| Quellcodebibliothek Statistik Leitseite products/sources/formale Sprachen/C/Linux/tools/testing/selftests/net/tcp_ao/ (Open Source Betriebssystem Version 6.17.9©) Datei vom 24.10.2025 mit Größe 27 kB |
|
Quelle unsigned-md5.c Sprache: C |
|||||||||||||||
|
// SPDX-License-Identifier: GPL-2.0 /* Author: Dmitry Safonov <dima@arista.com> */ #include <inttypes.h> #include "aolib.h" #define fault(type) (inj == FAULT_ ## type) static const char *md5_password = "Some evil genius, enemy to mankind, must have been static const char *ao_password = DEFAULT_TEST_PASSWORD; static volatile int sk_pair; static union tcp_addr client2; static union tcp_addr client3; static const int test_vrf_ifindex = 200; static const uint8_t test_vrf_tabid = 42; static void setup_vrfs(void) { int err; if (!kernel_config_has(KCONFIG_NET_VRF)) return; err = add_vrf("ksft-vrf", test_vrf_tabid, test_vrf_ifindex, -1); if (err) test_error("Failed to add a VRF: %d", err); err = link_set_up("ksft-vrf"); if (err) test_error("Failed to bring up a VRF"); err = ip_route_add_vrf(veth_name, TEST_FAMILY, this_ip_addr, this_ip_dest, test_vrf_tabid); if (err) test_error("Failed to add a route to VRF: %d", err); } static void try_accept(const char *tst_name, unsigned int port, union tcp_addr *md5_addr, uint8_t md5_prefix, union tcp_addr *ao_addr, uint8_t ao_prefix, bool set_ao_required, uint8_t sndid, uint8_t rcvid, uint8_t vrf, const char *cnt_name, test_cnt cnt_expected, int needs_tcp_md5, fault_t inj) { struct tcp_counters cnt1, cnt2; uint64_t before_cnt = 0, after_cnt = 0; /* silence GCC */ test_cnt poll_cnt = (cnt_expected == TEST_CNT_GOOD) ? 0 : cnt_expected; int lsk, err, sk = -1; if (needs_tcp_md5 && should_skip_test(tst_name, KCONFIG_TCP_MD5)) return; lsk = test_listen_socket(this_ip_addr, port, 1); if (md5_addr && test_set_md5(lsk, *md5_addr, md5_prefix, -1, md5_password)) test_error("setsockopt(TCP_MD5SIG_EXT)"); if (ao_addr && test_add_key(lsk, ao_password, *ao_addr, ao_prefix, sndid, rcvid)) test_error("setsockopt(TCP_AO_ADD_KEY)"); if (set_ao_required && test_set_ao_flags(lsk, true, false)) test_error("setsockopt(TCP_AO_INFO)"); if (cnt_name) before_cnt = netstat_get_one(cnt_name, NULL); if (ao_addr && test_get_tcp_counters(lsk, &cnt1)) test_error("test_get_tcp_counters()"); synchronize_threads(); /* preparations done */ err = test_skpair_wait_poll(lsk, 0, poll_cnt, &sk_pair); synchronize_threads(); /* connect()/accept() timeouts */ if (err == -ETIMEDOUT) { sk_pair = err; if (!fault(TIMEOUT)) test_fail("%s: timed out for accept()", tst_name); } else if (err == -EKEYREJECTED) { if (!fault(KEYREJECT)) test_fail("%s: key was rejected", tst_name); } else if (err < 0) { test_error("test_skpair_wait_poll()"); } else { if (fault(TIMEOUT)) test_fail("%s: ready to accept", tst_name); sk = accept(lsk, NULL, NULL); if (sk < 0) { test_error("accept()"); } else { if (fault(TIMEOUT)) test_fail("%s: accepted", tst_name); } } if (ao_addr && test_get_tcp_counters(lsk, &cnt2)) test_error("test_get_tcp_counters()"); close(lsk); if (!cnt_name) { test_ok("%s: no counter checks", tst_name); goto out; } after_cnt = netstat_get_one(cnt_name, NULL); if (after_cnt <= before_cnt) { test_fail("%s: %s counter did not increase: %" PRIu64 " <= %" PRIu64, tst_name, cnt_name, after_cnt, before_cnt); } else { test_ok("%s: counter %s increased %" PRIu64 " => %" PRIu64, tst_name, cnt_name, before_cnt, after_cnt); } if (ao_addr) test_assert_counters(tst_name, &cnt1, &cnt2, cnt_expected); out: synchronize_threads(); /* test_kill_sk() */ if (sk >= 0) test_kill_sk(sk); } static void server_add_routes(void) { int family = TEST_FAMILY; synchronize_threads(); /* client_add_ips() */ if (ip_route_add(veth_name, family, this_ip_addr, client2)) test_error("Failed to add route"); if (ip_route_add(veth_name, family, this_ip_addr, client3)) test_error("Failed to add route"); } static void server_add_fail_tests(unsigned int *port) { union tcp_addr addr_any = {}; try_accept("TCP-AO established: add TCP-MD5 key", (*port)++, NULL, 0, &addr_any, 0, 0, 100, 100, 0, "TCPAOGood", TEST_CNT_GOOD, 1, 0); try_accept("TCP-MD5 established: add TCP-AO key", (*port)++, &addr_any, 0, NULL, 0, 0, 0, 0, 0, NULL, 0, 1, 0); try_accept("non-signed established: add TCP-AO key", (*port)++, NULL, 0, NULL, 0, 0, 0, 0, 0, "CurrEstab", 0, 0, 0); } static void server_vrf_tests(unsigned int *port) { setup_vrfs(); } static void *server_fn(void *arg) { unsigned int port = test_server_port; union tcp_addr addr_any = {}; server_add_routes(); try_accept("[server] AO server (INADDR_ANY): AO client", port++, NULL, 0, &addr_any, 0, 0, 100, 100, 0, "TCPAOGood", TEST_CNT_GOOD, 0, 0); try_accept("[server] AO server (INADDR_ANY): MD5 client", port++, NULL, 0, &addr_any, 0, 0, 100, 100, 0, "TCPMD5Unexpected", TEST_CNT_NS_MD5_UNEXPECTED, 1, FAULT_TIMEOUT); try_accept("[server] AO server (INADDR_ANY): no sign client", port++, NULL, 0, &addr_any, 0, 0, 100, 100, 0, "TCPAORequired", TEST_CNT_AO_REQUIRED, 0, FAULT_TIMEOUT); try_accept("[server] AO server (AO_REQUIRED): AO client", port++, NULL, 0, &this_ip_dest, TEST_PREFIX, true, 100, 100, 0, "TCPAOGood", TEST_CNT_GOOD, 0, 0); try_accept("[server] AO server (AO_REQUIRED): unsigned client", port++, NULL, 0, &this_ip_dest, TEST_PREFIX, true, 100, 100, 0, "TCPAORequired", TEST_CNT_AO_REQUIRED, 0, FAULT_TIMEOUT); try_accept("[server] MD5 server (INADDR_ANY): AO client", port++, &addr_any, 0, NULL, 0, 0, 0, 0, 0, "TCPAOKeyNotFound", TEST_CNT_NS_KEY_NOT_FOUND, 1, FAULT_TIMEOUT); try_accept("[server] MD5 server (INADDR_ANY): MD5 client", port++, &addr_any, 0, NULL, 0, 0, 0, 0, 0, NULL, 0, 1, 0); try_accept("[server] MD5 server (INADDR_ANY): no sign client", port++, &addr_any, 0, NULL, 0, 0, 0, 0, 0, "TCPMD5NotFound", TEST_CNT_NS_MD5_NOT_FOUND, 1, FAULT_TIMEOUT); try_accept("[server] no sign server: AO client", port++, NULL, 0, NULL, 0, 0, 0, 0, 0, "TCPAOKeyNotFound", TEST_CNT_NS_KEY_NOT_FOUND, 0, FAULT_TIMEOUT); try_accept("[server] no sign server: MD5 client", port++, NULL, 0, NULL, 0, 0, 0, 0, 0, "TCPMD5Unexpected", TEST_CNT_NS_MD5_UNEXPECTED, 1, FAULT_TIMEOUT); try_accept("[server] no sign server: no sign client", port++, NULL, 0, NULL, 0, 0, 0, 0, 0, "CurrEstab", 0, 0, 0); try_accept("[server] AO+MD5 server: AO client (matching)", port++, &this_ip_dest, TEST_PREFIX, &client2, TEST_PREFIX, 0, 100, 100, 0, "TCPAOGood", TEST_CNT_GOOD, 1, 0); try_accept("[server] AO+MD5 server: AO client (misconfig, matching MD5)", port++, &this_ip_dest, TEST_PREFIX, &client2, TEST_PREFIX, 0, 100, 100, 0, "TCPAOKeyNotFound", TEST_CNT_AO_KEY_NOT_FOUND, 1, FAULT_TIMEOUT); try_accept("[server] AO+MD5 server: AO client (misconfig, non-matching)", port++, &this_ip_dest, TEST_PREFIX, &client2, TEST_PREFIX, 0, 100, 100, 0, "TCPAOKeyNotFound", TEST_CNT_AO_KEY_NOT_FOUND, 1, FAULT_TIMEOUT); try_accept("[server] AO+MD5 server: MD5 client (matching)", port++, &this_ip_dest, TEST_PREFIX, &client2, TEST_PREFIX, 0, 100, 100, 0, NULL, 0, 1, 0); try_accept("[server] AO+MD5 server: MD5 client (misconfig, matching AO)", port++, &this_ip_dest, TEST_PREFIX, &client2, TEST_PREFIX, 0, 100, 100, 0, "TCPMD5Unexpected", TEST_CNT_NS_MD5_UNEXPECTED, 1, FAULT_TIMEOUT); try_accept("[server] AO+MD5 server: MD5 client (misconfig, non-matching)", port++ &this_ip_dest, TEST_PREFIX, &client2, TEST_PREFIX, 0, 100, 100, 0, "TCPMD5Unexpected", TEST_CNT_NS_MD5_UNEXPECTED, 1, FAULT_TIMEOUT); try_accept("[server] AO+MD5 server: no sign client (unmatched)", port++, &this_ip_dest, TEST_PREFIX, &client2, TEST_PREFIX, 0, 100, 100, 0, "CurrEstab", 0, 1, 0); try_accept("[server] AO+MD5 server: no sign client (misconfig, matching AO)", port++, &this_ip_dest, TEST_PREFIX, &client2, TEST_PREFIX, 0, 100, 100, 0, "TCPAORequired", TEST_CNT_AO_REQUIRED, 1, FAULT_TIMEOUT); try_accept("[server] AO+MD5 server: no sign client (misconfig, matching MD5)", port++, &this_ip_dest, TEST_PREFIX, &client2, TEST_PREFIX, 0, 100, 100, 0, "TCPMD5NotFound", TEST_CNT_NS_MD5_NOT_FOUND, 1, FAULT_TIMEOUT); /* Key rejected by the other side, failing short through skpair */ try_accept("[server] AO+MD5 server: client with both [TCP-MD5] and TCP-AO keys", port++, &this_ip_dest, TEST_PREFIX, &client2, TEST_PREFIX, 0, 100, 100, 0, NULL, 0, 1, FAULT_KEYREJECT); try_accept("[server] AO+MD5 server: client with both TCP-MD5 and [TCP-AO] keys", port++, &this_ip_dest, TEST_PREFIX, &client2, TEST_PREFIX, 0, 100, 100, 0, NULL, 0, 1, FAULT_KEYREJECT); server_add_fail_tests(&port); server_vrf_tests(&port); /* client exits */ synchronize_threads(); return NULL; } static int client_bind(int sk, union tcp_addr bind_addr) { #ifdef IPV6_TEST struct sockaddr_in6 addr = { .sin6_family = AF_INET6, .sin6_port = 0, .sin6_addr = bind_addr.a6, }; #else struct sockaddr_in addr = { .sin_family = AF_INET, .sin_port = 0, .sin_addr = bind_addr.a4, }; #endif return bind(sk, &addr, sizeof(addr)); } static void try_connect(const char *tst_name, unsigned int port, union tcp_addr *md5_addr, uint8_t md5_prefix, union tcp_addr *ao_addr, uint8_t ao_prefix, uint8_t sndid, uint8_t rcvid, uint8_t vrf, fault_t inj, int needs_tcp_md5, union tcp_addr *bind_addr) { int sk, ret; if (needs_tcp_md5 && should_skip_test(tst_name, KCONFIG_TCP_MD5)) return; sk = socket(test_family, SOCK_STREAM, IPPROTO_TCP); if (sk < 0) test_error("socket()"); if (bind_addr && client_bind(sk, *bind_addr)) test_error("bind()"); if (md5_addr && test_set_md5(sk, *md5_addr, md5_prefix, -1, md5_password)) test_error("setsockopt(TCP_MD5SIG_EXT)"); if (ao_addr && test_add_key(sk, ao_password, *ao_addr, ao_prefix, sndid, rcvid)) test_error("setsockopt(TCP_AO_ADD_KEY)"); synchronize_threads(); /* preparations done */ ret = test_skpair_connect_poll(sk, this_ip_dest, port, 0, &sk_pair); synchronize_threads(); /* connect()/accept() timeouts */ if (ret < 0) { sk_pair = ret; if (fault(KEYREJECT) && ret == -EKEYREJECTED) test_ok("%s: connect() was prevented", tst_name); else if (ret == -ETIMEDOUT && fault(TIMEOUT)) test_ok("%s", tst_name); else if (ret == -ECONNREFUSED && (fault(TIMEOUT) || fault(KEYREJECT))) test_ok("%s: refused to connect", tst_name); else test_error("%s: connect() returned %d", tst_name, ret); goto out; } if (fault(TIMEOUT) || fault(KEYREJECT)) test_fail("%s: connected", tst_name); else test_ok("%s: connected", tst_name); out: synchronize_threads(); /* test_kill_sk() */ if (ret > 0) /* test_skpair_connect_poll() cleans up on failure */ test_kill_sk(sk); } #define PREINSTALL_MD5_FIRST BIT(0) #define PREINSTALL_AO BIT(1) #define POSTINSTALL_AO BIT(2) #define PREINSTALL_MD5 BIT(3) #define POSTINSTALL_MD5 BIT(4) static int try_add_key_vrf(int sk, union tcp_addr in_addr, uint8_t prefix, int vrf, uint8_t sndid, uint8_t rcvid, bool set_ao_required) { uint8_t keyflags = 0; if (vrf >= 0) keyflags |= TCP_AO_KEYF_IFINDEX; else vrf = 0; if (set_ao_required) { int err = test_set_ao_flags(sk, true, 0); if (err) return err; } return test_add_key_vrf(sk, ao_password, keyflags, in_addr, prefix, (uint8_t)vrf, sndid, rcvid); } static bool test_continue(const char *tst_name, int err, fault_t inj, bool added_ao) { bool expected_to_fail; expected_to_fail = fault(PREINSTALL_AO) && added_ao; expected_to_fail |= fault(PREINSTALL_MD5) && !added_ao; if (!err) { if (!expected_to_fail) return true; test_fail("%s: setsockopt()s were expected to fail", tst_name); return false; } if (err != -EKEYREJECTED || !expected_to_fail) { test_error("%s: setsockopt(%s) = %d", tst_name, added_ao ? "TCP_AO_ADD_KEY" : "TCP_MD5SIG_EXT", err); return false; } test_ok("%s: prefailed as expected: %m", tst_name); return false; } static int open_add(const char *tst_name, unsigned int port, unsigned int strategy, union tcp_addr md5_addr, uint8_t md5_prefix, int md5_vrf, union tcp_addr ao_addr, uint8_t ao_prefix, int ao_vrf, bool set_ao_required, uint8_t sndid, uint8_t rcvid, fault_t inj) { int sk; sk = socket(test_family, SOCK_STREAM, IPPROTO_TCP); if (sk < 0) test_error("socket()"); if (client_bind(sk, this_ip_addr)) test_error("bind()"); if (strategy & PREINSTALL_MD5_FIRST) { if (test_set_md5(sk, md5_addr, md5_prefix, md5_vrf, md5_password)) test_error("setsockopt(TCP_MD5SIG_EXT)"); } if (strategy & PREINSTALL_AO) { int err = try_add_key_vrf(sk, ao_addr, ao_prefix, ao_vrf, sndid, rcvid, set_ao_required); if (!test_continue(tst_name, err, inj, true)) { close(sk); return -1; } } if (strategy & PREINSTALL_MD5) { errno = 0; test_set_md5(sk, md5_addr, md5_prefix, md5_vrf, md5_password); if (!test_continue(tst_name, -errno, inj, false)) { close(sk); return -1; } } return sk; } static void try_to_preadd(const char *tst_name, unsigned int port, unsigned int strategy, union tcp_addr md5_addr, uint8_t md5_prefix, int md5_vrf, union tcp_addr ao_addr, uint8_t ao_prefix, int ao_vrf, bool set_ao_required, uint8_t sndid, uint8_t rcvid, int needs_tcp_md5, int needs_vrf, fault_t inj) { int sk; if (needs_tcp_md5 && should_skip_test(tst_name, KCONFIG_TCP_MD5)) return; if (needs_vrf && should_skip_test(tst_name, KCONFIG_NET_VRF)) return; sk = open_add(tst_name, port, strategy, md5_addr, md5_prefix, md5_vrf, ao_addr, ao_prefix, ao_vrf, set_ao_required, sndid, rcvid, inj); if (sk < 0) return; test_ok("%s", tst_name); close(sk); } static void try_to_add(const char *tst_name, unsigned int port, unsigned int strategy, union tcp_addr md5_addr, uint8_t md5_prefix, int md5_vrf, union tcp_addr ao_addr, uint8_t ao_prefix, int ao_vrf, uint8_t sndid, uint8_t rcvid, int needs_tcp_md5, fault_t inj) { int sk, ret; if (needs_tcp_md5 && should_skip_test(tst_name, KCONFIG_TCP_MD5)) return; sk = open_add(tst_name, port, strategy, md5_addr, md5_prefix, md5_vrf, ao_addr, ao_prefix, ao_vrf, 0, sndid, rcvid, inj); if (sk < 0) return; synchronize_threads(); /* preparations done */ ret = test_skpair_connect_poll(sk, this_ip_dest, port, 0, &sk_pair); synchronize_threads(); /* connect()/accept() timeouts */ if (ret < 0) { test_error("%s: connect() returned %d", tst_name, ret); goto out; } if (strategy & POSTINSTALL_MD5) { if (test_set_md5(sk, md5_addr, md5_prefix, md5_vrf, md5_password)) { if (fault(POSTINSTALL)) { test_ok("%s: postfailed as expected", tst_name); goto out; } else { test_error("setsockopt(TCP_MD5SIG_EXT)"); } } else if (fault(POSTINSTALL)) { test_fail("%s: post setsockopt() was expected to fail", tst_name); goto out; } } if (strategy & POSTINSTALL_AO) { if (try_add_key_vrf(sk, ao_addr, ao_prefix, ao_vrf, sndid, rcvid, 0)) { if (fault(POSTINSTALL)) { test_ok("%s: postfailed as expected", tst_name); goto out; } else { test_error("setsockopt(TCP_AO_ADD_KEY)"); } } else if (fault(POSTINSTALL)) { test_fail("%s: post setsockopt() was expected to fail", tst_name); goto out; } } out: synchronize_threads(); /* test_kill_sk() */ if (ret > 0) /* test_skpair_connect_poll() cleans up on failure */ test_kill_sk(sk); } static void client_add_ip(union tcp_addr *client, const char *ip) { int err, family = TEST_FAMILY; if (inet_pton(family, ip, client) != 1) test_error("Can't convert ip address %s", ip); err = ip_addr_add(veth_name, family, *client, TEST_PREFIX); if (err) test_error("Failed to add ip address: %d", err); } static void client_add_ips(void) { client_add_ip(&client2, __TEST_CLIENT_IP(2)); client_add_ip(&client3, __TEST_CLIENT_IP(3)); synchronize_threads(); /* server_add_routes() */ } static void client_add_fail_tests(unsigned int *port) { try_to_add("TCP-AO established: add TCP-MD5 key", (*port)++, POSTINSTALL_MD5 | PREINSTALL_AO, this_ip_dest, TEST_PREFIX, -1, this_ip_dest, TEST_PREFIX, 0, 100, 100, 1, FAULT_POSTINSTALL); try_to_add("TCP-MD5 established: add TCP-AO key", (*port)++, PREINSTALL_MD5 | POSTINSTALL_AO, this_ip_dest, TEST_PREFIX, -1, this_ip_dest, TEST_PREFIX, 0, 100, 100, 1, FAULT_POSTINSTALL); try_to_add("non-signed established: add TCP-AO key", (*port)++, POSTINSTALL_AO, this_ip_dest, TEST_PREFIX, -1, this_ip_dest, TEST_PREFIX, 0, 100, 100, 0, FAULT_POSTINSTALL); try_to_add("TCP-AO key intersects with existing TCP-MD5 key", (*port)++, PREINSTALL_MD5_FIRST | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, -1, this_ip_addr, TEST_PREFIX, -1, 100, 100, 1, FAULT_PREINSTALL_AO); try_to_add("TCP-MD5 key intersects with existing TCP-AO key", (*port)++, PREINSTALL_MD5 | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, -1, this_ip_addr, TEST_PREFIX, -1, 100, 100, 1, FAULT_PREINSTALL_MD5); try_to_preadd("TCP-MD5 key + TCP-AO required", (*port)++, PREINSTALL_MD5_FIRST | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, -1, this_ip_addr, TEST_PREFIX, -1, true, 100, 100, 1, 0, FAULT_PREINSTALL_AO); try_to_preadd("TCP-AO required on socket + TCP-MD5 key", (*port)++, PREINSTALL_MD5 | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, -1, this_ip_addr, TEST_PREFIX, -1, true, 100, 100, 1, 0, FAULT_PREINSTALL_MD5); } static void client_vrf_tests(unsigned int *port) { setup_vrfs(); /* The following restrictions for setsockopt()s are expected: * * |--------------|-----------------|-------------|-------------| * | | MD5 key without | MD5 key | MD5 key | * | | l3index | l3index=0 | l3index=N | * |--------------|-----------------|-------------|-------------| * | TCP-AO key | | | | * | without | reject | reject | reject | * | l3index | | | | * |--------------|-----------------|-------------|-------------| * | TCP-AO key | | | | * | l3index=0 | reject | reject | allow | * |--------------|-----------------|-------------|-------------| * | TCP-AO key | | | | * | l3index=N | reject | allow | reject | * |--------------|-----------------|-------------|-------------| */ try_to_preadd("VRF: TCP-AO key (no l3index) + TCP-MD5 key (no l3index)", (*port)++, PREINSTALL_MD5 | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, -1, this_ip_addr, TEST_PREFIX, -1, 0, 100, 100, 1, 1, FAULT_PREINSTALL_MD5); try_to_preadd("VRF: TCP-MD5 key (no l3index) + TCP-AO key (no l3index)", (*port)++, PREINSTALL_MD5_FIRST | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, -1, this_ip_addr, TEST_PREFIX, -1, 0, 100, 100, 1, 1, FAULT_PREINSTALL_AO); try_to_preadd("VRF: TCP-AO key (no l3index) + TCP-MD5 key (l3index=0)", (*port)++, PREINSTALL_MD5 | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, 0, this_ip_addr, TEST_PREFIX, -1, 0, 100, 100, 1, 1, FAULT_PREINSTALL_MD5); try_to_preadd("VRF: TCP-MD5 key (l3index=0) + TCP-AO key (no l3index)", (*port)++, PREINSTALL_MD5_FIRST | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, 0, this_ip_addr, TEST_PREFIX, -1, 0, 100, 100, 1, 1, FAULT_PREINSTALL_AO); try_to_preadd("VRF: TCP-AO key (no l3index) + TCP-MD5 key (l3index=N)", (*port)++, PREINSTALL_MD5 | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, test_vrf_ifindex, this_ip_addr, TEST_PREFIX, -1, 0, 100, 100, 1, 1, FAULT_PREINSTALL_MD5); try_to_preadd("VRF: TCP-MD5 key (l3index=N) + TCP-AO key (no l3index)", (*port)++, PREINSTALL_MD5_FIRST | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, test_vrf_ifindex, this_ip_addr, TEST_PREFIX, -1, 0, 100, 100, 1, 1, FAULT_PREINSTALL_AO); try_to_preadd("VRF: TCP-AO key (l3index=0) + TCP-MD5 key (no l3index)", (*port)++, PREINSTALL_MD5 | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, -1, this_ip_addr, TEST_PREFIX, 0, 0, 100, 100, 1, 1, FAULT_PREINSTALL_MD5); try_to_preadd("VRF: TCP-MD5 key (no l3index) + TCP-AO key (l3index=0)", (*port)++, PREINSTALL_MD5_FIRST | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, -1, this_ip_addr, TEST_PREFIX, 0, 0, 100, 100, 1, 1, FAULT_PREINSTALL_AO); try_to_preadd("VRF: TCP-AO key (l3index=0) + TCP-MD5 key (l3index=0)", (*port)++, PREINSTALL_MD5 | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, 0, this_ip_addr, TEST_PREFIX, 0, 0, 100, 100, 1, 1, FAULT_PREINSTALL_MD5); try_to_preadd("VRF: TCP-MD5 key (l3index=0) + TCP-AO key (l3index=0)", (*port)++, PREINSTALL_MD5_FIRST | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, 0, this_ip_addr, TEST_PREFIX, 0, 0, 100, 100, 1, 1, FAULT_PREINSTALL_AO); try_to_preadd("VRF: TCP-AO key (l3index=0) + TCP-MD5 key (l3index=N)", (*port)++, PREINSTALL_MD5 | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, test_vrf_ifindex, this_ip_addr, TEST_PREFIX, 0, 0, 100, 100, 1, 1, 0); try_to_preadd("VRF: TCP-MD5 key (l3index=N) + TCP-AO key (l3index=0)", (*port)++, PREINSTALL_MD5_FIRST | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, test_vrf_ifindex, this_ip_addr, TEST_PREFIX, 0, 0, 100, 100, 1, 1, 0); try_to_preadd("VRF: TCP-AO key (l3index=N) + TCP-MD5 key (no l3index)", (*port)++, PREINSTALL_MD5 | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, test_vrf_ifindex, this_ip_addr, TEST_PREFIX, -1, 0, 100, 100, 1, 1, FAULT_PREINSTALL_MD5); try_to_preadd("VRF: TCP-MD5 key (no l3index) + TCP-AO key (l3index=N)", (*port)++, PREINSTALL_MD5_FIRST | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, -1, this_ip_addr, TEST_PREFIX, test_vrf_ifindex, 0, 100, 100, 1, 1, FAULT_PREINSTALL_AO); try_to_preadd("VRF: TCP-AO key (l3index=N) + TCP-MD5 key (l3index=0)", (*port)++, PREINSTALL_MD5 | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, 0, this_ip_addr, TEST_PREFIX, test_vrf_ifindex, 0, 100, 100, 1, 1, 0); try_to_preadd("VRF: TCP-MD5 key (l3index=0) + TCP-AO key (l3index=N)", (*port)++, PREINSTALL_MD5_FIRST | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, 0, this_ip_addr, TEST_PREFIX, test_vrf_ifindex, 0, 100, 100, 1, 1, 0); try_to_preadd("VRF: TCP-AO key (l3index=N) + TCP-MD5 key (l3index=N)", (*port)++, PREINSTALL_MD5 | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, test_vrf_ifindex, this_ip_addr, TEST_PREFIX, test_vrf_ifindex, 0, 100, 100, 1, 1, FAULT_PREINSTALL_MD5); try_to_preadd("VRF: TCP-MD5 key (l3index=N) + TCP-AO key (l3index=N)", (*port)++, PREINSTALL_MD5_FIRST | PREINSTALL_AO, this_ip_addr, TEST_PREFIX, test_vrf_ifindex, this_ip_addr, TEST_PREFIX, test_vrf_ifindex, 0, 100, 100, 1, 1, FAULT_PREINSTALL_AO); } static void *client_fn(void *arg) { unsigned int port = test_server_port; union tcp_addr addr_any = {}; client_add_ips(); try_connect("AO server (INADDR_ANY): AO client", port++, NULL, 0, &addr_any, 0, 100, 100, 0, 0, 0, &this_ip_addr); trace_hash_event_expect(TCP_HASH_MD5_UNEXPECTED, this_ip_addr, this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("AO server (INADDR_ANY): MD5 client", port++, &addr_any, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &this_ip_addr); trace_hash_event_expect(TCP_HASH_AO_REQUIRED, this_ip_addr, this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("AO server (INADDR_ANY): unsigned client", port++, NULL, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 0, &this_ip_addr); try_connect("AO server (AO_REQUIRED): AO client", port++, NULL, 0, &addr_any, 0, 100, 100, 0, 0, 0, &this_ip_addr); trace_hash_event_expect(TCP_HASH_AO_REQUIRED, client2, this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("AO server (AO_REQUIRED): unsigned client", port++, NULL, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 0, &client2); trace_ao_event_expect(TCP_AO_KEY_NOT_FOUND, this_ip_addr, this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0, 100, 100, -1); try_connect("MD5 server (INADDR_ANY): AO client", port++, NULL, 0, &addr_any, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &this_ip_addr); try_connect("MD5 server (INADDR_ANY): MD5 client", port++, &addr_any, 0, NULL, 0, 100, 100, 0, 0, 1, &this_ip_addr); trace_hash_event_expect(TCP_HASH_MD5_REQUIRED, this_ip_addr, this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("MD5 server (INADDR_ANY): no sign client", port++, NULL, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &this_ip_addr); trace_ao_event_expect(TCP_AO_KEY_NOT_FOUND, this_ip_addr, this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0, 100, 100, -1); try_connect("no sign server: AO client", port++, NULL, 0, &addr_any, 0, 100, 100, 0, FAULT_TIMEOUT, 0, &this_ip_addr); trace_hash_event_expect(TCP_HASH_MD5_UNEXPECTED, this_ip_addr, this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("no sign server: MD5 client", port++, &addr_any, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &this_ip_addr); try_connect("no sign server: no sign client", port++, NULL, 0, NULL, 0, 100, 100, 0, 0, 0, &this_ip_addr); try_connect("AO+MD5 server: AO client (matching)", port++, NULL, 0, &addr_any, 0, 100, 100, 0, 0, 1, &client2); trace_ao_event_expect(TCP_AO_KEY_NOT_FOUND, this_ip_addr, this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0, 100, 100, -1); try_connect("AO+MD5 server: AO client (misconfig, matching MD5)", port++, NULL, 0, &addr_any, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &this_ip_addr); trace_ao_event_expect(TCP_AO_KEY_NOT_FOUND, client3, this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0, 100, 100, -1); try_connect("AO+MD5 server: AO client (misconfig, non-matching)", port++, NULL, 0, &addr_any, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &client3); try_connect("AO+MD5 server: MD5 client (matching)", port++, &addr_any, 0, NULL, 0, 100, 100, 0, 0, 1, &this_ip_addr); trace_hash_event_expect(TCP_HASH_MD5_UNEXPECTED, client2, this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("AO+MD5 server: MD5 client (misconfig, matching AO)", port++, &addr_any, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &client2); trace_hash_event_expect(TCP_HASH_MD5_UNEXPECTED, client3, this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("AO+MD5 server: MD5 client (misconfig, non-matching)", port++, &addr_any, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &client3); try_connect("AO+MD5 server: no sign client (unmatched)", port++, NULL, 0, NULL, 0, 100, 100, 0, 0, 1, &client3); trace_hash_event_expect(TCP_HASH_AO_REQUIRED, client2, this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("AO+MD5 server: no sign client (misconfig, matching AO)", port++, NULL, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &client2); trace_hash_event_expect(TCP_HASH_MD5_REQUIRED, this_ip_addr, this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("AO+MD5 server: no sign client (misconfig, matching MD5)", port++, NULL, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &this_ip_addr); try_connect("AO+MD5 server: client with both [TCP-MD5] and TCP-AO keys", port++, &this_ip_addr, TEST_PREFIX, &client2, TEST_PREFIX, 100, 100, 0, FAULT_KEYREJECT, 1, &this_ip_addr); try_connect("AO+MD5 server: client with both TCP-MD5 and [TCP-AO] keys", port++, &this_ip_addr, TEST_PREFIX, &client2, TEST_PREFIX, 100, 100, 0, FAULT_KEYREJECT, 1, &client2); client_add_fail_tests(&port); client_vrf_tests(&port); return NULL; } int main(int argc, char *argv[]) { test_init(73, server_fn, client_fn); return 0; }
¤ Dauer der Verarbeitung: 0.7 Sekunden ¤*© Formatika GbR, Deutschland |
|
||||||||||||||
2026-04-04