update kernel to 5.10.198

hc

2024-01-03 2f7c68cb55ecb7331f2381deb497c27155f32faf

 kernel/tools/testing/selftests/wireguard/netns.sh
..
..
@@ -39,7 +39,7 @@
39
39
 ip1() { pretty 1 "ip $*"; ip -n $netns1 "$@"; }
40
40
 ip2() { pretty 2 "ip $*"; ip -n $netns2 "$@"; }
41
41
 sleep() { read -t "$1" -N 1 || true; }
42
-waitiperf() { pretty "${1//*-}" "wait for iperf:5201 pid $2"; while [[ $(ss -N "$1" -tlpH 'sport = 5201') != *\"iperf3\",pid=$2,fd=* ]]; do sleep 0.1; done; }
42
+waitiperf() { pretty "${1//*-}" "wait for iperf:${3:-5201} pid $2"; while [[ $(ss -N "$1" -tlpH "sport = ${3:-5201}") != *\"iperf3\",pid=$2,fd=* ]]; do sleep 0.1; done; }
43
43
 waitncatudp() { pretty "${1//*-}" "wait for udp:1111 pid $2"; while [[ $(ss -N "$1" -ulpH 'sport = 1111') != *\"ncat\",pid=$2,fd=* ]]; do sleep 0.1; done; }
44
44
 waitiface() { pretty "${1//*-}" "wait for $2 to come up"; ip netns exec "$1" bash -c "while [[ \$(< \"/sys/class/net/$2/operstate\") != up ]]; do read -t .1 -N 0 || true; done;"; }
45
45
 
..
..
@@ -141,6 +141,19 @@
141
141
 	n2 iperf3 -s -1 -B fd00::2 &
142
142
 	waitiperf $netns2 $!
143
143
 	n1 iperf3 -Z -t 3 -b 0 -u -c fd00::2
144
+
145
+	# TCP over IPv4, in parallel
146
+	for max in 4 5 50; do
147
+		local pids=( )
148
+		for ((i=0; i < max; ++i)) do
149
+			n2 iperf3 -p $(( 5200 + i )) -s -1 -B 192.168.241.2 &
150
+			pids+=( $! ); waitiperf $netns2 $! $(( 5200 + i ))
151
+		done
152
+		for ((i=0; i < max; ++i)) do
153
+			n1 iperf3 -Z -t 3 -p $(( 5200 + i )) -c 192.168.241.2 &
154
+		done
155
+		wait "${pids[@]}"
156
+	done
144
157
 }
145
158
 
146
159
 [[ $(ip1 link show dev wg0) =~ mtu\ ([0-9]+) ]] && orig_mtu="${BASH_REMATCH[1]}"
..
..
@@ -263,7 +276,11 @@
263
276
 n1 wg set wg0 peer "$pub2" endpoint 192.168.241.2:7
264
277
 ip2 link del wg0
265
278
 ip2 link del wg1
266
-! n0 ping -W 1 -c 10 -f 192.168.241.2 || false # Should not crash kernel
279
+read _ _ tx_bytes_before < <(n0 wg show wg1 transfer)
280
+! n0 ping -W 1 -c 10 -f 192.168.241.2 || false
281
+sleep 1
282
+read _ _ tx_bytes_after < <(n0 wg show wg1 transfer)
283
+(( tx_bytes_after - tx_bytes_before < 70000 ))
267
284
 
268
285
 ip0 link del wg1
269
286
 ip1 link del wg0
..
..
@@ -316,6 +333,14 @@
316
333
 n2 ping -W 1 -c 1 192.168.241.1
317
334
 n1 wg set wg0 peer "$pub2" persistent-keepalive 0
318
335
 
336
+# Test that sk_bound_dev_if works
337
+n1 ping -I wg0 -c 1 -W 1 192.168.241.2
338
+# What about when the mark changes and the packet must be rerouted?
339
+n1 iptables -t mangle -I OUTPUT -j MARK --set-xmark 1
340
+n1 ping -c 1 -W 1 192.168.241.2 # First the boring case
341
+n1 ping -I wg0 -c 1 -W 1 192.168.241.2 # Then the sk_bound_dev_if case
342
+n1 iptables -t mangle -D OUTPUT -j MARK --set-xmark 1
343
+
319
344
 # Test that onion routing works, even when it loops
320
345
 n1 wg set wg0 peer "$pub3" allowed-ips 192.168.242.2/32 endpoint 192.168.241.2:5
321
346
 ip1 addr add 192.168.242.1/24 dev wg0
..
..
@@ -342,6 +367,7 @@
342
367
 ip1 -4 route add default dev wg0 table 51820
343
368
 ip1 -4 rule add not fwmark 51820 table 51820
344
369
 ip1 -4 rule add table main suppress_prefixlength 0
370
+n1 bash -c 'printf 0 > /proc/sys/net/ipv4/conf/vethc/rp_filter'
345
371
 # Flood the pings instead of sending just one, to trigger routing table reference counting bugs.
346
372
 n1 ping -W 1 -c 100 -f 192.168.99.7
347
373
 n1 ping -W 1 -c 100 -f abab::1111
..
..
@@ -476,10 +502,32 @@
476
502
 n1 ping -W 1 -c 1 192.168.241.2
477
503
 [[ $(n2 wg show wg0 endpoints) == "$pub1	10.0.0.3:1" ]]
478
504
 
479
-ip1 link del veth1
480
-ip1 link del veth3
481
-ip1 link del wg0
482
-ip2 link del wg0
505
+ip1 link del dev veth3
506
+ip1 link del dev wg0
507
+ip2 link del dev wg0
508
+
509
+# Make sure persistent keep alives are sent when an adapter comes up
510
+ip1 link add dev wg0 type wireguard
511
+n1 wg set wg0 private-key <(echo "$key1") peer "$pub2" endpoint 10.0.0.1:1 persistent-keepalive 1
512
+read _ _ tx_bytes < <(n1 wg show wg0 transfer)
513
+[[ $tx_bytes -eq 0 ]]
514
+ip1 link set dev wg0 up
515
+read _ _ tx_bytes < <(n1 wg show wg0 transfer)
516
+[[ $tx_bytes -gt 0 ]]
517
+ip1 link del dev wg0
518
+# This should also happen even if the private key is set later
519
+ip1 link add dev wg0 type wireguard
520
+n1 wg set wg0 peer "$pub2" endpoint 10.0.0.1:1 persistent-keepalive 1
521
+read _ _ tx_bytes < <(n1 wg show wg0 transfer)
522
+[[ $tx_bytes -eq 0 ]]
523
+ip1 link set dev wg0 up
524
+read _ _ tx_bytes < <(n1 wg show wg0 transfer)
525
+[[ $tx_bytes -eq 0 ]]
526
+n1 wg set wg0 private-key <(echo "$key1")
527
+read _ _ tx_bytes < <(n1 wg show wg0 transfer)
528
+[[ $tx_bytes -gt 0 ]]
529
+ip1 link del dev veth1
530
+ip1 link del dev wg0
483
531
 
484
532
 # We test that Netlink/IPC is working properly by doing things that usually cause split responses
485
533
 ip0 link add dev wg0 type wireguard
..
..
@@ -587,6 +635,28 @@
587
635
 kill $ncat_pid
588
636
 ip0 link del wg0
589
637
 
638
+# Ensure that dst_cache references don't outlive netns lifetime
639
+ip1 link add dev wg0 type wireguard
640
+ip2 link add dev wg0 type wireguard
641
+configure_peers
642
+ip1 link add veth1 type veth peer name veth2
643
+ip1 link set veth2 netns $netns2
644
+ip1 addr add fd00:aa::1/64 dev veth1
645
+ip2 addr add fd00:aa::2/64 dev veth2
646
+ip1 link set veth1 up
647
+ip2 link set veth2 up
648
+waitiface $netns1 veth1
649
+waitiface $netns2 veth2
650
+ip1 -6 route add default dev veth1 via fd00:aa::2
651
+ip2 -6 route add default dev veth2 via fd00:aa::1
652
+n1 wg set wg0 peer "$pub2" endpoint [fd00:aa::2]:2
653
+n2 wg set wg0 peer "$pub1" endpoint [fd00:aa::1]:1
654
+n1 ping6 -c 1 fd00::2
655
+pp ip netns delete $netns1
656
+pp ip netns delete $netns2
657
+pp ip netns add $netns1
658
+pp ip netns add $netns2
659
+
590
660
 # Ensure there aren't circular reference loops
591
661
 ip1 link add wg1 type wireguard
592
662
 ip2 link add wg2 type wireguard
..
..
@@ -605,7 +675,7 @@
605
675
 done < /dev/kmsg
606
676
 alldeleted=1
607
677
 for object in "${!objects[@]}"; do
608
-	if [[ ${objects["$object"]} != *createddestroyed ]]; then
678
+	if [[ ${objects["$object"]} != *createddestroyed && ${objects["$object"]} != *createdcreateddestroyeddestroyed ]]; then
609
679
 		echo "Error: $object: merely ${objects["$object"]}" >&3
610
680
 		alldeleted=0
611
681
 	fi