Commit 5afca7e9 authored by Paolo Abeni's avatar Paolo Abeni Committed by Jakub Kicinski

selftests: mptcp: join: test for prohibited MPC to port-based endp

Explicitly verify that MPC connection attempts towards a port-based
signal endpoint fail with a reset.

Note that this new test is a bit different from the other ones, not
using 'run_tests'. It is then needed to add the capture capability, and
the picking the right port which have been extracted into three new
helpers. The info about the capture can also be printed from a single
point, which simplifies the exit paths in do_transfer().

The 'Fixes' tag here below is the same as the one from the previous
commit: this patch here is not fixing anything wrong in the selftests,
but it validates the previous fix for an issue introduced by this commit
ID.

Fixes: 1729cf18 ("mptcp: create the listening socket for new port")
Cc: stable@vger.kernel.org
Co-developed-by: default avatarMatthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: default avatarMatthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
Reviewed-by: default avatarMat Martineau <martineau@kernel.org>
Signed-off-by: default avatarMatthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20241014-net-mptcp-mpc-port-endp-v2-2-7faea8e6b6ae@kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 3d041393
...@@ -23,6 +23,7 @@ tmpfile="" ...@@ -23,6 +23,7 @@ tmpfile=""
cout="" cout=""
err="" err=""
capout="" capout=""
cappid=""
ns1="" ns1=""
ns2="" ns2=""
iptables="iptables" iptables="iptables"
...@@ -887,40 +888,62 @@ check_cestab() ...@@ -887,40 +888,62 @@ check_cestab()
fi fi
} }
do_transfer() cond_start_capture()
{ {
local listener_ns="$1" local ns="$1"
local connector_ns="$2"
local cl_proto="$3"
local srv_proto="$4"
local connect_addr="$5"
local port=$((10000 + MPTCP_LIB_TEST_COUNTER - 1))
local cappid
local FAILING_LINKS=${FAILING_LINKS:-""}
local fastclose=${fastclose:-""}
local speed=${speed:-"fast"}
:> "$cout"
:> "$sout"
:> "$capout" :> "$capout"
if $capture; then if $capture; then
local capuser local capuser capfile
if [ -z $SUDO_USER ] ; then if [ -z $SUDO_USER ]; then
capuser="" capuser=""
else else
capuser="-Z $SUDO_USER" capuser="-Z $SUDO_USER"
fi fi
capfile=$(printf "mp_join-%02u-%s.pcap" "$MPTCP_LIB_TEST_COUNTER" "${listener_ns}") capfile=$(printf "mp_join-%02u-%s.pcap" "$MPTCP_LIB_TEST_COUNTER" "$ns")
echo "Capturing traffic for test $MPTCP_LIB_TEST_COUNTER into $capfile" echo "Capturing traffic for test $MPTCP_LIB_TEST_COUNTER into $capfile"
ip netns exec ${listener_ns} tcpdump -i any -s 65535 -B 32768 $capuser -w $capfile > "$capout" 2>&1 & ip netns exec "$ns" tcpdump -i any -s 65535 -B 32768 $capuser -w "$capfile" > "$capout" 2>&1 &
cappid=$! cappid=$!
sleep 1 sleep 1
fi fi
}
cond_stop_capture()
{
if $capture; then
sleep 1
kill $cappid
cat "$capout"
fi
}
get_port()
{
echo "$((10000 + MPTCP_LIB_TEST_COUNTER - 1))"
}
do_transfer()
{
local listener_ns="$1"
local connector_ns="$2"
local cl_proto="$3"
local srv_proto="$4"
local connect_addr="$5"
local port
local FAILING_LINKS=${FAILING_LINKS:-""}
local fastclose=${fastclose:-""}
local speed=${speed:-"fast"}
port=$(get_port)
:> "$cout"
:> "$sout"
cond_start_capture ${listener_ns}
NSTAT_HISTORY=/tmp/${listener_ns}.nstat ip netns exec ${listener_ns} \ NSTAT_HISTORY=/tmp/${listener_ns}.nstat ip netns exec ${listener_ns} \
nstat -n nstat -n
...@@ -1007,10 +1030,7 @@ do_transfer() ...@@ -1007,10 +1030,7 @@ do_transfer()
wait $spid wait $spid
local rets=$? local rets=$?
if $capture; then cond_stop_capture
sleep 1
kill $cappid
fi
NSTAT_HISTORY=/tmp/${listener_ns}.nstat ip netns exec ${listener_ns} \ NSTAT_HISTORY=/tmp/${listener_ns}.nstat ip netns exec ${listener_ns} \
nstat | grep Tcp > /tmp/${listener_ns}.out nstat | grep Tcp > /tmp/${listener_ns}.out
...@@ -1026,7 +1046,6 @@ do_transfer() ...@@ -1026,7 +1046,6 @@ do_transfer()
ip netns exec ${connector_ns} ss -Menita 1>&2 -o "dport = :$port" ip netns exec ${connector_ns} ss -Menita 1>&2 -o "dport = :$port"
cat /tmp/${connector_ns}.out cat /tmp/${connector_ns}.out
cat "$capout"
return 1 return 1
fi fi
...@@ -1043,13 +1062,7 @@ do_transfer() ...@@ -1043,13 +1062,7 @@ do_transfer()
fi fi
rets=$? rets=$?
if [ $retc -eq 0 ] && [ $rets -eq 0 ];then [ $retc -eq 0 ] && [ $rets -eq 0 ]
cat "$capout"
return 0
fi
cat "$capout"
return 1
} }
make_file() make_file()
...@@ -2873,6 +2886,32 @@ verify_listener_events() ...@@ -2873,6 +2886,32 @@ verify_listener_events()
fail_test fail_test
} }
chk_mpc_endp_attempt()
{
local retl=$1
local attempts=$2
print_check "Connect"
if [ ${retl} = 124 ]; then
fail_test "timeout on connect"
elif [ ${retl} = 0 ]; then
fail_test "unexpected successful connect"
else
print_ok
print_check "Attempts"
count=$(mptcp_lib_get_counter ${ns1} "MPTcpExtMPCapableEndpAttempt")
if [ -z "$count" ]; then
print_skip
elif [ "$count" != "$attempts" ]; then
fail_test "got ${count} MPC attempt[s] on port-based endpoint, expected ${attempts}"
else
print_ok
fi
fi
}
add_addr_ports_tests() add_addr_ports_tests()
{ {
# signal address with port # signal address with port
...@@ -2963,6 +3002,22 @@ add_addr_ports_tests() ...@@ -2963,6 +3002,22 @@ add_addr_ports_tests()
chk_join_nr 2 2 2 chk_join_nr 2 2 2
chk_add_nr 2 2 2 chk_add_nr 2 2 2
fi fi
if reset "port-based signal endpoint must not accept mpc"; then
local port retl count
port=$(get_port)
cond_start_capture ${ns1}
pm_nl_add_endpoint ${ns1} 10.0.2.1 flags signal port ${port}
mptcp_lib_wait_local_port_listen ${ns1} ${port}
timeout 1 ip netns exec ${ns2} \
./mptcp_connect -t ${timeout_poll} -p $port -s MPTCP 10.0.2.1 >/dev/null 2>&1
retl=$?
cond_stop_capture
chk_mpc_endp_attempt ${retl} 1
fi
} }
syncookies_tests() syncookies_tests()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment