| Message ID | 20210525121507.6602-1-liuhangbin@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [net] selftests/wireguard: make sure rp_filter disabled on vethc | expand |
Hi Hangbin, Thanks. I've queued this up in my tree and will send it out on the next wireguard push. Jason
On Tue, May 25, 2021 at 8:19 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote: > > Hi Hangbin, > > Thanks. I've queued this up in my tree and will send it out on the > next wireguard push. Hi Jason, I have a question about the wg-quick(8)-style policy routing test. ip1 -6 addr add fc00::9/96 dev vethc ip1 -6 route add default via fc00::1 ^^ Here why we add a default route via none exist address? ip2 -4 addr add 192.168.99.7/32 dev wg0 ip2 -6 addr add abab::1111/128 dev wg0 Thanks Hangbin
Hi Hangbin, fc00::1 lives inside of fc00::9/96. Thanks, Jason
On Wed, May 26, 2021 at 04:38:09PM +0200, Jason A. Donenfeld wrote: > Hi Hangbin, > > fc00::1 lives inside of fc00::9/96. Yes, I know fc00::1 belongs to fc00::9/96 subnet. I just don't understand why we need to add a default v6 route for vethc, while the default route address fc00::1 is not configured on any device. This step looks useless for me. Thanks Hangbin
On Tue, May 25, 2021 at 2:15 PM Hangbin Liu <liuhangbin@gmail.com> wrote: > > Some distros may enable strict rp_filter by default, which will previent > vethc receive the packets with unrouteable reverse path address. > > Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> > --- > tools/testing/selftests/wireguard/netns.sh | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/tools/testing/selftests/wireguard/netns.sh b/tools/testing/selftests/wireguard/netns.sh > index 7ed7cd95e58f..37b12f642254 100755 > --- a/tools/testing/selftests/wireguard/netns.sh > +++ b/tools/testing/selftests/wireguard/netns.sh > @@ -363,6 +363,7 @@ ip1 -6 rule add table main suppress_prefixlength 0 > ip1 -4 route add default dev wg0 table 51820 > ip1 -4 rule add not fwmark 51820 table 51820 > ip1 -4 rule add table main suppress_prefixlength 0 > +n1 sysctl -w net.ipv4.conf.vethc.rp_filter=0 The VM does not ship with sysctl, and you'll notice that other changes go through /proc directly. Since it's a trivial change, I'll rewrite your commit. Jason
On Mon, May 31, 2021 at 8:39 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote: > > +n1 sysctl -w net.ipv4.conf.vethc.rp_filter=0 > > The VM does not ship with sysctl, and you'll notice that other changes > go through /proc directly. Since it's a trivial change, I'll rewrite > your commit. Sorry to make this trouble. I saw other selftests also using sysctl, so I didn't realize some VM may not have sysctl installed. Thanks for your fix. Hangbin
diff --git a/tools/testing/selftests/wireguard/netns.sh b/tools/testing/selftests/wireguard/netns.sh index 7ed7cd95e58f..37b12f642254 100755 --- a/tools/testing/selftests/wireguard/netns.sh +++ b/tools/testing/selftests/wireguard/netns.sh @@ -363,6 +363,7 @@ ip1 -6 rule add table main suppress_prefixlength 0 ip1 -4 route add default dev wg0 table 51820 ip1 -4 rule add not fwmark 51820 table 51820 ip1 -4 rule add table main suppress_prefixlength 0 +n1 sysctl -w net.ipv4.conf.vethc.rp_filter=0 # Flood the pings instead of sending just one, to trigger routing table reference counting bugs. n1 ping -W 1 -c 100 -f 192.168.99.7 n1 ping -W 1 -c 100 -f abab::1111
Some distros may enable strict rp_filter by default, which will previent vethc receive the packets with unrouteable reverse path address. Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> --- tools/testing/selftests/wireguard/netns.sh | 1 + 1 file changed, 1 insertion(+)