From: Simon Horman <horms@kernel.org>
To: Tom Herbert <tom@herbertland.com>
Cc: davem@davemloft.net, kuba@kernel.org, netdev@vger.kernel.org,
justin.iurman@uliege.be, willemdebruijn.kernel@gmail.com,
pabeni@redhat.com
Subject: Re: [PATCH net-next v9 10/10] test: Add networking selftest for eh limits
Date: Tue, 17 Mar 2026 15:32:22 +0000 [thread overview]
Message-ID: <20260317153222.GD1710951@horms.kernel.org> (raw)
In-Reply-To: <20260314175124.47010-11-tom@herbertland.com>
On Sat, Mar 14, 2026 at 10:51:24AM -0700, Tom Herbert wrote:
> Add a networking selftest for Extension Header limits. The
> limits to test are in systcls:
>
> net.ipv6.enforce_ext_hdr_order
> net.ipv6.max_dst_opts_number
> net.ipv6.max_hbh_opts_number
> net.ipv6.max_hbh_length
> net.ipv6.max_dst_opts_length
>
> The basic idea of the test is to fabricate ICMPv6 Echo Request
> packets with various combinations of Extension Headers. The packets
> are sent to a host in another namespace. If a an ICMPv6 Echo Reply
> is received then the packet wasn't dropped due to a limit being
> exceeded, and if it was dropped then we assume that a limit was
> exceeded. For each test packet we derive an expectation as to
> whether the packet will be dropped or not. Test success depends
> on whether our expectation is matched. i.e. if we expect a reply
> then the test succeeds if we see a reply, and if we don't expect a
> reply then the test succeeds if we don't see a reply.
>
> The test is divided into a frontend bash script (eh_limits.sh) and a
> backend Python script (eh_limits.py).
>
> The frontend sets up two network namespaces with IPv6 addresses
> configured on veth's. We then invoke the backend to send the
> test packets. This first pass is done with default sysctl settings.
> On a second pass we change the various sysctl settings and run
> again.
>
> The backend runs through the various test cases described in the
> Make_Test_Packets function. This function calls Make_Packet for
> a test case where arguments provide the Extension Header chain to
> be tested. The Run_Test function loops through the various packets
> and tests if a reply is received versus the expectation. If a test
> case fails then an error status is returned by the backend.
>
> The backend script can also be run with the "-w <pcap_file>" to
> write the created packets to a pcap file instead of running the
> test.
>
> Signed-off-by: Tom Herbert <tom@herbertland.com>
> ---
> tools/testing/selftests/net/Makefile | 1 +
> tools/testing/selftests/net/eh_limits.py | 349 +++++++++++++++++++++++
> tools/testing/selftests/net/eh_limits.sh | 205 +++++++++++++
> 3 files changed, 555 insertions(+)
> create mode 100755 tools/testing/selftests/net/eh_limits.py
> create mode 100755 tools/testing/selftests/net/eh_limits.sh
Hi Tom,
Shellcheck flags several instances of the following:
- https://www.shellcheck.net/wiki/SC2154 -- ns1 is referenced but not assigned.
- https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
In the case of SC2086 I think this can be trivially addressed by adding
double quotes.
While I think SC2154 should probably be ignored using
# shellcheck disable=SC2154
We're trying to make new scripts shellcheck clean, so I'd appreciate it if
you could look into this.
Also, pylint has also something to say about this patch.
...
next prev parent reply other threads:[~2026-03-17 15:32 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-14 17:51 [PATCH net-next v9 00/10] ipv6: Address ext hdr DoS vulnerabilities Tom Herbert
2026-03-14 17:51 ` [PATCH net-next v9 01/10] ipv6: Check of max HBH or DestOp sysctl is zero and drop if it is Tom Herbert
2026-03-14 17:51 ` [PATCH net-next v9 02/10] ipv6: Cleanup IPv6 TLV definitions Tom Herbert
2026-03-14 17:51 ` [PATCH net-next v9 03/10] ipv6: Add case for IPV6_TLV_TNL_ENCAP_LIMIT in EH TLV switch Tom Herbert
2026-03-14 17:51 ` [PATCH net-next v9 04/10] ipv6: Set HBH and DestOpt limits to 2 Tom Herbert
2026-03-14 17:51 ` [PATCH net-next v9 05/10] ipv6: Document defaults for max_{dst|hbh}_opts_number sysctls Tom Herbert
2026-03-14 17:51 ` [PATCH net-next v9 06/10] ipv6: Enforce Extension Header ordering Tom Herbert
2026-03-14 17:51 ` [PATCH net-next v9 07/10] ipv6: Document enforce_ext_hdr_order sysctl Tom Herbert
2026-03-14 17:51 ` [PATCH net-next v9 08/10] test: Add proto_nums.py in networking selftests Tom Herbert
2026-03-17 15:22 ` Simon Horman
2026-03-14 17:51 ` [PATCH net-next v9 09/10] test: Add ext_hdr.py " Tom Herbert
2026-03-17 15:24 ` [net-next,v9,09/10] " Simon Horman
2026-03-14 17:51 ` [PATCH net-next v9 10/10] test: Add networking selftest for eh limits Tom Herbert
2026-03-17 15:32 ` Simon Horman [this message]
2026-03-14 17:58 ` [PATCH net-next v9 00/10] ipv6: Address ext hdr DoS vulnerabilities Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260317153222.GD1710951@horms.kernel.org \
--to=horms@kernel.org \
--cc=davem@davemloft.net \
--cc=justin.iurman@uliege.be \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=tom@herbertland.com \
--cc=willemdebruijn.kernel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox