Loading...
1// SPDX-License-Identifier: GPL-2.0
2/* Author: Dmitry Safonov <dima@arista.com> */
3#include <inttypes.h>
4#include "aolib.h"
5
6#define fault(type) (inj == FAULT_ ## type)
7
8static inline int test_add_key_maclen(int sk, const char *key, uint8_t maclen,
9 union tcp_addr in_addr, uint8_t prefix,
10 uint8_t sndid, uint8_t rcvid)
11{
12 struct tcp_ao_add tmp = {};
13 int err;
14
15 if (prefix > DEFAULT_TEST_PREFIX)
16 prefix = DEFAULT_TEST_PREFIX;
17
18 err = test_prepare_key(&tmp, DEFAULT_TEST_ALGO, in_addr, false, false,
19 prefix, 0, sndid, rcvid, maclen,
20 0, strlen(key), key);
21 if (err)
22 return err;
23
24 err = setsockopt(sk, IPPROTO_TCP, TCP_AO_ADD_KEY, &tmp, sizeof(tmp));
25 if (err < 0)
26 return -errno;
27
28 return test_verify_socket_key(sk, &tmp);
29}
30
31static void try_accept(const char *tst_name, unsigned int port, const char *pwd,
32 union tcp_addr addr, uint8_t prefix,
33 uint8_t sndid, uint8_t rcvid, uint8_t maclen,
34 const char *cnt_name, test_cnt cnt_expected,
35 fault_t inj)
36{
37 struct tcp_ao_counters ao_cnt1, ao_cnt2;
38 uint64_t before_cnt = 0, after_cnt = 0; /* silence GCC */
39 int lsk, err, sk = 0;
40 time_t timeout;
41
42 lsk = test_listen_socket(this_ip_addr, port, 1);
43
44 if (pwd && test_add_key_maclen(lsk, pwd, maclen, addr, prefix, sndid, rcvid))
45 test_error("setsockopt(TCP_AO_ADD_KEY)");
46
47 if (cnt_name)
48 before_cnt = netstat_get_one(cnt_name, NULL);
49 if (pwd && test_get_tcp_ao_counters(lsk, &ao_cnt1))
50 test_error("test_get_tcp_ao_counters()");
51
52 synchronize_threads(); /* preparations done */
53
54 timeout = fault(TIMEOUT) ? TEST_RETRANSMIT_SEC : TEST_TIMEOUT_SEC;
55 err = test_wait_fd(lsk, timeout, 0);
56 if (err == -ETIMEDOUT) {
57 if (!fault(TIMEOUT))
58 test_fail("timed out for accept()");
59 } else if (err < 0) {
60 test_error("test_wait_fd()");
61 } else {
62 if (fault(TIMEOUT))
63 test_fail("ready to accept");
64
65 sk = accept(lsk, NULL, NULL);
66 if (sk < 0) {
67 test_error("accept()");
68 } else {
69 if (fault(TIMEOUT))
70 test_fail("%s: accepted", tst_name);
71 }
72 }
73
74 if (pwd && test_get_tcp_ao_counters(lsk, &ao_cnt2))
75 test_error("test_get_tcp_ao_counters()");
76
77 close(lsk);
78 if (pwd)
79 test_tcp_ao_counters_cmp(tst_name, &ao_cnt1, &ao_cnt2, cnt_expected);
80
81 if (!cnt_name)
82 goto out;
83
84 after_cnt = netstat_get_one(cnt_name, NULL);
85
86 if (after_cnt <= before_cnt) {
87 test_fail("%s: %s counter did not increase: %zu <= %zu",
88 tst_name, cnt_name, after_cnt, before_cnt);
89 } else {
90 test_ok("%s: counter %s increased %zu => %zu",
91 tst_name, cnt_name, before_cnt, after_cnt);
92 }
93
94out:
95 synchronize_threads(); /* close() */
96 if (sk > 0)
97 close(sk);
98}
99
100static void *server_fn(void *arg)
101{
102 union tcp_addr wrong_addr, network_addr;
103 unsigned int port = test_server_port;
104
105 if (inet_pton(TEST_FAMILY, TEST_WRONG_IP, &wrong_addr) != 1)
106 test_error("Can't convert ip address %s", TEST_WRONG_IP);
107
108 try_accept("Non-AO server + AO client", port++, NULL,
109 this_ip_dest, -1, 100, 100, 0,
110 "TCPAOKeyNotFound", 0, FAULT_TIMEOUT);
111
112 try_accept("AO server + Non-AO client", port++, DEFAULT_TEST_PASSWORD,
113 this_ip_dest, -1, 100, 100, 0,
114 "TCPAORequired", TEST_CNT_AO_REQUIRED, FAULT_TIMEOUT);
115
116 try_accept("Wrong password", port++, "something that is not DEFAULT_TEST_PASSWORD",
117 this_ip_dest, -1, 100, 100, 0,
118 "TCPAOBad", TEST_CNT_BAD, FAULT_TIMEOUT);
119
120 try_accept("Wrong rcv id", port++, DEFAULT_TEST_PASSWORD,
121 this_ip_dest, -1, 100, 101, 0,
122 "TCPAOKeyNotFound", TEST_CNT_AO_KEY_NOT_FOUND, FAULT_TIMEOUT);
123
124 try_accept("Wrong snd id", port++, DEFAULT_TEST_PASSWORD,
125 this_ip_dest, -1, 101, 100, 0,
126 "TCPAOGood", TEST_CNT_GOOD, FAULT_TIMEOUT);
127
128 try_accept("Different maclen", port++, DEFAULT_TEST_PASSWORD,
129 this_ip_dest, -1, 100, 100, 8,
130 "TCPAOBad", TEST_CNT_BAD, FAULT_TIMEOUT);
131
132 try_accept("Server: Wrong addr", port++, DEFAULT_TEST_PASSWORD,
133 wrong_addr, -1, 100, 100, 0,
134 "TCPAOKeyNotFound", TEST_CNT_AO_KEY_NOT_FOUND, FAULT_TIMEOUT);
135
136 try_accept("Client: Wrong addr", port++, NULL,
137 this_ip_dest, -1, 100, 100, 0, NULL, 0, FAULT_TIMEOUT);
138
139 try_accept("rcv id != snd id", port++, DEFAULT_TEST_PASSWORD,
140 this_ip_dest, -1, 200, 100, 0,
141 "TCPAOGood", TEST_CNT_GOOD, 0);
142
143 if (inet_pton(TEST_FAMILY, TEST_NETWORK, &network_addr) != 1)
144 test_error("Can't convert ip address %s", TEST_NETWORK);
145
146 try_accept("Server: prefix match", port++, DEFAULT_TEST_PASSWORD,
147 network_addr, 16, 100, 100, 0,
148 "TCPAOGood", TEST_CNT_GOOD, 0);
149
150 try_accept("Client: prefix match", port++, DEFAULT_TEST_PASSWORD,
151 this_ip_dest, -1, 100, 100, 0,
152 "TCPAOGood", TEST_CNT_GOOD, 0);
153
154 /* client exits */
155 synchronize_threads();
156 return NULL;
157}
158
159static void try_connect(const char *tst_name, unsigned int port,
160 const char *pwd, union tcp_addr addr, uint8_t prefix,
161 uint8_t sndid, uint8_t rcvid,
162 test_cnt cnt_expected, fault_t inj)
163{
164 struct tcp_ao_counters ao_cnt1, ao_cnt2;
165 time_t timeout;
166 int sk, ret;
167
168 sk = socket(test_family, SOCK_STREAM, IPPROTO_TCP);
169 if (sk < 0)
170 test_error("socket()");
171
172 if (pwd && test_add_key(sk, pwd, addr, prefix, sndid, rcvid))
173 test_error("setsockopt(TCP_AO_ADD_KEY)");
174
175 if (pwd && test_get_tcp_ao_counters(sk, &ao_cnt1))
176 test_error("test_get_tcp_ao_counters()");
177
178 synchronize_threads(); /* preparations done */
179
180 timeout = fault(TIMEOUT) ? TEST_RETRANSMIT_SEC : TEST_TIMEOUT_SEC;
181 ret = _test_connect_socket(sk, this_ip_dest, port, timeout);
182
183 if (ret < 0) {
184 if (fault(KEYREJECT) && ret == -EKEYREJECTED) {
185 test_ok("%s: connect() was prevented", tst_name);
186 } else if (ret == -ETIMEDOUT && fault(TIMEOUT)) {
187 test_ok("%s", tst_name);
188 } else if (ret == -ECONNREFUSED &&
189 (fault(TIMEOUT) || fault(KEYREJECT))) {
190 test_ok("%s: refused to connect", tst_name);
191 } else {
192 test_error("%s: connect() returned %d", tst_name, ret);
193 }
194 goto out;
195 }
196
197 if (fault(TIMEOUT) || fault(KEYREJECT))
198 test_fail("%s: connected", tst_name);
199 else
200 test_ok("%s: connected", tst_name);
201 if (pwd && ret > 0) {
202 if (test_get_tcp_ao_counters(sk, &ao_cnt2))
203 test_error("test_get_tcp_ao_counters()");
204 test_tcp_ao_counters_cmp(tst_name, &ao_cnt1, &ao_cnt2, cnt_expected);
205 }
206out:
207 synchronize_threads(); /* close() */
208
209 if (ret > 0)
210 close(sk);
211}
212
213static void *client_fn(void *arg)
214{
215 union tcp_addr wrong_addr, network_addr;
216 unsigned int port = test_server_port;
217
218 if (inet_pton(TEST_FAMILY, TEST_WRONG_IP, &wrong_addr) != 1)
219 test_error("Can't convert ip address %s", TEST_WRONG_IP);
220
221 try_connect("Non-AO server + AO client", port++, DEFAULT_TEST_PASSWORD,
222 this_ip_dest, -1, 100, 100, 0, FAULT_TIMEOUT);
223
224 try_connect("AO server + Non-AO client", port++, NULL,
225 this_ip_dest, -1, 100, 100, 0, FAULT_TIMEOUT);
226
227 try_connect("Wrong password", port++, DEFAULT_TEST_PASSWORD,
228 this_ip_dest, -1, 100, 100, 0, FAULT_TIMEOUT);
229
230 try_connect("Wrong rcv id", port++, DEFAULT_TEST_PASSWORD,
231 this_ip_dest, -1, 100, 100, 0, FAULT_TIMEOUT);
232
233 try_connect("Wrong snd id", port++, DEFAULT_TEST_PASSWORD,
234 this_ip_dest, -1, 100, 100, 0, FAULT_TIMEOUT);
235
236 try_connect("Different maclen", port++, DEFAULT_TEST_PASSWORD,
237 this_ip_dest, -1, 100, 100, 0, FAULT_TIMEOUT);
238
239 try_connect("Server: Wrong addr", port++, DEFAULT_TEST_PASSWORD,
240 this_ip_dest, -1, 100, 100, 0, FAULT_TIMEOUT);
241
242 try_connect("Client: Wrong addr", port++, DEFAULT_TEST_PASSWORD,
243 wrong_addr, -1, 100, 100, 0, FAULT_KEYREJECT);
244
245 try_connect("rcv id != snd id", port++, DEFAULT_TEST_PASSWORD,
246 this_ip_dest, -1, 100, 200, TEST_CNT_GOOD, 0);
247
248 if (inet_pton(TEST_FAMILY, TEST_NETWORK, &network_addr) != 1)
249 test_error("Can't convert ip address %s", TEST_NETWORK);
250
251 try_connect("Server: prefix match", port++, DEFAULT_TEST_PASSWORD,
252 this_ip_dest, -1, 100, 100, TEST_CNT_GOOD, 0);
253
254 try_connect("Client: prefix match", port++, DEFAULT_TEST_PASSWORD,
255 network_addr, 16, 100, 100, TEST_CNT_GOOD, 0);
256
257 return NULL;
258}
259
260int main(int argc, char *argv[])
261{
262 test_init(21, server_fn, client_fn);
263 return 0;
264}