From: Sabrina Dubroca <sd@queasysnail.net>
To: Antonio Quartulli <antonio@openvpn.net>
Cc: netdev@vger.kernel.org, Ralf Lici <ralf@mandelbit.com>,
Jakub Kicinski <kuba@kernel.org>,
linux-kselftest@vger.kernel.org, Shuah Khan <shuah@kernel.org>
Subject: Re: [RFC net-next 07/13] selftests: ovpn: check asymmetric peer-id
Date: Thu, 27 Nov 2025 01:13:37 +0100 [thread overview]
Message-ID: <aSeXsX7dwx1YI8Ea@krikkit> (raw)
In-Reply-To: <20251121002044.16071-8-antonio@openvpn.net>
2025-11-21, 01:20:38 +0100, Antonio Quartulli wrote:
> diff --git a/tools/testing/selftests/net/ovpn/common.sh b/tools/testing/selftests/net/ovpn/common.sh
> index b91cf17ab01f..d926413c9f16 100644
> --- a/tools/testing/selftests/net/ovpn/common.sh
> +++ b/tools/testing/selftests/net/ovpn/common.sh
> @@ -75,13 +75,14 @@ add_peer() {
> data64.key
> done
> else
> - RADDR=$(awk "NR == ${1} {print \$2}" ${UDP_PEERS_FILE})
> - RPORT=$(awk "NR == ${1} {print \$3}" ${UDP_PEERS_FILE})
> - LPORT=$(awk "NR == ${1} {print \$5}" ${UDP_PEERS_FILE})
> - ip netns exec peer${1} ${OVPN_CLI} new_peer tun${1} ${1} ${LPORT} \
> - ${RADDR} ${RPORT}
> - ip netns exec peer${1} ${OVPN_CLI} new_key tun${1} ${1} 1 0 ${ALG} 1 \
> - data64.key
> + TX_ID=$(awk "NR == ${1} {print \$2}" ${UDP_PEERS_FILE})
> + RADDR=$(awk "NR == ${1} {print \$3}" ${UDP_PEERS_FILE})
> + RPORT=$(awk "NR == ${1} {print \$4}" ${UDP_PEERS_FILE})
> + LPORT=$(awk "NR == ${1} {print \$6}" ${UDP_PEERS_FILE})
> + ip netns exec peer${1} ${OVPN_CLI} new_peer tun${1} ${TX_ID} ${1} \
> + ${LPORT} ${RADDR} ${RPORT}
> + ip netns exec peer${1} ${OVPN_CLI} new_key tun${1} ${TX_ID} 1 0 \
> + ${ALG} 1 data64.key
IIUC, we're creating a "client" with peer_id=$TX_ID and tx_id=$ID so
that they're flipped from what we installed on the multi-peer side?
> diff --git a/tools/testing/selftests/net/ovpn/ovpn-cli.c b/tools/testing/selftests/net/ovpn/ovpn-cli.c
> index 064453d16fdd..baabb4c9120e 100644
> --- a/tools/testing/selftests/net/ovpn/ovpn-cli.c
> +++ b/tools/testing/selftests/net/ovpn/ovpn-cli.c
> @@ -103,7 +103,7 @@ struct ovpn_ctx {
>
> sa_family_t sa_family;
>
> - unsigned long peer_id;
> + unsigned long peer_id, tx_id;
> unsigned long lport;
>
> union {
> @@ -649,6 +649,7 @@ static int ovpn_new_peer(struct ovpn_ctx *ovpn, bool is_tcp)
>
> attr = nla_nest_start(ctx->nl_msg, OVPN_A_PEER);
> NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_ID, ovpn->peer_id);
> + NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_TX_ID, ovpn->tx_id);
So, with these changes, it's no longer possible to test a userspace
not passing the new OVPN_A_PEER_TX_ID attribute? But I guess we could
simulate that behavior by passing TX_ID==ID (is there still a test
doing that?).
Do we need to preserve some testing of the case where userspace is not
passing the new attribute?
> NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_SOCKET, ovpn->socket);
>
> if (!is_tcp) {
> @@ -767,6 +768,10 @@ static int ovpn_handle_peer(struct nl_msg *msg, void (*arg)__always_unused)
> fprintf(stderr, "* Peer %u\n",
> nla_get_u32(pattrs[OVPN_A_PEER_ID]));
>
> + if (pattrs[OVPN_A_PEER_TX_ID])
> + fprintf(stderr, "\tTX peer ID %u\n",
> + nla_get_u32(pattrs[OVPN_A_PEER_TX_ID]));
> +
> if (pattrs[OVPN_A_PEER_SOCKET_NETNSID])
> fprintf(stderr, "\tsocket NetNS ID: %d\n",
> nla_get_s32(pattrs[OVPN_A_PEER_SOCKET_NETNSID]));
> @@ -1676,11 +1681,13 @@ static void usage(const char *cmd)
> "\tkey_file: file containing the symmetric key for encryption\n");
>
> fprintf(stderr,
> - "* new_peer <iface> <peer_id> <lport> <raddr> <rport> [vpnaddr]: add new peer\n");
> + "* new_peer <iface> <peer_id> <tx_id> <lport> <raddr> <rport> [vpnaddr]: add new peer\n");
> fprintf(stderr, "\tiface: ovpn interface name\n");
> fprintf(stderr, "\tlport: local UDP port to bind to\n");
> fprintf(stderr,
> - "\tpeer_id: peer ID to be used in data packets to/from this peer\n");
> + "\tpeer_id: peer ID found in data packets received from this peer\n");
> + fprintf(stderr,
> + "\ttx_id: peer ID to be used when sending to this peer\n");
> fprintf(stderr, "\traddr: peer IP address\n");
> fprintf(stderr, "\trport: peer UDP port\n");
> fprintf(stderr, "\tvpnaddr: peer VPN IP\n");
> @@ -1691,7 +1698,7 @@ static void usage(const char *cmd)
> fprintf(stderr, "\tlport: local UDP port to bind to\n");
> fprintf(stderr,
> "\tpeers_file: text file containing one peer per line. Line format:\n");
> - fprintf(stderr, "\t\t<peer_id> <raddr> <rport> <vpnaddr>\n");
> + fprintf(stderr, "\t\t<peer_id> <tx_id> <raddr> <rport> <laddr> <lport> <vpnaddr>\n");
Looks like this is missing similar updates for connect and listen,
based on changes to ovpn_run_cmd and ovpn_parse_cmd_args?
--
Sabrina
next prev parent reply other threads:[~2025-11-27 0:13 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-21 0:20 [RFC net-next 00/13] ovpn: new features + kselftests Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 01/13] selftests: ovpn: allow compiling ovpn-cli.c with mbedtls3 Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 02/13] selftests: ovpn: add notification parsing and matching Antonio Quartulli
2025-11-21 10:56 ` Antonio Quartulli
2025-11-24 15:51 ` Sabrina Dubroca
2025-11-25 10:21 ` Ralf Lici
2025-11-21 0:20 ` [RFC net-next 03/13] ovpn: use correct array size to parse nested attributes in ovpn_nl_key_swap_doit Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 04/13] ovpn: pktid: use bitops.h API Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 05/13] ovpn: notify userspace on client float event Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 06/13] ovpn: add support for asymmetric peer IDs Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 07/13] selftests: ovpn: check asymmetric peer-id Antonio Quartulli
2025-11-27 0:13 ` Sabrina Dubroca [this message]
2025-12-02 16:11 ` Ralf Lici
2025-11-21 0:20 ` [RFC net-next 08/13] selftests: ovpn: add test for the FW mark feature Antonio Quartulli
2025-11-27 11:09 ` Sabrina Dubroca
2025-12-02 16:22 ` Ralf Lici
2025-11-21 0:20 ` [RFC net-next 09/13] ovpn: consolidate crypto allocations in one chunk Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 10/13] ovpn: use bound device in UDP when available Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 11/13] selftests: ovpn: add test for bound device Antonio Quartulli
2025-11-27 11:29 ` Sabrina Dubroca
2025-12-02 16:28 ` Ralf Lici
2025-11-21 0:20 ` [RFC net-next 12/13] ovpn: use bound address in UDP when available Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 13/13] selftests: ovpn: add test for bound address Antonio Quartulli
2025-11-27 14:34 ` Sabrina Dubroca
2025-12-02 16:34 ` Ralf Lici
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aSeXsX7dwx1YI8Ea@krikkit \
--to=sd@queasysnail.net \
--cc=antonio@openvpn.net \
--cc=kuba@kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=ralf@mandelbit.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.