summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Maguire <alan.maguire@oracle.com>2019-03-25 09:36:37 +0000
committerDaniel Borkmann <daniel@iogearbox.net>2019-03-25 15:01:54 +0100
commit0c4ea7f87abbdb56df616678bc23f10e51a0b4f8 (patch)
treed79acfdfbe4348eaf73d8e5bb283bceeaaa3769b
parent62b31b42cff924c7d1e9a095b68ff3bbfc49b15b (diff)
bpf: test_tc_tunnel.sh needs reverse path filtering disabled
test_tc_tunnel.sh sets up a pair of namespaces connected by a veth pair to verify encap/decap using bpf_skb_adjust_room. In testing this, it uses tunnel links as the peer of the bpf-based encap/decap. However because the same IP header is used for inner and outer IP, when packets arrive at the tunnel interface they will be dropped by reverse path filtering as those packets are expected on the veth interface (where the destination IP of the decapped packet is configured). To avoid this, ensure reverse path filtering is disabled for the namespace using tunneling. Fixes: 98cdabcd0798 ("selftests/bpf: bpf tunnel encap test") Signed-off-by: Alan Maguire <alan.maguire@oracle.com> Acked-by: Willem de Bruijn <willemb@google.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-rwxr-xr-xtools/testing/selftests/bpf/test_tc_tunnel.sh8
1 files changed, 8 insertions, 0 deletions
diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh
index dcf320626931..c805adb88f3a 100755
--- a/tools/testing/selftests/bpf/test_tc_tunnel.sh
+++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh
@@ -160,6 +160,14 @@ server_listen
# client can connect again
ip netns exec "${ns2}" ip link add dev testtun0 type "${tuntype}" \
remote "${addr1}" local "${addr2}"
+# Because packets are decapped by the tunnel they arrive on testtun0 from
+# the IP stack perspective. Ensure reverse path filtering is disabled
+# otherwise we drop the TCP SYN as arriving on testtun0 instead of the
+# expected veth2 (veth2 is where 192.168.1.2 is configured).
+ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.all.rp_filter=0
+# rp needs to be disabled for both all and testtun0 as the rp value is
+# selected as the max of the "all" and device-specific values.
+ip netns exec "${ns2}" sysctl -qw net.ipv4.conf.testtun0.rp_filter=0
ip netns exec "${ns2}" ip link set dev testtun0 up
echo "test bpf encap with tunnel device decap"
client_connect