korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-16 02:44:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

selftests/net: Add TCP-AO ICMPs accept test

Browse Source 
Reverse to icmps-discard test: the server accepts ICMPs, using
TCP_AO_CMDF_ACCEPT_ICMP and it is expected to fail under ICMP
flood from client. Test that the default pre-TCP-AO behaviour functions
when TCP_AO_CMDF_ACCEPT_ICMP is set.

Expected output for ipv4 version (in case it receives ICMP_PROT_UNREACH):
> # ./icmps-accept_ipv4
> 1..3
> # 3209[lib/setup.c:166] rand seed 1642623870
> TAP version 13
> # 3209[lib/proc.c:207]    Snmp6             Ip6InReceives: 0 => 1
> # 3209[lib/proc.c:207]    Snmp6             Ip6InNoRoutes: 0 => 1
> # 3209[lib/proc.c:207]    Snmp6               Ip6InOctets: 0 => 76
> # 3209[lib/proc.c:207]    Snmp6            Ip6InNoECTPkts: 0 => 1
> # 3209[lib/proc.c:207]      Tcp                    InSegs: 3 => 23
> # 3209[lib/proc.c:207]      Tcp                   OutSegs: 2 => 22
> # 3209[lib/proc.c:207]  IcmpMsg                   InType3: 0 => 4
> # 3209[lib/proc.c:207]     Icmp                    InMsgs: 0 => 4
> # 3209[lib/proc.c:207]     Icmp            InDestUnreachs: 0 => 4
> # 3209[lib/proc.c:207]       Ip                InReceives: 3 => 27
> # 3209[lib/proc.c:207]       Ip                InDelivers: 3 => 27
> # 3209[lib/proc.c:207]       Ip               OutRequests: 2 => 22
> # 3209[lib/proc.c:207]    IpExt                  InOctets: 288 => 3420
> # 3209[lib/proc.c:207]    IpExt                 OutOctets: 124 => 3244
> # 3209[lib/proc.c:207]    IpExt               InNoECTPkts: 3 => 25
> # 3209[lib/proc.c:207]   TcpExt               TCPPureAcks: 1 => 2
> # 3209[lib/proc.c:207]   TcpExt           TCPOrigDataSent: 0 => 20
> # 3209[lib/proc.c:207]   TcpExt              TCPDelivered: 0 => 19
> # 3209[lib/proc.c:207]   TcpExt                 TCPAOGood: 3 => 23
> ok 1 InDestUnreachs delivered 4
> ok 2 server failed with -92: Protocol not available
> ok 3 TCPAODroppedIcmps counter didn't change: 0 >= 0
> # Totals: pass:3 fail:0 xfail:0 xpass:0 skip:0 error:0

Expected output for ipv6 version (in case it receives ADM_PROHIBITED):
> # ./icmps-accept_ipv6
> 1..3
> # 3277[lib/setup.c:166] rand seed 1642624035
> TAP version 13
> # 3277[lib/proc.c:207]    Snmp6             Ip6InReceives: 6 => 31
> # 3277[lib/proc.c:207]    Snmp6             Ip6InDelivers: 4 => 29
> # 3277[lib/proc.c:207]    Snmp6            Ip6OutRequests: 4 => 24
> # 3277[lib/proc.c:207]    Snmp6               Ip6InOctets: 592 => 4492
> # 3277[lib/proc.c:207]    Snmp6              Ip6OutOctets: 332 => 3852
> # 3277[lib/proc.c:207]    Snmp6            Ip6InNoECTPkts: 6 => 31
> # 3277[lib/proc.c:207]    Snmp6               Icmp6InMsgs: 1 => 6
> # 3277[lib/proc.c:207]    Snmp6       Icmp6InDestUnreachs: 0 => 5
> # 3277[lib/proc.c:207]    Snmp6              Icmp6InType1: 0 => 5
> # 3277[lib/proc.c:207]      Tcp                    InSegs: 3 => 23
> # 3277[lib/proc.c:207]      Tcp                   OutSegs: 2 => 22
> # 3277[lib/proc.c:207]   TcpExt               TCPPureAcks: 1 => 2
> # 3277[lib/proc.c:207]   TcpExt           TCPOrigDataSent: 0 => 20
> # 3277[lib/proc.c:207]   TcpExt              TCPDelivered: 0 => 19
> # 3277[lib/proc.c:207]   TcpExt                 TCPAOGood: 3 => 23
> ok 1 Icmp6InDestUnreachs delivered 5
> ok 2 server failed with -13: Permission denied
> ok 3 TCPAODroppedIcmps counter didn't change: 0 >= 0
> # Totals: pass:3 fail:0 xfail:0 xpass:0 skip:0 error:0

With some luck the server may fail with ECONNREFUSED (depending on what
icmp packet was delivered firstly).
For the kernel error handlers see: tab_unreach[] and icmp_err_convert[].

Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Dmitry Safonov 2023-12-15 02:36:17 +00:00 committed by David S. Miller
parent a8fcf8ca14
commit d11301f659
3 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tools/testing/selftests/net/tcp_ao/Makefile
View File

@ -1,6 +1,6 @@
# SPDX-License-Identifier: GPL-2.0 # SPDX-License-Identifier: GPL-2.0
TEST_BOTH_AF := connect TEST_BOTH_AF := connect
TEST_BOTH_AF += icmps-discard TEST_BOTH_AF += icmps-accept icmps-discard
TEST_IPV4_PROGS := $(TEST_BOTH_AF:%=%_ipv4) TEST_IPV4_PROGS := $(TEST_BOTH_AF:%=%_ipv4)
TEST_IPV6_PROGS := $(TEST_BOTH_AF:%=%_ipv6) TEST_IPV6_PROGS := $(TEST_BOTH_AF:%=%_ipv6)
@ -44,3 +44,5 @@ $(OUTPUT)/%_ipv4: %.c
$(OUTPUT)/%_ipv6: %.c $(OUTPUT)/%_ipv6: %.c
$(LINK.c) -DIPV6_TEST $^ $(LDLIBS) -o $@ $(LINK.c) -DIPV6_TEST $^ $(LDLIBS) -o $@
$(OUTPUT)/icmps-accept_ipv4: CFLAGS+= -DTEST_ICMPS_ACCEPT
$(OUTPUT)/icmps-accept_ipv6: CFLAGS+= -DTEST_ICMPS_ACCEPT

1
tools/testing/selftests/net/tcp_ao/icmps-accept.c Symbolic link
View File

@ -0,0 +1 @@
icmps-discard.c

25
tools/testing/selftests/net/tcp_ao/icmps-discard.c
View File

@ -39,8 +39,14 @@ const int sk_ip_level = SOL_IP;
const int sk_recverr = IP_RECVERR; const int sk_recverr = IP_RECVERR;
#endif #endif
#define test_icmps_fail test_fail /* Server is expected to fail with hard error if ::accept_icmp is set */
#define test_icmps_ok test_ok #ifdef TEST_ICMPS_ACCEPT
# define test_icmps_fail test_ok
# define test_icmps_ok test_fail
#else
# define test_icmps_fail test_fail
# define test_icmps_ok test_ok
#endif
static void serve_interfered(int sk) static void serve_interfered(int sk)
{ {
@ -84,7 +90,11 @@ static void serve_interfered(int sk)
test_fail("Not found %s counter", tcpao_icmps); test_fail("Not found %s counter", tcpao_icmps);
return; return;
} }
#ifdef TEST_ICMPS_ACCEPT
test_tcp_ao_counters_cmp(NULL, &ao_cnt1, &ao_cnt2, TEST_CNT_GOOD);
#else
test_tcp_ao_counters_cmp(NULL, &ao_cnt1, &ao_cnt2, TEST_CNT_GOOD | TEST_CNT_AO_DROPPED_ICMP); test_tcp_ao_counters_cmp(NULL, &ao_cnt1, &ao_cnt2, TEST_CNT_GOOD | TEST_CNT_AO_DROPPED_ICMP);
#endif
if (icmp_ignored_a >= icmp_ignored_b) { if (icmp_ignored_a >= icmp_ignored_b) {
test_icmps_fail("%s counter didn't change: %" PRIu64 " >= %" PRIu64, test_icmps_fail("%s counter didn't change: %" PRIu64 " >= %" PRIu64,
tcpao_icmps, icmp_ignored_a, icmp_ignored_b); tcpao_icmps, icmp_ignored_a, icmp_ignored_b);
@ -95,11 +105,15 @@ static void serve_interfered(int sk)
static void *server_fn(void *arg) static void *server_fn(void *arg)
{ {
int val, err, sk, lsk; int val, sk, lsk;
bool accept_icmps = false; bool accept_icmps = false;
lsk = test_listen_socket(this_ip_addr, test_server_port, 1); lsk = test_listen_socket(this_ip_addr, test_server_port, 1);
#ifdef TEST_ICMPS_ACCEPT
accept_icmps = true;
#endif
if (test_set_ao_flags(lsk, false, accept_icmps)) if (test_set_ao_flags(lsk, false, accept_icmps))
test_error("setsockopt(TCP_AO_INFO)"); test_error("setsockopt(TCP_AO_INFO)");
@ -107,10 +121,7 @@ static void *server_fn(void *arg)
test_error("setsockopt(TCP_AO_ADD_KEY)"); test_error("setsockopt(TCP_AO_ADD_KEY)");
synchronize_threads(); synchronize_threads();
err = test_wait_fd(lsk, TEST_TIMEOUT_SEC, 0); if (test_wait_fd(lsk, TEST_TIMEOUT_SEC, 0))
if (!err)
test_error("timeouted for accept()");
else if (err < 0)
test_error("test_wait_fd()"); test_error("test_wait_fd()");
sk = accept(lsk, NULL, NULL); sk = accept(lsk, NULL, NULL);