tools/testing/selftests/net/tcp_fastopen_backup_key.sh

#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
#
# rotate TFO keys for ipv4/ipv6 and verify that the client does
# not present an invalid cookie.

set +x
set -e

readonly NETNS="ns-$(mktemp -u XXXXXX)"

setup() {
	ip netns add "${NETNS}"
	ip -netns "${NETNS}" link set lo up
	ip netns exec "${NETNS}" sysctl -w net.ipv4.tcp_fastopen=3 \
		>/dev/null 2>&1
}

cleanup() {
	ip netns del "${NETNS}"
}

trap cleanup EXIT
setup

do_test() {
	# flush routes before each run, otherwise successive runs can
	# initially present an old TFO cookie
	ip netns exec "${NETNS}" ip tcp_metrics flush
	ip netns exec "${NETNS}" ./tcp_fastopen_backup_key "$1"
	val=$(ip netns exec "${NETNS}" nstat -az | \
		grep TcpExtTCPFastOpenPassiveFail | awk '{print $2}')
	if [ "$val" != 0 ]; then
		echo "FAIL: TcpExtTCPFastOpenPassiveFail non-zero"
		return 1
	fi
}

do_test "-4"
do_test "-6"
do_test "-4"
do_test "-6"
do_test "-4s"
do_test "-6s"
do_test "-4s"
do_test "-6s"
do_test "-4r"
do_test "-6r"
do_test "-4r"
do_test "-6r"
do_test "-4sr"
do_test "-6sr"
do_test "-4sr"
do_test "-6sr"
echo "all tests done"