* [LTP] [PATCH v1] cve: icmp_rate_limit: set icmp_msgs_burst within network namespace
@ 2026-04-23 2:31 Wei Gao via ltp
2026-04-23 2:37 ` [LTP] " linuxtestproject.agent
0 siblings, 1 reply; 2+ messages in thread
From: Wei Gao via ltp @ 2026-04-23 2:31 UTC (permalink / raw)
To: ltp
When network namespaces are used, the kernel resets network sysctls to
their default values. This makes the global .save_restore for
icmp_msgs_burst ineffective for tests that enter a new network
namespace (e.g. via tst_setup_netns() or manual unshare).
Moving the sysctl configuration into the child namespace ensures the
test always runs with the expected burst value of 50, regardless of the
kernel defaults (which were increased to 10000 in newer versions).
Fixes: 8e919bfb2ab0 ("cve: icmp_rate_limit: Make sure icmp_msgs_burst = 50")
Signed-off-by: Wei Gao <wegao@suse.com>
---
testcases/cve/icmp_rate_limit01.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/testcases/cve/icmp_rate_limit01.c b/testcases/cve/icmp_rate_limit01.c
index 78480cea6..5193c5dfd 100644
--- a/testcases/cve/icmp_rate_limit01.c
+++ b/testcases/cve/icmp_rate_limit01.c
@@ -62,6 +62,8 @@ static void setup(void)
/* Do NOT close this FD, or both interfaces will be destroyed */
childns = SAFE_OPEN("/proc/self/ns/net", O_RDONLY);
+ SAFE_FILE_PRINTF("/proc/sys/net/ipv4/icmp_msgs_burst", "50");
+
/* Configure child namespace */
CREATE_VETH_PAIR("ltp_veth1", "ltp_veth2");
NETDEV_ADD_ADDRESS_INET("ltp_veth2", htonl(DSTADDR), NETMASK,
@@ -255,7 +257,6 @@ static struct tst_test test = {
},
.save_restore = (const struct tst_path_val[]) {
{"/proc/sys/user/max_user_namespaces", "1024", TST_SR_SKIP},
- {"/proc/sys/net/ipv4/icmp_msgs_burst", "50", TST_SR_TBROK},
{}
},
.tags = (const struct tst_tag[]) {
--
2.52.0
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [LTP] cve: icmp_rate_limit: set icmp_msgs_burst within network namespace
2026-04-23 2:31 [LTP] [PATCH v1] cve: icmp_rate_limit: set icmp_msgs_burst within network namespace Wei Gao via ltp
@ 2026-04-23 2:37 ` linuxtestproject.agent
0 siblings, 0 replies; 2+ messages in thread
From: linuxtestproject.agent @ 2026-04-23 2:37 UTC (permalink / raw)
To: Wei Gao; +Cc: ltp, LTP AI Reviewer
Hi Wei,
On 2026-04-23, Wei Gao wrote:
> cve: icmp_rate_limit: set icmp_msgs_burst within network namespace
> childns = SAFE_OPEN("/proc/self/ns/net", O_RDONLY);
>
> + SAFE_FILE_PRINTF("/proc/sys/net/ipv4/icmp_msgs_burst", "50");
Correct fix. The save_restore entry was writing to the initial namespace
before CLONE_NEWNET, making it ineffective inside the child namespace where
the test actually runs.
> - {"/proc/sys/net/ipv4/icmp_msgs_burst", "50", TST_SR_TBROK},
No explicit restore needed — the sysctl lives in the child namespace, which
is destroyed when the test exits.
Reviewed-by: LTP AI Reviewer <ltp-ai@noreply.github.com>
---
Note:
Our agent completed the review of the patch.
The agent can sometimes produce false positives although often its
findings are genuine. If you find issues with the review, please
comment this email or ignore the suggestions.
Regards,
LTP AI Reviewer
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-04-23 2:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-23 2:31 [LTP] [PATCH v1] cve: icmp_rate_limit: set icmp_msgs_burst within network namespace Wei Gao via ltp
2026-04-23 2:37 ` [LTP] " linuxtestproject.agent
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox