From patchwork Tue Nov 17 13:04:01 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 325316 Delivered-To: patch@linaro.org Received: by 2002:a05:6e02:5ce:0:0:0:0 with SMTP id l14csp4173228ils; Tue, 17 Nov 2020 05:36:26 -0800 (PST) X-Google-Smtp-Source: ABdhPJwCOaP3i/+kKkCJnYc/h4SEvD+Uwib2oyX+LZhfqO30fC5rOH5lrg3USr8ZirpH+aHQmUgx X-Received: by 2002:a17:907:42cf:: with SMTP id nz23mr19671579ejb.138.1605620186660; Tue, 17 Nov 2020 05:36:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605620186; cv=none; d=google.com; s=arc-20160816; b=0vAyb7+xxHXamQ+IgPMF174rlFeBJx6f7ubj6kyPQGHa8VRalb+fjjtJyy+I41oh8s leV8yG9ZMAg+m27gVlgMlnK8HNZ86K4Kei8Te3c4nCANEkbEylxjj+8ia8KIHnUwRPLx A+qd9lQqzfv+52XeH17WB1D3qlD5ApyCsGjmVgWBEN1CFx/GgAwskATiuCR4GBrPtAG+ mMv3FajBMaw0EWSpI2XXffYHE2kpRez1+BcgXPXe6h+hCCHivn78en50aOJp4PLG7aQ1 WEr8+BfESVzVSx0fP4DhEgplRJmiXXwuGUsY6bANVLijZXcxU2AmJKDfELvRvNTbOeby lTTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=lnX9sfDcGhKWtfMEzY1/IkHBrgc2SbtuW6W2TbhIpqk=; b=Z4B99ss2PDRtx4xuYLyQg3cTr/5s7oQboL6hAH7pwuJLF6FbQS1GhTKMnYW782Sb+j m1xxjB/RziEjcsU+5ARIMaZ+aefo07BZ14hZ5pKN8hDK4VUWqL+I9fvAQotPr+lxHJlx MOn0DCavFpw0OO/6dpC1hiU+cMBcQzIZgZvybmVtjTe7VD8tkhuMGuQ6nbmwogFU/tAC 8NVoHLtMh9IXs9dTpNmavo36TaNxTnFaPJnJZ7xAeM0TLYgoFQsk9LKnS+0XeqHJt+gS FnBhw6gtOEvbn4iw3ev+aymdqj3k70Nk/4Pabnxf6rXM/sCF+rIa1HKZC2pgWHh4c/v2 n1vg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=wGIdAnk3; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q17si4861123ejj.426.2020.11.17.05.36.26; Tue, 17 Nov 2020 05:36:26 -0800 (PST) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=wGIdAnk3; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732210AbgKQNek (ORCPT + 14 others); Tue, 17 Nov 2020 08:34:40 -0500 Received: from mail.kernel.org ([198.145.29.99]:45100 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731678AbgKQNek (ORCPT ); Tue, 17 Nov 2020 08:34:40 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6A2A0207BC; Tue, 17 Nov 2020 13:34:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1605620080; bh=SmetXMGFYEULYqz7nCI0ATV54GEb+/W/qHALEN/M+zw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wGIdAnk3rIxCaMv/ivRqDV6oFUzfgs7aOZb3time7p9fEiRwdqyGkP+AZf0W4jevn 2rP0srkhj+7v6416T4mR+VbYh+F1SqW+PI+Itum8QugvzTBkSDjP/WUt2wF00SBuzB 6ie+9hc1JoAXRVaUONgTHryWX6U1W8kiaQIUbl5E= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Chen Minqiang , "Jason A. Donenfeld" , Pablo Neira Ayuso , Sasha Levin Subject: [PATCH 5.9 101/255] wireguard: selftests: check that route_me_harder packets use the right sk Date: Tue, 17 Nov 2020 14:04:01 +0100 Message-Id: <20201117122143.871387143@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201117122138.925150709@linuxfoundation.org> References: <20201117122138.925150709@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jason A. Donenfeld [ Upstream commit af8afcf1fdd5f365f70e2386c2d8c7a1abd853d7 ] If netfilter changes the packet mark, the packet is rerouted. The ip_route_me_harder family of functions fails to use the right sk, opting to instead use skb->sk, resulting in a routing loop when used with tunnels. With the next change fixing this issue in netfilter, test for the relevant condition inside our test suite, since wireguard was where the bug was discovered. Reported-by: Chen Minqiang Signed-off-by: Jason A. Donenfeld Signed-off-by: Pablo Neira Ayuso Signed-off-by: Sasha Levin --- tools/testing/selftests/wireguard/netns.sh | 8 ++++++++ tools/testing/selftests/wireguard/qemu/kernel.config | 2 ++ 2 files changed, 10 insertions(+) -- 2.27.0 diff --git a/tools/testing/selftests/wireguard/netns.sh b/tools/testing/selftests/wireguard/netns.sh index d77f4829f1e07..74c69b75f6f5a 100755 --- a/tools/testing/selftests/wireguard/netns.sh +++ b/tools/testing/selftests/wireguard/netns.sh @@ -316,6 +316,14 @@ pp sleep 3 n2 ping -W 1 -c 1 192.168.241.1 n1 wg set wg0 peer "$pub2" persistent-keepalive 0 +# Test that sk_bound_dev_if works +n1 ping -I wg0 -c 1 -W 1 192.168.241.2 +# What about when the mark changes and the packet must be rerouted? +n1 iptables -t mangle -I OUTPUT -j MARK --set-xmark 1 +n1 ping -c 1 -W 1 192.168.241.2 # First the boring case +n1 ping -I wg0 -c 1 -W 1 192.168.241.2 # Then the sk_bound_dev_if case +n1 iptables -t mangle -D OUTPUT -j MARK --set-xmark 1 + # Test that onion routing works, even when it loops n1 wg set wg0 peer "$pub3" allowed-ips 192.168.242.2/32 endpoint 192.168.241.2:5 ip1 addr add 192.168.242.1/24 dev wg0 diff --git a/tools/testing/selftests/wireguard/qemu/kernel.config b/tools/testing/selftests/wireguard/qemu/kernel.config index d531de13c95b0..4eecb432a66c1 100644 --- a/tools/testing/selftests/wireguard/qemu/kernel.config +++ b/tools/testing/selftests/wireguard/qemu/kernel.config @@ -18,10 +18,12 @@ CONFIG_NF_NAT=y CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_NAT=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MARK=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_NAT_IPV4=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_NAT=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y