Commit 313c502f authored by Riccardo Paolo Bestetti's avatar Riccardo Paolo Bestetti Committed by David S. Miller

ipv4: fix bind address validity regression tests

Commit 8ff978b8 ("ipv4/raw: support binding to nonlocal addresses")
introduces support for binding to nonlocal addresses, as well as some
basic test coverage for some of the related cases.

Commit b4a028c4 ("ipv4: ping: fix bind address validity check")
fixes a regression which incorrectly removed some checks for bind
address validation. In addition, it introduces regression tests for
those specific checks. However, those regression tests are defective, in
that they perform the tests using an incorrect combination of bind
flags. As a result, those tests fail when they should succeed.

This commit introduces additional regression tests for nonlocal binding
and fixes the defective regression tests. It also introduces new
set_sysctl calls for the ipv4_bind test group, as to perform the ICMP
binding tests it is necessary to allow ICMP socket creation by setting
the net.ipv4.ping_group_range knob.

Fixes: b4a028c4 ("ipv4: ping: fix bind address validity check")
Reported-by: default avatarRiccardo Paolo Bestetti <pbl@bestov.io>
Signed-off-by: default avatarRiccardo Paolo Bestetti <pbl@bestov.io>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 9926de73
...@@ -1800,24 +1800,32 @@ ipv4_addr_bind_novrf() ...@@ -1800,24 +1800,32 @@ ipv4_addr_bind_novrf()
done done
# #
# raw socket with nonlocal bind # tests for nonlocal bind
# #
a=${NL_IP} a=${NL_IP}
log_start log_start
run_cmd nettest -s -R -P icmp -f -l ${a} -I ${NSA_DEV} -b run_cmd nettest -s -R -f -l ${a} -b
log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after device bind" log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address"
log_start
run_cmd nettest -s -f -l ${a} -b
log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address"
log_start
run_cmd nettest -s -D -P icmp -f -l ${a} -b
log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address"
# #
# check that ICMP sockets cannot bind to broadcast and multicast addresses # check that ICMP sockets cannot bind to broadcast and multicast addresses
# #
a=${BCAST_IP} a=${BCAST_IP}
log_start log_start
run_cmd nettest -s -R -P icmp -l ${a} -b run_cmd nettest -s -D -P icmp -l ${a} -b
log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address" log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address"
a=${MCAST_IP} a=${MCAST_IP}
log_start log_start
run_cmd nettest -s -R -P icmp -f -l ${a} -b run_cmd nettest -s -D -P icmp -l ${a} -b
log_test_addr ${a} $? 1 "ICMP socket bind to multicast address" log_test_addr ${a} $? 1 "ICMP socket bind to multicast address"
# #
...@@ -1870,24 +1878,32 @@ ipv4_addr_bind_vrf() ...@@ -1870,24 +1878,32 @@ ipv4_addr_bind_vrf()
log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind" log_test_addr ${a} $? 1 "Raw socket bind to out of scope address after VRF bind"
# #
# raw socket with nonlocal bind # tests for nonlocal bind
# #
a=${NL_IP} a=${NL_IP}
log_start log_start
run_cmd nettest -s -R -P icmp -f -l ${a} -I ${VRF} -b run_cmd nettest -s -R -f -l ${a} -I ${VRF} -b
log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind" log_test_addr ${a} $? 0 "Raw socket bind to nonlocal address after VRF bind"
log_start
run_cmd nettest -s -f -l ${a} -I ${VRF} -b
log_test_addr ${a} $? 0 "TCP socket bind to nonlocal address after VRF bind"
log_start
run_cmd nettest -s -D -P icmp -f -l ${a} -I ${VRF} -b
log_test_addr ${a} $? 0 "ICMP socket bind to nonlocal address after VRF bind"
# #
# check that ICMP sockets cannot bind to broadcast and multicast addresses # check that ICMP sockets cannot bind to broadcast and multicast addresses
# #
a=${BCAST_IP} a=${BCAST_IP}
log_start log_start
run_cmd nettest -s -R -P icmp -l ${a} -I ${VRF} -b run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address after VRF bind" log_test_addr ${a} $? 1 "ICMP socket bind to broadcast address after VRF bind"
a=${MCAST_IP} a=${MCAST_IP}
log_start log_start
run_cmd nettest -s -R -P icmp -f -l ${a} -I ${VRF} -b run_cmd nettest -s -D -P icmp -l ${a} -I ${VRF} -b
log_test_addr ${a} $? 1 "ICMP socket bind to multicast address after VRF bind" log_test_addr ${a} $? 1 "ICMP socket bind to multicast address after VRF bind"
# #
...@@ -1922,10 +1938,12 @@ ipv4_addr_bind() ...@@ -1922,10 +1938,12 @@ ipv4_addr_bind()
log_subsection "No VRF" log_subsection "No VRF"
setup setup
set_sysctl net.ipv4.ping_group_range='0 2147483647' 2>/dev/null
ipv4_addr_bind_novrf ipv4_addr_bind_novrf
log_subsection "With VRF" log_subsection "With VRF"
setup "yes" setup "yes"
set_sysctl net.ipv4.ping_group_range='0 2147483647' 2>/dev/null
ipv4_addr_bind_vrf ipv4_addr_bind_vrf
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment