From nobody Wed Jul 13 16:47:38 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C91A217FC4AF; Wed, 13 Jul 2022 16:47:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ljk7Z5DJlz3WN9; Wed, 13 Jul 2022 16:47:38 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1657730858; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KGwsoE8HwAQ64rYLKYM8GknoPWW8j9d7nk4lgxxaJ4s=; b=g6YFRkozHG7qoviLkF6KK8hcRSQEfMGM4C4sr9mDgpNt1uqvwUy4BLdnBr6CSnasv4rMCR Cu3MnO2DSPgi/EJdsp4ujhIWQZ/YR1tbewtRmDn81gk1gKeF/D5FmbnS5cfeVNV9kUgQXQ 64pqsqyAEiCViRbbHaVKZ9y7ewsAHrcCEARHjn1BV4uau81JfIK6PHZDuk28swcQV6wUdU l04jTmjSSa9b3TqdzibItqS8cWxjkF9LuS0Sy5nbugVhusss/ceA9efKrZ+JqrAjgC80/K 2KtBFpoXLjTFkHQZTK1GvGpmMDr5uK9U23TQ5x2yh5JY16qbSGGpjq/j90cGQQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Ljk7Z4GK6zW3K; Wed, 13 Jul 2022 16:47:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 26DGlcCM052203; Wed, 13 Jul 2022 16:47:38 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 26DGlcFY052202; Wed, 13 Jul 2022 16:47:38 GMT (envelope-from git) Date: Wed, 13 Jul 2022 16:47:38 GMT Message-Id: <202207131647.26DGlcFY052202@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 3736087e5815 - stable/13 - ktls_test: Permit connecting to a remote echo server for tests. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 3736087e58153bc6c049d1df0ce19baf1c432569 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1657730858; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KGwsoE8HwAQ64rYLKYM8GknoPWW8j9d7nk4lgxxaJ4s=; b=xarx3e+3PNj6vjZ2xWmBdv6gESoUE2Jmsz6/j0jbCoha0WjEIQ9tEWyTnL/9wU3vGJSlWM Etw3kxot08Evz2XNuFG7FWFAc8ghHtUNO+qXjCrHIob/KECjmEpFeEGDGJpCf3CRLc3tmy HF3aOCT1ohmi0pFgUvwtLnew2FUj1PYph9g75/Db+v4ff95wVxRHAMylkPSidAHqKkTMbg qHU+4p4M4/G+vbLK+Ec0vz+NHxT/Faw6jy0JeKc86mrGqPnbeX94Hc8M30U1gg9JfJ4JgW Ns6agvh9Bq+zMqi6fQRmdfJE3o3SQh9IKOj6fQhfGJZBRvyA+cgEcGjlLPayoQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1657730858; a=rsa-sha256; cv=none; b=Ev7J8hfobyDA/Iwmx+y7EbjSkSuF31Gp1CnhHAksaP+DGtnSqzv43D/NxwZeW4D39iI5kC CMz+l0WuM6KBgTAF8sHYO8ZvTsEWLe9R6OWmJdCoBp1dzngbsGtwCznF4q93AJIuPrQh6n oR/2CG5VG+Q6DDLXrfgxxDf67nRVtq7nPmjvjSFpzPE+a1DqahBuNkiK8UHGx0KjbmAHwl rTWEaejG1wl9Z7Uyo29DDd/SyqAHj6KSlPaSwZ/RHx6Q6QrGJTVs35khkikBcM/RroFCtW 6kdG9U6YW7P1Za08vPVa7/X9xkAmpSxnWnia+DllxA5pxKfWgS5Ys3dGUX6Qrw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=3736087e58153bc6c049d1df0ce19baf1c432569 commit 3736087e58153bc6c049d1df0ce19baf1c432569 Author: John Baldwin AuthorDate: 2022-06-14 17:34:51 +0000 Commit: John Baldwin CommitDate: 2022-07-13 16:19:32 +0000 ktls_test: Permit connecting to a remote echo server for tests. Previously ktls tests always executed over a local socket pair. ktls.host can be set to a host to connect to with a single socket instead. The remote end is expected to echo back any data received (such as the echo service). The port can be set with ktls.port which defaults to "echo". This is primarily useful to permit testing NIC TLS offload use cases where the traffic needs to transit the NIC. Note that the variables must be set via 'kyua -v test_suites.FreeBSD.ktls.host=host'. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D35426 (cherry picked from commit 2400a7b18f984664638cbf978687e6d2c00da2e7) --- tests/sys/kern/ktls_test.c | 116 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 92 insertions(+), 24 deletions(-) diff --git a/tests/sys/kern/ktls_test.c b/tests/sys/kern/ktls_test.c index d5cbc727734a..914b05edfd31 100644 --- a/tests/sys/kern/ktls_test.c +++ b/tests/sys/kern/ktls_test.c @@ -38,6 +38,7 @@ #include #include #include +#include #include #include #include @@ -161,10 +162,72 @@ socketpair_tcp(int sv[2]) return (true); } +static bool +echo_socket(const atf_tc_t *tc, int sv[2]) +{ + const char *cause, *host, *port; + struct addrinfo hints, *ai, *tofree; + int error, flags, s; + + host = atf_tc_get_config_var(tc, "ktls.host"); + port = atf_tc_get_config_var_wd(tc, "ktls.port", "echo"); + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + error = getaddrinfo(host, port, &hints, &tofree); + if (error != 0) { + warnx("getaddrinfo(%s:%s) failed: %s", host, port, + gai_strerror(error)); + return (false); + } + + cause = NULL; + for (ai = tofree; ai != NULL; ai = ai->ai_next) { + s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + if (s == -1) { + cause = "socket"; + error = errno; + continue; + } + + if (connect(s, ai->ai_addr, ai->ai_addrlen) == -1) { + cause = "connect"; + error = errno; + close(s); + continue; + } + + freeaddrinfo(tofree); + + ATF_REQUIRE((flags = fcntl(s, F_GETFL)) != -1); + flags |= O_NONBLOCK; + ATF_REQUIRE(fcntl(s, F_SETFL, flags) != -1); + + sv[0] = s; + sv[1] = s; + return (true); + } + + warnc(error, "%s", cause); + freeaddrinfo(tofree); + return (false); +} + +static bool +open_sockets(const atf_tc_t *tc, int sv[2]) +{ + if (atf_tc_has_config_var(tc, "ktls.host")) + return (echo_socket(tc, sv)); + else + return (socketpair_tcp(sv)); +} + static void close_sockets(int sv[2]) { - ATF_REQUIRE(close(sv[1]) == 0); + if (sv[0] != sv[1]) + ATF_REQUIRE(close(sv[1]) == 0); ATF_REQUIRE(close(sv[0]) == 0); } @@ -894,7 +957,8 @@ encrypt_tls_record(struct tls_enable *en, uint8_t record_type, uint64_t seqno, } static void -test_ktls_transmit_app_data(struct tls_enable *en, uint64_t seqno, size_t len) +test_ktls_transmit_app_data(const atf_tc_t *tc, struct tls_enable *en, + uint64_t seqno, size_t len) { struct kevent ev; struct tls_record_layer *hdr; @@ -913,7 +977,7 @@ test_ktls_transmit_app_data(struct tls_enable *en, uint64_t seqno, size_t len) ATF_REQUIRE((kq = kqueue()) != -1); - ATF_REQUIRE_MSG(socketpair_tcp(sockets), "failed to create sockets"); + ATF_REQUIRE_MSG(open_sockets(tc, sockets), "failed to create sockets"); ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en, sizeof(*en)) == 0); @@ -1031,8 +1095,8 @@ ktls_send_control_message(int fd, uint8_t type, void *data, size_t len) } static void -test_ktls_transmit_control(struct tls_enable *en, uint64_t seqno, uint8_t type, - size_t len) +test_ktls_transmit_control(const atf_tc_t *tc, struct tls_enable *en, + uint64_t seqno, uint8_t type, size_t len) { struct tls_record_layer *hdr; char *plaintext, *decrypted, *outbuf; @@ -1049,7 +1113,7 @@ test_ktls_transmit_control(struct tls_enable *en, uint64_t seqno, uint8_t type, outbuf = malloc(outbuf_cap); hdr = (struct tls_record_layer *)outbuf; - ATF_REQUIRE_MSG(socketpair_tcp(sockets), "failed to create sockets"); + ATF_REQUIRE_MSG(open_sockets(tc, sockets), "failed to create sockets"); ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en, sizeof(*en)) == 0); @@ -1089,7 +1153,8 @@ test_ktls_transmit_control(struct tls_enable *en, uint64_t seqno, uint8_t type, } static void -test_ktls_transmit_empty_fragment(struct tls_enable *en, uint64_t seqno) +test_ktls_transmit_empty_fragment(const atf_tc_t *tc, struct tls_enable *en, + uint64_t seqno) { struct tls_record_layer *hdr; char *outbuf; @@ -1102,7 +1167,7 @@ test_ktls_transmit_empty_fragment(struct tls_enable *en, uint64_t seqno) outbuf = malloc(outbuf_cap); hdr = (struct tls_record_layer *)outbuf; - ATF_REQUIRE_MSG(socketpair_tcp(sockets), "failed to create sockets"); + ATF_REQUIRE_MSG(open_sockets(tc, sockets), "failed to create sockets"); ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en, sizeof(*en)) == 0); @@ -1195,8 +1260,8 @@ ktls_receive_tls_record(struct tls_enable *en, int fd, uint8_t record_type, } static void -test_ktls_receive_app_data(struct tls_enable *en, uint64_t seqno, size_t len, - size_t padding) +test_ktls_receive_app_data(const atf_tc_t *tc, struct tls_enable *en, + uint64_t seqno, size_t len, size_t padding) { struct kevent ev; char *plaintext, *received, *outbuf; @@ -1212,7 +1277,7 @@ test_ktls_receive_app_data(struct tls_enable *en, uint64_t seqno, size_t len, ATF_REQUIRE((kq = kqueue()) != -1); - ATF_REQUIRE_MSG(socketpair_tcp(sockets), "failed to create sockets"); + ATF_REQUIRE_MSG(open_sockets(tc, sockets), "failed to create sockets"); ATF_REQUIRE(setsockopt(sockets[0], IPPROTO_TCP, TCP_RXTLS_ENABLE, en, sizeof(*en)) == 0); @@ -1354,7 +1419,7 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_##name, tc) \ seqno = random(); \ build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ &en); \ - test_ktls_transmit_app_data(&en, seqno, len); \ + test_ktls_transmit_app_data(tc, &en, seqno, len); \ free_tls_enable(&en); \ } @@ -1374,7 +1439,7 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_##name, tc) \ seqno = random(); \ build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ &en); \ - test_ktls_transmit_control(&en, seqno, type, len); \ + test_ktls_transmit_control(tc, &en, seqno, type, len); \ free_tls_enable(&en); \ } @@ -1394,7 +1459,7 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_empty_fragment, tc) \ seqno = random(); \ build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ &en); \ - test_ktls_transmit_empty_fragment(&en, seqno); \ + test_ktls_transmit_empty_fragment(tc, &en, seqno); \ free_tls_enable(&en); \ } @@ -1525,11 +1590,12 @@ AES_GCM_TESTS(GEN_TRANSMIT_EMPTY_FRAGMENT_TEST); CHACHA20_TESTS(GEN_TRANSMIT_EMPTY_FRAGMENT_TEST); static void -test_ktls_invalid_transmit_cipher_suite(struct tls_enable *en) +test_ktls_invalid_transmit_cipher_suite(const atf_tc_t *tc, + struct tls_enable *en) { int sockets[2]; - ATF_REQUIRE_MSG(socketpair_tcp(sockets), "failed to create sockets"); + ATF_REQUIRE_MSG(open_sockets(tc, sockets), "failed to create sockets"); ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en, sizeof(*en)) == -1); @@ -1550,7 +1616,7 @@ ATF_TC_BODY(ktls_transmit_invalid_##name, tc) \ seqno = random(); \ build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ &en); \ - test_ktls_invalid_transmit_cipher_suite(&en); \ + test_ktls_invalid_transmit_cipher_suite(tc, &en); \ free_tls_enable(&en); \ } @@ -1599,7 +1665,7 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_##name, tc) \ seqno = random(); \ build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ &en); \ - test_ktls_receive_app_data(&en, seqno, len, padding); \ + test_ktls_receive_app_data(tc, &en, seqno, len, padding); \ free_tls_enable(&en); \ } @@ -1657,11 +1723,12 @@ CHACHA20_TESTS(GEN_RECEIVE_TESTS); TLS_13_TESTS(GEN_PADDING_RECEIVE_TESTS); static void -test_ktls_invalid_receive_cipher_suite(struct tls_enable *en) +test_ktls_invalid_receive_cipher_suite(const atf_tc_t *tc, + struct tls_enable *en) { int sockets[2]; - ATF_REQUIRE_MSG(socketpair_tcp(sockets), "failed to create sockets"); + ATF_REQUIRE_MSG(open_sockets(tc, sockets), "failed to create sockets"); ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_RXTLS_ENABLE, en, sizeof(*en)) == -1); @@ -1682,7 +1749,7 @@ ATF_TC_BODY(ktls_receive_invalid_##name, tc) \ seqno = random(); \ build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ &en); \ - test_ktls_invalid_receive_cipher_suite(&en); \ + test_ktls_invalid_receive_cipher_suite(tc, &en); \ free_tls_enable(&en); \ } @@ -1696,11 +1763,12 @@ ATF_TC_BODY(ktls_receive_invalid_##name, tc) \ INVALID_CIPHER_SUITES(GEN_INVALID_RECEIVE_TEST); static void -test_ktls_unsupported_receive_cipher_suite(struct tls_enable *en) +test_ktls_unsupported_receive_cipher_suite(const atf_tc_t *tc, + struct tls_enable *en) { int sockets[2]; - ATF_REQUIRE_MSG(socketpair_tcp(sockets), "failed to create sockets"); + ATF_REQUIRE_MSG(open_sockets(tc, sockets), "failed to create sockets"); ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_RXTLS_ENABLE, en, sizeof(*en)) == -1); @@ -1721,7 +1789,7 @@ ATF_TC_BODY(ktls_receive_unsupported_##name, tc) \ seqno = random(); \ build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ &en); \ - test_ktls_unsupported_receive_cipher_suite(&en); \ + test_ktls_unsupported_receive_cipher_suite(tc, &en); \ free_tls_enable(&en); \ }