From 24f3453d9d67336808c1279e7c211ebaaede5763 Mon Sep 17 00:00:00 2001 From: Pierre Lee Date: Fri, 19 Jul 2019 16:09:02 +0800 Subject: Add the same mark with policy in SaInfo API Due to mtk design of ipsec monitor, kernel will create a new SA when running the testUpdateActiveSaMarks case, so there are two SAs, but the expected number of SAs is one. We need to avoid creating the extra SA. Bug: 137509253 Test: run vts -m VtsKernelNetTest -t VtsKernelNetTest#testKernelNetworking Change-Id: Ic5a82ac9f8531b75e61ce9188aa35ef9a0ca0619 Merged-In: Ic5a82ac9f8531b75e61ce9188aa35ef9a0ca0619 (cherry picked from commit c68285f247e30bbcc6c767719a4185ad01129a8c) --- net/test/xfrm_test.py | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/net/test/xfrm_test.py b/net/test/xfrm_test.py index afcacde..64be084 100755 --- a/net/test/xfrm_test.py +++ b/net/test/xfrm_test.py @@ -846,12 +846,22 @@ class XfrmOutputMarkTest(xfrm_base.XfrmLazyTest): xfrm_base._ALGO_CBC_AES_256) # Add a default SA with no mark that routes to nowhere. - self.xfrm.AddSaInfo(local, - remote, - TEST_SPI, xfrm.XFRM_MODE_TUNNEL, 0, - xfrm_base._ALGO_CBC_AES_256, - xfrm_base._ALGO_HMAC_SHA1, - None, None, None, 0, is_update=False) + try: + self.xfrm.AddSaInfo(local, + remote, + TEST_SPI, xfrm.XFRM_MODE_TUNNEL, 0, + xfrm_base._ALGO_CBC_AES_256, + xfrm_base._ALGO_HMAC_SHA1, + None, None, mark, 0, is_update=False) + except IOError as e: + self.assertEquals(EEXIST, e.errno, "SA exists") + self.xfrm.AddSaInfo(local, + remote, + TEST_SPI, xfrm.XFRM_MODE_TUNNEL, 0, + xfrm_base._ALGO_CBC_AES_256, + xfrm_base._ALGO_HMAC_SHA1, + None, None, mark, 0, is_update=True) + self.assertRaisesErrno( ENETUNREACH, s.sendto, net_test.UDP_PAYLOAD, (remote, 53)) @@ -862,7 +872,7 @@ class XfrmOutputMarkTest(xfrm_base.XfrmLazyTest): TEST_SPI, xfrm.XFRM_MODE_TUNNEL, 0, xfrm_base._ALGO_CBC_AES_256, xfrm_base._ALGO_HMAC_SHA1, - None, None, None, netid, is_update=True) + None, None, mark, netid, is_update=True) # Now the payload routes to the updated netid. s.sendto(net_test.UDP_PAYLOAD, (remote, 53)) @@ -876,7 +886,7 @@ class XfrmOutputMarkTest(xfrm_base.XfrmLazyTest): TEST_SPI, xfrm.XFRM_MODE_TUNNEL, 0, xfrm_base._ALGO_CBC_AES_256, xfrm_base._ALGO_HMAC_SHA1, - None, None, None, reroute_netid, is_update=True) + None, None, mark, reroute_netid, is_update=True) s.sendto(net_test.UDP_PAYLOAD, (remote, 53)) self._ExpectEspPacketOn(reroute_netid, TEST_SPI, 2, length, None, None) @@ -887,7 +897,7 @@ class XfrmOutputMarkTest(xfrm_base.XfrmLazyTest): sainfo, attributes = dump[0] self.assertEquals(reroute_netid, attributes["XFRMA_OUTPUT_MARK"]) - self.xfrm.DeleteSaInfo(remote, TEST_SPI, IPPROTO_ESP, None) + self.xfrm.DeleteSaInfo(remote, TEST_SPI, IPPROTO_ESP, mark) self.xfrm.DeletePolicyInfo(sel, xfrm.XFRM_POLICY_OUT, mark) if __name__ == "__main__": -- cgit v1.2.3 From d8385e2e7f732a73e9fe9130d3a974d1254681d1 Mon Sep 17 00:00:00 2001 From: Elvis Chien Date: Tue, 3 Mar 2020 17:54:29 +0800 Subject: Fix VtsKernelNetTest#VtsKernelNetTest#testKernelNetworking Bug: 140366925 Change-Id: I2fd94487db3412669ab8bb938010b00cbb54766d Merged-In: I2fd94487db3412669ab8bb938010b00cbb54766d --- net/test/srcaddr_selection_test.py | 1 + 1 file changed, 1 insertion(+) diff --git a/net/test/srcaddr_selection_test.py b/net/test/srcaddr_selection_test.py index adbcc54..45a8140 100755 --- a/net/test/srcaddr_selection_test.py +++ b/net/test/srcaddr_selection_test.py @@ -287,6 +287,7 @@ class DadFailureTest(MultiInterfaceSourceAddressSelectionTest): scapy.ICMPv6ND_NA(tgt=self.test_ip, R=0, S=0, O=1) / scapy.ICMPv6NDOptDstLLAddr(lladdr=conflict_macaddr)) self.ReceiveEtherPacketOn(self.test_netid, dad_defense) + self.WaitForDad(self.test_lladdr) # The address should have failed DAD, and therefore no longer be usable. self.assertAddressNotUsable(self.test_ip, self.test_netid) -- cgit v1.2.3 From 73cf98163867a226979341760ff42c82d608b11c Mon Sep 17 00:00:00 2001 From: dennishan Date: Mon, 8 Jun 2020 19:01:42 +0800 Subject: net-test: attempt to use namespaces on devices with ADB/TCP Update all_tests.py and add namespace.py from master branch. Bug: 149894399 Test: run vts -m VtsKernelNetTest -s 192.168.1.100:5555 Change-Id: I00829029fea63a58a548455ed2edcbd7c5ae2b62 Merged-In: I2e5d136322ade41bfefcb46437b61a68fb842e15 --- net/test/all_tests.py | 20 ++++-- net/test/namespace.py | 165 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 181 insertions(+), 4 deletions(-) create mode 100644 net/test/namespace.py diff --git a/net/test/all_tests.py b/net/test/all_tests.py index bbef3ac..17d9701 100755 --- a/net/test/all_tests.py +++ b/net/test/all_tests.py @@ -14,10 +14,12 @@ # See the License for the specific language governing permissions and # limitations under the License. -from importlib import import_module +import importlib import sys import unittest +import namespace + test_modules = [ 'anycast_test', 'bpf_test', @@ -46,15 +48,25 @@ test_modules = [ ] if __name__ == '__main__': + # Check whether ADB over TCP is occupying TCP port 5555. + if namespace.HasEstablishedTcpSessionOnPort(5555): + namespace.IfPossibleEnterNewNetworkNamespace() # First, run InjectTests on all modules, to ensure that any parameterized # tests in those modules are injected. for name in test_modules: - import_module(name) - if hasattr(sys.modules[name], "InjectTests"): + importlib.import_module(name) + if hasattr(sys.modules[name], 'InjectTests'): sys.modules[name].InjectTests() loader = unittest.defaultTestLoader - test_suite = loader.loadTestsFromNames(test_modules) + if len(sys.argv) > 1: + test_suite = loader.loadTestsFromNames(sys.argv[1:]) + else: + test_suite = loader.loadTestsFromNames(test_modules) + + assert test_suite.countTestCases() > 0, ( + 'Inconceivable: no tests found! Command line: %s' % ' '.join(sys.argv)) + runner = unittest.TextTestRunner(verbosity=2) result = runner.run(test_suite) sys.exit(not result.wasSuccessful()) diff --git a/net/test/namespace.py b/net/test/namespace.py new file mode 100644 index 0000000..85db654 --- /dev/null +++ b/net/test/namespace.py @@ -0,0 +1,165 @@ +#!/usr/bin/python +# +# Copyright 2020 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Namespace related support code.""" + +import ctypes +import ctypes.util +import os +import socket + +import net_test +import sock_diag +import tcp_test + +# //include/linux/fs.h +MNT_FORCE = 1 # Attempt to forcibily umount +MNT_DETACH = 2 # Just detach from the tree +MNT_EXPIRE = 4 # Mark for expiry +UMOUNT_NOFOLLOW = 8 # Don't follow symlink on umount + +# //include/uapi/linux/fs.h +MS_RDONLY = 1 # Mount read-only +MS_NOSUID = 2 # Ignore suid and sgid bits +MS_NODEV = 4 # Disallow access to device special files +MS_NOEXEC = 8 # Disallow program execution +MS_SYNCHRONOUS = 16 # Writes are synced at once +MS_REMOUNT = 32 # Alter flags of a mounted FS +MS_MANDLOCK = 64 # Allow mandatory locks on an FS +MS_DIRSYNC = 128 # Directory modifications are synchronous +MS_NOATIME = 1024 # Do not update access times. +MS_NODIRATIME = 2048 # Do not update directory access times +MS_BIND = 4096 # +MS_MOVE = 8192 # +MS_REC = 16384 # +MS_SILENT = 32768 # +MS_POSIXACL = (1<<16) # VFS does not apply the umask +MS_UNBINDABLE = (1<<17) # change to unbindable +MS_PRIVATE = (1<<18) # change to private +MS_SLAVE = (1<<19) # change to slave +MS_SHARED = (1<<20) # change to shared +MS_RELATIME = (1<<21) # Update atime relative to mtime/ctime. +MS_STRICTATIME = (1<<24) # Always perform atime updates +MS_LAZYTIME = (1<<25) # Update the on-disk [acm]times lazily + +# //include/uapi/linux/sched.h +CLONE_NEWNS = 0x00020000 # New mount namespace group +CLONE_NEWCGROUP = 0x02000000 # New cgroup namespace +CLONE_NEWUTS = 0x04000000 # New utsname namespace +CLONE_NEWIPC = 0x08000000 # New ipc namespace +CLONE_NEWUSER = 0x10000000 # New user namespace +CLONE_NEWPID = 0x20000000 # New pid namespace +CLONE_NEWNET = 0x40000000 # New network namespace + +libc = ctypes.CDLL(ctypes.util.find_library('c'), use_errno=True) + +# See the relevant system call's man pages and: +# https://docs.python.org/3/library/ctypes.html#fundamental-data-types +libc.mount.argtypes = (ctypes.c_char_p, ctypes.c_char_p, ctypes.c_char_p, + ctypes.c_ulong, ctypes.c_void_p) +libc.sethostname.argtype = (ctypes.c_char_p, ctypes.c_size_t) +libc.umount2.argtypes = (ctypes.c_char_p, ctypes.c_int) +libc.unshare.argtypes = (ctypes.c_int,) + + +def Mount(src, tgt, fs, flags=MS_NODEV|MS_NOEXEC|MS_NOSUID|MS_RELATIME): + ret = libc.mount(src, tgt, fs, flags, None) + if ret < 0: + errno = ctypes.get_errno() + raise OSError(errno, '%s mounting %s on %s (fs=%s flags=0x%x)' + % (os.strerror(errno), src, tgt, fs, flags)) + + +def ReMountProc(): + libc.umount2('/proc', MNT_DETACH) # Ignore failure: might not be mounted + Mount('proc', '/proc', 'proc') + + +def ReMountSys(): + libc.umount2('/sys', MNT_DETACH) # Ignore failure: might not be mounted + Mount('sysfs', '/sys', 'sysfs') + + +def SetFileContents(f, s): + open(f, 'w').write(s) + + +def SetHostname(s): + ret = libc.sethostname(s, len(s)) + if ret < 0: + errno = ctypes.get_errno() + raise OSError(errno, '%s while sethostname(%s)' % (os.strerror(errno), s)) + + +def UnShare(flags): + ret = libc.unshare(flags) + if ret < 0: + errno = ctypes.get_errno() + raise OSError(errno, '%s while unshare(0x%x)' % (os.strerror(errno), flags)) + + +def DumpMounts(hdr): + print + print hdr + print open('/proc/mounts', 'r').read(), + print '---' + + +# Requires at least kernel configuration options: +# CONFIG_NAMESPACES=y +# CONFIG_NET_NS=y +# CONFIG_UTS_NS=y +def IfPossibleEnterNewNetworkNamespace(): + """Instantiate and transition into a fresh new network namespace if possible.""" + + print 'Creating clean namespace...', + + try: + UnShare(CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWNET) + except OSError as err: + print 'failed: %s (likely: no privs or lack of kernel support).' % err + return False + + try: + # DumpMounts('Before:') + Mount('none', '/', None, MS_REC|MS_PRIVATE) + ReMountProc() + ReMountSys() + # DumpMounts('After:') + SetHostname('netns') + SetFileContents('/proc/sys/net/ipv4/ping_group_range', '0 2147483647') + net_test.SetInterfaceUp('lo') + except: + print 'failed.' + # We've already transitioned into the new netns -- it's too late to recover. + raise + + print 'succeeded.' + return True + + +def HasEstablishedTcpSessionOnPort(port): + sd = sock_diag.SockDiag() + + sock_id = sd._EmptyInetDiagSockId() + sock_id.sport = port + + states = 1 << tcp_test.TCP_ESTABLISHED + + matches = sd.DumpAllInetSockets(socket.IPPROTO_TCP, "", + sock_id=sock_id, states=states) + + return len(matches) > 0 -- cgit v1.2.3 From 7fec03ba22a7cb313bc347349ea469bc25b486d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= Date: Tue, 2 Feb 2021 21:25:59 -0800 Subject: net-test: work around UML crashes during shutdown MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sometimes the tests all pass, but UML crashes during the shutdown process itself: As such we can't actually rely on the /proc/exitcode returned value. Before this change (rarely): ##### 0 failed tests. reboot: System halted ../kernel/tests/net/test/run_net_test.sh: line 431: 61682 Aborted (core dumped) $KERNEL_BINARY umid=net_test mem=512M $blockdevice=$ROOTFS $netconfig $consolemode $cmdline 1>&2 stty: standard input: Inappropriate ioctl for device Returning exit code 134. With this change and an extra 'echo 134 > /proc/exitcode' at end of net_test.sh (to simulate a UML crash): ##### 0 failed tests. epollctl add err fd 3, Operation not permitted epollctl add err fd 19, Operation not permitted reboot: System halted Warning: UML appears to have crashed after successfully executing the tests. Info: retrieved exit code 0. Returning exit code 0. Normally: ##### 0 failed tests. epollctl add err fd 3, Operation not permitted epollctl add err fd 19, Operation not permitted reboot: System halted Info: retrieved exit code 0. Returning exit code 0. (I don't know why the epollctl add errors show up - but they don't appear to hurt.) Some useful docs about UML kernel command line options at: http://user-mode-linux.sourceforge.net/old/input.html https://www.kernel.org/doc/html/latest/virt/uml/user_mode_linux_howto_v2.html Tested: see above Signed-off-by: Maciej Żenczykowski Change-Id: I37a67f140b5fa022f3dde97fbe45373df1a9a20d Merged-In: I37a67f140b5fa022f3dde97fbe45373df1a9a20d (cherrypicked from 0c89e40ce29b1908c546619e30e04fe5a6e6c6d2) --- net/test/net_test.sh | 8 +++++++- net/test/run_net_test.sh | 29 +++++++++++++++++++++++++---- 2 files changed, 32 insertions(+), 5 deletions(-) diff --git a/net/test/net_test.sh b/net/test/net_test.sh index 72c67a9..f4ca29f 100755 --- a/net/test/net_test.sh +++ b/net/test/net_test.sh @@ -152,7 +152,13 @@ fi echo -e "Running $net_test $net_test_args\n" $net_test $net_test_args +rv="$?" # Write exit code of net_test to a file so that the builder can use it # to signal failure if any tests fail. -echo $? >$net_test_exitcode +echo "${rv}" > "${net_test_exitcode}" + +# Additionally on UML make it the exit code of UML kernel binary itself. +if [[ -e '/proc/exitcode' ]]; then + echo "${rv}" > /proc/exitcode +fi diff --git a/net/test/run_net_test.sh b/net/test/run_net_test.sh index deed5cd..5648a06 100755 --- a/net/test/run_net_test.sh +++ b/net/test/run_net_test.sh @@ -282,8 +282,10 @@ if [ "$ARCH" == "um" ]; then # Get the absolute path to the test file that's being run. cmdline="$cmdline net_test=/host$SCRIPT_DIR/$test" - # Use UML's /proc/exitcode feature to communicate errors on test failure - cmdline="$cmdline net_test_exitcode=/proc/exitcode" + # We'd use UML's /proc/exitcode feature to communicate errors on test failure, + # if not for UML having a tendency to crash during shutdown, + # so instead use an extra serial line we'll redirect to an open fd... + cmdline="$cmdline net_test_exitcode=/dev/ttyS3" # Experience shows that we need at least 128 bits of entropy for the # kernel's crng init to complete (before it fully initializes stuff behaves @@ -307,11 +309,30 @@ if [ "$ARCH" == "um" ]; then blockdevice=ubdar fi + # Create a temp file for 'serial line 3' for return code. + SSL3="$(mktemp)" + exitcode=0 - $KERNEL_BINARY >&2 umid=net_test mem=512M \ - $blockdevice=$SCRIPT_DIR/$ROOTFS $netconfig $consolemode $cmdline \ + $KERNEL_BINARY >&2 3>"${SSL3}" umid=net_test mem=512M \ + $blockdevice=$SCRIPT_DIR/$ROOTFS $netconfig $consolemode ssl3=null,fd:3 $cmdline \ || exitcode=$? + if [[ "${exitcode}" == 134 && -s "${SSL3}" && "$(tr -d '\r' < "${SSL3}")" == 0 ]]; then + # Sometimes the tests all pass, but UML crashes during the shutdown process itself. + # As such we can't actually rely on the /proc/exitcode returned value. + echo "Warning: UML appears to have crashed after successfully executing the tests." 1>&2 + elif [[ "${exitcode}" != 0 ]]; then + echo "Warning: UML exited with ${exitcode} instead of zero." 1>&2 + fi + + if [[ -s "${SSL3}" ]]; then + exitcode="$(tr -d '\r' < "${SSL3}")" + echo "Info: retrieved exit code ${exitcode}." 1>&2 + fi + + rm -f "${SSL3}" + unset SSL3 + # UML is kind of crazy in how guest syscalls work. It requires host kernel # to not be in vsyscall=none mode. if [[ "${exitcode}" != '0' ]]; then -- cgit v1.2.3 From 2b10612507a2927350a3e5c3495f023e805ed038 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= Date: Tue, 2 Feb 2021 21:25:59 -0800 Subject: net-test: work around UML crashes during shutdown MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sometimes the tests all pass, but UML crashes during the shutdown process itself: As such we can't actually rely on the /proc/exitcode returned value. Before this change (rarely): ##### 0 failed tests. reboot: System halted ../kernel/tests/net/test/run_net_test.sh: line 431: 61682 Aborted (core dumped) $KERNEL_BINARY umid=net_test mem=512M $blockdevice=$ROOTFS $netconfig $consolemode $cmdline 1>&2 stty: standard input: Inappropriate ioctl for device Returning exit code 134. With this change and an extra 'echo 134 > /proc/exitcode' at end of net_test.sh (to simulate a UML crash): ##### 0 failed tests. epollctl add err fd 3, Operation not permitted epollctl add err fd 19, Operation not permitted reboot: System halted Warning: UML appears to have crashed after successfully executing the tests. Info: retrieved exit code 0. Returning exit code 0. Normally: ##### 0 failed tests. epollctl add err fd 3, Operation not permitted epollctl add err fd 19, Operation not permitted reboot: System halted Info: retrieved exit code 0. Returning exit code 0. (I don't know why the epollctl add errors show up - but they don't appear to hurt.) Some useful docs about UML kernel command line options at: http://user-mode-linux.sourceforge.net/old/input.html https://www.kernel.org/doc/html/latest/virt/uml/user_mode_linux_howto_v2.html Tested: see above Signed-off-by: Maciej Żenczykowski Change-Id: I37a67f140b5fa022f3dde97fbe45373df1a9a20d Merged-In: I37a67f140b5fa022f3dde97fbe45373df1a9a20d (cherrypicked from 0c89e40ce29b1908c546619e30e04fe5a6e6c6d2) --- net/test/net_test.sh | 8 +++++++- net/test/run_net_test.sh | 29 +++++++++++++++++++++++++---- 2 files changed, 32 insertions(+), 5 deletions(-) diff --git a/net/test/net_test.sh b/net/test/net_test.sh index 6a22c0e..52b168d 100755 --- a/net/test/net_test.sh +++ b/net/test/net_test.sh @@ -161,7 +161,13 @@ fi echo -e "Running $net_test $net_test_args\n" $net_test $net_test_args +rv="$?" # Write exit code of net_test to a file so that the builder can use it # to signal failure if any tests fail. -echo $? >$net_test_exitcode +echo "${rv}" > "${net_test_exitcode}" + +# Additionally on UML make it the exit code of UML kernel binary itself. +if [[ -e '/proc/exitcode' ]]; then + echo "${rv}" > /proc/exitcode +fi diff --git a/net/test/run_net_test.sh b/net/test/run_net_test.sh index d1a66f5..47df373 100755 --- a/net/test/run_net_test.sh +++ b/net/test/run_net_test.sh @@ -318,8 +318,10 @@ if [ "$ARCH" == "um" ]; then # Get the absolute path to the test file that's being run. cmdline="$cmdline net_test=/host$SCRIPT_DIR/$test" - # Use UML's /proc/exitcode feature to communicate errors on test failure - cmdline="$cmdline net_test_exitcode=/proc/exitcode" + # We'd use UML's /proc/exitcode feature to communicate errors on test failure, + # if not for UML having a tendency to crash during shutdown, + # so instead use an extra serial line we'll redirect to an open fd... + cmdline="$cmdline net_test_exitcode=/dev/ttyS3" # Map the --readonly flag to UML block device names if ((nowrite == 0)); then @@ -328,11 +330,30 @@ if [ "$ARCH" == "um" ]; then blockdevice=ubdar fi + # Create a temp file for 'serial line 3' for return code. + SSL3="$(mktemp)" + exitcode=0 - $KERNEL_BINARY >&2 umid=net_test mem=512M \ - $blockdevice=$SCRIPT_DIR/$ROOTFS $netconfig $consolemode $cmdline \ + $KERNEL_BINARY >&2 3>"${SSL3}" umid=net_test mem=512M \ + $blockdevice=$SCRIPT_DIR/$ROOTFS $netconfig $consolemode ssl3=null,fd:3 $cmdline \ || exitcode=$? + if [[ "${exitcode}" == 134 && -s "${SSL3}" && "$(tr -d '\r' < "${SSL3}")" == 0 ]]; then + # Sometimes the tests all pass, but UML crashes during the shutdown process itself. + # As such we can't actually rely on the /proc/exitcode returned value. + echo "Warning: UML appears to have crashed after successfully executing the tests." 1>&2 + elif [[ "${exitcode}" != 0 ]]; then + echo "Warning: UML exited with ${exitcode} instead of zero." 1>&2 + fi + + if [[ -s "${SSL3}" ]]; then + exitcode="$(tr -d '\r' < "${SSL3}")" + echo "Info: retrieved exit code ${exitcode}." 1>&2 + fi + + rm -f "${SSL3}" + unset SSL3 + # UML is kind of crazy in how guest syscalls work. It requires host kernel # to not be in vsyscall=none mode. if [[ "${exitcode}" != '0' ]]; then -- cgit v1.2.3 From a56618e0ceb7930a3ebfa671e0f8598bba61fc96 Mon Sep 17 00:00:00 2001 From: terrencew Date: Thu, 17 Dec 2020 20:18:00 +0800 Subject: net-test: set sufficient MEMLOCK rlimit for bpf test Some devices doesn't set the default memlock memory size, it's possible to fail the bpf map creation. Bug: 175087066 Bug: 182760543 Test: via treehugger Change-Id: I4be25f45aeab044ad6aceda10aa62c61be771ef7 Merged-In: I4be25f45aeab044ad6aceda10aa62c61be771ef7 --- net/test/bpf.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/test/bpf.py b/net/test/bpf.py index 5062e31..9e8f6c8 100755 --- a/net/test/bpf.py +++ b/net/test/bpf.py @@ -22,6 +22,7 @@ import cstruct import net_test import socket import platform +import resource # __NR_bpf syscall numbers for various architectures. # NOTE: If python inherited COMPAT_UTS_MACHINE, uname's 'machine' field will @@ -178,6 +179,8 @@ BpfInsn = cstruct.Struct("bpf_insn", "=BBhi", "code dst_src_reg off imm") libc = ctypes.CDLL(ctypes.util.find_library("c"), use_errno=True) HAVE_EBPF_SUPPORT = net_test.LINUX_VERSION >= (4, 4, 0) +# set memlock resource 1 GiB +resource.setrlimit(resource.RLIMIT_MEMLOCK, (1073741824, 1073741824)) # BPF program syscalls def BpfSyscall(op, attr): -- cgit v1.2.3 From 47b593d818e305a3ba3e234289d4d90d1d7966ba Mon Sep 17 00:00:00 2001 From: Blair Prescott Date: Thu, 12 Aug 2021 13:21:25 -0700 Subject: net-test: Reset blackhole before fastopen test A pre-existing network connection can trigger the TCP fastopen blackhole timer. Reset the timer before the fastopen test begins. Test: Run vts_kernel_net_tests with Ethernet or Wi-Fi connected Bug: 196423144 Signed-off-by: Blair Prescott Change-Id: I8c75aca81bd207a6700d920a7db888e2b58aab52 Merged-In: I8c75aca81bd207a6700d920a7db888e2b58aab52 --- net/test/tcp_fastopen_test.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/net/test/tcp_fastopen_test.py b/net/test/tcp_fastopen_test.py index 9257a19..16e41c6 100755 --- a/net/test/tcp_fastopen_test.py +++ b/net/test/tcp_fastopen_test.py @@ -28,6 +28,7 @@ import tcp_metrics TCPOPT_FASTOPEN = 34 TCP_FASTOPEN_CONNECT = 30 +BH_TIMEOUT_SYSCTL = "/proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec" class TcpFastOpenTest(multinetwork_base.MultiNetworkBaseTest): @@ -63,12 +64,21 @@ class TcpFastOpenTest(multinetwork_base.MultiNetworkBaseTest): with self.assertRaisesErrno(ENOENT): self.tcp_metrics.GetMetrics(saddr, daddr) + def clearBlackhole(self): + if net_test.LINUX_VERSION < (4, 14, 0): + return + timeout = self.GetSysctl(BH_TIMEOUT_SYSCTL) + + # Write to timeout to clear any pre-existing blackhole condition + self.SetSysctl(BH_TIMEOUT_SYSCTL, timeout) + def CheckConnectOption(self, version): ip_layer = {4: scapy.IP, 6: scapy.IPv6}[version] netid = self.RandomNetid() s = self.TFOClientSocket(version, netid) self.clearTcpMetrics(version, netid) + self.clearBlackhole() # Connect the first time. remoteaddr = self.GetRemoteAddress(version) -- cgit v1.2.3 From 37faf0c1fea3cab558cc8f72c700fef5e901efba Mon Sep 17 00:00:00 2001 From: Seongsik Date: Thu, 19 Aug 2021 14:25:33 +0900 Subject: fix: change next IP header option to "3b" (no next header) The problem is that with a special next header value (hop-by-hop), when applying an MSS clamp rule, the test failed with "Operation not permitted". So, need to change next IP header option from "00" (hop-by-hop) to "3b" (no next header). Because, the test doesn't need a special next header. Test: ran "policy_crash_test" on Kernel 5.10 Bug: 196522392 Signed-off-by: Seongsik Change-Id: Ibb4423e13a5b603bfa8da66a932c455722dec83a Merged-In: Ibb4423e13a5b603bfa8da66a932c455722dec83a --- net/test/policy_crash_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/test/policy_crash_test.py b/net/test/policy_crash_test.py index 536f96d..ad1b92a 100755 --- a/net/test/policy_crash_test.py +++ b/net/test/policy_crash_test.py @@ -107,7 +107,7 @@ class RemovedFeatureTest(net_test.NetworkTest): dst = ip6loopback # 8 byte IPv6 fragmentation header - frag_nexthdr = '00' + frag_nexthdr = '3b' frag_reserved = '00' # 13-bit offset, 2-bit reserved, 1-bit M[ore] flag pkt1_frag_offset = '0001' -- cgit v1.2.3 From c5e2282dc9b316b272a8bc1de16f2b26bb530dff Mon Sep 17 00:00:00 2001 From: Blair Prescott Date: Thu, 12 Aug 2021 13:21:25 -0700 Subject: net-test: Reset blackhole before fastopen test A pre-existing network connection can trigger the TCP fastopen blackhole timer. Reset the timer before the fastopen test begins. Test: Run vts_kernel_net_tests with Ethernet or Wi-Fi connected Bug: 196423144 Signed-off-by: Blair Prescott Change-Id: I8c75aca81bd207a6700d920a7db888e2b58aab52 Merged-In: I8c75aca81bd207a6700d920a7db888e2b58aab52 --- net/test/tcp_fastopen_test.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/net/test/tcp_fastopen_test.py b/net/test/tcp_fastopen_test.py index eadae79..5b89a2d 100755 --- a/net/test/tcp_fastopen_test.py +++ b/net/test/tcp_fastopen_test.py @@ -28,6 +28,7 @@ import tcp_metrics TCPOPT_FASTOPEN = 34 TCP_FASTOPEN_CONNECT = 30 +BH_TIMEOUT_SYSCTL = "/proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec" class TcpFastOpenTest(multinetwork_base.MultiNetworkBaseTest): @@ -63,12 +64,21 @@ class TcpFastOpenTest(multinetwork_base.MultiNetworkBaseTest): with self.assertRaisesErrno(ENOENT): self.tcp_metrics.GetMetrics(saddr, daddr) + def clearBlackhole(self): + if net_test.LINUX_VERSION < (4, 14, 0): + return + timeout = self.GetSysctl(BH_TIMEOUT_SYSCTL) + + # Write to timeout to clear any pre-existing blackhole condition + self.SetSysctl(BH_TIMEOUT_SYSCTL, timeout) + def CheckConnectOption(self, version): ip_layer = {4: scapy.IP, 6: scapy.IPv6}[version] netid = self.RandomNetid() s = self.TFOClientSocket(version, netid) self.clearTcpMetrics(version, netid) + self.clearBlackhole() # Connect the first time. remoteaddr = self.GetRemoteAddress(version) -- cgit v1.2.3 From 17a08fbb06ec8a9dc425632a0bdd90b1622d5d26 Mon Sep 17 00:00:00 2001 From: "eric_kuang.rs" Date: Wed, 1 Dec 2021 16:17:40 +0800 Subject: net-test: not supported in netns before 4.15 if BH_TIMEOUT_SYSCTL does not exist. Related to the following CL which is included in 4.15: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3733be14a32bae288b61ed28341e593baba983af Change-Id: I1cc9b9c79a1eec83c47d36790c8f944b0261ff32 Merged-In: I1cc9b9c79a1eec83c47d36790c8f944b0261ff32 Test: Run vts_kernel_net_tests with Ethernet or Wi-Fi connected Bug: 204306357 (cherry picked from commit 7b07e88d38aa3211f47dc1fcd360399d75514479) --- net/test/tcp_fastopen_test.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/test/tcp_fastopen_test.py b/net/test/tcp_fastopen_test.py index 16e41c6..3ab9e51 100755 --- a/net/test/tcp_fastopen_test.py +++ b/net/test/tcp_fastopen_test.py @@ -22,6 +22,7 @@ from scapy import all as scapy import multinetwork_base import net_test +import os import packets import tcp_metrics @@ -67,6 +68,9 @@ class TcpFastOpenTest(multinetwork_base.MultiNetworkBaseTest): def clearBlackhole(self): if net_test.LINUX_VERSION < (4, 14, 0): return + # Prior to 4.15 this sysctl is not namespace aware. + if net_test.LINUX_VERSION < (4, 15, 0) and not os.path.exists(BH_TIMEOUT_SYSCTL): + return timeout = self.GetSysctl(BH_TIMEOUT_SYSCTL) # Write to timeout to clear any pre-existing blackhole condition -- cgit v1.2.3