diff --git a/lnst/Recipes/ENRT/MPTCPRecipe.py b/lnst/Recipes/ENRT/MPTCPRecipe.py index 02ab9e626..e8c29f442 100644 --- a/lnst/Recipes/ENRT/MPTCPRecipe.py +++ b/lnst/Recipes/ENRT/MPTCPRecipe.py @@ -6,7 +6,7 @@ from lnst.Common.IpAddress import interface_addresses from lnst.Controller import HostReq, DeviceReq, RecipeParam from lnst.Controller.Host import Host -from lnst.RecipeCommon.MPTCPManager import MPTCPManager, MPTCPFlags +from lnst.RecipeCommon.MPTCPManager import MPTCPManager from lnst.RecipeCommon.Ping.PingEndpoints import PingEndpoints from lnst.RecipeCommon.endpoints import EndpointPair, IPEndpoint from lnst.Recipes.ENRT.helpers import ip_endpoint_pairs @@ -96,24 +96,38 @@ def test_wide_configuration(self): # Configure endpoints only host1.eth1 if "ipv4" in self.params.ip_versions: - host1.mptcp.add_endpoints(config.ips_for_device(host1.eth1, family=AF_INET), flags=MPTCPFlags.MPTCP_PM_ADDR_FLAG_SUBFLOW) + host1.run( + f"ip mptcp endpoint add {save_addrs[host1.eth1][AF_INET]}" + f" dev {host1.eth1.name} subflow" + ) + # Need route on client side to populate forwarding table host1.run( f"ip route add {self.params.net1_ipv4} dev {host1.eth1.name}" f" via {save_addrs[host2.eth1][AF_INET]} prio 10000" ) - # Need to disable rp_filter on server side - host2.run("sysctl -w net.ipv4.conf.all.rp_filter=0") + + # allow hosts to respond to packets on a different interface + # than the one the packet originated from + for host in hosts: + host.run("sysctl -w net.ipv4.conf.all.rp_filter=0") + host.run(f"sysctl -w net.ipv4.conf.{host.eth0.name}.rp_filter=0") + host.run(f"sysctl -w net.ipv4.conf.{host.eth1.name}.rp_filter=0") if "ipv6" in self.params.ip_versions: - host1.mptcp.add_endpoints(config.ips_for_device(host1.eth1, family=AF_INET6), flags=MPTCPFlags.MPTCP_PM_ADDR_FLAG_SUBFLOW) + host1.run( + f"ip mptcp endpoint add {save_addrs[host1.eth1][AF_INET6]}" + f" dev {host1.eth1.name} subflow" + ) host1.run( f"ip route add {self.params.net1_ipv6} dev {host1.eth1.name}" f" via {save_addrs[host2.eth1][AF_INET6]} prio 10000" ) - # ipv6 doesnt have rp_filter - # Configure limits + # TODO: For IPv6, rp_filter should be disabled via firewalld or ip6tables + # see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_network_access#sect-Security_Guide-Server_Security-Reverse_Path_Forwarding + + # set additional mptcp subflows to 1 host1.mptcp.subflows = 1 host2.mptcp.subflows = 1 @@ -136,17 +150,15 @@ def generate_test_wide_description(self, config: EnrtConfiguration): return desc - def test_wide_deconfiguration(self, config: EnrtConfiguration): - """ - - :param config: - :return: - """ + def test_wide_deconfiguration(self, config: EnrtConfiguration) -> None: for ep_dev in config.configured_devices: ep_dev.netns.mptcp.delete_all() - #reset rp_filter - self.matched.host2.run("sysctl -w net.ipv4.conf.all.rp_filter=1") + # use strict mode + for host in [self.matched.host1, self.matched.host2]: + host.run("sysctl -w net.ipv4.conf.all.rp_filter=1") + host.run(f"sysctl -w net.ipv4.conf.{host.eth0.name}.rp_filter=1") + host.run(f"sysctl -w net.ipv4.conf.{host.eth1.name}.rp_filter=1") super().test_wide_deconfiguration(config) diff --git a/lnst/Recipes/ENRT/MeasurementGenerators/BaseFlowMeasurementGenerator.py b/lnst/Recipes/ENRT/MeasurementGenerators/BaseFlowMeasurementGenerator.py index 20a788564..7a4c51b00 100644 --- a/lnst/Recipes/ENRT/MeasurementGenerators/BaseFlowMeasurementGenerator.py +++ b/lnst/Recipes/ENRT/MeasurementGenerators/BaseFlowMeasurementGenerator.py @@ -147,16 +147,16 @@ def _create_perf_flows( for endpoint_pair in endpoint_pairs: client, server = endpoint_pair for i in range(self.params.perf_parallel_processes): - port = next(port_iter) + server_port = client_port = next(port_iter) flows.append( self._create_perf_flow( perf_test, client.device, client.address, - port, + client_port if perf_test != "mptcp_stream" else None, server.device, server.address, - port, + server_port, msg_size, self.generator_cpupin(i), self.receiver_cpupin(i),