From: Sabrina Dubroca <sd@queasysnail.net>
To: Antonio Quartulli <antonio@openvpn.net>
Cc: netdev@vger.kernel.org, Ralf Lici <ralf@mandelbit.com>,
Jakub Kicinski <kuba@kernel.org>,
linux-kselftest@vger.kernel.org, Shuah Khan <shuah@kernel.org>
Subject: Re: [RFC net-next 07/13] selftests: ovpn: check asymmetric peer-id
Date: Thu, 27 Nov 2025 01:13:37 +0100 [thread overview]
Message-ID: <aSeXsX7dwx1YI8Ea@krikkit> (raw)
In-Reply-To: <20251121002044.16071-8-antonio@openvpn.net>
2025-11-21, 01:20:38 +0100, Antonio Quartulli wrote:
> diff --git a/tools/testing/selftests/net/ovpn/common.sh b/tools/testing/selftests/net/ovpn/common.sh
> index b91cf17ab01f..d926413c9f16 100644
> --- a/tools/testing/selftests/net/ovpn/common.sh
> +++ b/tools/testing/selftests/net/ovpn/common.sh
> @@ -75,13 +75,14 @@ add_peer() {
> data64.key
> done
> else
> - RADDR=$(awk "NR == ${1} {print \$2}" ${UDP_PEERS_FILE})
> - RPORT=$(awk "NR == ${1} {print \$3}" ${UDP_PEERS_FILE})
> - LPORT=$(awk "NR == ${1} {print \$5}" ${UDP_PEERS_FILE})
> - ip netns exec peer${1} ${OVPN_CLI} new_peer tun${1} ${1} ${LPORT} \
> - ${RADDR} ${RPORT}
> - ip netns exec peer${1} ${OVPN_CLI} new_key tun${1} ${1} 1 0 ${ALG} 1 \
> - data64.key
> + TX_ID=$(awk "NR == ${1} {print \$2}" ${UDP_PEERS_FILE})
> + RADDR=$(awk "NR == ${1} {print \$3}" ${UDP_PEERS_FILE})
> + RPORT=$(awk "NR == ${1} {print \$4}" ${UDP_PEERS_FILE})
> + LPORT=$(awk "NR == ${1} {print \$6}" ${UDP_PEERS_FILE})
> + ip netns exec peer${1} ${OVPN_CLI} new_peer tun${1} ${TX_ID} ${1} \
> + ${LPORT} ${RADDR} ${RPORT}
> + ip netns exec peer${1} ${OVPN_CLI} new_key tun${1} ${TX_ID} 1 0 \
> + ${ALG} 1 data64.key
IIUC, we're creating a "client" with peer_id=$TX_ID and tx_id=$ID so
that they're flipped from what we installed on the multi-peer side?
> diff --git a/tools/testing/selftests/net/ovpn/ovpn-cli.c b/tools/testing/selftests/net/ovpn/ovpn-cli.c
> index 064453d16fdd..baabb4c9120e 100644
> --- a/tools/testing/selftests/net/ovpn/ovpn-cli.c
> +++ b/tools/testing/selftests/net/ovpn/ovpn-cli.c
> @@ -103,7 +103,7 @@ struct ovpn_ctx {
>
> sa_family_t sa_family;
>
> - unsigned long peer_id;
> + unsigned long peer_id, tx_id;
> unsigned long lport;
>
> union {
> @@ -649,6 +649,7 @@ static int ovpn_new_peer(struct ovpn_ctx *ovpn, bool is_tcp)
>
> attr = nla_nest_start(ctx->nl_msg, OVPN_A_PEER);
> NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_ID, ovpn->peer_id);
> + NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_TX_ID, ovpn->tx_id);
So, with these changes, it's no longer possible to test a userspace
not passing the new OVPN_A_PEER_TX_ID attribute? But I guess we could
simulate that behavior by passing TX_ID==ID (is there still a test
doing that?).
Do we need to preserve some testing of the case where userspace is not
passing the new attribute?
> NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_SOCKET, ovpn->socket);
>
> if (!is_tcp) {
> @@ -767,6 +768,10 @@ static int ovpn_handle_peer(struct nl_msg *msg, void (*arg)__always_unused)
> fprintf(stderr, "* Peer %u\n",
> nla_get_u32(pattrs[OVPN_A_PEER_ID]));
>
> + if (pattrs[OVPN_A_PEER_TX_ID])
> + fprintf(stderr, "\tTX peer ID %u\n",
> + nla_get_u32(pattrs[OVPN_A_PEER_TX_ID]));
> +
> if (pattrs[OVPN_A_PEER_SOCKET_NETNSID])
> fprintf(stderr, "\tsocket NetNS ID: %d\n",
> nla_get_s32(pattrs[OVPN_A_PEER_SOCKET_NETNSID]));
> @@ -1676,11 +1681,13 @@ static void usage(const char *cmd)
> "\tkey_file: file containing the symmetric key for encryption\n");
>
> fprintf(stderr,
> - "* new_peer <iface> <peer_id> <lport> <raddr> <rport> [vpnaddr]: add new peer\n");
> + "* new_peer <iface> <peer_id> <tx_id> <lport> <raddr> <rport> [vpnaddr]: add new peer\n");
> fprintf(stderr, "\tiface: ovpn interface name\n");
> fprintf(stderr, "\tlport: local UDP port to bind to\n");
> fprintf(stderr,
> - "\tpeer_id: peer ID to be used in data packets to/from this peer\n");
> + "\tpeer_id: peer ID found in data packets received from this peer\n");
> + fprintf(stderr,
> + "\ttx_id: peer ID to be used when sending to this peer\n");
> fprintf(stderr, "\traddr: peer IP address\n");
> fprintf(stderr, "\trport: peer UDP port\n");
> fprintf(stderr, "\tvpnaddr: peer VPN IP\n");
> @@ -1691,7 +1698,7 @@ static void usage(const char *cmd)
> fprintf(stderr, "\tlport: local UDP port to bind to\n");
> fprintf(stderr,
> "\tpeers_file: text file containing one peer per line. Line format:\n");
> - fprintf(stderr, "\t\t<peer_id> <raddr> <rport> <vpnaddr>\n");
> + fprintf(stderr, "\t\t<peer_id> <tx_id> <raddr> <rport> <laddr> <lport> <vpnaddr>\n");
Looks like this is missing similar updates for connect and listen,
based on changes to ovpn_run_cmd and ovpn_parse_cmd_args?
--
Sabrina
next prev parent reply other threads:[~2025-11-27 0:13 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-21 0:20 [RFC net-next 00/13] ovpn: new features + kselftests Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 01/13] selftests: ovpn: allow compiling ovpn-cli.c with mbedtls3 Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 02/13] selftests: ovpn: add notification parsing and matching Antonio Quartulli
2025-11-21 10:56 ` Antonio Quartulli
2025-11-24 15:51 ` Sabrina Dubroca
2025-11-25 10:21 ` Ralf Lici
2025-11-21 0:20 ` [RFC net-next 03/13] ovpn: use correct array size to parse nested attributes in ovpn_nl_key_swap_doit Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 04/13] ovpn: pktid: use bitops.h API Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 05/13] ovpn: notify userspace on client float event Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 06/13] ovpn: add support for asymmetric peer IDs Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 07/13] selftests: ovpn: check asymmetric peer-id Antonio Quartulli
2025-11-27 0:13 ` Sabrina Dubroca [this message]
2025-12-02 16:11 ` Ralf Lici
2025-11-21 0:20 ` [RFC net-next 08/13] selftests: ovpn: add test for the FW mark feature Antonio Quartulli
2025-11-27 11:09 ` Sabrina Dubroca
2025-12-02 16:22 ` Ralf Lici
2025-11-21 0:20 ` [RFC net-next 09/13] ovpn: consolidate crypto allocations in one chunk Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 10/13] ovpn: use bound device in UDP when available Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 11/13] selftests: ovpn: add test for bound device Antonio Quartulli
2025-11-27 11:29 ` Sabrina Dubroca
2025-12-02 16:28 ` Ralf Lici
2025-11-21 0:20 ` [RFC net-next 12/13] ovpn: use bound address in UDP when available Antonio Quartulli
2025-11-21 0:20 ` [RFC net-next 13/13] selftests: ovpn: add test for bound address Antonio Quartulli
2025-11-27 14:34 ` Sabrina Dubroca
2025-12-02 16:34 ` Ralf Lici
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aSeXsX7dwx1YI8Ea@krikkit \
--to=sd@queasysnail.net \
--cc=antonio@openvpn.net \
--cc=kuba@kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=ralf@mandelbit.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).