diff mbox series

[03/12] selftests/net: Add TCP-AO ICMPs accept test

Message ID 20231215-tcp-ao-selftests-v1-3-f6c08180b985@arista.com (mailing list archive)
State Accepted
Delegated to: Netdev Maintainers
Headers show
Series [01/12] selftests/net: Add TCP-AO library | expand

Checks

Context Check Description
netdev/series_format warning Series does not have a cover letter
netdev/tree_selection success Guessed tree name to be net-next, async
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 8 this patch: 8
netdev/cc_maintainers success CCed 7 of 7 maintainers
netdev/build_clang success Errors and warnings before: 8 this patch: 8
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 8 this patch: 8
netdev/checkpatch warning CHECK: spaces preferred around that '-' (ctx:VxV) WARNING: Missing or malformed SPDX-License-Identifier tag in line 1 WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? WARNING: adding a line without newline at end of file
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Dmitry Safonov Dec. 15, 2023, 2:36 a.m. UTC
Reverse to icmps-discard test: the server accepts ICMPs, using
TCP_AO_CMDF_ACCEPT_ICMP and it is expected to fail under ICMP
flood from client. Test that the default pre-TCP-AO behaviour functions
when TCP_AO_CMDF_ACCEPT_ICMP is set.

Expected output for ipv4 version (in case it receives ICMP_PROT_UNREACH):
> # ./icmps-accept_ipv4
> 1..3
> # 3209[lib/setup.c:166] rand seed 1642623870
> TAP version 13
> # 3209[lib/proc.c:207]    Snmp6             Ip6InReceives: 0 => 1
> # 3209[lib/proc.c:207]    Snmp6             Ip6InNoRoutes: 0 => 1
> # 3209[lib/proc.c:207]    Snmp6               Ip6InOctets: 0 => 76
> # 3209[lib/proc.c:207]    Snmp6            Ip6InNoECTPkts: 0 => 1
> # 3209[lib/proc.c:207]      Tcp                    InSegs: 3 => 23
> # 3209[lib/proc.c:207]      Tcp                   OutSegs: 2 => 22
> # 3209[lib/proc.c:207]  IcmpMsg                   InType3: 0 => 4
> # 3209[lib/proc.c:207]     Icmp                    InMsgs: 0 => 4
> # 3209[lib/proc.c:207]     Icmp            InDestUnreachs: 0 => 4
> # 3209[lib/proc.c:207]       Ip                InReceives: 3 => 27
> # 3209[lib/proc.c:207]       Ip                InDelivers: 3 => 27
> # 3209[lib/proc.c:207]       Ip               OutRequests: 2 => 22
> # 3209[lib/proc.c:207]    IpExt                  InOctets: 288 => 3420
> # 3209[lib/proc.c:207]    IpExt                 OutOctets: 124 => 3244
> # 3209[lib/proc.c:207]    IpExt               InNoECTPkts: 3 => 25
> # 3209[lib/proc.c:207]   TcpExt               TCPPureAcks: 1 => 2
> # 3209[lib/proc.c:207]   TcpExt           TCPOrigDataSent: 0 => 20
> # 3209[lib/proc.c:207]   TcpExt              TCPDelivered: 0 => 19
> # 3209[lib/proc.c:207]   TcpExt                 TCPAOGood: 3 => 23
> ok 1 InDestUnreachs delivered 4
> ok 2 server failed with -92: Protocol not available
> ok 3 TCPAODroppedIcmps counter didn't change: 0 >= 0
> # Totals: pass:3 fail:0 xfail:0 xpass:0 skip:0 error:0

Expected output for ipv6 version (in case it receives ADM_PROHIBITED):
> # ./icmps-accept_ipv6
> 1..3
> # 3277[lib/setup.c:166] rand seed 1642624035
> TAP version 13
> # 3277[lib/proc.c:207]    Snmp6             Ip6InReceives: 6 => 31
> # 3277[lib/proc.c:207]    Snmp6             Ip6InDelivers: 4 => 29
> # 3277[lib/proc.c:207]    Snmp6            Ip6OutRequests: 4 => 24
> # 3277[lib/proc.c:207]    Snmp6               Ip6InOctets: 592 => 4492
> # 3277[lib/proc.c:207]    Snmp6              Ip6OutOctets: 332 => 3852
> # 3277[lib/proc.c:207]    Snmp6            Ip6InNoECTPkts: 6 => 31
> # 3277[lib/proc.c:207]    Snmp6               Icmp6InMsgs: 1 => 6
> # 3277[lib/proc.c:207]    Snmp6       Icmp6InDestUnreachs: 0 => 5
> # 3277[lib/proc.c:207]    Snmp6              Icmp6InType1: 0 => 5
> # 3277[lib/proc.c:207]      Tcp                    InSegs: 3 => 23
> # 3277[lib/proc.c:207]      Tcp                   OutSegs: 2 => 22
> # 3277[lib/proc.c:207]   TcpExt               TCPPureAcks: 1 => 2
> # 3277[lib/proc.c:207]   TcpExt           TCPOrigDataSent: 0 => 20
> # 3277[lib/proc.c:207]   TcpExt              TCPDelivered: 0 => 19
> # 3277[lib/proc.c:207]   TcpExt                 TCPAOGood: 3 => 23
> ok 1 Icmp6InDestUnreachs delivered 5
> ok 2 server failed with -13: Permission denied
> ok 3 TCPAODroppedIcmps counter didn't change: 0 >= 0
> # Totals: pass:3 fail:0 xfail:0 xpass:0 skip:0 error:0

With some luck the server may fail with ECONNREFUSED (depending on what
icmp packet was delivered firstly).
For the kernel error handlers see: tab_unreach[] and icmp_err_convert[].

Signed-off-by: Dmitry Safonov <dima@arista.com>
---
 tools/testing/selftests/net/tcp_ao/Makefile        |  4 +++-
 tools/testing/selftests/net/tcp_ao/icmps-accept.c  |  1 +
 tools/testing/selftests/net/tcp_ao/icmps-discard.c | 25 ++++++++++++++++------
 3 files changed, 22 insertions(+), 8 deletions(-)

Comments

Hangbin Liu Dec. 18, 2023, 9:04 a.m. UTC | #1
On Fri, Dec 15, 2023 at 02:36:17AM +0000, Dmitry Safonov wrote:
> Reverse to icmps-discard test: the server accepts ICMPs, using
> TCP_AO_CMDF_ACCEPT_ICMP and it is expected to fail under ICMP
> flood from client. Test that the default pre-TCP-AO behaviour functions
> when TCP_AO_CMDF_ACCEPT_ICMP is set.
> 
> Expected output for ipv4 version (in case it receives ICMP_PROT_UNREACH):
> > # ./icmps-accept_ipv4
> > 1..3
> > # 3209[lib/setup.c:166] rand seed 1642623870
> > TAP version 13
> > # 3209[lib/proc.c:207]    Snmp6             Ip6InReceives: 0 => 1
> > # 3209[lib/proc.c:207]    Snmp6             Ip6InNoRoutes: 0 => 1
> > # 3209[lib/proc.c:207]    Snmp6               Ip6InOctets: 0 => 76
> > # 3209[lib/proc.c:207]    Snmp6            Ip6InNoECTPkts: 0 => 1
> > # 3209[lib/proc.c:207]      Tcp                    InSegs: 3 => 23
> > # 3209[lib/proc.c:207]      Tcp                   OutSegs: 2 => 22
> > # 3209[lib/proc.c:207]  IcmpMsg                   InType3: 0 => 4
> > # 3209[lib/proc.c:207]     Icmp                    InMsgs: 0 => 4
> > # 3209[lib/proc.c:207]     Icmp            InDestUnreachs: 0 => 4
> > # 3209[lib/proc.c:207]       Ip                InReceives: 3 => 27
> > # 3209[lib/proc.c:207]       Ip                InDelivers: 3 => 27
> > # 3209[lib/proc.c:207]       Ip               OutRequests: 2 => 22
> > # 3209[lib/proc.c:207]    IpExt                  InOctets: 288 => 3420
> > # 3209[lib/proc.c:207]    IpExt                 OutOctets: 124 => 3244
> > # 3209[lib/proc.c:207]    IpExt               InNoECTPkts: 3 => 25
> > # 3209[lib/proc.c:207]   TcpExt               TCPPureAcks: 1 => 2
> > # 3209[lib/proc.c:207]   TcpExt           TCPOrigDataSent: 0 => 20
> > # 3209[lib/proc.c:207]   TcpExt              TCPDelivered: 0 => 19
> > # 3209[lib/proc.c:207]   TcpExt                 TCPAOGood: 3 => 23
> > ok 1 InDestUnreachs delivered 4
> > ok 2 server failed with -92: Protocol not available
> > ok 3 TCPAODroppedIcmps counter didn't change: 0 >= 0
> > # Totals: pass:3 fail:0 xfail:0 xpass:0 skip:0 error:0
> 
> Expected output for ipv6 version (in case it receives ADM_PROHIBITED):
> > # ./icmps-accept_ipv6
> > 1..3
> > # 3277[lib/setup.c:166] rand seed 1642624035
> > TAP version 13
> > # 3277[lib/proc.c:207]    Snmp6             Ip6InReceives: 6 => 31
> > # 3277[lib/proc.c:207]    Snmp6             Ip6InDelivers: 4 => 29
> > # 3277[lib/proc.c:207]    Snmp6            Ip6OutRequests: 4 => 24
> > # 3277[lib/proc.c:207]    Snmp6               Ip6InOctets: 592 => 4492
> > # 3277[lib/proc.c:207]    Snmp6              Ip6OutOctets: 332 => 3852
> > # 3277[lib/proc.c:207]    Snmp6            Ip6InNoECTPkts: 6 => 31
> > # 3277[lib/proc.c:207]    Snmp6               Icmp6InMsgs: 1 => 6
> > # 3277[lib/proc.c:207]    Snmp6       Icmp6InDestUnreachs: 0 => 5
> > # 3277[lib/proc.c:207]    Snmp6              Icmp6InType1: 0 => 5
> > # 3277[lib/proc.c:207]      Tcp                    InSegs: 3 => 23
> > # 3277[lib/proc.c:207]      Tcp                   OutSegs: 2 => 22
> > # 3277[lib/proc.c:207]   TcpExt               TCPPureAcks: 1 => 2
> > # 3277[lib/proc.c:207]   TcpExt           TCPOrigDataSent: 0 => 20
> > # 3277[lib/proc.c:207]   TcpExt              TCPDelivered: 0 => 19
> > # 3277[lib/proc.c:207]   TcpExt                 TCPAOGood: 3 => 23
> > ok 1 Icmp6InDestUnreachs delivered 5
> > ok 2 server failed with -13: Permission denied
> > ok 3 TCPAODroppedIcmps counter didn't change: 0 >= 0
> > # Totals: pass:3 fail:0 xfail:0 xpass:0 skip:0 error:0
> 
> With some luck the server may fail with ECONNREFUSED (depending on what
> icmp packet was delivered firstly).
> For the kernel error handlers see: tab_unreach[] and icmp_err_convert[].
> 
> Signed-off-by: Dmitry Safonov <dima@arista.com>

Tested-by: Hangbin Liu <liuhangbin@gmail.com>
diff mbox series

Patch

diff --git a/tools/testing/selftests/net/tcp_ao/Makefile b/tools/testing/selftests/net/tcp_ao/Makefile
index 0fc5db59be0c..7bf61b167ec5 100644
--- a/tools/testing/selftests/net/tcp_ao/Makefile
+++ b/tools/testing/selftests/net/tcp_ao/Makefile
@@ -1,6 +1,6 @@ 
 # SPDX-License-Identifier: GPL-2.0
 TEST_BOTH_AF := connect
-TEST_BOTH_AF += icmps-discard
+TEST_BOTH_AF += icmps-accept icmps-discard
 
 TEST_IPV4_PROGS := $(TEST_BOTH_AF:%=%_ipv4)
 TEST_IPV6_PROGS := $(TEST_BOTH_AF:%=%_ipv6)
@@ -44,3 +44,5 @@  $(OUTPUT)/%_ipv4: %.c
 $(OUTPUT)/%_ipv6: %.c
 	$(LINK.c) -DIPV6_TEST $^ $(LDLIBS) -o $@
 
+$(OUTPUT)/icmps-accept_ipv4: CFLAGS+= -DTEST_ICMPS_ACCEPT
+$(OUTPUT)/icmps-accept_ipv6: CFLAGS+= -DTEST_ICMPS_ACCEPT
diff --git a/tools/testing/selftests/net/tcp_ao/icmps-accept.c b/tools/testing/selftests/net/tcp_ao/icmps-accept.c
new file mode 120000
index 000000000000..0a5bb85eb260
--- /dev/null
+++ b/tools/testing/selftests/net/tcp_ao/icmps-accept.c
@@ -0,0 +1 @@ 
+icmps-discard.c
\ No newline at end of file
diff --git a/tools/testing/selftests/net/tcp_ao/icmps-discard.c b/tools/testing/selftests/net/tcp_ao/icmps-discard.c
index d77c791754de..d69bcba3c929 100644
--- a/tools/testing/selftests/net/tcp_ao/icmps-discard.c
+++ b/tools/testing/selftests/net/tcp_ao/icmps-discard.c
@@ -39,8 +39,14 @@  const int sk_ip_level	= SOL_IP;
 const int sk_recverr	= IP_RECVERR;
 #endif
 
-#define test_icmps_fail test_fail
-#define test_icmps_ok test_ok
+/* Server is expected to fail with hard error if ::accept_icmp is set */
+#ifdef TEST_ICMPS_ACCEPT
+# define test_icmps_fail test_ok
+# define test_icmps_ok test_fail
+#else
+# define test_icmps_fail test_fail
+# define test_icmps_ok test_ok
+#endif
 
 static void serve_interfered(int sk)
 {
@@ -84,7 +90,11 @@  static void serve_interfered(int sk)
 		test_fail("Not found %s counter", tcpao_icmps);
 		return;
 	}
+#ifdef TEST_ICMPS_ACCEPT
+	test_tcp_ao_counters_cmp(NULL, &ao_cnt1, &ao_cnt2, TEST_CNT_GOOD);
+#else
 	test_tcp_ao_counters_cmp(NULL, &ao_cnt1, &ao_cnt2, TEST_CNT_GOOD | TEST_CNT_AO_DROPPED_ICMP);
+#endif
 	if (icmp_ignored_a >= icmp_ignored_b) {
 		test_icmps_fail("%s counter didn't change: %" PRIu64 " >= %" PRIu64,
 				tcpao_icmps, icmp_ignored_a, icmp_ignored_b);
@@ -95,11 +105,15 @@  static void serve_interfered(int sk)
 
 static void *server_fn(void *arg)
 {
-	int val, err, sk, lsk;
+	int val, sk, lsk;
 	bool accept_icmps = false;
 
 	lsk = test_listen_socket(this_ip_addr, test_server_port, 1);
 
+#ifdef TEST_ICMPS_ACCEPT
+	accept_icmps = true;
+#endif
+
 	if (test_set_ao_flags(lsk, false, accept_icmps))
 		test_error("setsockopt(TCP_AO_INFO)");
 
@@ -107,10 +121,7 @@  static void *server_fn(void *arg)
 		test_error("setsockopt(TCP_AO_ADD_KEY)");
 	synchronize_threads();
 
-	err = test_wait_fd(lsk, TEST_TIMEOUT_SEC, 0);
-	if (!err)
-		test_error("timeouted for accept()");
-	else if (err < 0)
+	if (test_wait_fd(lsk, TEST_TIMEOUT_SEC, 0))
 		test_error("test_wait_fd()");
 
 	sk = accept(lsk, NULL, NULL);