Bug 2054023
| Summary: | vrf test fail in kselftest net:fcnal-test.sh | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Jianlin Shi <jishi> |
| Component: | kernel | Assignee: | Xin Long <lxin> |
| kernel sub component: | Networking | QA Contact: | Jianlin Shi <jishi> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | medium | CC: | jiji, kzhang, lxin |
| Version: | 9.0 | Keywords: | Triaged |
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | kernel-5.14.0-86.el9 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-11-15 10:55:35 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2090354 | ||
|
Description
Jianlin Shi
2022-02-14 02:02:15 UTC
This is another issue caused by changing from PING socket to RAW socket for 'ping' cmd, and it was reported on: https://github.com/iputils/iputils/issues/104 and fixed on iputils but in an incorrect way: commit cc44f4c5c2e72f7aa833658a6978d924ff9e059d Author: Sami Kerola <kerolasa> Date: Wed Oct 24 23:38:58 2018 +0100 ping: do not bind to device when destination IP is on device The right fix should be in PING socket in kernel: diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c index bcf7bc71cb56..99d832a33408 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -172,7 +172,7 @@ static struct sock *ping_lookup(struct net *net, struct sk_buff *skb, u16 ident) struct sock *sk = NULL; struct inet_sock *isk; struct hlist_nulls_node *hnode; - int dif = skb->dev->ifindex; + int dif = inet_iif(skb); I will fix this in kernel and then revert the one in iputils. Use this bug to track the issue in https://github.com/iputils/iputils/issues/104, which should be fixed in kernel side. Jianlin, can you open a new bug for user space iputils? Thanks. the test still failed with the latest kernel: # ################################################################# # With VRF # # SYSCTL: net.ipv4.raw_l3mdev_accept=1 # # TEST: ping out, VRF bind - ns-B IP [ OK ] # TEST: ping out, device bind - ns-B IP [ OK ] # TEST: ping out, vrf device + dev address bind - ns-B IP [ OK ] # TEST: ping out, vrf device + vrf address bind - ns-B IP [ OK ] # TEST: ping out, VRF bind - ns-B loopback IP [ OK ] # TEST: ping out, device bind - ns-B loopback IP [ OK ] # TEST: ping out, vrf device + dev address bind - ns-B loopback IP [ OK ] # TEST: ping out, vrf device + vrf address bind - ns-B loopback IP [ OK ] # TEST: ping in - ns-A IP [ OK ] # TEST: ping in - VRF IP [ OK ] # TEST: ping local, VRF bind - ns-A IP [ OK ] # TEST: ping local, VRF bind - VRF IP [FAIL] # TEST: ping local, VRF bind - loopback [ OK ] # TEST: ping local, device bind - ns-A IP [FAIL] # TEST: ping local, device bind - VRF IP [ OK ] # TEST: ping local, device bind - loopback [ OK ] # TEST: ping out, vrf bind, blocked by rule - ns-B loopback IP [ OK ] # TEST: ping out, device bind, blocked by rule - ns-B loopback IP [ OK ] # TEST: ping in, blocked by rule - ns-A loopback IP [ OK ] # TEST: ping out, vrf bind, unreachable route - ns-B loopback IP [ OK ] # TEST: ping out, device bind, unreachable route - ns-B loopback IP [ OK ] # TEST: ping in, unreachable route - ns-A loopback IP [ OK ] # # ########################################################################### [root@ibm-x3650m4-02-vm-06 kselftests]# uname -a Linux ibm-x3650m4-02-vm-06.ibm2.lab.eng.bos.redhat.com 5.14.0-96.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 19 07:21:30 EDT 2022 x86_64 x86_64 x86_64 GNU/Linux [root@ibm-x3650m4-02-vm-06 kselftests]# rpm -qa | grep kernel kernel-tools-libs-5.14.0-96.el9.x86_64 kernel-core-5.14.0-96.el9.x86_64 kernel-modules-5.14.0-96.el9.x86_64 kernel-5.14.0-96.el9.x86_64 kernel-tools-5.14.0-96.el9.x86_64 kernel-selftests-internal-5.14.0-96.el9.x86_64 install the iputils in https://github.com/lxin/iputils/tree/ping_fix and run the test again, it passed: # ################################################################# # With VRF # # SYSCTL: net.ipv4.raw_l3mdev_accept=1 # # TEST: ping out, VRF bind - ns-B IP [ OK ] # TEST: ping out, device bind - ns-B IP [ OK ] # TEST: ping out, vrf device + dev address bind - ns-B IP [ OK ] # TEST: ping out, vrf device + vrf address bind - ns-B IP [ OK ] # TEST: ping out, VRF bind - ns-B loopback IP [ OK ] # TEST: ping out, device bind - ns-B loopback IP [ OK ] # TEST: ping out, vrf device + dev address bind - ns-B loopback IP [ OK ] # TEST: ping out, vrf device + vrf address bind - ns-B loopback IP [ OK ] # TEST: ping in - ns-A IP [ OK ] # TEST: ping in - VRF IP [ OK ] # TEST: ping local, VRF bind - ns-A IP [ OK ] # TEST: ping local, VRF bind - VRF IP [ OK ] # TEST: ping local, VRF bind - loopback [ OK ] # TEST: ping local, device bind - ns-A IP [ OK ] # TEST: ping local, device bind - VRF IP [ OK ] # TEST: ping local, device bind - loopback [ OK ] # TEST: ping out, vrf bind, blocked by rule - ns-B loopback IP [ OK ] # TEST: ping out, device bind, blocked by rule - ns-B loopback IP [ OK ] # TEST: ping in, blocked by rule - ns-A loopback IP [ OK ] # TEST: ping out, vrf bind, unreachable route - ns-B loopback IP [ OK ] # TEST: ping out, device bind, unreachable route - ns-B loopback IP [ OK ] # TEST: ping in, unreachable route - ns-A loopback IP [ OK ] # # ########################################################################### Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: kernel security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:8267 |