Commit f0bee1eb authored by David Ahern's avatar David Ahern Committed by David S. Miller

fcnal-test: Add TCP MD5 tests

Add tests for existing TCP MD5 APIs - both single address
config and the new extended API for prefixes.
Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent eb09cf03
...@@ -45,17 +45,22 @@ VRF_TABLE=1101 ...@@ -45,17 +45,22 @@ VRF_TABLE=1101
NSA_IP=172.16.1.1 NSA_IP=172.16.1.1
NSB_IP=172.16.1.2 NSB_IP=172.16.1.2
VRF_IP=172.16.3.1 VRF_IP=172.16.3.1
NS_NET=172.16.1.0/24
# IPv6 config # IPv6 config
NSA_IP6=2001:db8:1::1 NSA_IP6=2001:db8:1::1
NSB_IP6=2001:db8:1::2 NSB_IP6=2001:db8:1::2
VRF_IP6=2001:db8:3::1 VRF_IP6=2001:db8:3::1
NS_NET6=2001:db8:1::/120
NSA_LO_IP=172.16.2.1 NSA_LO_IP=172.16.2.1
NSB_LO_IP=172.16.2.2 NSB_LO_IP=172.16.2.2
NSA_LO_IP6=2001:db8:2::1 NSA_LO_IP6=2001:db8:2::1
NSB_LO_IP6=2001:db8:2::2 NSB_LO_IP6=2001:db8:2::2
MD5_PW=abc123
MD5_WRONG_PW=abc1234
MCAST=ff02::1 MCAST=ff02::1
# set after namespace create # set after namespace create
NSA_LINKIP6= NSA_LINKIP6=
...@@ -714,6 +719,74 @@ ipv4_ping() ...@@ -714,6 +719,74 @@ ipv4_ping()
################################################################################ ################################################################################
# IPv4 TCP # IPv4 TCP
#
# MD5 tests without VRF
#
ipv4_tcp_md5_novrf()
{
#
# single address
#
# basic use case
log_start
run_cmd nettest -s -M ${MD5_PW} -r ${NSB_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 0 "MD5: Single address config"
# client sends MD5, server not configured
log_start
show_hint "Should timeout due to MD5 mismatch"
run_cmd nettest -s &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 2 "MD5: Server no config, client uses password"
# wrong password
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -s -M ${MD5_PW} -r ${NSB_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: Client uses wrong password"
# client from different address
log_start
show_hint "Should timeout due to MD5 mismatch"
run_cmd nettest -s -M ${MD5_PW} -r ${NSB_LO_IP} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 2 "MD5: Client address does not match address configured with password"
#
# MD5 extension - prefix length
#
# client in prefix
log_start
run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_PW}
log_test $? 0 "MD5: Prefix config"
# client in prefix, wrong password
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
sleep 1
run_cmd_nsb nettest -r ${NSA_IP} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: Prefix config, client uses wrong password"
# client outside of prefix
log_start
show_hint "Should timeout due to MD5 mismatch"
run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} &
sleep 1
run_cmd_nsb nettest -l ${NSB_LO_IP} -r ${NSA_IP} -M ${MD5_PW}
log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
}
ipv4_tcp_novrf() ipv4_tcp_novrf()
{ {
local a local a
...@@ -831,6 +904,8 @@ ipv4_tcp_novrf() ...@@ -831,6 +904,8 @@ ipv4_tcp_novrf()
show_hint "Should fail 'Connection refused'" show_hint "Should fail 'Connection refused'"
run_cmd nettest -d ${NSA_DEV} -r ${a} run_cmd nettest -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 1 "No server, device client, local conn" log_test_addr ${a} $? 1 "No server, device client, local conn"
ipv4_tcp_md5_novrf
} }
ipv4_tcp_vrf() ipv4_tcp_vrf()
...@@ -1961,6 +2036,74 @@ ipv6_ping() ...@@ -1961,6 +2036,74 @@ ipv6_ping()
################################################################################ ################################################################################
# IPv6 TCP # IPv6 TCP
#
# MD5 tests without VRF
#
ipv6_tcp_md5_novrf()
{
#
# single address
#
# basic use case
log_start
run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 0 "MD5: Single address config"
# client sends MD5, server not configured
log_start
show_hint "Should timeout due to MD5 mismatch"
run_cmd nettest -6 -s &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 2 "MD5: Server no config, client uses password"
# wrong password
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: Client uses wrong password"
# client from different address
log_start
show_hint "Should timeout due to MD5 mismatch"
run_cmd nettest -6 -s -M ${MD5_PW} -r ${NSB_LO_IP6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 2 "MD5: Client address does not match address configured with password"
#
# MD5 extension - prefix length
#
# client in prefix
log_start
run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 0 "MD5: Prefix config"
# client in prefix, wrong password
log_start
show_hint "Should timeout since client uses wrong password"
run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
sleep 1
run_cmd_nsb nettest -6 -r ${NSA_IP6} -M ${MD5_WRONG_PW}
log_test $? 2 "MD5: Prefix config, client uses wrong password"
# client outside of prefix
log_start
show_hint "Should timeout due to MD5 mismatch"
run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} &
sleep 1
run_cmd_nsb nettest -6 -l ${NSB_LO_IP6} -r ${NSA_IP6} -M ${MD5_PW}
log_test $? 2 "MD5: Prefix config, client address not in configured prefix"
}
ipv6_tcp_novrf() ipv6_tcp_novrf()
{ {
local a local a
...@@ -2077,6 +2220,8 @@ ipv6_tcp_novrf() ...@@ -2077,6 +2220,8 @@ ipv6_tcp_novrf()
run_cmd nettest -6 -d ${NSA_DEV} -r ${a} run_cmd nettest -6 -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 1 "No server, device client, local conn" log_test_addr ${a} $? 1 "No server, device client, local conn"
done done
ipv6_tcp_md5_novrf
} }
ipv6_tcp_vrf() ipv6_tcp_vrf()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment