Message ID | 20231215-tcp-ao-selftests-v1-3-f6c08180b985@arista.com (mailing list archive) |
---|---|
State | Accepted |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | [01/12] selftests/net: Add TCP-AO library | expand |
On Fri, Dec 15, 2023 at 02:36:17AM +0000, Dmitry Safonov wrote: > Reverse to icmps-discard test: the server accepts ICMPs, using > TCP_AO_CMDF_ACCEPT_ICMP and it is expected to fail under ICMP > flood from client. Test that the default pre-TCP-AO behaviour functions > when TCP_AO_CMDF_ACCEPT_ICMP is set. > > Expected output for ipv4 version (in case it receives ICMP_PROT_UNREACH): > > # ./icmps-accept_ipv4 > > 1..3 > > # 3209[lib/setup.c:166] rand seed 1642623870 > > TAP version 13 > > # 3209[lib/proc.c:207] Snmp6 Ip6InReceives: 0 => 1 > > # 3209[lib/proc.c:207] Snmp6 Ip6InNoRoutes: 0 => 1 > > # 3209[lib/proc.c:207] Snmp6 Ip6InOctets: 0 => 76 > > # 3209[lib/proc.c:207] Snmp6 Ip6InNoECTPkts: 0 => 1 > > # 3209[lib/proc.c:207] Tcp InSegs: 3 => 23 > > # 3209[lib/proc.c:207] Tcp OutSegs: 2 => 22 > > # 3209[lib/proc.c:207] IcmpMsg InType3: 0 => 4 > > # 3209[lib/proc.c:207] Icmp InMsgs: 0 => 4 > > # 3209[lib/proc.c:207] Icmp InDestUnreachs: 0 => 4 > > # 3209[lib/proc.c:207] Ip InReceives: 3 => 27 > > # 3209[lib/proc.c:207] Ip InDelivers: 3 => 27 > > # 3209[lib/proc.c:207] Ip OutRequests: 2 => 22 > > # 3209[lib/proc.c:207] IpExt InOctets: 288 => 3420 > > # 3209[lib/proc.c:207] IpExt OutOctets: 124 => 3244 > > # 3209[lib/proc.c:207] IpExt InNoECTPkts: 3 => 25 > > # 3209[lib/proc.c:207] TcpExt TCPPureAcks: 1 => 2 > > # 3209[lib/proc.c:207] TcpExt TCPOrigDataSent: 0 => 20 > > # 3209[lib/proc.c:207] TcpExt TCPDelivered: 0 => 19 > > # 3209[lib/proc.c:207] TcpExt TCPAOGood: 3 => 23 > > ok 1 InDestUnreachs delivered 4 > > ok 2 server failed with -92: Protocol not available > > ok 3 TCPAODroppedIcmps counter didn't change: 0 >= 0 > > # Totals: pass:3 fail:0 xfail:0 xpass:0 skip:0 error:0 > > Expected output for ipv6 version (in case it receives ADM_PROHIBITED): > > # ./icmps-accept_ipv6 > > 1..3 > > # 3277[lib/setup.c:166] rand seed 1642624035 > > TAP version 13 > > # 3277[lib/proc.c:207] Snmp6 Ip6InReceives: 6 => 31 > > # 3277[lib/proc.c:207] Snmp6 Ip6InDelivers: 4 => 29 > > # 3277[lib/proc.c:207] Snmp6 Ip6OutRequests: 4 => 24 > > # 3277[lib/proc.c:207] Snmp6 Ip6InOctets: 592 => 4492 > > # 3277[lib/proc.c:207] Snmp6 Ip6OutOctets: 332 => 3852 > > # 3277[lib/proc.c:207] Snmp6 Ip6InNoECTPkts: 6 => 31 > > # 3277[lib/proc.c:207] Snmp6 Icmp6InMsgs: 1 => 6 > > # 3277[lib/proc.c:207] Snmp6 Icmp6InDestUnreachs: 0 => 5 > > # 3277[lib/proc.c:207] Snmp6 Icmp6InType1: 0 => 5 > > # 3277[lib/proc.c:207] Tcp InSegs: 3 => 23 > > # 3277[lib/proc.c:207] Tcp OutSegs: 2 => 22 > > # 3277[lib/proc.c:207] TcpExt TCPPureAcks: 1 => 2 > > # 3277[lib/proc.c:207] TcpExt TCPOrigDataSent: 0 => 20 > > # 3277[lib/proc.c:207] TcpExt TCPDelivered: 0 => 19 > > # 3277[lib/proc.c:207] TcpExt TCPAOGood: 3 => 23 > > ok 1 Icmp6InDestUnreachs delivered 5 > > ok 2 server failed with -13: Permission denied > > ok 3 TCPAODroppedIcmps counter didn't change: 0 >= 0 > > # Totals: pass:3 fail:0 xfail:0 xpass:0 skip:0 error:0 > > With some luck the server may fail with ECONNREFUSED (depending on what > icmp packet was delivered firstly). > For the kernel error handlers see: tab_unreach[] and icmp_err_convert[]. > > Signed-off-by: Dmitry Safonov <dima@arista.com> Tested-by: Hangbin Liu <liuhangbin@gmail.com>
diff --git a/tools/testing/selftests/net/tcp_ao/Makefile b/tools/testing/selftests/net/tcp_ao/Makefile index 0fc5db59be0c..7bf61b167ec5 100644 --- a/tools/testing/selftests/net/tcp_ao/Makefile +++ b/tools/testing/selftests/net/tcp_ao/Makefile @@ -1,6 +1,6 @@ # SPDX-License-Identifier: GPL-2.0 TEST_BOTH_AF := connect -TEST_BOTH_AF += icmps-discard +TEST_BOTH_AF += icmps-accept icmps-discard TEST_IPV4_PROGS := $(TEST_BOTH_AF:%=%_ipv4) TEST_IPV6_PROGS := $(TEST_BOTH_AF:%=%_ipv6) @@ -44,3 +44,5 @@ $(OUTPUT)/%_ipv4: %.c $(OUTPUT)/%_ipv6: %.c $(LINK.c) -DIPV6_TEST $^ $(LDLIBS) -o $@ +$(OUTPUT)/icmps-accept_ipv4: CFLAGS+= -DTEST_ICMPS_ACCEPT +$(OUTPUT)/icmps-accept_ipv6: CFLAGS+= -DTEST_ICMPS_ACCEPT diff --git a/tools/testing/selftests/net/tcp_ao/icmps-accept.c b/tools/testing/selftests/net/tcp_ao/icmps-accept.c new file mode 120000 index 000000000000..0a5bb85eb260 --- /dev/null +++ b/tools/testing/selftests/net/tcp_ao/icmps-accept.c @@ -0,0 +1 @@ +icmps-discard.c \ No newline at end of file diff --git a/tools/testing/selftests/net/tcp_ao/icmps-discard.c b/tools/testing/selftests/net/tcp_ao/icmps-discard.c index d77c791754de..d69bcba3c929 100644 --- a/tools/testing/selftests/net/tcp_ao/icmps-discard.c +++ b/tools/testing/selftests/net/tcp_ao/icmps-discard.c @@ -39,8 +39,14 @@ const int sk_ip_level = SOL_IP; const int sk_recverr = IP_RECVERR; #endif -#define test_icmps_fail test_fail -#define test_icmps_ok test_ok +/* Server is expected to fail with hard error if ::accept_icmp is set */ +#ifdef TEST_ICMPS_ACCEPT +# define test_icmps_fail test_ok +# define test_icmps_ok test_fail +#else +# define test_icmps_fail test_fail +# define test_icmps_ok test_ok +#endif static void serve_interfered(int sk) { @@ -84,7 +90,11 @@ static void serve_interfered(int sk) test_fail("Not found %s counter", tcpao_icmps); return; } +#ifdef TEST_ICMPS_ACCEPT + test_tcp_ao_counters_cmp(NULL, &ao_cnt1, &ao_cnt2, TEST_CNT_GOOD); +#else test_tcp_ao_counters_cmp(NULL, &ao_cnt1, &ao_cnt2, TEST_CNT_GOOD | TEST_CNT_AO_DROPPED_ICMP); +#endif if (icmp_ignored_a >= icmp_ignored_b) { test_icmps_fail("%s counter didn't change: %" PRIu64 " >= %" PRIu64, tcpao_icmps, icmp_ignored_a, icmp_ignored_b); @@ -95,11 +105,15 @@ static void serve_interfered(int sk) static void *server_fn(void *arg) { - int val, err, sk, lsk; + int val, sk, lsk; bool accept_icmps = false; lsk = test_listen_socket(this_ip_addr, test_server_port, 1); +#ifdef TEST_ICMPS_ACCEPT + accept_icmps = true; +#endif + if (test_set_ao_flags(lsk, false, accept_icmps)) test_error("setsockopt(TCP_AO_INFO)"); @@ -107,10 +121,7 @@ static void *server_fn(void *arg) test_error("setsockopt(TCP_AO_ADD_KEY)"); synchronize_threads(); - err = test_wait_fd(lsk, TEST_TIMEOUT_SEC, 0); - if (!err) - test_error("timeouted for accept()"); - else if (err < 0) + if (test_wait_fd(lsk, TEST_TIMEOUT_SEC, 0)) test_error("test_wait_fd()"); sk = accept(lsk, NULL, NULL);