On Thu, Jun 08, 2023 at 07:37:15AM +0200, Mirsad Goran Todorovac wrote:
On 6/7/23 18:51, Guillaume Nault wrote:
On Wed, Jun 07, 2023 at 12:04:52AM +0200, Mirsad Goran Todorovac wrote:
[...] TEST: ping local, VRF bind - ns-A IP [ OK ] TEST: ping local, VRF bind - VRF IP [FAIL] TEST: ping local, VRF bind - loopback [ OK ] TEST: ping local, device bind - ns-A IP [FAIL] TEST: ping local, device bind - VRF IP [ OK ] [...] TEST: ping local, VRF bind - ns-A IP [ OK ] TEST: ping local, VRF bind - VRF IP [FAIL] TEST: ping local, VRF bind - loopback [ OK ] TEST: ping local, device bind - ns-A IP [FAIL] TEST: ping local, device bind - VRF IP [ OK ] [...]
I have the same failures here. They don't seem to be recent. I'll take a look.
Certainly. I thought it might be something architecture-specific?
I have reproduced it also on a Lenovo IdeaPad 3 with Ubuntu 22.10, but on Lenovo desktop with AlmaLinux 8.8 (CentOS fork), the result was "888/888 passed".
I've taken a deeper look at these failures. That's actually a problem in ping. That's probably why you have different results depending on the distribution.
The problem is that, for some versions, 'ping -I netdev ...' doesn't bind the socket to 'netdev' if the IPv4 address to ping is set on that same device. The VRF tests depend on this socket binding, so they fail when ping refuses to bind. That was fixed upstream with commit 92ce8ef21393 ("Revert "ping: do not bind to device when destination IP is on device"") (https://github.com/iputils/iputils/commit/92ce8ef2139353da3bf55fe2280bd4abd2...).
Long story short, the tests should pass with the latest upstream ping version.
Alternatively, you can modify the commands run by fcnal-test.sh and provide the -I option twice: one for setting the device binding and one for setting the source IPv4 address. This way ping should accept to bind its socket.
Something like (not tested):
- run_cmd ping -c1 -w1 -I ${VRF} ${a} + run_cmd ping -c1 -w1 -I ${VRF} -I ${a} ${a} [...] - run_cmd ping -c1 -w1 -I ${NSA_DEV} ${a} + run_cmd ping -c1 -w1 -I ${NSA_DEV} -I ${a} ${a}
However, I have a question:
In the ping + "With VRF" section, the tests with net.ipv4.raw_l3mdev_accept=1 are repeated twice, while "No VRF" section has the versions:
SYSCTL: net.ipv4.raw_l3mdev_accept=0
and
SYSCTL: net.ipv4.raw_l3mdev_accept=1
The same happens with the IPv6 ping tests.
In that case, it could be that we have only 2 actual FAIL cases, because the error is reported twice.
Is this intentional?
I don't know why the non-VRF tests are run once with raw_l3mdev_accept=0 and once with raw_l3mdev_accept=1. Unless I'm missing something, this option shouldn't affect non-VRF users. Maybe the objective is to make sure that it really doesn't affect them. David certainly knows better.
Thanks, Mirsad