Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp4401990pxb; Mon, 21 Feb 2022 20:24:17 -0800 (PST) X-Google-Smtp-Source: ABdhPJzeXXTFovxTM6gEIOYjS6d1KyEdN7SZOc6P91ZmrqBqonlQzkFoYm0MRVEQqIjJvaeFdNWN X-Received: by 2002:a17:902:bd06:b0:14f:500:cb50 with SMTP id p6-20020a170902bd0600b0014f0500cb50mr21545158pls.36.1645503857274; Mon, 21 Feb 2022 20:24:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645503857; cv=none; d=google.com; s=arc-20160816; b=FQxapLsbuUZcQiny5HmkUvVF+B9NMq9clKNFs99E3riOFzZfdKnk0lQcBOfBIwyhoG ev529b/M4a7ZU6ksvJ77oAVPFZSEZ5zJDPa3wzPt/r2IM3QB2YLMDmTNzdn6DGv0DeJj 99o/oeHPhNvg05euFbfQn6a9AL9nq6zg81h80AzjiYrdaBAUaH0KCV5FjH+upsZp1uKo 81lVaWBHq3RGacH7q5D6SCglM7Rw0MwHznaBbdrgnRdDE391VDifkp6e3LVvaHNrIq5j ZYtsMzN2sUAAmW7xc0R61Yg3P0JcTg8hYN+TxRyCKjJJeW2pu4d2M6XByIbynyZNiLYl xigw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=bA7Ubjfu9yhBnxJFxfFqI5pHP4jJDt1l6RCS36hVwY0=; b=yhtmkjBrGOPBgGgKE2Y4bb2DPxajp4Z+XAsHRRwtTFyvOl1GxQp0KJXoWgBPCd2Qak bOa/TubPrfZPJmf/67hHEvfwCTj+okJ2YJwymmnOqHHSZ5kZ13Nr6m0C0zDbN6ubpnmH RcPV+TM+sH1UDK5bsdiHKvg8pDG50GYSxkd32g1qyc0F3joBDfRtTG7rZ34mO0o3QNUO Sl1EnIQHLtnNO8HZNFvDgkDWGkZSuemQYCo+N0Ocyz3oWSZVdqCK52dyB7d7W4Lyd8+6 tDxv/5KUuzTGxiAdwkiqvmhRnlEsoATn3q7kFmwOWPbLB+Dw7Omo663eBy4jrdn/K2KV Mm3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="teak/tgj"; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id f12si32705830plg.294.2022.02.21.20.24.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Feb 2022 20:24:17 -0800 (PST) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="teak/tgj"; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 2FD258C7DF; Mon, 21 Feb 2022 20:19:11 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352795AbiBUJ4s (ORCPT + 99 others); Mon, 21 Feb 2022 04:56:48 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:43542 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352887AbiBUJsA (ORCPT ); Mon, 21 Feb 2022 04:48:00 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 44CE6193EC; Mon, 21 Feb 2022 01:20:59 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D4659608C4; Mon, 21 Feb 2022 09:20:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B8152C340E9; Mon, 21 Feb 2022 09:20:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1645435258; bh=bN043WedEhBYdSu+Ret7cNF7R/i2stufqlZsoE2K6Es=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=teak/tgj4gnJFFmOuILb/GUQNQXIw0/Ealqsu06K4E6zZgE2juWcJqnW16nIgtkGA K2hn5DmHQNNTTyh9VjWj89iGMX2tI/L43I9xPWzkt32zchSvapHCklUA5bYwZffJBu NIoJ4leV38dQSCyXPpU7fRpCtz0y+eAop2ksECjg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Yi Chen , Hangbin Liu , Pablo Neira Ayuso Subject: [PATCH 5.16 100/227] selftests: netfilter: disable rp_filter on router Date: Mon, 21 Feb 2022 09:48:39 +0100 Message-Id: <20220221084938.206979851@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220221084934.836145070@linuxfoundation.org> References: <20220221084934.836145070@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Hangbin Liu commit bbe4c0896d25009a7c86285d2ab024eed4374eea upstream. Some distros may enable rp_filter by default. After ns1 change addr to 10.0.2.99 and set default router to 10.0.2.1, while the connected router address is still 10.0.1.1. The router will not reply the arp request from ns1. Fix it by setting the router's veth0 rp_filter to 0. Before the fix: # ./nft_fib.sh PASS: fib expression did not cause unwanted packet drops Netns nsrouter-HQkDORO2 fib counter doesn't match expected packet count of 1 for 1.1.1.1 table inet filter { chain prerouting { type filter hook prerouting priority filter; policy accept; ip daddr 1.1.1.1 fib saddr . iif oif missing counter packets 0 bytes 0 drop ip6 daddr 1c3::c01d fib saddr . iif oif missing counter packets 0 bytes 0 drop } } After the fix: # ./nft_fib.sh PASS: fib expression did not cause unwanted packet drops PASS: fib expression did drop packets for 1.1.1.1 PASS: fib expression did drop packets for 1c3::c01d Fixes: 82944421243e ("selftests: netfilter: add fib test case") Signed-off-by: Yi Chen Signed-off-by: Hangbin Liu Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman --- tools/testing/selftests/netfilter/nft_fib.sh | 1 + 1 file changed, 1 insertion(+) --- a/tools/testing/selftests/netfilter/nft_fib.sh +++ b/tools/testing/selftests/netfilter/nft_fib.sh @@ -174,6 +174,7 @@ test_ping() { ip netns exec ${nsrouter} sysctl net.ipv6.conf.all.forwarding=1 > /dev/null ip netns exec ${nsrouter} sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null ip netns exec ${nsrouter} sysctl net.ipv4.conf.veth1.forwarding=1 > /dev/null +ip netns exec ${nsrouter} sysctl net.ipv4.conf.veth0.rp_filter=0 > /dev/null sleep 3