• Dmitry Safonov's avatar
    selftests/net: Add TCP-AO key-management test · 3c3ead55
    Dmitry Safonov authored
    Check multiple keys on a socket:
    - rotation on closed socket
    - current/rnext operations shouldn't be possible on listen sockets
    - current/rnext key set should be the one, that's used on connect()
    - key rotations with pseudo-random generated keys
    - copying matching keys on connect() and on accept()
    
    At this moment there are 3 tests that are "expected" to fail: a kernel
    fix is needed to improve the situation, they are marked XFAIL.
    
    Sample output:
    > # ./key-management_ipv4
    > 1..120
    > # 1601[lib/setup.c:239] rand seed 1700526653
    > TAP version 13
    > ok 1 closed socket, delete a key: the key was deleted
    > ok 2 closed socket, delete all keys: the key was deleted
    > ok 3 closed socket, delete current key: key deletion was prevented
    > ok 4 closed socket, delete rnext key: key deletion was prevented
    > ok 5 closed socket, delete a key + set current/rnext: the key was deleted
    > ok 6 closed socket, force-delete current key: the key was deleted
    > ok 7 closed socket, force-delete rnext key: the key was deleted
    > ok 8 closed socket, delete current+rnext key: key deletion was prevented
    > ok 9 closed socket, add + change current key
    > ok 10 closed socket, add + change rnext key
    > ok 11 listen socket, delete a key: the key was deleted
    > ok 12 listen socket, delete all keys: the key was deleted
    > ok 13 listen socket, setting current key not allowed
    > ok 14 listen socket, setting rnext key not allowed
    > ok 15 # XFAIL listen() after current/rnext keys set: the socket has current/rnext keys: 100:200
    > ok 16 # XFAIL listen socket, delete current key from before listen(): failed to delete the key 100:100 -16
    > ok 17 # XFAIL listen socket, delete rnext key from before listen(): failed to delete the key 200:200 -16
    > ok 18 listen socket, getsockopt(TCP_AO_REPAIR) is restricted
    > ok 19 listen socket, setsockopt(TCP_AO_REPAIR) is restricted
    > ok 20 listen socket, delete a key + set current/rnext: key deletion was prevented
    > ok 21 listen socket, force-delete current key: key deletion was prevented
    > ok 22 listen socket, force-delete rnext key: key deletion was prevented
    > ok 23 listen socket, delete a key: the key was deleted
    > ok 24 listen socket, add + change current key
    > ok 25 listen socket, add + change rnext key
    > ok 26 server: Check current/rnext keys unset before connect(): The socket keys are consistent with the expectations
    > ok 27 client: Check current/rnext keys unset before connect(): current key 19 as expected
    > ok 28 client: Check current/rnext keys unset before connect(): rnext key 146 as expected
    > ok 29 server: Check current/rnext keys unset before connect(): server alive
    > ok 30 server: Check current/rnext keys unset before connect(): passed counters checks
    > ok 31 client: Check current/rnext keys unset before connect(): The socket keys are consistent with the expectations
    > ok 32 server: Check current/rnext keys unset before connect(): The socket keys are consistent with the expectations
    > ok 33 server: Check current/rnext keys unset before connect(): passed counters checks
    > ok 34 client: Check current/rnext keys unset before connect(): passed counters checks
    > ok 35 server: Check current/rnext keys set before connect(): The socket keys are consistent with the expectations
    > ok 36 server: Check current/rnext keys set before connect(): server alive
    > ok 37 server: Check current/rnext keys set before connect(): passed counters checks
    > ok 38 client: Check current/rnext keys set before connect(): current key 10 as expected
    > ok 39 client: Check current/rnext keys set before connect(): rnext key 137 as expected
    > ok 40 server: Check current/rnext keys set before connect(): The socket keys are consistent with the expectations
    > ok 41 client: Check current/rnext keys set before connect(): The socket keys are consistent with the expectations
    > ok 42 client: Check current/rnext keys set before connect(): passed counters checks
    > ok 43 server: Check current/rnext keys set before connect(): passed counters checks
    > ok 44 server: Check current != rnext keys set before connect(): The socket keys are consistent with the expectations
    > ok 45 server: Check current != rnext keys set before connect(): server alive
    > ok 46 server: Check current != rnext keys set before connect(): passed counters checks
    > ok 47 client: Check current != rnext keys set before connect(): current key 10 as expected
    > ok 48 client: Check current != rnext keys set before connect(): rnext key 132 as expected
    > ok 49 server: Check current != rnext keys set before connect(): The socket keys are consistent with the expectations
    > ok 50 client: Check current != rnext keys set before connect(): The socket keys are consistent with the expectations
    > ok 51 client: Check current != rnext keys set before connect(): passed counters checks
    > ok 52 server: Check current != rnext keys set before connect(): passed counters checks
    > ok 53 server: Check current flapping back on peer's RnextKey request: The socket keys are consistent with the expectations
    > ok 54 server: Check current flapping back on peer's RnextKey request: server alive
    > ok 55 server: Check current flapping back on peer's RnextKey request: passed counters checks
    > ok 56 client: Check current flapping back on peer's RnextKey request: current key 10 as expected
    > ok 57 client: Check current flapping back on peer's RnextKey request: rnext key 132 as expected
    > ok 58 server: Check current flapping back on peer's RnextKey request: The socket keys are consistent with the expectations
    > ok 59 client: Check current flapping back on peer's RnextKey request: The socket keys are consistent with the expectations
    > ok 60 server: Check current flapping back on peer's RnextKey request: passed counters checks
    > ok 61 client: Check current flapping back on peer's RnextKey request: passed counters checks
    > ok 62 server: Rotate over all different keys: The socket keys are consistent with the expectations
    > ok 63 server: Rotate over all different keys: server alive
    > ok 64 server: Rotate over all different keys: passed counters checks
    > ok 65 server: Rotate over all different keys: current key 128 as expected
    > ok 66 client: Rotate over all different keys: rnext key 128 as expected
    > ok 67 server: Rotate over all different keys: current key 129 as expected
    > ok 68 client: Rotate over all different keys: rnext key 129 as expected
    > ok 69 server: Rotate over all different keys: current key 130 as expected
    > ok 70 client: Rotate over all different keys: rnext key 130 as expected
    > ok 71 server: Rotate over all different keys: current key 131 as expected
    > ok 72 client: Rotate over all different keys: rnext key 131 as expected
    > ok 73 server: Rotate over all different keys: current key 132 as expected
    > ok 74 client: Rotate over all different keys: rnext key 132 as expected
    > ok 75 server: Rotate over all different keys: current key 133 as expected
    > ok 76 client: Rotate over all different keys: rnext key 133 as expected
    > ok 77 server: Rotate over all different keys: current key 134 as expected
    > ok 78 client: Rotate over all different keys: rnext key 134 as expected
    > ok 79 server: Rotate over all different keys: current key 135 as expected
    > ok 80 client: Rotate over all different keys: rnext key 135 as expected
    > ok 81 server: Rotate over all different keys: current key 136 as expected
    > ok 82 client: Rotate over all different keys: rnext key 136 as expected
    > ok 83 server: Rotate over all different keys: current key 137 as expected
    > ok 84 client: Rotate over all different keys: rnext key 137 as expected
    > ok 85 server: Rotate over all different keys: current key 138 as expected
    > ok 86 client: Rotate over all different keys: rnext key 138 as expected
    > ok 87 server: Rotate over all different keys: current key 139 as expected
    > ok 88 client: Rotate over all different keys: rnext key 139 as expected
    > ok 89 server: Rotate over all different keys: current key 140 as expected
    > ok 90 client: Rotate over all different keys: rnext key 140 as expected
    > ok 91 server: Rotate over all different keys: current key 141 as expected
    > ok 92 client: Rotate over all different keys: rnext key 141 as expected
    > ok 93 server: Rotate over all different keys: current key 142 as expected
    > ok 94 client: Rotate over all different keys: rnext key 142 as expected
    > ok 95 server: Rotate over all different keys: current key 143 as expected
    > ok 96 client: Rotate over all different keys: rnext key 143 as expected
    > ok 97 server: Rotate over all different keys: current key 144 as expected
    > ok 98 client: Rotate over all different keys: rnext key 144 as expected
    > ok 99 server: Rotate over all different keys: current key 145 as expected
    > ok 100 client: Rotate over all different keys: rnext key 145 as expected
    > ok 101 server: Rotate over all different keys: current key 146 as expected
    > ok 102 client: Rotate over all different keys: rnext key 146 as expected
    > ok 103 server: Rotate over all different keys: current key 127 as expected
    > ok 104 client: Rotate over all different keys: rnext key 127 as expected
    > ok 105 client: Rotate over all different keys: current key 0 as expected
    > ok 106 client: Rotate over all different keys: rnext key 127 as expected
    > ok 107 server: Rotate over all different keys: The socket keys are consistent with the expectations
    > ok 108 client: Rotate over all different keys: The socket keys are consistent with the expectations
    > ok 109 client: Rotate over all different keys: passed counters checks
    > ok 110 server: Rotate over all different keys: passed counters checks
    > ok 111 server: Check accept() => established key matching: The socket keys are consistent with the expectations
    > ok 112 Can't add a key with non-matching ip-address for established sk
    > ok 113 Can't add a key with non-matching VRF for established sk
    > ok 114 server: Check accept() => established key matching: server alive
    > ok 115 server: Check accept() => established key matching: passed counters checks
    > ok 116 client: Check connect() => established key matching: current key 0 as expected
    > ok 117 client: Check connect() => established key matching: rnext key 128 as expected
    > ok 118 client: Check connect() => established key matching: The socket keys are consistent with the expectations
    > ok 119 server: Check accept() => established key matching: The socket keys are consistent with the expectations
    > ok 120 server: Check accept() => established key matching: passed counters checks
    > # Totals: pass:120 fail:0 xfail:0 xpass:0 skip:0 error:0
    Signed-off-by: default avatarDmitry Safonov <dima@arista.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    3c3ead55
Makefile 1.51 KB