Google Git
Sign in
android-kvm / linux / 929bbc16abfb0144db7ac619c77f60b188e555ab / . / tools / testing / selftests / net / tcp_ao / lib / sock.c
blob: 0ffda966c677b36929ed939ddb42b25c6612e22c [file] [log] [blame]
// SPDX-License-Identifier: GPL-2.0
#include <alloca.h>
#include <fcntl.h>
#include <inttypes.h>
#include <string.h>
#include "../../../../../include/linux/kernel.h"
#include "../../../../../include/linux/stringify.h"
#include "aolib.h"
const unsigned int test_server_port = 7010;
int __test_listen_socket(int backlog, void *addr, size_t addr_sz)
{
int err, sk = socket(test_family, SOCK_STREAM, IPPROTO_TCP);
long flags;
if (sk < 0)
test_error("socket()");
err = setsockopt(sk, SOL_SOCKET, SO_BINDTODEVICE, veth_name,
strlen(veth_name) + 1);
if (err < 0)
test_error("setsockopt(SO_BINDTODEVICE)");
if (bind(sk, (struct sockaddr *)addr, addr_sz) < 0)
test_error("bind()");
flags = fcntl(sk, F_GETFL);
if ((flags < 0) || (fcntl(sk, F_SETFL, flags | O_NONBLOCK) < 0))
test_error("fcntl()");
if (listen(sk, backlog))
test_error("listen()");
return sk;
}
int test_wait_fd(int sk, time_t sec, bool write)
{
struct timeval tv = { .tv_sec = sec };
struct timeval *ptv = NULL;
fd_set fds, efds;
int ret;
socklen_t slen = sizeof(ret);
FD_ZERO(&fds);
FD_SET(sk, &fds);
FD_ZERO(&efds);
FD_SET(sk, &efds);
if (sec)
ptv = &tv;
errno = 0;
if (write)
ret = select(sk + 1, NULL, &fds, &efds, ptv);
else
ret = select(sk + 1, &fds, NULL, &efds, ptv);
if (ret < 0)
return -errno;
if (ret == 0) {
errno = ETIMEDOUT;
return -ETIMEDOUT;
}
if (getsockopt(sk, SOL_SOCKET, SO_ERROR, &ret, &slen))
return -errno;
if (ret)
return -ret;
return 0;
}
int __test_connect_socket(int sk, const char *device,
void *addr, size_t addr_sz, time_t timeout)
{
long flags;
int err;
if (device != NULL) {
err = setsockopt(sk, SOL_SOCKET, SO_BINDTODEVICE, device,
strlen(device) + 1);
if (err < 0)
test_error("setsockopt(SO_BINDTODEVICE, %s)", device);
}
if (!timeout) {
err = connect(sk, addr, addr_sz);
if (err) {
err = -errno;
goto out;
}
return 0;
}
flags = fcntl(sk, F_GETFL);
if ((flags < 0) || (fcntl(sk, F_SETFL, flags | O_NONBLOCK) < 0))
test_error("fcntl()");
if (connect(sk, addr, addr_sz) < 0) {
if (errno != EINPROGRESS) {
err = -errno;
goto out;
}
if (timeout < 0)
return sk;
err = test_wait_fd(sk, timeout, 1);
if (err)
goto out;
}
return sk;
out:
close(sk);
return err;
}
int __test_set_md5(int sk, void *addr, size_t addr_sz, uint8_t prefix,
int vrf, const char *password)
{
size_t pwd_len = strlen(password);
struct tcp_md5sig md5sig = {};
md5sig.tcpm_keylen = pwd_len;
memcpy(md5sig.tcpm_key, password, pwd_len);
md5sig.tcpm_flags = TCP_MD5SIG_FLAG_PREFIX;
md5sig.tcpm_prefixlen = prefix;
if (vrf >= 0) {
md5sig.tcpm_flags |= TCP_MD5SIG_FLAG_IFINDEX;
md5sig.tcpm_ifindex = (uint8_t)vrf;
}
memcpy(&md5sig.tcpm_addr, addr, addr_sz);
errno = 0;
return setsockopt(sk, IPPROTO_TCP, TCP_MD5SIG_EXT,
&md5sig, sizeof(md5sig));
}
int test_prepare_key_sockaddr(struct tcp_ao_add *ao, const char *alg,
void *addr, size_t addr_sz, bool set_current, bool set_rnext,
uint8_t prefix, uint8_t vrf, uint8_t sndid, uint8_t rcvid,
uint8_t maclen, uint8_t keyflags,
uint8_t keylen, const char *key)
{
memset(ao, 0, sizeof(struct tcp_ao_add));
ao->set_current = !!set_current;
ao->set_rnext = !!set_rnext;
ao->prefix = prefix;
ao->sndid = sndid;
ao->rcvid = rcvid;
ao->maclen = maclen;
ao->keyflags = keyflags;
ao->keylen = keylen;
ao->ifindex = vrf;
memcpy(&ao->addr, addr, addr_sz);
if (strlen(alg) > 64)
return -ENOBUFS;
strncpy(ao->alg_name, alg, 64);
memcpy(ao->key, key,
(keylen > TCP_AO_MAXKEYLEN) ? TCP_AO_MAXKEYLEN : keylen);
return 0;
}
static int test_get_ao_keys_nr(int sk)
{
struct tcp_ao_getsockopt tmp = {};
socklen_t tmp_sz = sizeof(tmp);
int ret;
tmp.nkeys = 1;
tmp.get_all = 1;
ret = getsockopt(sk, IPPROTO_TCP, TCP_AO_GET_KEYS, &tmp, &tmp_sz);
if (ret)
return -errno;
return (int)tmp.nkeys;
}
int test_get_one_ao(int sk, struct tcp_ao_getsockopt *out,
void *addr, size_t addr_sz, uint8_t prefix,
uint8_t sndid, uint8_t rcvid)
{
struct tcp_ao_getsockopt tmp = {};
socklen_t tmp_sz = sizeof(tmp);
int ret;
memcpy(&tmp.addr, addr, addr_sz);
tmp.prefix = prefix;
tmp.sndid = sndid;
tmp.rcvid = rcvid;
tmp.nkeys = 1;
ret = getsockopt(sk, IPPROTO_TCP, TCP_AO_GET_KEYS, &tmp, &tmp_sz);
if (ret)
return ret;
if (tmp.nkeys != 1)
return -E2BIG;
*out = tmp;
return 0;
}
int test_get_ao_info(int sk, struct tcp_ao_info_opt *out)
{
socklen_t sz = sizeof(*out);
out->reserved = 0;
out->reserved2 = 0;
if (getsockopt(sk, IPPROTO_TCP, TCP_AO_INFO, out, &sz))
return -errno;
if (sz != sizeof(*out))
return -EMSGSIZE;
return 0;
}
int test_set_ao_info(int sk, struct tcp_ao_info_opt *in)
{
socklen_t sz = sizeof(*in);
in->reserved = 0;
in->reserved2 = 0;
if (setsockopt(sk, IPPROTO_TCP, TCP_AO_INFO, in, sz))
return -errno;
return 0;
}
int test_cmp_getsockopt_setsockopt(const struct tcp_ao_add *a,
const struct tcp_ao_getsockopt *b)
{
bool is_kdf_aes_128_cmac = false;
bool is_cmac_aes = false;
if (!strcmp("cmac(aes128)", a->alg_name)) {
is_kdf_aes_128_cmac = (a->keylen != 16);
is_cmac_aes = true;
}
#define __cmp_ao(member) \
do { \
if (b->member != a->member) { \
test_fail("getsockopt(): " __stringify(member) " %u != %u", \
b->member, a->member); \
return -1; \
} \
} while(0)
__cmp_ao(sndid);
__cmp_ao(rcvid);
__cmp_ao(prefix);
__cmp_ao(keyflags);
__cmp_ao(ifindex);
if (a->maclen) {
__cmp_ao(maclen);
} else if (b->maclen != 12) {
test_fail("getsockopt(): expected default maclen 12, but it's %u",
b->maclen);
return -1;
}
if (!is_kdf_aes_128_cmac) {
__cmp_ao(keylen);
} else if (b->keylen != 16) {
test_fail("getsockopt(): expected keylen 16 for cmac(aes128), but it's %u",
b->keylen);
return -1;
}
#undef __cmp_ao
if (!is_kdf_aes_128_cmac && memcmp(b->key, a->key, a->keylen)) {
test_fail("getsockopt(): returned key is different `%s' != `%s'",
b->key, a->key);
return -1;
}
if (memcmp(&b->addr, &a->addr, sizeof(b->addr))) {
test_fail("getsockopt(): returned address is different");
return -1;
}
if (!is_cmac_aes && strcmp(b->alg_name, a->alg_name)) {
test_fail("getsockopt(): returned algorithm %s is different than %s", b->alg_name, a->alg_name);
return -1;
}
if (is_cmac_aes && strcmp(b->alg_name, "cmac(aes)")) {
test_fail("getsockopt(): returned algorithm %s is different than cmac(aes)", b->alg_name);
return -1;
}
/* For a established key rotation test don't add a key with
* set_current = 1, as it's likely to change by peer's request;
* rather use setsockopt(TCP_AO_INFO)
*/
if (a->set_current != b->is_current) {
test_fail("getsockopt(): returned key is not Current_key");
return -1;
}
if (a->set_rnext != b->is_rnext) {
test_fail("getsockopt(): returned key is not RNext_key");
return -1;
}
return 0;
}
int test_cmp_getsockopt_setsockopt_ao(const struct tcp_ao_info_opt *a,
const struct tcp_ao_info_opt *b)
{
/* No check for ::current_key, as it may change by the peer */
if (a->ao_required != b->ao_required) {
test_fail("getsockopt(): returned ao doesn't have ao_required");
return -1;
}
if (a->accept_icmps != b->accept_icmps) {
test_fail("getsockopt(): returned ao doesn't accept ICMPs");
return -1;
}
if (a->set_rnext && a->rnext != b->rnext) {
test_fail("getsockopt(): RNext KeyID has changed");
return -1;
}
#define __cmp_cnt(member) \
do { \
if (b->member != a->member) { \
test_fail("getsockopt(): " __stringify(member) " %llu != %llu", \
b->member, a->member); \
return -1; \
} \
} while(0)
if (a->set_counters) {
__cmp_cnt(pkt_good);
__cmp_cnt(pkt_bad);
__cmp_cnt(pkt_key_not_found);
__cmp_cnt(pkt_ao_required);
__cmp_cnt(pkt_dropped_icmp);
}
#undef __cmp_cnt
return 0;
}
int test_get_tcp_ao_counters(int sk, struct tcp_ao_counters *out)
{
struct tcp_ao_getsockopt *key_dump;
socklen_t key_dump_sz = sizeof(*key_dump);
struct tcp_ao_info_opt info = {};
bool c1, c2, c3, c4, c5;
struct netstat *ns;
int err, nr_keys;
memset(out, 0, sizeof(*out));
/* per-netns */
ns = netstat_read();
out->netns_ao_good = netstat_get(ns, "TCPAOGood", &c1);
out->netns_ao_bad = netstat_get(ns, "TCPAOBad", &c2);
out->netns_ao_key_not_found = netstat_get(ns, "TCPAOKeyNotFound", &c3);
out->netns_ao_required = netstat_get(ns, "TCPAORequired", &c4);
out->netns_ao_dropped_icmp = netstat_get(ns, "TCPAODroppedIcmps", &c5);
netstat_free(ns);
if (c1 || c2 || c3 || c4 || c5)
return -EOPNOTSUPP;
err = test_get_ao_info(sk, &info);
if (err)
return err;
/* per-socket */
out->ao_info_pkt_good = info.pkt_good;
out->ao_info_pkt_bad = info.pkt_bad;
out->ao_info_pkt_key_not_found = info.pkt_key_not_found;
out->ao_info_pkt_ao_required = info.pkt_ao_required;
out->ao_info_pkt_dropped_icmp = info.pkt_dropped_icmp;
/* per-key */
nr_keys = test_get_ao_keys_nr(sk);
if (nr_keys < 0)
return nr_keys;
if (nr_keys == 0)
test_error("test_get_ao_keys_nr() == 0");
out->nr_keys = (size_t)nr_keys;
key_dump = calloc(nr_keys, key_dump_sz);
if (!key_dump)
return -errno;
key_dump[0].nkeys = nr_keys;
key_dump[0].get_all = 1;
err = getsockopt(sk, IPPROTO_TCP, TCP_AO_GET_KEYS,
key_dump, &key_dump_sz);
if (err) {
free(key_dump);
return -errno;
}
out->key_cnts = calloc(nr_keys, sizeof(out->key_cnts[0]));
if (!out->key_cnts) {
free(key_dump);
return -errno;
}
while (nr_keys--) {
out->key_cnts[nr_keys].sndid = key_dump[nr_keys].sndid;
out->key_cnts[nr_keys].rcvid = key_dump[nr_keys].rcvid;
out->key_cnts[nr_keys].pkt_good = key_dump[nr_keys].pkt_good;
out->key_cnts[nr_keys].pkt_bad = key_dump[nr_keys].pkt_bad;
}
free(key_dump);
return 0;
}
int __test_tcp_ao_counters_cmp(const char *tst_name,
struct tcp_ao_counters *before,
struct tcp_ao_counters *after,
test_cnt expected)
{
#define __cmp_ao(cnt, expecting_inc) \
do { \
if (before->cnt > after->cnt) { \
test_fail("%s: Decreased counter " __stringify(cnt) " %" PRIu64 " > %" PRIu64, \
tst_name ?: "", before->cnt, after->cnt); \
return -1; \
} \
if ((before->cnt != after->cnt) != (expecting_inc)) { \
test_fail("%s: Counter " __stringify(cnt) " was %sexpected to increase %" PRIu64 " => %" PRIu64, \
tst_name ?: "", (expecting_inc) ? "" : "not ", \
before->cnt, after->cnt); \
return -1; \
} \
} while(0)
errno = 0;
/* per-netns */
__cmp_ao(netns_ao_good, !!(expected & TEST_CNT_NS_GOOD));
__cmp_ao(netns_ao_bad, !!(expected & TEST_CNT_NS_BAD));
__cmp_ao(netns_ao_key_not_found,
!!(expected & TEST_CNT_NS_KEY_NOT_FOUND));
__cmp_ao(netns_ao_required, !!(expected & TEST_CNT_NS_AO_REQUIRED));
__cmp_ao(netns_ao_dropped_icmp,
!!(expected & TEST_CNT_NS_DROPPED_ICMP));
/* per-socket */
__cmp_ao(ao_info_pkt_good, !!(expected & TEST_CNT_SOCK_GOOD));
__cmp_ao(ao_info_pkt_bad, !!(expected & TEST_CNT_SOCK_BAD));
__cmp_ao(ao_info_pkt_key_not_found,
!!(expected & TEST_CNT_SOCK_KEY_NOT_FOUND));
__cmp_ao(ao_info_pkt_ao_required, !!(expected & TEST_CNT_SOCK_AO_REQUIRED));
__cmp_ao(ao_info_pkt_dropped_icmp,
!!(expected & TEST_CNT_SOCK_DROPPED_ICMP));
return 0;
#undef __cmp_ao
}
int test_tcp_ao_key_counters_cmp(const char *tst_name,
struct tcp_ao_counters *before,
struct tcp_ao_counters *after,
test_cnt expected,
int sndid, int rcvid)
{
size_t i;
#define __cmp_ao(i, cnt, expecting_inc) \
do { \
if (before->key_cnts[i].cnt > after->key_cnts[i].cnt) { \
test_fail("%s: Decreased counter " __stringify(cnt) " %" PRIu64 " > %" PRIu64 " for key %u:%u", \
tst_name ?: "", before->key_cnts[i].cnt, \
after->key_cnts[i].cnt, \
before->key_cnts[i].sndid, \
before->key_cnts[i].rcvid); \
return -1; \
} \
if ((before->key_cnts[i].cnt != after->key_cnts[i].cnt) != (expecting_inc)) { \
test_fail("%s: Counter " __stringify(cnt) " was %sexpected to increase %" PRIu64 " => %" PRIu64 " for key %u:%u", \
tst_name ?: "", (expecting_inc) ? "" : "not ",\
before->key_cnts[i].cnt, \
after->key_cnts[i].cnt, \
before->key_cnts[i].sndid, \
before->key_cnts[i].rcvid); \
return -1; \
} \
} while(0)
if (before->nr_keys != after->nr_keys) {
test_fail("%s: Keys changed on the socket %zu != %zu",
tst_name, before->nr_keys, after->nr_keys);
return -1;
}
/* per-key */
i = before->nr_keys;
while (i--) {
if (sndid >= 0 && before->key_cnts[i].sndid != sndid)
continue;
if (rcvid >= 0 && before->key_cnts[i].rcvid != rcvid)
continue;
__cmp_ao(i, pkt_good, !!(expected & TEST_CNT_KEY_GOOD));
__cmp_ao(i, pkt_bad, !!(expected & TEST_CNT_KEY_BAD));
}
return 0;
#undef __cmp_ao
}
void test_tcp_ao_counters_free(struct tcp_ao_counters *cnts)
{
free(cnts->key_cnts);
}
#define TEST_BUF_SIZE 4096
ssize_t test_server_run(int sk, ssize_t quota, time_t timeout_sec)
{
ssize_t total = 0;
do {
char buf[TEST_BUF_SIZE];
ssize_t bytes, sent;
int ret;
ret = test_wait_fd(sk, timeout_sec, 0);
if (ret)
return ret;
bytes = recv(sk, buf, sizeof(buf), 0);
if (bytes < 0)
test_error("recv(): %zd", bytes);
if (bytes == 0)
break;
ret = test_wait_fd(sk, timeout_sec, 1);
if (ret)
return ret;
sent = send(sk, buf, bytes, 0);
if (sent == 0)
break;
if (sent != bytes)
test_error("send()");
total += bytes;
} while (!quota || total < quota);
return total;
}
ssize_t test_client_loop(int sk, char *buf, size_t buf_sz,
const size_t msg_len, time_t timeout_sec)
{
char msg[msg_len];
int nodelay = 1;
size_t i;
if (setsockopt(sk, IPPROTO_TCP, TCP_NODELAY, &nodelay, sizeof(nodelay)))
test_error("setsockopt(TCP_NODELAY)");
for (i = 0; i < buf_sz; i += min(msg_len, buf_sz - i)) {
size_t sent, bytes = min(msg_len, buf_sz - i);
int ret;
ret = test_wait_fd(sk, timeout_sec, 1);
if (ret)
return ret;
sent = send(sk, buf + i, bytes, 0);
if (sent == 0)
break;
if (sent != bytes)
test_error("send()");
bytes = 0;
do {
ssize_t got;
ret = test_wait_fd(sk, timeout_sec, 0);
if (ret)
return ret;
got = recv(sk, msg + bytes, sizeof(msg) - bytes, 0);
if (got <= 0)
return i;
bytes += got;
} while (bytes < sent);
if (bytes > sent)
test_error("recv(): %zd > %zd", bytes, sent);
if (memcmp(buf + i, msg, bytes) != 0) {
test_fail("received message differs");
return -1;
}
}
return i;
}
int test_client_verify(int sk, const size_t msg_len, const size_t nr,
time_t timeout_sec)
{
size_t buf_sz = msg_len * nr;
char *buf = alloca(buf_sz);
ssize_t ret;
randomize_buffer(buf, buf_sz);
ret = test_client_loop(sk, buf, buf_sz, msg_len, timeout_sec);
if (ret < 0)
return (int)ret;
return ret != buf_sz ? -1 : 0;
}