Commit a824e261 authored by David Ahern's avatar David Ahern Committed by Jakub Kicinski

selftests: Consistently specify address for MD5 protection

nettest started with -r as the remote address for MD5 passwords.
The -m argument was added to use prefixes with a length when that
feature was added to the kernel. Since -r is used to specify
remote address for client mode, change nettest to only use -m
for MD5 passwords and update fcnal-test script.
Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 9a8d5849
...@@ -801,7 +801,7 @@ ipv4_tcp_md5_novrf() ...@@ -801,7 +801,7 @@ ipv4_tcp_md5_novrf()
# basic use case # basic use case
log_start log_start
run_cmd nettest -s -M ${MD5_PW} -r ${NSB_IP} & run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
sleep 1 sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 0 "MD5: Single address config" log_test $? 0 "MD5: Single address config"
...@@ -817,7 +817,7 @@ ipv4_tcp_md5_novrf() ...@@ -817,7 +817,7 @@ ipv4_tcp_md5_novrf()
# wrong password # wrong password
log_start log_start
show_hint "Should timeout since client uses wrong password" show_hint "Should timeout since client uses wrong password"
run_cmd nettest -s -M ${MD5_PW} -r ${NSB_IP} & run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} &
sleep 1 sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: Client uses wrong password" log_test $? 2 "MD5: Client uses wrong password"
...@@ -825,7 +825,7 @@ ipv4_tcp_md5_novrf() ...@@ -825,7 +825,7 @@ ipv4_tcp_md5_novrf()
# client from different address # client from different address
log_start log_start
show_hint "Should timeout due to MD5 mismatch" show_hint "Should timeout due to MD5 mismatch"
run_cmd nettest -s -M ${MD5_PW} -r ${NSB_LO_IP} & run_cmd nettest -s -M ${MD5_PW} -m ${NSB_LO_IP} &
sleep 1 sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 2 "MD5: Client address does not match address configured with password" log_test $? 2 "MD5: Client address does not match address configured with password"
...@@ -869,7 +869,7 @@ ipv4_tcp_md5() ...@@ -869,7 +869,7 @@ ipv4_tcp_md5()
# basic use case # basic use case
log_start log_start
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
sleep 1 sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config" log_test $? 0 "MD5: VRF: Single address config"
...@@ -885,7 +885,7 @@ ipv4_tcp_md5() ...@@ -885,7 +885,7 @@ ipv4_tcp_md5()
# wrong password # wrong password
log_start log_start
show_hint "Should timeout since client uses wrong password" show_hint "Should timeout since client uses wrong password"
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
sleep 1 sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Client uses wrong password" log_test $? 2 "MD5: VRF: Client uses wrong password"
...@@ -893,7 +893,7 @@ ipv4_tcp_md5() ...@@ -893,7 +893,7 @@ ipv4_tcp_md5()
# client from different address # client from different address
log_start log_start
show_hint "Should timeout since server config differs from client" show_hint "Should timeout since server config differs from client"
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_LO_IP} & run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} &
sleep 1 sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Client address does not match address configured with password" log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
...@@ -930,31 +930,31 @@ ipv4_tcp_md5() ...@@ -930,31 +930,31 @@ ipv4_tcp_md5()
# #
log_start log_start
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} & run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
sleep 1 sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW} run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF" log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
log_start log_start
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} & run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
sleep 1 sleep 1
run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF" log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
log_start log_start
show_hint "Should timeout since client in default VRF uses VRF password" show_hint "Should timeout since client in default VRF uses VRF password"
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} & run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
sleep 1 sleep 1
run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_PW} run_cmd_nsc nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw" log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
log_start log_start
show_hint "Should timeout since client in VRF uses default VRF password" show_hint "Should timeout since client in VRF uses default VRF password"
run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP} & run_cmd nettest -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP} &
run_cmd nettest -s -M ${MD5_WRONG_PW} -r ${NSB_IP} & run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} &
sleep 1 sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW} run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw" log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
...@@ -993,7 +993,7 @@ ipv4_tcp_md5() ...@@ -993,7 +993,7 @@ ipv4_tcp_md5()
# negative tests # negative tests
# #
log_start log_start
run_cmd nettest -s -d ${NSA_DEV} -M ${MD5_PW} -r ${NSB_IP} run_cmd nettest -s -d ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP}
log_test $? 1 "MD5: VRF: Device must be a VRF - single address" log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
log_start log_start
...@@ -2265,7 +2265,7 @@ ipv6_tcp_md5_novrf() ...@@ -2265,7 +2265,7 @@ ipv6_tcp_md5_novrf()
# basic use case # basic use case
log_start log_start
run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_IP6} & run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
sleep 1 sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 0 "MD5: Single address config" log_test $? 0 "MD5: Single address config"
...@@ -2281,7 +2281,7 @@ ipv6_tcp_md5_novrf() ...@@ -2281,7 +2281,7 @@ ipv6_tcp_md5_novrf()
# wrong password # wrong password
log_start log_start
show_hint "Should timeout since client uses wrong password" show_hint "Should timeout since client uses wrong password"
run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_IP6} & run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} &
sleep 1 sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: Client uses wrong password" log_test $? 2 "MD5: Client uses wrong password"
...@@ -2289,7 +2289,7 @@ ipv6_tcp_md5_novrf() ...@@ -2289,7 +2289,7 @@ ipv6_tcp_md5_novrf()
# client from different address # client from different address
log_start log_start
show_hint "Should timeout due to MD5 mismatch" show_hint "Should timeout due to MD5 mismatch"
run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_LO_IP6} & run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} &
sleep 1 sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 2 "MD5: Client address does not match address configured with password" log_test $? 2 "MD5: Client address does not match address configured with password"
...@@ -2333,7 +2333,7 @@ ipv6_tcp_md5() ...@@ -2333,7 +2333,7 @@ ipv6_tcp_md5()
# basic use case # basic use case
log_start log_start
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
sleep 1 sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config" log_test $? 0 "MD5: VRF: Single address config"
...@@ -2349,7 +2349,7 @@ ipv6_tcp_md5() ...@@ -2349,7 +2349,7 @@ ipv6_tcp_md5()
# wrong password # wrong password
log_start log_start
show_hint "Should timeout since client uses wrong password" show_hint "Should timeout since client uses wrong password"
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
sleep 1 sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Client uses wrong password" log_test $? 2 "MD5: VRF: Client uses wrong password"
...@@ -2357,7 +2357,7 @@ ipv6_tcp_md5() ...@@ -2357,7 +2357,7 @@ ipv6_tcp_md5()
# client from different address # client from different address
log_start log_start
show_hint "Should timeout since server config differs from client" show_hint "Should timeout since server config differs from client"
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_LO_IP6} & run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} &
sleep 1 sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Client address does not match address configured with password" log_test $? 2 "MD5: VRF: Client address does not match address configured with password"
...@@ -2394,31 +2394,31 @@ ipv6_tcp_md5() ...@@ -2394,31 +2394,31 @@ ipv6_tcp_md5()
# #
log_start log_start
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} & run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
sleep 1 sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW} run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF" log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF"
log_start log_start
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} & run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
sleep 1 sleep 1
run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF" log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF"
log_start log_start
show_hint "Should timeout since client in default VRF uses VRF password" show_hint "Should timeout since client in default VRF uses VRF password"
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} & run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
sleep 1 sleep 1
run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_PW} run_cmd_nsc nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw" log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw"
log_start log_start
show_hint "Should timeout since client in VRF uses default VRF password" show_hint "Should timeout since client in VRF uses default VRF password"
run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -r ${NSB_IP6} & run_cmd nettest -6 -s -d ${VRF} -M ${MD5_PW} -m ${NSB_IP6} &
run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -r ${NSB_IP6} & run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} &
sleep 1 sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW} run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw" log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw"
...@@ -2457,7 +2457,7 @@ ipv6_tcp_md5() ...@@ -2457,7 +2457,7 @@ ipv6_tcp_md5()
# negative tests # negative tests
# #
log_start log_start
run_cmd nettest -6 -s -d ${NSA_DEV} -M ${MD5_PW} -r ${NSB_IP6} run_cmd nettest -6 -s -d ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP6}
log_test $? 1 "MD5: VRF: Device must be a VRF - single address" log_test $? 1 "MD5: VRF: Device must be a VRF - single address"
log_start log_start
......
...@@ -291,13 +291,13 @@ static int tcp_md5_remote(int sd, struct sock_args *args) ...@@ -291,13 +291,13 @@ static int tcp_md5_remote(int sd, struct sock_args *args)
switch (args->version) { switch (args->version) {
case AF_INET: case AF_INET:
sin.sin_port = htons(args->port); sin.sin_port = htons(args->port);
sin.sin_addr = args->remote_addr.in; sin.sin_addr = args->md5_prefix.v4.sin_addr;
addr = &sin; addr = &sin;
alen = sizeof(sin); alen = sizeof(sin);
break; break;
case AF_INET6: case AF_INET6:
sin6.sin6_port = htons(args->port); sin6.sin6_port = htons(args->port);
sin6.sin6_addr = args->remote_addr.in6; sin6.sin6_addr = args->md5_prefix.v6.sin6_addr;
addr = &sin6; addr = &sin6;
alen = sizeof(sin6); alen = sizeof(sin6);
break; break;
...@@ -725,7 +725,7 @@ static int convert_addr(struct sock_args *args, const char *_str, ...@@ -725,7 +725,7 @@ static int convert_addr(struct sock_args *args, const char *_str,
return 1; return 1;
} }
} else { } else {
args->prefix_len = pfx_len_max; args->prefix_len = 0;
} }
break; break;
default: default:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment