• Dmitry Safonov's avatar
    selftests/net: Add TCP-AO + TCP-MD5 + no sign listen socket tests · 6f0c472a
    Dmitry Safonov authored
    The test plan was (most of tests have all 3 client types):
    1. TCP-AO listen (INADDR_ANY)
    2. TCP-MD5 listen (INADDR_ANY)
    3. non-signed listen (INADDR_ANY)
    4. TCP-AO + TCP-MD5 listen (prefix)
    5. TCP-AO subprefix add failure [checked in setsockopt-closed.c]
    6. TCP-AO out of prefix connect [checked in connect-deny.c]
    7. TCP-AO + TCP-MD5 on connect()
    8. TCP-AO intersect with TCP-MD5 failure
    9. Established TCP-AO: add TCP-MD5 key
    10. Established TCP-MD5: add TCP-AO key
    11. Established non-signed: add TCP-AO key
    
    Output produced:
    > # ./unsigned-md5_ipv6
    > 1..72
    > # 1592[lib/setup.c:239] rand seed 1697567046
    > TAP version 13
    > ok 1 AO server (INADDR_ANY): AO client: counter TCPAOGood increased 0 => 2
    > ok 2 AO server (INADDR_ANY): AO client: connected
    > ok 3 AO server (INADDR_ANY): MD5 client
    > ok 4 AO server (INADDR_ANY): MD5 client: counter TCPMD5Unexpected increased 0 => 1
    > ok 5 AO server (INADDR_ANY): no sign client: counter TCPAORequired increased 0 => 1
    > ok 6 AO server (INADDR_ANY): unsigned client
    > ok 7 AO server (AO_REQUIRED): AO client: connected
    > ok 8 AO server (AO_REQUIRED): AO client: counter TCPAOGood increased 4 => 6
    > ok 9 AO server (AO_REQUIRED): unsigned client
    > ok 10 AO server (AO_REQUIRED): unsigned client: counter TCPAORequired increased 1 => 2
    > ok 11 MD5 server (INADDR_ANY): AO client: counter TCPAOKeyNotFound increased 0 => 1
    > ok 12 MD5 server (INADDR_ANY): AO client
    > ok 13 MD5 server (INADDR_ANY): MD5 client: connected
    > ok 14 MD5 server (INADDR_ANY): MD5 client: no counter checks
    > ok 15 MD5 server (INADDR_ANY): no sign client
    > ok 16 MD5 server (INADDR_ANY): no sign client: counter TCPMD5NotFound increased 0 => 1
    > ok 17 no sign server: AO client
    > ok 18 no sign server: AO client: counter TCPAOKeyNotFound increased 1 => 2
    > ok 19 no sign server: MD5 client
    > ok 20 no sign server: MD5 client: counter TCPMD5Unexpected increased 1 => 2
    > ok 21 no sign server: no sign client: connected
    > ok 22 no sign server: no sign client: counter CurrEstab increased 0 => 1
    > ok 23 AO+MD5 server: AO client (matching): connected
    > ok 24 AO+MD5 server: AO client (matching): counter TCPAOGood increased 8 => 10
    > ok 25 AO+MD5 server: AO client (misconfig, matching MD5)
    > ok 26 AO+MD5 server: AO client (misconfig, matching MD5): counter TCPAOKeyNotFound increased 2 => 3
    > ok 27 AO+MD5 server: AO client (misconfig, non-matching): counter TCPAOKeyNotFound increased 3 => 4
    > ok 28 AO+MD5 server: AO client (misconfig, non-matching)
    > ok 29 AO+MD5 server: MD5 client (matching): connected
    > ok 30 AO+MD5 server: MD5 client (matching): no counter checks
    > ok 31 AO+MD5 server: MD5 client (misconfig, matching AO)
    > ok 32 AO+MD5 server: MD5 client (misconfig, matching AO): counter TCPMD5Unexpected increased 2 => 3
    > ok 33 AO+MD5 server: MD5 client (misconfig, non-matching)
    > ok 34 AO+MD5 server: MD5 client (misconfig, non-matching): counter TCPMD5Unexpected increased 3 => 4
    > ok 35 AO+MD5 server: no sign client (unmatched): connected
    > ok 36 AO+MD5 server: no sign client (unmatched): counter CurrEstab increased 0 => 1
    > ok 37 AO+MD5 server: no sign client (misconfig, matching AO)
    > ok 38 AO+MD5 server: no sign client (misconfig, matching AO): counter TCPAORequired increased 2 => 3
    > ok 39 AO+MD5 server: no sign client (misconfig, matching MD5)
    > ok 40 AO+MD5 server: no sign client (misconfig, matching MD5): counter TCPMD5NotFound increased 1 => 2
    > ok 41 AO+MD5 server: client with both [TCP-MD5] and TCP-AO keys: connect() was prevented
    > ok 42 AO+MD5 server: client with both [TCP-MD5] and TCP-AO keys: no counter checks
    > ok 43 AO+MD5 server: client with both TCP-MD5 and [TCP-AO] keys: connect() was prevented
    > ok 44 AO+MD5 server: client with both TCP-MD5 and [TCP-AO] keys: no counter checks
    > ok 45 TCP-AO established: add TCP-MD5 key: postfailed as expected
    > ok 46 TCP-AO established: add TCP-MD5 key: counter TCPAOGood increased 12 => 14
    > ok 47 TCP-MD5 established: add TCP-AO key: postfailed as expected
    > ok 48 TCP-MD5 established: add TCP-AO key: no counter checks
    > ok 49 non-signed established: add TCP-AO key: postfailed as expected
    > ok 50 non-signed established: add TCP-AO key: counter CurrEstab increased 0 => 1
    > ok 51 TCP-AO key intersects with existing TCP-MD5 key: prefailed as expected: Key was rejected by service
    > ok 52 TCP-MD5 key intersects with existing TCP-AO key: prefailed as expected: Key was rejected by service
    > ok 53 TCP-MD5 key + TCP-AO required: prefailed as expected: Key was rejected by service
    > ok 54 TCP-AO required on socket + TCP-MD5 key: prefailed as expected: Key was rejected by service
    > ok 55 VRF: TCP-AO key (no l3index) + TCP-MD5 key (no l3index): prefailed as expected: Key was rejected by service
    > ok 56 VRF: TCP-MD5 key (no l3index) + TCP-AO key (no l3index): prefailed as expected: Key was rejected by service
    > ok 57 VRF: TCP-AO key (no l3index) + TCP-MD5 key (l3index=0): prefailed as expected: Key was rejected by service
    > ok 58 VRF: TCP-MD5 key (l3index=0) + TCP-AO key (no l3index): prefailed as expected: Key was rejected by service
    > ok 59 VRF: TCP-AO key (no l3index) + TCP-MD5 key (l3index=N): prefailed as expected: Key was rejected by service
    > ok 60 VRF: TCP-MD5 key (l3index=N) + TCP-AO key (no l3index): prefailed as expected: Key was rejected by service
    > ok 61 VRF: TCP-AO key (l3index=0) + TCP-MD5 key (no l3index): prefailed as expected: Key was rejected by service
    > ok 62 VRF: TCP-MD5 key (no l3index) + TCP-AO key (l3index=0): prefailed as expected: Key was rejected by service
    > ok 63 VRF: TCP-AO key (l3index=0) + TCP-MD5 key (l3index=0): prefailed as expected: Key was rejected by service
    > ok 64 VRF: TCP-MD5 key (l3index=0) + TCP-AO key (l3index=0): prefailed as expected: Key was rejected by service
    > ok 65 VRF: TCP-AO key (l3index=0) + TCP-MD5 key (l3index=N)
    > ok 66 VRF: TCP-MD5 key (l3index=N) + TCP-AO key (l3index=0)
    > ok 67 VRF: TCP-AO key (l3index=N) + TCP-MD5 key (no l3index): prefailed as expected: Key was rejected by service
    > ok 68 VRF: TCP-MD5 key (no l3index) + TCP-AO key (l3index=N): prefailed as expected: Key was rejected by service
    > ok 69 VRF: TCP-AO key (l3index=N) + TCP-MD5 key (l3index=0)
    > ok 70 VRF: TCP-MD5 key (l3index=0) + TCP-AO key (l3index=N)
    > ok 71 VRF: TCP-AO key (l3index=N) + TCP-MD5 key (l3index=N): prefailed as expected: Key was rejected by service
    > ok 72 VRF: TCP-MD5 key (l3index=N) + TCP-AO key (l3index=N): prefailed as expected: Key was rejected by service
    > # Totals: pass:72 fail:0 xfail:0 xpass:0 skip:0 error:0
    Signed-off-by: default avatarDmitry Safonov <dima@arista.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    6f0c472a
unsigned-md5.c 25.5 KB