applied. We need to see if it affects existing tests. The tests in fcnal-test.sh passed. There are two failures that are expected, I think. Attached is the output. If you agree that my patch is the right solution, I can send the patch out for review. Thanks, Stephen. ########################################################################### IPv4 ping ########################################################################### ################################################################# No VRF SYSCTL: net.ipv4.raw_l3mdev_accept=0 TEST: ping out - ns-B IP [ OK ] TEST: ping out, device bind - ns-B IP [ OK ] TEST: ping out, address bind - ns-B IP [ OK ] TEST: ping out - ns-B loopback IP [ OK ] TEST: ping out, device bind - ns-B loopback IP [ OK ] TEST: ping out, address bind - ns-B loopback IP [ OK ] TEST: ping in - ns-A IP [ OK ] TEST: ping in - ns-A loopback IP [ OK ] TEST: ping local - ns-A IP [ OK ] TEST: ping local - ns-A loopback IP [ OK ] TEST: ping local - loopback [ OK ] TEST: ping local, device bind - ns-A IP [ OK ] TEST: ping local, device bind - ns-A loopback IP [ OK ] TEST: ping local, device bind - loopback [ OK ] TEST: ping out, blocked by rule - ns-B loopback IP [ OK ] TEST: ping in, blocked by rule - ns-A loopback IP [ OK ] TEST: ping out, blocked by route - ns-B loopback IP [ OK ] TEST: ping in, blocked by route - ns-A loopback IP [ OK ] TEST: ping out, unreachable default route - ns-B loopback IP [ OK ] SYSCTL: net.ipv4.raw_l3mdev_accept=1 TEST: ping out - ns-B IP [ OK ] TEST: ping out, device bind - ns-B IP [ OK ] TEST: ping out, address bind - ns-B IP [ OK ] TEST: ping out - ns-B loopback IP [ OK ] TEST: ping out, device bind - ns-B loopback IP [ OK ] TEST: ping out, address bind - ns-B loopback IP [ OK ] TEST: ping in - ns-A IP [ OK ] TEST: ping in - ns-A loopback IP [ OK ] TEST: ping local - ns-A IP [ OK ] TEST: ping local - ns-A loopback IP [ OK ] TEST: ping local - loopback [ OK ] TEST: ping local, device bind - ns-A IP [ OK ] TEST: ping local, device bind - ns-A loopback IP [ OK ] TEST: ping local, device bind - loopback [ OK ] TEST: ping out, blocked by rule - ns-B loopback IP [ OK ] TEST: ping in, blocked by rule - ns-A loopback IP [ OK ] TEST: ping out, blocked by route - ns-B loopback IP [ OK ] TEST: ping in, blocked by route - ns-A loopback IP [ OK ] TEST: ping out, unreachable default route - ns-B loopback IP [ OK ] ################################################################# With VRF SYSCTL: net.ipv4.raw_l3mdev_accept=1 TEST: ping out, VRF bind - ns-B IP [ OK ] TEST: ping out, device bind - ns-B IP [ OK ] TEST: ping out, vrf device + dev address bind - ns-B IP [ OK ] TEST: ping out, vrf device + vrf address bind - ns-B IP [ OK ] TEST: ping out, VRF bind - ns-B loopback IP [ OK ] TEST: ping out, device bind - ns-B loopback IP [ OK ] TEST: ping out, vrf device + dev address bind - ns-B loopback IP [ OK ] TEST: ping out, vrf device + vrf address bind - ns-B loopback IP [ OK ] TEST: ping in - ns-A IP [ OK ] TEST: ping in - VRF IP [ OK ] TEST: ping local, VRF bind - ns-A IP [ OK ] TEST: ping local, VRF bind - VRF IP [ OK ] TEST: ping local, VRF bind - loopback [ OK ] TEST: ping local, device bind - ns-A IP [ OK ] TEST: ping local, device bind - VRF IP [ OK ] TEST: ping local, device bind - loopback [ OK ] TEST: ping out, vrf bind, blocked by rule - ns-B loopback IP [ OK ] TEST: ping out, device bind, blocked by rule - ns-B loopback IP [ OK ] TEST: ping in, blocked by rule - ns-A loopback IP [ OK ] TEST: ping out, vrf bind, unreachable route - ns-B loopback IP [ OK ] TEST: ping out, device bind, unreachable route - ns-B loopback IP [ OK ] TEST: ping in, unreachable route - ns-A loopback IP [ OK ] ########################################################################### IPv4/TCP ########################################################################### ################################################################# No VRF ################################################################# tcp_l3mdev_accept disabled SYSCTL: net.ipv4.tcp_l3mdev_accept=0 TEST: Global server - ns-A IP [ OK ] TEST: Global server - ns-A loopback IP [ OK ] TEST: Device server - ns-A IP [ OK ] TEST: No server - ns-A IP [ OK ] TEST: No server - ns-A loopback IP [ OK ] TEST: Client - ns-B IP [ OK ] TEST: Client, device bind - ns-B IP [ OK ] TEST: No server, unbound client - ns-B IP [ OK ] TEST: No server, device client - ns-B IP [ OK ] TEST: Client - ns-B loopback IP [ OK ] TEST: Client, device bind - ns-B loopback IP [ OK ] TEST: No server, unbound client - ns-B loopback IP [ OK ] TEST: No server, device client - ns-B loopback IP [ OK ] TEST: Global server, local connection - ns-A IP [ OK ] TEST: Global server, local connection - ns-A loopback IP [ OK ] TEST: Global server, local connection - loopback [ OK ] TEST: Device server, unbound client, local connection - ns-A IP [ OK ] TEST: Device server, unbound client, local connection - ns-A loopback IP [ OK ] TEST: Device server, unbound client, local connection - loopback [ OK ] TEST: Global server, device client, local connection - ns-A IP [ OK ] TEST: Global server, device client, local connection - ns-A loopback IP [ OK ] TEST: Global server, device client, local connection - loopback [ OK ] TEST: Device server, device client, local connection - ns-A IP [ OK ] TEST: No server, device client, local conn - ns-A IP [ OK ] TEST: MD5: Single address config [ OK ] TEST: MD5: Server no config, client uses password [ OK ] TEST: MD5: Client uses wrong password [ OK ] TEST: MD5: Client address does not match address configured with password [ OK ] TEST: MD5: Prefix config [ OK ] TEST: MD5: Prefix config, client uses wrong password [ OK ] TEST: MD5: Prefix config, client address not in configured prefix [ OK ] ################################################################# tcp_l3mdev_accept enabled SYSCTL: net.ipv4.tcp_l3mdev_accept=1 TEST: Global server - ns-A IP [ OK ] TEST: Global server - ns-A loopback IP [ OK ] TEST: Device server - ns-A IP [ OK ] TEST: No server - ns-A IP [ OK ] TEST: No server - ns-A loopback IP [ OK ] TEST: Client - ns-B IP [ OK ] TEST: Client, device bind - ns-B IP [ OK ] TEST: No server, unbound client - ns-B IP [ OK ] TEST: No server, device client - ns-B IP [ OK ] TEST: Client - ns-B loopback IP [ OK ] TEST: Client, device bind - ns-B loopback IP [ OK ] TEST: No server, unbound client - ns-B loopback IP [ OK ] TEST: No server, device client - ns-B loopback IP [ OK ] TEST: Global server, local connection - ns-A IP [ OK ] TEST: Global server, local connection - ns-A loopback IP [ OK ] TEST: Global server, local connection - loopback [ OK ] TEST: Device server, unbound client, local connection - ns-A IP [ OK ] TEST: Device server, unbound client, local connection - ns-A loopback IP [ OK ] TEST: Device server, unbound client, local connection - loopback [ OK ] TEST: Global server, device client, local connection - ns-A IP [ OK ] TEST: Global server, device client, local connection - ns-A loopback IP [ OK ] TEST: Global server, device client, local connection - loopback [ OK ] TEST: Device server, device client, local connection - ns-A IP [ OK ] TEST: No server, device client, local conn - ns-A IP [ OK ] TEST: MD5: Single address config [ OK ] TEST: MD5: Server no config, client uses password [ OK ] TEST: MD5: Client uses wrong password [ OK ] TEST: MD5: Client address does not match address configured with password [ OK ] TEST: MD5: Prefix config [ OK ] TEST: MD5: Prefix config, client uses wrong password [ OK ] TEST: MD5: Prefix config, client address not in configured prefix [ OK ] ################################################################# With VRF ################################################################# Global server disabled SYSCTL: net.ipv4.tcp_l3mdev_accept=0 TEST: Global server - ns-A IP [ OK ] TEST: VRF server - ns-A IP [ OK ] TEST: Device server - ns-A IP [ OK ] TEST: No server - ns-A IP [ OK ] TEST: Global server - VRF IP [ OK ] TEST: VRF server - VRF IP [ OK ] TEST: Device server - VRF IP [ OK ] TEST: No server - VRF IP [ OK ] TEST: Global server, local connection - ns-A IP [ OK ] TEST: MD5: VRF: Single address config [ OK ] TEST: MD5: VRF: Server no config, client uses password [ OK ] TEST: MD5: VRF: Client uses wrong password [ OK ] TEST: MD5: VRF: Client address does not match address configured with password [ OK ] TEST: MD5: VRF: Prefix config [ OK ] TEST: MD5: VRF: Prefix config, client uses wrong password [ OK ] TEST: MD5: VRF: Prefix config, client address not in configured prefix [ OK ] TEST: MD5: VRF: Single address config in default VRF and VRF, conn in VRF [ OK ] TEST: MD5: VRF: Single address config in default VRF and VRF, conn in default VRF [ OK ] TEST: MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw [ OK ] TEST: MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw [ OK ] TEST: MD5: VRF: Prefix config in default VRF and VRF, conn in VRF [ OK ] TEST: MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF [ OK ] TEST: MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw [ OK ] TEST: MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw [ OK ] TEST: MD5: VRF: Device must be a VRF - single address [ OK ] TEST: MD5: VRF: Device must be a VRF - prefix [ OK ] ################################################################# VRF Global server enabled SYSCTL: net.ipv4.tcp_l3mdev_accept=1 TEST: Global server - ns-A IP [ OK ] TEST: VRF server - ns-A IP [ OK ] TEST: No server - ns-A IP [ OK ] TEST: Global server - VRF IP [ OK ] TEST: VRF server - VRF IP [ OK ] TEST: No server - VRF IP [ OK ] TEST: Device server - ns-A IP [ OK ] TEST: Global server, local connection - ns-A IP [ OK ] TEST: Global server, local connection - VRF IP [ OK ] TEST: Client, VRF bind - ns-B IP [ OK ] TEST: Client, device bind - ns-B IP [ OK ] TEST: No server, VRF client - ns-B IP [ OK ] TEST: No server, device client - ns-B IP [ OK ] TEST: Client, VRF bind - ns-B loopback IP [ OK ] TEST: Client, device bind - ns-B loopback IP [ OK ] TEST: No server, VRF client - ns-B loopback IP [ OK ] TEST: No server, device client - ns-B loopback IP [ OK ] TEST: VRF server, VRF client, local connection - ns-A IP [ OK ] TEST: VRF server, VRF client, local connection - VRF IP [ OK ] TEST: VRF server, VRF client, local connection - loopback [ OK ] TEST: VRF server, device client, local connection - ns-A IP [ OK ] TEST: VRF server, unbound client, local connection - ns-A IP [ OK ] TEST: Device server, VRF client, local connection - ns-A IP [ OK ] TEST: Device server, device client, local connection - ns-A IP [ OK ] ########################################################################### IPv4/UDP ########################################################################### ################################################################# No VRF ################################################################# udp_l3mdev_accept disabled SYSCTL: net.ipv4.udp_l3mdev_accept=0 TEST: Global server - ns-A IP [ OK ] TEST: No server - ns-A IP [ OK ] TEST: Global server - ns-A loopback IP [ OK ] TEST: No server - ns-A loopback IP [ OK ] TEST: Device server - ns-A IP [ OK ] TEST: Client - ns-B IP [ OK ] TEST: Client, device bind - ns-B IP [ OK ] TEST: Client, device send via cmsg - ns-B IP [ OK ] TEST: Client, device bind via IP_UNICAST_IF - ns-B IP [ OK ] TEST: No server, unbound client - ns-B IP [ OK ] TEST: No server, device client - ns-B IP [ OK ] TEST: Client - ns-B loopback IP [ OK ] TEST: Client, device bind - ns-B loopback IP [ OK ] TEST: Client, device send via cmsg - ns-B loopback IP [ OK ] TEST: Client, device bind via IP_UNICAST_IF - ns-B loopback IP [ OK ] TEST: No server, unbound client - ns-B loopback IP [ OK ] TEST: No server, device client - ns-B loopback IP [ OK ] TEST: Global server, local connection - ns-A IP [ OK ] TEST: Global server, local connection - ns-A loopback IP [ OK ] TEST: Global server, local connection - loopback [ OK ] TEST: Device server, unbound client, local connection - ns-A IP [ OK ] TEST: Device server, unbound client, local connection - ns-A loopback IP [ OK ] TEST: Device server, unbound client, local connection - loopback [ OK ] TEST: Global server, device client, local connection - ns-A IP [ OK ] TEST: Global server, device send via cmsg, local connection - ns-A IP [ OK ] TEST: Global server, device client via IP_UNICAST_IF, local connection - ns-A IP [ OK ] TEST: Global server, device client, local connection - ns-A loopback IP [ OK ] TEST: Global server, device send via cmsg, local connection - ns-A loopback IP [ OK ] TEST: Global server, device client via IP_UNICAST_IF, local connection - ns-A loopback IP [ OK ] TEST: Global server, device client, local connection - loopback [ OK ] TEST: Global server, device send via cmsg, local connection - loopback [ OK ] TEST: Global server, device client via IP_UNICAST_IF, local connection - loopback [ OK ] TEST: Device server, device client, local conn - ns-A IP [ OK ] TEST: No server, device client, local conn - ns-A IP [ OK ] ################################################################# udp_l3mdev_accept enabled SYSCTL: net.ipv4.udp_l3mdev_accept=1 TEST: Global server - ns-A IP [ OK ] TEST: No server - ns-A IP [ OK ] TEST: Global server - ns-A loopback IP [ OK ] TEST: No server - ns-A loopback IP [ OK ] TEST: Device server - ns-A IP [ OK ] TEST: Client - ns-B IP [ OK ] TEST: Client, device bind - ns-B IP [ OK ] TEST: Client, device send via cmsg - ns-B IP [ OK ] TEST: Client, device bind via IP_UNICAST_IF - ns-B IP [ OK ] TEST: No server, unbound client - ns-B IP [ OK ] TEST: No server, device client - ns-B IP [ OK ] TEST: Client - ns-B loopback IP [ OK ] TEST: Client, device bind - ns-B loopback IP [ OK ] TEST: Client, device send via cmsg - ns-B loopback IP [ OK ] TEST: Client, device bind via IP_UNICAST_IF - ns-B loopback IP [ OK ] TEST: No server, unbound client - ns-B loopback IP [ OK ] TEST: No server, device client - ns-B loopback IP [ OK ] TEST: Global server, local connection - ns-A IP [ OK ] TEST: Global server, local connection - ns-A loopback IP [ OK ] TEST: Global server, local connection - loopback [ OK ] TEST: Device server, unbound client, local connection - ns-A IP [ OK ] TEST: Device server, unbound client, local connection - ns-A loopback IP [ OK ] TEST: Device server, unbound client, local connection - loopback [ OK ] TEST: Global server, device client, local connection - ns-A IP [ OK ] TEST: Global server, device send via cmsg, local connection - ns-A IP [ OK ] TEST: Global server, device client via IP_UNICAST_IF, local connection - ns-A IP [ OK ] TEST: Global server, device client, local connection - ns-A loopback IP [ OK ] TEST: Global server, device send via cmsg, local connection - ns-A loopback IP [ OK ] TEST: Global server, device client via IP_UNICAST_IF, local connection - ns-A loopback IP [ OK ] TEST: Global server, device client, local connection - loopback [ OK ] TEST: Global server, device send via cmsg, local connection - loopback [ OK ] TEST: Global server, device client via IP_UNICAST_IF, local connection - loopback [ OK ] TEST: Device server, device client, local conn - ns-A IP [ OK ] TEST: No server, device client, local conn - ns-A IP [ OK ] ################################################################# With VRF ################################################################# Global server disabled SYSCTL: net.ipv4.udp_l3mdev_accept=0 TEST: Global server - ns-A IP [ OK ] TEST: VRF server - ns-A IP [ OK ] TEST: Enslaved device server - ns-A IP [ OK ] TEST: No server - ns-A IP [ OK ] TEST: Global server, VRF client, local connection - ns-A IP [ OK ] TEST: Global server - VRF IP [ OK ] TEST: VRF server - VRF IP [ OK ] TEST: Enslaved device server - VRF IP [ OK ] TEST: No server - VRF IP [ OK ] TEST: Global server, VRF client, local connection - VRF IP [ OK ] TEST: VRF server, VRF client, local conn - ns-A IP [ OK ] TEST: VRF server, enslaved device client, local connection - ns-A IP [ OK ] TEST: Enslaved device server, VRF client, local conn - ns-A IP [ OK ] TEST: Enslaved device server, device client, local conn - ns-A IP [ OK ] ################################################################# Global server enabled SYSCTL: net.ipv4.udp_l3mdev_accept=1 TEST: Global server - ns-A IP [ OK ] TEST: VRF server - ns-A IP [ OK ] TEST: Enslaved device server - ns-A IP [ OK ] TEST: No server - ns-A IP [ OK ] TEST: Global server - VRF IP [ OK ] TEST: VRF server - VRF IP [ OK ] TEST: Enslaved device server - VRF IP [ OK ] TEST: No server - VRF IP [ OK ] TEST: VRF client [ OK ] TEST: Enslaved device client [ OK ] TEST: No server, VRF client [ OK ] TEST: No server, enslaved device client [ OK ] TEST: Global server, VRF client, local conn - ns-A IP [ OK ] TEST: VRF server, VRF client, local conn - ns-A IP [ OK ] TEST: VRF server, device client, local conn - ns-A IP [ OK ] TEST: Enslaved device server, VRF client, local conn - ns-A IP [ OK ] TEST: Enslaved device server, device client, local conn - ns-A IP [ OK ] TEST: Global server, VRF client, local conn - VRF IP [ OK ] TEST: Global server, VRF client, local conn - loopback [ OK ] TEST: VRF server, VRF client, local conn - VRF IP [ OK ] TEST: VRF server, VRF client, local conn - loopback [ OK ] TEST: No server, VRF client, local conn - ns-A IP [ OK ] TEST: No server, VRF client, local conn - VRF IP [ OK ] TEST: No server, VRF client, local conn - loopback [ OK ] ########################################################################### Run time tests - ipv4 ########################################################################### TEST: Device delete with active traffic - ping in - ns-A IP [ OK ] TEST: Device delete with active traffic - ping in - VRF IP [ OK ] TEST: Device delete with active traffic - ping out - ns-B IP [ OK ] TEST: TCP active socket, global server - ns-A IP [ OK ] TEST: TCP active socket, global server - VRF IP [ OK ] TEST: TCP active socket, VRF server - ns-A IP [ OK ] TEST: TCP active socket, VRF server - VRF IP [ OK ] TEST: TCP active socket, enslaved device server - ns-A IP [ OK ] TEST: TCP active socket, VRF client - ns-A IP [ OK ] TEST: TCP active socket, enslaved device client - ns-A IP [ OK ] TEST: TCP active socket, global server, VRF client, local - ns-A IP [ OK ] TEST: TCP active socket, global server, VRF client, local - VRF IP [ OK ] TEST: TCP active socket, VRF server and client, local - ns-A IP [ OK ] TEST: TCP active socket, VRF server and client, local - VRF IP [ OK ] TEST: TCP active socket, global server, enslaved device client, local - ns-A IP [ OK ] TEST: TCP active socket, VRF server, enslaved device client, local - ns-A IP [ OK ] TEST: TCP active socket, enslaved device server and client, local - ns-A IP [ OK ] TEST: TCP passive socket, global server - ns-A IP [ OK ] TEST: TCP passive socket, global server - VRF IP [ OK ] TEST: TCP passive socket, VRF server - ns-A IP [ OK ] TEST: TCP passive socket, VRF server - VRF IP [ OK ] TEST: TCP passive socket, enslaved device server - ns-A IP [ OK ] TEST: TCP passive socket, VRF client - ns-A IP [ OK ] TEST: TCP passive socket, enslaved device client - ns-A IP [ OK ] TEST: TCP passive socket, global server, VRF client, local - ns-A IP [ OK ] TEST: TCP passive socket, global server, VRF client, local - VRF IP [ OK ] TEST: TCP passive socket, VRF server and client, local - ns-A IP [ OK ] TEST: TCP passive socket, VRF server and client, local - VRF IP [ OK ] TEST: TCP passive socket, global server, enslaved device client, local - ns-A IP [ OK ] TEST: TCP passive socket, VRF server, enslaved device client, local - ns-A IP [ OK ] TEST: TCP passive socket, enslaved device server and client, local - ns-A IP [ OK ] ########################################################################### IPv4 Netfilter ########################################################################### ################################################################# TCP reset TEST: Global server, reject with TCP-reset on Rx - ns-A IP [ OK ] TEST: Global server, reject with TCP-reset on Rx - VRF IP [ OK ] ################################################################# ICMP unreachable TEST: Global TCP server, Rx reject icmp-port-unreach - ns-A IP [ OK ] TEST: Global TCP server, Rx reject icmp-port-unreach - VRF IP [ OK ] TEST: Global UDP server, Rx reject icmp-port-unreach - ns-A IP [ OK ] TEST: Global UDP server, Rx reject icmp-port-unreach - VRF IP [ OK ] ########################################################################### IPv6 ping ########################################################################### ################################################################# No VRF SYSCTL: net.ipv4.raw_l3mdev_accept=0 TEST: ping out - ns-B IPv6 [ OK ] TEST: ping out - ns-B loopback IPv6 [ OK ] TEST: ping out - ns-B IPv6 LLA [ OK ] TEST: ping out - multicast IP [ OK ] TEST: ping out, device bind - ns-B IPv6 [ OK ] TEST: ping out, loopback address bind - ns-B IPv6 [ OK ] TEST: ping out, device bind - ns-B loopback IPv6 [ OK ] TEST: ping out, loopback address bind - ns-B loopback IPv6 [ OK ] TEST: ping in - ns-A IPv6 [ OK ] TEST: ping in - ns-A loopback IPv6 [ OK ] TEST: ping in - ns-A IPv6 LLA [ OK ] TEST: ping in - multicast IP [ OK ] TEST: ping local, no bind - ns-A IPv6 [ OK ] TEST: ping local, no bind - ns-A loopback IPv6 [ OK ] TEST: ping local, no bind - IPv6 loopback [ OK ] TEST: ping local, no bind - ns-A IPv6 LLA [ OK ] TEST: ping local, no bind - multicast IP [ OK ] TEST: ping local, device bind - ns-A IPv6 [ OK ] TEST: ping local, device bind - ns-A IPv6 LLA [ OK ] TEST: ping local, device bind - multicast IP [ OK ] TEST: ping local, device bind - ns-A loopback IPv6 [ OK ] TEST: ping local, device bind - IPv6 loopback [ OK ] TEST: ping out, blocked by rule - ns-B loopback IPv6 [ OK ] TEST: ping out, device bind, blocked by rule - ns-B loopback IPv6 [ OK ] TEST: ping in, blocked by rule - ns-A loopback IPv6 [ OK ] TEST: ping out, blocked by route - ns-B loopback IPv6 [ OK ] TEST: ping out, device bind, blocked by route - ns-B loopback IPv6 [ OK ] TEST: ping in, blocked by route - ns-A loopback IPv6 [ OK ] TEST: ping out, unreachable route - ns-B loopback IPv6 [ OK ] TEST: ping out, device bind, unreachable route - ns-B loopback IPv6 [ OK ] ################################################################# With VRF SYSCTL: net.ipv4.raw_l3mdev_accept=1 TEST: ping out, VRF bind - ns-B IPv6 [ OK ] TEST: ping out, VRF bind - ns-B loopback IPv6 [ OK ] TEST: ping out, VRF bind - ns-B IPv6 LLA [FAIL] TEST: ping out, VRF bind - multicast IP [FAIL] TEST: ping out, device bind - ns-B IPv6 [ OK ] TEST: ping out, device bind - ns-B loopback IPv6 [ OK ] TEST: ping out, device bind - ns-B IPv6 LLA [ OK ] TEST: ping out, device bind - multicast IP [ OK ] TEST: ping out, vrf device+address bind - ns-B IPv6 [ OK ] TEST: ping out, vrf device+address bind - ns-B loopback IPv6 [ OK ] TEST: ping out, vrf device+address bind - ns-B IPv6 LLA [ OK ] TEST: ping in - ns-A IPv6 [ OK ] TEST: ping in - VRF IPv6 [ OK ] TEST: ping in - ns-A IPv6 LLA [ OK ] TEST: ping in - multicast IP [ OK ] TEST: ping in - ns-A loopback IPv6 [ OK ] TEST: ping local, VRF bind - ns-A IPv6 [ OK ] TEST: ping local, VRF bind - VRF IPv6 [ OK ] TEST: ping local, VRF bind - IPv6 loopback [ OK ] TEST: ping local, device bind - ns-A IPv6 [ OK ] TEST: ping local, device bind - ns-A IPv6 LLA [ OK ] TEST: ping local, device bind - multicast IP [ OK ] TEST: ping in, LLA to GUA - ns-A IPv6 [ OK ] TEST: ping in, LLA to GUA - VRF IPv6 [ OK ] TEST: ping out, blocked by rule - ns-B loopback IPv6 [ OK ] TEST: ping out, device bind, blocked by rule - ns-B loopback IPv6 [ OK ] TEST: ping in, blocked by rule - ns-A loopback IPv6 [ OK ] TEST: ping out, unreachable route - ns-B loopback IPv6 [ OK ] TEST: ping out, device bind, unreachable route - ns-B loopback IPv6 [ OK ] TEST: ping in, unreachable route - ns-A loopback IPv6 [ OK ] ########################################################################### IPv6/TCP ########################################################################### ################################################################# No VRF ################################################################# tcp_l3mdev_accept disabled SYSCTL: net.ipv4.tcp_l3mdev_accept=0 TEST: Global server - ns-A IPv6 [ OK ] TEST: Global server - ns-A loopback IPv6 [ OK ] TEST: Global server - ns-A IPv6 LLA [ OK ] TEST: No server - ns-A IPv6 [ OK ] TEST: No server - ns-A loopback IPv6 [ OK ] TEST: No server - ns-A IPv6 LLA [ OK ] TEST: Client - ns-B IPv6 [ OK ] TEST: Client - ns-B loopback IPv6 [ OK ] TEST: Client - ns-B IPv6 LLA [ OK ] TEST: Client, device bind - ns-B IPv6 [ OK ] TEST: Client, device bind - ns-B loopback IPv6 [ OK ] TEST: Client, device bind - ns-B IPv6 LLA [ OK ] TEST: No server, device client - ns-B IPv6 [ OK ] TEST: No server, device client - ns-B loopback IPv6 [ OK ] TEST: No server, device client - ns-B IPv6 LLA [ OK ] TEST: Global server, local connection - ns-A IPv6 [ OK ] TEST: Global server, local connection - ns-A loopback IPv6 [ OK ] TEST: Global server, local connection - IPv6 loopback [ OK ] TEST: Device server, unbound client, local connection - ns-A IPv6 [ OK ] TEST: Device server, unbound client, local connection - ns-A loopback IPv6 [ OK ] TEST: Device server, unbound client, local connection - IPv6 loopback [ OK ] TEST: Global server, device client, local connection - ns-A IPv6 [ OK ] TEST: Global server, device client, local connection - ns-A loopback IPv6 [ OK ] TEST: Global server, device client, local connection - IPv6 loopback [ OK ] TEST: Device server, device client, local conn - ns-A IPv6 [ OK ] TEST: Device server, device client, local conn - ns-A IPv6 LLA [ OK ] TEST: No server, device client, local conn - ns-A IPv6 [ OK ] TEST: No server, device client, local conn - ns-A IPv6 LLA [ OK ] TEST: MD5: Single address config [ OK ] TEST: MD5: Server no config, client uses password [ OK ] TEST: MD5: Client uses wrong password [ OK ] TEST: MD5: Client address does not match address configured with password [ OK ] TEST: MD5: Prefix config [ OK ] TEST: MD5: Prefix config, client uses wrong password [ OK ] TEST: MD5: Prefix config, client address not in configured prefix [ OK ] ################################################################# tcp_l3mdev_accept enabled SYSCTL: net.ipv4.tcp_l3mdev_accept=1 TEST: Global server - ns-A IPv6 [ OK ] TEST: Global server - ns-A loopback IPv6 [ OK ] TEST: Global server - ns-A IPv6 LLA [ OK ] TEST: No server - ns-A IPv6 [ OK ] TEST: No server - ns-A loopback IPv6 [ OK ] TEST: No server - ns-A IPv6 LLA [ OK ] TEST: Client - ns-B IPv6 [ OK ] TEST: Client - ns-B loopback IPv6 [ OK ] TEST: Client - ns-B IPv6 LLA [ OK ] TEST: Client, device bind - ns-B IPv6 [ OK ] TEST: Client, device bind - ns-B loopback IPv6 [ OK ] TEST: Client, device bind - ns-B IPv6 LLA [ OK ] TEST: No server, device client - ns-B IPv6 [ OK ] TEST: No server, device client - ns-B loopback IPv6 [ OK ] TEST: No server, device client - ns-B IPv6 LLA [ OK ] TEST: Global server, local connection - ns-A IPv6 [ OK ] TEST: Global server, local connection - ns-A loopback IPv6 [ OK ] TEST: Global server, local connection - IPv6 loopback [ OK ] TEST: Device server, unbound client, local connection - ns-A IPv6 [ OK ] TEST: Device server, unbound client, local connection - ns-A loopback IPv6 [ OK ] TEST: Device server, unbound client, local connection - IPv6 loopback [ OK ] TEST: Global server, device client, local connection - ns-A IPv6 [ OK ] TEST: Global server, device client, local connection - ns-A loopback IPv6 [ OK ] TEST: Global server, device client, local connection - IPv6 loopback [ OK ] TEST: Device server, device client, local conn - ns-A IPv6 [ OK ] TEST: Device server, device client, local conn - ns-A IPv6 LLA [ OK ] TEST: No server, device client, local conn - ns-A IPv6 [ OK ] TEST: No server, device client, local conn - ns-A IPv6 LLA [ OK ] TEST: MD5: Single address config [ OK ] TEST: MD5: Server no config, client uses password [ OK ] TEST: MD5: Client uses wrong password [ OK ] TEST: MD5: Client address does not match address configured with password [ OK ] TEST: MD5: Prefix config [ OK ] TEST: MD5: Prefix config, client uses wrong password [ OK ] TEST: MD5: Prefix config, client address not in configured prefix [ OK ] ################################################################# With VRF ################################################################# Global server disabled SYSCTL: net.ipv4.tcp_l3mdev_accept=0 TEST: Global server - ns-A IPv6 [ OK ] TEST: Global server - VRF IPv6 [ OK ] TEST: Global server - ns-A IPv6 LLA [ OK ] TEST: VRF server - ns-A IPv6 [ OK ] TEST: VRF server - VRF IPv6 [ OK ] TEST: VRF server - ns-A IPv6 LLA [ OK ] TEST: Device server - ns-A IPv6 [ OK ] TEST: Device server - VRF IPv6 [ OK ] TEST: Device server - ns-A IPv6 LLA [ OK ] TEST: No server - ns-A IPv6 [ OK ] TEST: No server - VRF IPv6 [ OK ] TEST: No server - ns-A IPv6 LLA [ OK ] TEST: Global server, local connection - ns-A IPv6 [ OK ] TEST: MD5: VRF: Single address config [ OK ] TEST: MD5: VRF: Server no config, client uses password [ OK ] TEST: MD5: VRF: Client uses wrong password [ OK ] TEST: MD5: VRF: Client address does not match address configured with password [ OK ] TEST: MD5: VRF: Prefix config [ OK ] TEST: MD5: VRF: Prefix config, client uses wrong password [ OK ] TEST: MD5: VRF: Prefix config, client address not in configured prefix [ OK ] TEST: MD5: VRF: Single address config in default VRF and VRF, conn in VRF [ OK ] TEST: MD5: VRF: Single address config in default VRF and VRF, conn in default VRF [ OK ] TEST: MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw [ OK ] TEST: MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw [ OK ] TEST: MD5: VRF: Prefix config in default VRF and VRF, conn in VRF [ OK ] TEST: MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF [ OK ] TEST: MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw [ OK ] TEST: MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw [ OK ] TEST: MD5: VRF: Device must be a VRF - single address [ OK ] TEST: MD5: VRF: Device must be a VRF - prefix [ OK ] ################################################################# VRF Global server enabled SYSCTL: net.ipv4.tcp_l3mdev_accept=1 TEST: Global server - ns-A IPv6 [ OK ] TEST: Global server - VRF IPv6 [ OK ] TEST: VRF server - ns-A IPv6 [ OK ] TEST: VRF server - VRF IPv6 [ OK ] TEST: Global server - ns-A IPv6 LLA [ OK ] TEST: VRF server - ns-A IPv6 LLA [ OK ] TEST: Device server - ns-A IPv6 [ OK ] TEST: Device server - ns-A IPv6 LLA [ OK ] TEST: No server - ns-A IPv6 [ OK ] TEST: No server - VRF IPv6 [ OK ] TEST: No server - ns-A IPv6 LLA [ OK ] TEST: Global server, local connection - ns-A IPv6 [ OK ] TEST: Global server, local connection - VRF IPv6 [ OK ] TEST: Client, VRF bind - ns-B IPv6 [ OK ] TEST: Client, VRF bind - ns-B loopback IPv6 [ OK ] TEST: Client, VRF bind - ns-B IPv6 LLA [ OK ] TEST: Client, device bind - ns-B IPv6 [ OK ] TEST: Client, device bind - ns-B loopback IPv6 [ OK ] TEST: Client, device bind - ns-B IPv6 LLA [ OK ] TEST: No server, VRF client - ns-B IPv6 [ OK ] TEST: No server, VRF client - ns-B loopback IPv6 [ OK ] TEST: No server, device client - ns-B IPv6 [ OK ] TEST: No server, device client - ns-B loopback IPv6 [ OK ] TEST: No server, device client - ns-B IPv6 LLA [ OK ] TEST: VRF server, VRF client, local connection - ns-A IPv6 [ OK ] TEST: VRF server, VRF client, local connection - VRF IPv6 [ OK ] TEST: VRF server, VRF client, local connection - IPv6 loopback [ OK ] TEST: VRF server, device client, local connection - ns-A IPv6 [ OK ] TEST: VRF server, unbound client, local connection - ns-A IPv6 [ OK ] TEST: Device server, VRF client, local connection - ns-A IPv6 [ OK ] TEST: Device server, device client, local connection - ns-A IPv6 [ OK ] TEST: Device server, device client, local connection - ns-A IPv6 LLA [ OK ] SYSCTL: net.ipv4.udp_early_demux=1 ########################################################################### IPv6/UDP ########################################################################### ################################################################# No VRF ################################################################# udp_l3mdev_accept disabled SYSCTL: net.ipv4.udp_l3mdev_accept=0 TEST: Global server - ns-A IPv6 [ OK ] TEST: Device server - ns-A IPv6 [ OK ] TEST: Global server - ns-A IPv6 LLA [ OK ] TEST: Device server - ns-A IPv6 LLA [ OK ] TEST: Global server - ns-A loopback IPv6 [ OK ] TEST: No server - ns-A IPv6 [ OK ] TEST: No server - ns-A loopback IPv6 [ OK ] TEST: No server - ns-A IPv6 LLA [ OK ] TEST: Client - ns-B IPv6 [ OK ] TEST: Client, device bind - ns-B IPv6 [ OK ] TEST: Client, device send via cmsg - ns-B IPv6 [ OK ] TEST: Client, device bind via IPV6_UNICAST_IF - ns-B IPv6 [ OK ] TEST: No server, unbound client - ns-B IPv6 [ OK ] TEST: No server, device client - ns-B IPv6 [ OK ] TEST: Client - ns-B loopback IPv6 [ OK ] TEST: Client, device bind - ns-B loopback IPv6 [ OK ] TEST: Client, device send via cmsg - ns-B loopback IPv6 [ OK ] TEST: Client, device bind via IPV6_UNICAST_IF - ns-B loopback IPv6 [ OK ] TEST: No server, unbound client - ns-B loopback IPv6 [ OK ] TEST: No server, device client - ns-B loopback IPv6 [ OK ] TEST: Client - ns-B IPv6 LLA [ OK ] TEST: Client, device bind - ns-B IPv6 LLA [ OK ] TEST: Client, device send via cmsg - ns-B IPv6 LLA [ OK ] TEST: Client, device bind via IPV6_UNICAST_IF - ns-B IPv6 LLA [ OK ] TEST: No server, unbound client - ns-B IPv6 LLA [ OK ] TEST: No server, device client - ns-B IPv6 LLA [ OK ] TEST: Global server, local connection - ns-A IPv6 [ OK ] TEST: Global server, local connection - ns-A loopback IPv6 [ OK ] TEST: Global server, local connection - IPv6 loopback [ OK ] TEST: Device server, unbound client, local connection - ns-A IPv6 [ OK ] TEST: Device server, local connection - ns-A loopback IPv6 [ OK ] TEST: Device server, local connection - IPv6 loopback [ OK ] TEST: Global server, device client, local connection - ns-A IPv6 [ OK ] TEST: Global server, device send via cmsg, local connection - ns-A IPv6 [ OK ] TEST: Global server, device client via IPV6_UNICAST_IF, local connection - ns-A IPv6 [ OK ] TEST: Global server, device client, local connection - ns-A loopback IPv6 [ OK ] TEST: Global server, device send via cmsg, local connection - ns-A loopback IPv6 [ OK ] TEST: Global server, device client via IP_UNICAST_IF, local connection - ns-A loopback IPv6 [ OK ] TEST: Global server, device client, local connection - IPv6 loopback [ OK ] TEST: Global server, device send via cmsg, local connection - IPv6 loopback [ OK ] TEST: Global server, device client via IP_UNICAST_IF, local connection - IPv6 loopback [ OK ] TEST: Device server, device client, local conn - ns-A IPv6 [ OK ] TEST: No server, device client, local conn - ns-A IPv6 [ OK ] TEST: UDP in - LLA to GUA [ OK ] ################################################################# udp_l3mdev_accept enabled SYSCTL: net.ipv4.udp_l3mdev_accept=1 TEST: Global server - ns-A IPv6 [ OK ] TEST: Device server - ns-A IPv6 [ OK ] TEST: Global server - ns-A IPv6 LLA [ OK ] TEST: Device server - ns-A IPv6 LLA [ OK ] TEST: Global server - ns-A loopback IPv6 [ OK ] TEST: No server - ns-A IPv6 [ OK ] TEST: No server - ns-A loopback IPv6 [ OK ] TEST: No server - ns-A IPv6 LLA [ OK ] TEST: Client - ns-B IPv6 [ OK ] TEST: Client, device bind - ns-B IPv6 [ OK ] TEST: Client, device send via cmsg - ns-B IPv6 [ OK ] TEST: Client, device bind via IPV6_UNICAST_IF - ns-B IPv6 [ OK ] TEST: No server, unbound client - ns-B IPv6 [ OK ] TEST: No server, device client - ns-B IPv6 [ OK ] TEST: Client - ns-B loopback IPv6 [ OK ] TEST: Client, device bind - ns-B loopback IPv6 [ OK ] TEST: Client, device send via cmsg - ns-B loopback IPv6 [ OK ] TEST: Client, device bind via IPV6_UNICAST_IF - ns-B loopback IPv6 [ OK ] TEST: No server, unbound client - ns-B loopback IPv6 [ OK ] TEST: No server, device client - ns-B loopback IPv6 [ OK ] TEST: Client - ns-B IPv6 LLA [ OK ] TEST: Client, device bind - ns-B IPv6 LLA [ OK ] TEST: Client, device send via cmsg - ns-B IPv6 LLA [ OK ] TEST: Client, device bind via IPV6_UNICAST_IF - ns-B IPv6 LLA [ OK ] TEST: No server, unbound client - ns-B IPv6 LLA [ OK ] TEST: No server, device client - ns-B IPv6 LLA [ OK ] TEST: Global server, local connection - ns-A IPv6 [ OK ] TEST: Global server, local connection - ns-A loopback IPv6 [ OK ] TEST: Global server, local connection - IPv6 loopback [ OK ] TEST: Device server, unbound client, local connection - ns-A IPv6 [ OK ] TEST: Device server, local connection - ns-A loopback IPv6 [ OK ] TEST: Device server, local connection - IPv6 loopback [ OK ] TEST: Global server, device client, local connection - ns-A IPv6 [ OK ] TEST: Global server, device send via cmsg, local connection - ns-A IPv6 [ OK ] TEST: Global server, device client via IPV6_UNICAST_IF, local connection - ns-A IPv6 [ OK ] TEST: Global server, device client, local connection - ns-A loopback IPv6 [ OK ] TEST: Global server, device send via cmsg, local connection - ns-A loopback IPv6 [ OK ] TEST: Global server, device client via IP_UNICAST_IF, local connection - ns-A loopback IPv6 [ OK ] TEST: Global server, device client, local connection - IPv6 loopback [ OK ] TEST: Global server, device send via cmsg, local connection - IPv6 loopback [ OK ] TEST: Global server, device client via IP_UNICAST_IF, local connection - IPv6 loopback [ OK ] TEST: Device server, device client, local conn - ns-A IPv6 [ OK ] TEST: No server, device client, local conn - ns-A IPv6 [ OK ] TEST: UDP in - LLA to GUA [ OK ] ################################################################# With VRF ################################################################# Global server disabled SYSCTL: net.ipv4.udp_l3mdev_accept=0 TEST: Global server - ns-A IPv6 [ OK ] TEST: Global server - VRF IPv6 [ OK ] TEST: VRF server - ns-A IPv6 [ OK ] TEST: VRF server - VRF IPv6 [ OK ] TEST: Enslaved device server - ns-A IPv6 [ OK ] TEST: Enslaved device server - VRF IPv6 [ OK ] TEST: No server - ns-A IPv6 [ OK ] TEST: No server - VRF IPv6 [ OK ] TEST: Global server, VRF client, local conn - ns-A IPv6 [ OK ] TEST: Global server, VRF client, local conn - VRF IPv6 [ OK ] TEST: VRF server, VRF client, local conn - ns-A IPv6 [ OK ] TEST: VRF server, VRF client, local conn - VRF IPv6 [ OK ] TEST: Global server, device client, local conn - ns-A IPv6 [ OK ] TEST: VRF server, device client, local conn - ns-A IPv6 [ OK ] TEST: Enslaved device server, VRF client, local conn - ns-A IPv6 [ OK ] TEST: Enslaved device server, device client, local conn - ns-A IPv6 [ OK ] ################################################################# Global server enabled SYSCTL: net.ipv4.udp_l3mdev_accept=1 TEST: Global server - ns-A IPv6 [ OK ] TEST: Global server - VRF IPv6 [ OK ] TEST: VRF server - ns-A IPv6 [ OK ] TEST: VRF server - VRF IPv6 [ OK ] TEST: Enslaved device server - ns-A IPv6 [ OK ] TEST: Enslaved device server - VRF IPv6 [ OK ] TEST: No server - ns-A IPv6 [ OK ] TEST: No server - VRF IPv6 [ OK ] TEST: VRF client [ OK ] TEST: No server, VRF client [ OK ] TEST: Enslaved device client [ OK ] TEST: No server, enslaved device client [ OK ] TEST: Global server, VRF client, local conn - ns-A IPv6 [ OK ] TEST: VRF server, VRF client, local conn - ns-A IPv6 [ OK ] TEST: Global server, VRF client, local conn - VRF IPv6 [ OK ] TEST: VRF server, VRF client, local conn - VRF IPv6 [ OK ] TEST: No server, VRF client, local conn - ns-A IPv6 [ OK ] TEST: No server, VRF client, local conn - VRF IPv6 [ OK ] TEST: Global server, device client, local conn - ns-A IPv6 [ OK ] TEST: VRF server, device client, local conn - ns-A IPv6 [ OK ] TEST: Device server, VRF client, local conn - ns-A IPv6 [ OK ] TEST: Device server, device client, local conn - ns-A IPv6 [ OK ] TEST: No server, device client, local conn - ns-A IPv6 [ OK ] TEST: Global server, linklocal IP [ OK ] TEST: No server, linklocal IP [ OK ] TEST: Enslaved device client, linklocal IP [ OK ] TEST: No server, device client, peer linklocal IP [ OK ] TEST: Enslaved device client, local conn - linklocal IP [ OK ] TEST: No server, device client, local conn - linklocal IP [ OK ] TEST: UDP in - LLA to GUA [ OK ] ########################################################################### Run time tests - ipv6 ########################################################################### TEST: Device delete with active traffic - ping in - ns-A IPv6 [ OK ] TEST: Device delete with active traffic - ping out - ns-A IPv6 [ OK ] TEST: TCP active socket, global server - ns-A IPv6 [ OK ] TEST: TCP active socket, global server - VRF IPv6 [ OK ] TEST: TCP active socket, VRF server - ns-A IPv6 [ OK ] TEST: TCP active socket, VRF server - VRF IPv6 [ OK ] TEST: TCP active socket, enslaved device server - ns-A IPv6 [ OK ] TEST: TCP active socket, enslaved device server - VRF IPv6 [ OK ] TEST: TCP active socket, VRF client [ OK ] TEST: TCP active socket, enslaved device client [ OK ] TEST: TCP active socket, global server, VRF client - ns-A IPv6 [ OK ] TEST: TCP active socket, global server, VRF client - VRF IPv6 [ OK ] TEST: TCP active socket, VRF server and client - ns-A IPv6 [ OK ] TEST: TCP active socket, VRF server and client - VRF IPv6 [ OK ] TEST: TCP active socket, global server, device client - ns-A IPv6 [ OK ] TEST: TCP active socket, VRF server, device client - ns-A IPv6 [ OK ] TEST: TCP active socket, device server, device client - ns-A IPv6 [ OK ] TEST: TCP passive socket, global server - ns-A IPv6 [ OK ] TEST: TCP passive socket, global server - VRF IPv6 [ OK ] TEST: TCP passive socket, VRF server - ns-A IPv6 [ OK ] TEST: TCP passive socket, VRF server - VRF IPv6 [ OK ] TEST: TCP passive socket, enslaved device server - ns-A IPv6 [ OK ] TEST: TCP passive socket, enslaved device server - VRF IPv6 [ OK ] TEST: TCP passive socket, VRF client [ OK ] TEST: TCP passive socket, enslaved device client [ OK ] TEST: TCP passive socket, global server, VRF client - ns-A IPv6 [ OK ] TEST: TCP passive socket, global server, VRF client - VRF IPv6 [ OK ] TEST: TCP passive socket, VRF server and client - ns-A IPv6 [ OK ] TEST: TCP passive socket, VRF server and client - VRF IPv6 [ OK ] TEST: TCP passive socket, global server, device client - ns-A IPv6 [ OK ] TEST: TCP passive socket, VRF server, device client - ns-A IPv6 [ OK ] TEST: TCP passive socket, device server, device client - ns-A IPv6 [ OK ] TEST: UDP active socket, global server - ns-A IPv6 [ OK ] TEST: UDP active socket, global server - VRF IPv6 [ OK ] TEST: UDP active socket, VRF server - ns-A IPv6 [ OK ] TEST: UDP active socket, VRF server - VRF IPv6 [ OK ] TEST: UDP active socket, enslaved device server - ns-A IPv6 [ OK ] TEST: UDP active socket, enslaved device server - VRF IPv6 [ OK ] TEST: UDP active socket, VRF client [ OK ] TEST: UDP active socket, enslaved device client [ OK ] TEST: UDP active socket, global server, VRF client - ns-A IPv6 [ OK ] TEST: UDP active socket, global server, VRF client - VRF IPv6 [ OK ] TEST: UDP active socket, VRF server and client - ns-A IPv6 [ OK ] TEST: UDP active socket, VRF server and client - VRF IPv6 [ OK ] TEST: UDP active socket, global server, device client - ns-A IPv6 [ OK ] TEST: UDP active socket, VRF server, device client - ns-A IPv6 [ OK ] TEST: UDP active socket, device server, device client - ns-A IPv6 [ OK ] ########################################################################### IPv6 Netfilter ########################################################################### ################################################################# TCP reset TEST: Global server, reject with TCP-reset on Rx - ns-A IPv6 [ OK ] TEST: Global server, reject with TCP-reset on Rx - VRF IPv6 [ OK ] ################################################################# ICMP unreachable TEST: Global TCP server, Rx reject icmp-port-unreach - ns-A IPv6 [ OK ] TEST: Global TCP server, Rx reject icmp-port-unreach - VRF IPv6 [ OK ] TEST: Global UDP server, Rx reject icmp-port-unreach - ns-A IPv6 [ OK ] TEST: Global UDP server, Rx reject icmp-port-unreach - VRF IPv6 [ OK ] ########################################################################### Use cases ########################################################################### TEST: Bridge into VRF - IPv4 ping out [ OK ] TEST: Bridge into VRF - IPv6 ping out [ OK ] TEST: Bridge into VRF - IPv4 ping in [ OK ] TEST: Bridge into VRF - IPv6 ping in [ OK ] TEST: Bridge into VRF with br_netfilter - IPv4 ping out [ OK ] TEST: Bridge into VRF with br_netfilter - IPv6 ping out [ OK ] TEST: Bridge into VRF with br_netfilter - IPv4 ping in [ OK ] TEST: Bridge into VRF with br_netfilter - IPv6 ping in [ OK ] TEST: Bridge vlan into VRF - IPv4 ping out [ OK ] TEST: Bridge vlan into VRF - IPv6 ping out [ OK ] TEST: Bridge vlan into VRF - IPv4 ping in [ OK ] TEST: Bridge vlan into VRF - IPv6 ping in [ OK ] TEST: Bridge vlan into VRF with br_netfilter - IPv4 ping out [ OK ] TEST: Bridge vlan into VRF with br_netfilter - IPv6 ping out [ OK ] TEST: Bridge vlan into VRF - IPv4 ping in [ OK ] TEST: Bridge vlan into VRF - IPv6 ping in [ OK ] Tests passed: 708 Tests failed: 2
On 12/3/20 6:01 AM, Stephen Suryaputra wrote: > The tests in fcnal-test.sh passed. There are two failures that are > expected, I think. Attached is the output. I'll take a look at the failures. > > If you agree that my patch is the right solution, I can send the patch > out for review. I think so, just trying to understand why that change was not needed until now. Go ahead a send as a proper patch. Please add the commands for this use case to fcnal-test.sh. There is a catch-all 'use_cases' section. You can add it as a another one. Do the ping in both directions after initial configuration and again after cycling the netdev -- shows success after the route table re-ordering.
diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c index f2793ffde191..30f4e867fe5b 100644 --- a/drivers/net/vrf.c +++ b/drivers/net/vrf.c @@ -1315,11 +1315,14 @@ static struct sk_buff *vrf_ip6_rcv(struct net_device *vrf_dev, int orig_iif = skb->skb_iif; bool need_strict = rt6_need_strict(&ipv6_hdr(skb)->daddr); bool is_ndisc = ipv6_ndisc_frame(skb); + bool is_ll_src; /* loopback, multicast & non-ND link-local traffic; do not push through * packet taps again. Reset pkt_type for upper layers to process skb */ - if (skb->pkt_type == PACKET_LOOPBACK || (need_strict && !is_ndisc)) { + is_ll_src = ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL; + if (skb->pkt_type == PACKET_LOOPBACK || + (need_strict && !is_ndisc && !is_ll_src)) { skb->dev = vrf_dev; skb->skb_iif = vrf_dev->ifindex; IP6CB(skb)->flags |= IP6SKB_L3SLAVE;