Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp937966iog; Fri, 17 Jun 2022 18:07:26 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uQKSDJC92I5BHxwnTBJDZ/Ynf4MbFftcHwfiWmh9zL7oMSj1HYzZIpojr/P3yH2sFkf/xv X-Received: by 2002:a17:902:aa0c:b0:168:faa0:50a1 with SMTP id be12-20020a170902aa0c00b00168faa050a1mr12357582plb.57.1655514445969; Fri, 17 Jun 2022 18:07:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655514445; cv=none; d=google.com; s=arc-20160816; b=LhVscoO/jOvILmHkp89a8T0h6aeUEU82NugjXVnk2fowdumFciMEl/Ru+Hoi026Rg8 l73+83kbquAbMSrogpzANH6+HgWXux1qB7XL5fF9Mo8Q/x9xmljaaYaIFPZRlpg6SzB1 jzlEJuvkq6Bt+oUjyAU2RF4ckGylNeVH8+LkpbyZ3faly3T35eaQmK2FSAi5TsU7jBIK 2zE9fikhdYzKySY436fQsf0Asmsxc6DMbZ5GxDoruGQI8/0eshswvaMCXrJX2SGzkok8 w6DBzB651XPpORAX1Ziy65rZhqDF+mlNmUZ6fV5be/1ymWCwFRKELzQhKov2nrXh+VLo 8rkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=w3XRPD2VGgj+QCe0VZjvugwmbk04Ql3z8fKRRqGXkzc=; b=rwEzBOLRF7fSKjA9KyoxPBPTq4AiVBxk5Zj1KgMbaD/Q8RlfO9mRj6731ezkTBK3X3 R/Q1juZIMlw138OQa7POcosymgr3fbT9bozVezU6TaBqUSvergRjo4L9kFQfzNZqsh/3 GECgG5tKIc3i3UMOUX38Wv5o3Yb1E6O6S3DaHodTn9sF4A0LlTIz69QD3it63ipVOMtC ZOHACe+zNnxiKheqKnSRn4eQGnRENYqGSrkh+25XHPZennDDDs3V4P81QsekNE1iRN7W dRIO1wvJ/Trf93jIUW/87TDt6R4C9wt8O+JNntiyB2t4BpLN95NINa8ev0P/u8LBo38T 5yDw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s14-20020a056a0008ce00b005180f251cd5si8288194pfu.184.2022.06.17.18.07.14; Fri, 17 Jun 2022 18:07:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1383721AbiFRAfa (ORCPT + 99 others); Fri, 17 Jun 2022 20:35:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55600 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231921AbiFRAf2 (ORCPT ); Fri, 17 Jun 2022 20:35:28 -0400 Received: from relay12.mail.gandi.net (relay12.mail.gandi.net [IPv6:2001:4b98:dc4:8::232]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 207BD65D28; Fri, 17 Jun 2022 17:35:26 -0700 (PDT) Received: (Authenticated sender: pbl@bestov.io) by mail.gandi.net (Postfix) with ESMTPSA id C5E45200004; Sat, 18 Jun 2022 00:35:20 +0000 (UTC) From: Riccardo Paolo Bestetti To: patchwork-bot+netdevbpf@kernel.org, "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Shuah Khan Cc: cmllamas@google.com, dsahern@kernel.org, kernel-team@android.com, linmiaohe@huawei.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, pbl@bestov.io, yoshfuji@linux-ipv6.org, linux-kselftest@vger.kernel.org Subject: [RFC PATCH net] ipv4: fix bind address validity regression tests Date: Sat, 18 Jun 2022 01:46:49 +0200 Message-Id: <20220617234647.24309-1-pbl@bestov.io> X-Mailer: git-send-email 2.36.1 In-Reply-To: CKSU5Q2M1IE3.39AS0HDHTZPN@enhorning References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit 8ff978b8b222 ("ipv4/raw: support binding to nonlocal addresses") introduced support for binding to nonlocal addresses, as well as some basic test coverage for some of the cases. Commit b4a028c4d031 ("ipv4: ping: fix bind address validity check") fixes a regression which incorrectly removed some checks for bind address validation. In addition, it introduces regression tests for those specific checks. However, those regression tests are defective, in that they perform the tests using an incorrect combination of bind flags. As a result, those tests fail when they should succeed. This commit introduces additional regression tests for nonlocal binding and fixes the defective regression tests. PLEASE NOTE THAT THIS PATCH SHOULD NOT BE APPLIED AS-IS. The ICMP broadcast and multicast regression tests succeed, but they do so while returning the wrong error status. In particular, it isn't the bind that fails, but the socket creation. This is /not/ correct, and it must be investigated to have proper regression testing. Other instances where this happens are: 1) if the broadcast/multicast addresses are replace with an allowed (e.g. local) address (bind should work, but socket is never created in the first place); 2) the commented out tests (nonlocal bind should work but ditto.) Additionally, please note that when the test cases are manually (i.e. without the network namespace setup from fcnal-test.sh) ran, the expected/correct outcome is observed. The reason I'm submitting this patch for comments, is that I'm failing to understand where the issue lies. (Disclamer: might be something stupid/trivial that I'm plainly missing due to tunnel vision.) Signed-off-by: Riccardo Paolo Bestetti --- tools/testing/selftests/net/fcnal-test.sh | 36 +++++++++++++++++------ 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 75223b63e3c8..778288539879 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -1800,24 +1800,33 @@ ipv4_addr_bind_novrf() done # - # raw socket with nonlocal bind + # tests for nonlocal bind # a=${NL_IP} log_start - run_cmd nettest -s -R -P icmp -f -l ${a} -I ${NSA_DEV} -b - log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after device bind" + run_cmd nettest -s -R -f -l ${a} -b + log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address" + + log_start + run_cmd nettest -s -f -l ${a} -b + log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address" + + # currently fails with ACCES + #log_start + #run_cmd nettest -s -D -P icmp -f -l ${a} -b + #log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address" # # check that ICMP sockets cannot bind to broadcast and multicast addresses # a=${BCAST_IP} log_start - run_cmd nettest -s -R -P icmp -l ${a} -b + run_cmd nettest -s -D -P icmp -l ${a} -b log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address" a=${MCAST_IP} log_start - run_cmd nettest -s -R -P icmp -f -l ${a} -b + run_cmd nettest -s -D -P icmp -l ${a} -b log_test_addr ${a} $? 1 "ICMP socket bind to multicast address" # @@ -1870,24 +1879,33 @@ ipv4_addr_bind_vrf() log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind" # - # raw socket with nonlocal bind + # tests for nonlocal bind # a=${NL_IP} log_start - run_cmd nettest -s -R -P icmp -f -l ${a} -I ${VRF} -b + run_cmd nettest -s -R -f -l ${a} -I ${VRF} -b log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind" + log_start + run_cmd nettest -s -f -l ${a} -I ${VRF} -b + log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address after VRF bind" + + # currently fails with ACCES + #log_start + #run_cmd nettest -s -D -P icmp -f -l ${a} -I ${VRF} -b + #log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address after VRF bind" + # # check that ICMP sockets cannot bind to broadcast and multicast addresses # a=${BCAST_IP} log_start - run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b + run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address after VRF bind" a=${MCAST_IP} log_start - run_cmd nettest -s -R -P icmp -f -l ${a} -I ${VRF} -b + run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b log_test_addr ${a} $? 1 "ICMP socket bind to multicast address after VRF bind" # -- 2.36.1