1#!/bin/bash
 2# SPDX-License-Identifier: GPL-2.0
 3#
 4# rotate TFO keys for ipv4/ipv6 and verify that the client does
 5# not present an invalid cookie.
 6
 7set +x
 8set -e
 9
10readonly NETNS="ns-$(mktemp -u XXXXXX)"
11
12setup() {
13	ip netns add "${NETNS}"
14	ip -netns "${NETNS}" link set lo up
15	ip netns exec "${NETNS}" sysctl -w net.ipv4.tcp_fastopen=3 \
16		>/dev/null 2>&1
17}
18
19cleanup() {
20	ip netns del "${NETNS}"
21}
22
23trap cleanup EXIT
24setup
25
26do_test() {
27	# flush routes before each run, otherwise successive runs can
28	# initially present an old TFO cookie
29	ip netns exec "${NETNS}" ip tcp_metrics flush
30	ip netns exec "${NETNS}" ./tcp_fastopen_backup_key "$1"
31	val=$(ip netns exec "${NETNS}" nstat -az | \
32		grep TcpExtTCPFastOpenPassiveFail | awk '{print $2}')
33	if [ "$val" != 0 ]; then
34		echo "FAIL: TcpExtTCPFastOpenPassiveFail non-zero"
35		return 1
36	fi
37}
38
39do_test "-4"
40do_test "-6"
41do_test "-4"
42do_test "-6"
43do_test "-4s"
44do_test "-6s"
45do_test "-4s"
46do_test "-6s"
47do_test "-4r"
48do_test "-6r"
49do_test "-4r"
50do_test "-6r"
51do_test "-4sr"
52do_test "-6sr"
53do_test "-4sr"
54do_test "-6sr"
55echo "all tests done"