selftests/net: ipv6 flowlabel · tjh.dev/kernel@3fb321f

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

selftests/net: ipv6 flowlabel

Test the IPv6 flowlabel control and datapath interfaces:

Acquire and release the right to use flowlabels with socket option
IPV6_FLOWLABEL_MGR.

Then configure flowlabels on send and read them on recv with cmsg
IPV6_FLOWINFO. Also verify auto-flowlabel if not explicitly set.

This helped identify the issue fixed in commit 95c169251bf73 ("ipv6:
invert flowlabel sharing check in process and user mode")

Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Willem de Bruijn and committed by

David S. Miller 6 years ago 3fb321fd cbe9e835

+453 -2

5 changed files

expand all

tools

testing

selftests

net

.gitignore

Makefile

ipv6_flowlabel.c

ipv6_flowlabel.sh

ipv6_flowlabel_mgr.c

tools/testing/selftests/net/.gitignore

··· 18 18 txring_overwrite 19 19 ip_defrag 20 20 so_txtime 21 + flowlabel 22 + flowlabel_mgr

+2 -2

tools/testing/selftests/net/Makefile

··· 9 9 TEST_PROGS += fib_tests.sh fib-onlink-tests.sh pmtu.sh udpgso.sh ip_defrag.sh 10 10 TEST_PROGS += udpgso_bench.sh fib_rule_tests.sh msg_zerocopy.sh psock_snd.sh 11 11 TEST_PROGS += udpgro_bench.sh udpgro.sh test_vxlan_under_vrf.sh reuseport_addr_any.sh 12 - TEST_PROGS += test_vxlan_fdb_changelink.sh so_txtime.sh 12 + TEST_PROGS += test_vxlan_fdb_changelink.sh so_txtime.sh ipv6_flowlabel.sh 13 13 TEST_PROGS_EXTENDED := in_netns.sh 14 14 TEST_GEN_FILES = socket 15 15 TEST_GEN_FILES += psock_fanout psock_tpacket msg_zerocopy reuseport_addr_any 16 16 TEST_GEN_FILES += tcp_mmap tcp_inq psock_snd txring_overwrite 17 17 TEST_GEN_FILES += udpgso udpgso_bench_tx udpgso_bench_rx ip_defrag 18 - TEST_GEN_FILES += so_txtime 18 + TEST_GEN_FILES += so_txtime ipv6_flowlabel ipv6_flowlabel_mgr 19 19 TEST_GEN_PROGS = reuseport_bpf reuseport_bpf_cpu reuseport_bpf_numa 20 20 TEST_GEN_PROGS += reuseport_dualstack reuseaddr_conflict tls 21 21

+229

tools/testing/selftests/net/ipv6_flowlabel.c

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + /* Test IPV6_FLOWINFO cmsg on send and recv */ 3 + 4 + #define _GNU_SOURCE 5 + 6 + #include <arpa/inet.h> 7 + #include <asm/byteorder.h> 8 + #include <error.h> 9 + #include <errno.h> 10 + #include <fcntl.h> 11 + #include <limits.h> 12 + #include <linux/in6.h> 13 + #include <stdbool.h> 14 + #include <stdio.h> 15 + #include <stdint.h> 16 + #include <stdlib.h> 17 + #include <string.h> 18 + #include <sys/socket.h> 19 + #include <sys/stat.h> 20 + #include <sys/time.h> 21 + #include <sys/types.h> 22 + #include <unistd.h> 23 + 24 + /* uapi/glibc weirdness may leave this undefined */ 25 + #ifndef IPV6_FLOWINFO 26 + #define IPV6_FLOWINFO 11 27 + #endif 28 + 29 + #ifndef IPV6_FLOWLABEL_MGR 30 + #define IPV6_FLOWLABEL_MGR 32 31 + #endif 32 + 33 + #define FLOWLABEL_WILDCARD ((uint32_t) -1) 34 + 35 + static const char cfg_data[] = "a"; 36 + static uint32_t cfg_label = 1; 37 + 38 + static void do_send(int fd, bool with_flowlabel, uint32_t flowlabel) 39 + { 40 + char control[CMSG_SPACE(sizeof(flowlabel))] = {0}; 41 + struct msghdr msg = {0}; 42 + struct iovec iov = {0}; 43 + int ret; 44 + 45 + iov.iov_base = (char *)cfg_data; 46 + iov.iov_len = sizeof(cfg_data); 47 + 48 + msg.msg_iov = &iov; 49 + msg.msg_iovlen = 1; 50 + 51 + if (with_flowlabel) { 52 + struct cmsghdr *cm; 53 + 54 + cm = (void *)control; 55 + cm->cmsg_len = CMSG_LEN(sizeof(flowlabel)); 56 + cm->cmsg_level = SOL_IPV6; 57 + cm->cmsg_type = IPV6_FLOWINFO; 58 + *(uint32_t *)CMSG_DATA(cm) = htonl(flowlabel); 59 + 60 + msg.msg_control = control; 61 + msg.msg_controllen = sizeof(control); 62 + } 63 + 64 + ret = sendmsg(fd, &msg, 0); 65 + if (ret == -1) 66 + error(1, errno, "send"); 67 + 68 + if (with_flowlabel) 69 + fprintf(stderr, "sent with label %u\n", flowlabel); 70 + else 71 + fprintf(stderr, "sent without label\n"); 72 + } 73 + 74 + static void do_recv(int fd, bool with_flowlabel, uint32_t expect) 75 + { 76 + char control[CMSG_SPACE(sizeof(expect))]; 77 + char data[sizeof(cfg_data)]; 78 + struct msghdr msg = {0}; 79 + struct iovec iov = {0}; 80 + struct cmsghdr *cm; 81 + uint32_t flowlabel; 82 + int ret; 83 + 84 + iov.iov_base = data; 85 + iov.iov_len = sizeof(data); 86 + 87 + msg.msg_iov = &iov; 88 + msg.msg_iovlen = 1; 89 + 90 + memset(control, 0, sizeof(control)); 91 + msg.msg_control = control; 92 + msg.msg_controllen = sizeof(control); 93 + 94 + ret = recvmsg(fd, &msg, 0); 95 + if (ret == -1) 96 + error(1, errno, "recv"); 97 + if (msg.msg_flags & (MSG_TRUNC | MSG_CTRUNC)) 98 + error(1, 0, "recv: truncated"); 99 + if (ret != sizeof(cfg_data)) 100 + error(1, 0, "recv: length mismatch"); 101 + if (memcmp(data, cfg_data, sizeof(data))) 102 + error(1, 0, "recv: data mismatch"); 103 + 104 + cm = CMSG_FIRSTHDR(&msg); 105 + if (with_flowlabel) { 106 + if (!cm) 107 + error(1, 0, "recv: missing cmsg"); 108 + if (CMSG_NXTHDR(&msg, cm)) 109 + error(1, 0, "recv: too many cmsg"); 110 + if (cm->cmsg_level != SOL_IPV6 || 111 + cm->cmsg_type != IPV6_FLOWINFO) 112 + error(1, 0, "recv: unexpected cmsg level or type"); 113 + 114 + flowlabel = ntohl(*(uint32_t *)CMSG_DATA(cm)); 115 + fprintf(stderr, "recv with label %u\n", flowlabel); 116 + 117 + if (expect != FLOWLABEL_WILDCARD && expect != flowlabel) 118 + fprintf(stderr, "recv: incorrect flowlabel %u != %u\n", 119 + flowlabel, expect); 120 + 121 + } else { 122 + fprintf(stderr, "recv without label\n"); 123 + } 124 + } 125 + 126 + static bool get_autoflowlabel_enabled(void) 127 + { 128 + int fd, ret; 129 + char val; 130 + 131 + fd = open("/proc/sys/net/ipv6/auto_flowlabels", O_RDONLY); 132 + if (fd == -1) 133 + error(1, errno, "open sysctl"); 134 + 135 + ret = read(fd, &val, 1); 136 + if (ret == -1) 137 + error(1, errno, "read sysctl"); 138 + if (ret == 0) 139 + error(1, 0, "read sysctl: 0"); 140 + 141 + if (close(fd)) 142 + error(1, errno, "close sysctl"); 143 + 144 + return val == '1'; 145 + } 146 + 147 + static void flowlabel_get(int fd, uint32_t label, uint8_t share, uint16_t flags) 148 + { 149 + struct in6_flowlabel_req req = { 150 + .flr_action = IPV6_FL_A_GET, 151 + .flr_label = htonl(label), 152 + .flr_flags = flags, 153 + .flr_share = share, 154 + }; 155 + 156 + /* do not pass IPV6_ADDR_ANY or IPV6_ADDR_MAPPED */ 157 + req.flr_dst.s6_addr[0] = 0xfd; 158 + req.flr_dst.s6_addr[15] = 0x1; 159 + 160 + if (setsockopt(fd, SOL_IPV6, IPV6_FLOWLABEL_MGR, &req, sizeof(req))) 161 + error(1, errno, "setsockopt flowlabel get"); 162 + } 163 + 164 + static void parse_opts(int argc, char **argv) 165 + { 166 + int c; 167 + 168 + while ((c = getopt(argc, argv, "l:")) != -1) { 169 + switch (c) { 170 + case 'l': 171 + cfg_label = strtoul(optarg, NULL, 0); 172 + break; 173 + default: 174 + error(1, 0, "%s: parse error", argv[0]); 175 + } 176 + } 177 + } 178 + 179 + int main(int argc, char **argv) 180 + { 181 + struct sockaddr_in6 addr = { 182 + .sin6_family = AF_INET6, 183 + .sin6_port = htons(8000), 184 + .sin6_addr = IN6ADDR_LOOPBACK_INIT, 185 + }; 186 + const int one = 1; 187 + int fdt, fdr; 188 + 189 + parse_opts(argc, argv); 190 + 191 + fdt = socket(PF_INET6, SOCK_DGRAM, 0); 192 + if (fdt == -1) 193 + error(1, errno, "socket t"); 194 + 195 + fdr = socket(PF_INET6, SOCK_DGRAM, 0); 196 + if (fdr == -1) 197 + error(1, errno, "socket r"); 198 + 199 + if (connect(fdt, (void *)&addr, sizeof(addr))) 200 + error(1, errno, "connect"); 201 + if (bind(fdr, (void *)&addr, sizeof(addr))) 202 + error(1, errno, "bind"); 203 + 204 + flowlabel_get(fdt, cfg_label, IPV6_FL_S_EXCL, IPV6_FL_F_CREATE); 205 + 206 + if (setsockopt(fdr, SOL_IPV6, IPV6_FLOWINFO, &one, sizeof(one))) 207 + error(1, errno, "setsockopt flowinfo"); 208 + 209 + if (get_autoflowlabel_enabled()) { 210 + fprintf(stderr, "send no label: recv auto flowlabel\n"); 211 + do_send(fdt, false, 0); 212 + do_recv(fdr, true, FLOWLABEL_WILDCARD); 213 + } else { 214 + fprintf(stderr, "send no label: recv no label (auto off)\n"); 215 + do_send(fdt, false, 0); 216 + do_recv(fdr, false, 0); 217 + } 218 + 219 + fprintf(stderr, "send label\n"); 220 + do_send(fdt, true, cfg_label); 221 + do_recv(fdr, true, cfg_label); 222 + 223 + if (close(fdr)) 224 + error(1, errno, "close r"); 225 + if (close(fdt)) 226 + error(1, errno, "close t"); 227 + 228 + return 0; 229 + }

+21

tools/testing/selftests/net/ipv6_flowlabel.sh

··· 1 + #!/bin/sh 2 + # SPDX-License-Identifier: GPL-2.0 3 + # 4 + # Regression tests for IPv6 flowlabels 5 + # 6 + # run in separate namespaces to avoid mgmt db conflicts betweent tests 7 + 8 + set -e 9 + 10 + echo "TEST management" 11 + ./in_netns.sh ./ipv6_flowlabel_mgr 12 + 13 + echo "TEST datapath" 14 + ./in_netns.sh \ 15 + sh -c 'sysctl -q -w net.ipv6.auto_flowlabels=0 && ./ipv6_flowlabel -l 1' 16 + 17 + echo "TEST datapath (with auto-flowlabels)" 18 + ./in_netns.sh \ 19 + sh -c 'sysctl -q -w net.ipv6.auto_flowlabels=1 && ./ipv6_flowlabel -l 1' 20 + 21 + echo OK. All tests passed

+199

tools/testing/selftests/net/ipv6_flowlabel_mgr.c

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + /* Test IPV6_FLOWINFO_MGR */ 3 + 4 + #define _GNU_SOURCE 5 + 6 + #include <arpa/inet.h> 7 + #include <error.h> 8 + #include <errno.h> 9 + #include <limits.h> 10 + #include <linux/in6.h> 11 + #include <stdbool.h> 12 + #include <stdio.h> 13 + #include <stdint.h> 14 + #include <stdlib.h> 15 + #include <string.h> 16 + #include <sys/socket.h> 17 + #include <sys/stat.h> 18 + #include <sys/time.h> 19 + #include <sys/types.h> 20 + #include <sys/wait.h> 21 + #include <unistd.h> 22 + 23 + /* uapi/glibc weirdness may leave this undefined */ 24 + #ifndef IPV6_FLOWLABEL_MGR 25 + #define IPV6_FLOWLABEL_MGR 32 26 + #endif 27 + 28 + /* from net/ipv6/ip6_flowlabel.c */ 29 + #define FL_MIN_LINGER 6 30 + 31 + #define explain(x) \ 32 + do { if (cfg_verbose) fprintf(stderr, " " x "\n"); } while (0) 33 + 34 + #define __expect(x) \ 35 + do { \ 36 + if (!(x)) \ 37 + fprintf(stderr, "[OK] " #x "\n"); \ 38 + else \ 39 + error(1, 0, "[ERR] " #x " (line %d)", __LINE__); \ 40 + } while (0) 41 + 42 + #define expect_pass(x) __expect(x) 43 + #define expect_fail(x) __expect(!(x)) 44 + 45 + static bool cfg_long_running; 46 + static bool cfg_verbose; 47 + 48 + static int flowlabel_get(int fd, uint32_t label, uint8_t share, uint16_t flags) 49 + { 50 + struct in6_flowlabel_req req = { 51 + .flr_action = IPV6_FL_A_GET, 52 + .flr_label = htonl(label), 53 + .flr_flags = flags, 54 + .flr_share = share, 55 + }; 56 + 57 + /* do not pass IPV6_ADDR_ANY or IPV6_ADDR_MAPPED */ 58 + req.flr_dst.s6_addr[0] = 0xfd; 59 + req.flr_dst.s6_addr[15] = 0x1; 60 + 61 + return setsockopt(fd, SOL_IPV6, IPV6_FLOWLABEL_MGR, &req, sizeof(req)); 62 + } 63 + 64 + static int flowlabel_put(int fd, uint32_t label) 65 + { 66 + struct in6_flowlabel_req req = { 67 + .flr_action = IPV6_FL_A_PUT, 68 + .flr_label = htonl(label), 69 + }; 70 + 71 + return setsockopt(fd, SOL_IPV6, IPV6_FLOWLABEL_MGR, &req, sizeof(req)); 72 + } 73 + 74 + static void run_tests(int fd) 75 + { 76 + int wstatus; 77 + pid_t pid; 78 + 79 + explain("cannot get non-existent label"); 80 + expect_fail(flowlabel_get(fd, 1, IPV6_FL_S_ANY, 0)); 81 + 82 + explain("cannot put non-existent label"); 83 + expect_fail(flowlabel_put(fd, 1)); 84 + 85 + explain("cannot create label greater than 20 bits"); 86 + expect_fail(flowlabel_get(fd, 0x1FFFFF, IPV6_FL_S_ANY, 87 + IPV6_FL_F_CREATE)); 88 + 89 + explain("create a new label (FL_F_CREATE)"); 90 + expect_pass(flowlabel_get(fd, 1, IPV6_FL_S_ANY, IPV6_FL_F_CREATE)); 91 + explain("can get the label (without FL_F_CREATE)"); 92 + expect_pass(flowlabel_get(fd, 1, IPV6_FL_S_ANY, 0)); 93 + explain("can get it again with create flag set, too"); 94 + expect_pass(flowlabel_get(fd, 1, IPV6_FL_S_ANY, IPV6_FL_F_CREATE)); 95 + explain("cannot get it again with the exclusive (FL_FL_EXCL) flag"); 96 + expect_fail(flowlabel_get(fd, 1, IPV6_FL_S_ANY, 97 + IPV6_FL_F_CREATE | IPV6_FL_F_EXCL)); 98 + explain("can now put exactly three references"); 99 + expect_pass(flowlabel_put(fd, 1)); 100 + expect_pass(flowlabel_put(fd, 1)); 101 + expect_pass(flowlabel_put(fd, 1)); 102 + expect_fail(flowlabel_put(fd, 1)); 103 + 104 + explain("create a new exclusive label (FL_S_EXCL)"); 105 + expect_pass(flowlabel_get(fd, 2, IPV6_FL_S_EXCL, IPV6_FL_F_CREATE)); 106 + explain("cannot get it again in non-exclusive mode"); 107 + expect_fail(flowlabel_get(fd, 2, IPV6_FL_S_ANY, IPV6_FL_F_CREATE)); 108 + explain("cannot get it again in exclusive mode either"); 109 + expect_fail(flowlabel_get(fd, 2, IPV6_FL_S_EXCL, IPV6_FL_F_CREATE)); 110 + expect_pass(flowlabel_put(fd, 2)); 111 + 112 + if (cfg_long_running) { 113 + explain("cannot reuse the label, due to linger"); 114 + expect_fail(flowlabel_get(fd, 2, IPV6_FL_S_ANY, 115 + IPV6_FL_F_CREATE)); 116 + explain("after sleep, can reuse"); 117 + sleep(FL_MIN_LINGER * 2 + 1); 118 + expect_pass(flowlabel_get(fd, 2, IPV6_FL_S_ANY, 119 + IPV6_FL_F_CREATE)); 120 + } 121 + 122 + explain("create a new user-private label (FL_S_USER)"); 123 + expect_pass(flowlabel_get(fd, 3, IPV6_FL_S_USER, IPV6_FL_F_CREATE)); 124 + explain("cannot get it again in non-exclusive mode"); 125 + expect_fail(flowlabel_get(fd, 3, IPV6_FL_S_ANY, 0)); 126 + explain("cannot get it again in exclusive mode"); 127 + expect_fail(flowlabel_get(fd, 3, IPV6_FL_S_EXCL, 0)); 128 + explain("can get it again in user mode"); 129 + expect_pass(flowlabel_get(fd, 3, IPV6_FL_S_USER, 0)); 130 + explain("child process can get it too, but not after setuid(nobody)"); 131 + pid = fork(); 132 + if (pid == -1) 133 + error(1, errno, "fork"); 134 + if (!pid) { 135 + expect_pass(flowlabel_get(fd, 3, IPV6_FL_S_USER, 0)); 136 + if (setuid(USHRT_MAX)) 137 + fprintf(stderr, "[INFO] skip setuid child test\n"); 138 + else 139 + expect_fail(flowlabel_get(fd, 3, IPV6_FL_S_USER, 0)); 140 + exit(0); 141 + } 142 + if (wait(&wstatus) == -1) 143 + error(1, errno, "wait"); 144 + if (!WIFEXITED(wstatus) || WEXITSTATUS(wstatus) != 0) 145 + error(1, errno, "wait: unexpected child result"); 146 + 147 + explain("create a new process-private label (FL_S_PROCESS)"); 148 + expect_pass(flowlabel_get(fd, 4, IPV6_FL_S_PROCESS, IPV6_FL_F_CREATE)); 149 + explain("can get it again"); 150 + expect_pass(flowlabel_get(fd, 4, IPV6_FL_S_PROCESS, 0)); 151 + explain("child process cannot can get it"); 152 + pid = fork(); 153 + if (pid == -1) 154 + error(1, errno, "fork"); 155 + if (!pid) { 156 + expect_fail(flowlabel_get(fd, 4, IPV6_FL_S_PROCESS, 0)); 157 + exit(0); 158 + } 159 + if (wait(&wstatus) == -1) 160 + error(1, errno, "wait"); 161 + if (!WIFEXITED(wstatus) || WEXITSTATUS(wstatus) != 0) 162 + error(1, errno, "wait: unexpected child result"); 163 + } 164 + 165 + static void parse_opts(int argc, char **argv) 166 + { 167 + int c; 168 + 169 + while ((c = getopt(argc, argv, "lv")) != -1) { 170 + switch (c) { 171 + case 'l': 172 + cfg_long_running = true; 173 + break; 174 + case 'v': 175 + cfg_verbose = true; 176 + break; 177 + default: 178 + error(1, 0, "%s: parse error", argv[0]); 179 + } 180 + } 181 + } 182 + 183 + int main(int argc, char **argv) 184 + { 185 + int fd; 186 + 187 + parse_opts(argc, argv); 188 + 189 + fd = socket(PF_INET6, SOCK_DGRAM, 0); 190 + if (fd == -1) 191 + error(1, errno, "socket"); 192 + 193 + run_tests(fd); 194 + 195 + if (close(fd)) 196 + error(1, errno, "close"); 197 + 198 + return 0; 199 + }