1 // SPDX-License-Identifier: GPL-2.0
2 /* Author: Dmitry Safonov <dima@arista.com> */
3 /* This is over-simplified TCP_REPAIR for TCP_ESTABLISHED sockets
4 * It tests that TCP-AO enabled connection can be restored.
5 * For the proper socket repair see:
6 * https://github.com/checkpoint-restore/criu/blob/criu-dev/soccr/soccr.h
7 */
8 #include <inttypes.h>
9 #include "aolib.h"
10
11 const size_t nr_packets = 20;
12 const size_t msg_len = 100;
13 const size_t quota = nr_packets * msg_len;
14 #define fault(type) (inj == FAULT_ ## type)
15
try_server_run(const char * tst_name,unsigned int port,fault_t inj,test_cnt cnt_expected)16 static void try_server_run(const char *tst_name, unsigned int port,
17 fault_t inj, test_cnt cnt_expected)
18 {
19 test_cnt poll_cnt = (cnt_expected == TEST_CNT_GOOD) ? 0 : cnt_expected;
20 const char *cnt_name = "TCPAOGood";
21 struct tcp_counters cnt1, cnt2;
22 uint64_t before_cnt, after_cnt;
23 int sk, lsk, dummy;
24 ssize_t bytes;
25
26 if (fault(TIMEOUT))
27 cnt_name = "TCPAOBad";
28 lsk = test_listen_socket(this_ip_addr, port, 1);
29
30 if (test_add_key(lsk, DEFAULT_TEST_PASSWORD, this_ip_dest, -1, 100, 100))
31 test_error("setsockopt(TCP_AO_ADD_KEY)");
32 synchronize_threads(); /* 1: MKT added => connect() */
33
34 if (test_wait_fd(lsk, TEST_TIMEOUT_SEC, 0))
35 test_error("test_wait_fd()");
36
37 sk = accept(lsk, NULL, NULL);
38 if (sk < 0)
39 test_error("accept()");
40
41 synchronize_threads(); /* 2: accepted => send data */
42 close(lsk);
43
44 bytes = test_server_run(sk, quota, TEST_TIMEOUT_SEC);
45 if (bytes != quota) {
46 test_fail("%s: server served: %zd", tst_name, bytes);
47 goto out;
48 }
49
50 before_cnt = netstat_get_one(cnt_name, NULL);
51 if (test_get_tcp_counters(sk, &cnt1))
52 test_error("test_get_tcp_counters()");
53
54 bytes = test_skpair_server(sk, quota, poll_cnt, &dummy);
55 if (fault(TIMEOUT)) {
56 if (bytes > 0)
57 test_fail("%s: server served: %zd", tst_name, bytes);
58 else
59 test_ok("%s: server couldn't serve", tst_name);
60 } else {
61 if (bytes != quota)
62 test_fail("%s: server served: %zd", tst_name, bytes);
63 else
64 test_ok("%s: server alive", tst_name);
65 }
66 synchronize_threads(); /* 3: counters checks */
67 if (test_get_tcp_counters(sk, &cnt2))
68 test_error("test_get_tcp_counters()");
69 after_cnt = netstat_get_one(cnt_name, NULL);
70
71 test_assert_counters(tst_name, &cnt1, &cnt2, cnt_expected);
72
73 if (after_cnt <= before_cnt) {
74 test_fail("%s(server): %s counter did not increase: %" PRIu64 " <= %" PRIu64,
75 tst_name, cnt_name, after_cnt, before_cnt);
76 } else {
77 test_ok("%s(server): counter %s increased %" PRIu64 " => %" PRIu64,
78 tst_name, cnt_name, before_cnt, after_cnt);
79 }
80
81 /*
82 * Before close() as that will send FIN and move the peer in TCP_CLOSE
83 * and that will prevent reading AO counters from the peer's socket.
84 */
85 synchronize_threads(); /* 4: verified => closed */
86 out:
87 close(sk);
88 }
89
server_fn(void * arg)90 static void *server_fn(void *arg)
91 {
92 unsigned int port = test_server_port;
93
94 try_server_run("TCP-AO migrate to another socket (server)", port++,
95 0, TEST_CNT_GOOD);
96 try_server_run("TCP-AO with wrong send ISN (server)", port++,
97 FAULT_TIMEOUT, TEST_CNT_BAD);
98 try_server_run("TCP-AO with wrong receive ISN (server)", port++,
99 FAULT_TIMEOUT, TEST_CNT_BAD);
100 try_server_run("TCP-AO with wrong send SEQ ext number (server)", port++,
101 FAULT_TIMEOUT, TEST_CNT_BAD);
102 try_server_run("TCP-AO with wrong receive SEQ ext number (server)",
103 port++, FAULT_TIMEOUT, TEST_CNT_NS_BAD | TEST_CNT_GOOD);
104
105 synchronize_threads(); /* don't race to exit: client exits */
106 return NULL;
107 }
108
test_get_sk_checkpoint(unsigned int server_port,sockaddr_af * saddr,struct tcp_sock_state * img,struct tcp_ao_repair * ao_img)109 static void test_get_sk_checkpoint(unsigned int server_port, sockaddr_af *saddr,
110 struct tcp_sock_state *img,
111 struct tcp_ao_repair *ao_img)
112 {
113 int sk;
114
115 sk = socket(test_family, SOCK_STREAM, IPPROTO_TCP);
116 if (sk < 0)
117 test_error("socket()");
118
119 if (test_add_key(sk, DEFAULT_TEST_PASSWORD, this_ip_dest, -1, 100, 100))
120 test_error("setsockopt(TCP_AO_ADD_KEY)");
121
122 synchronize_threads(); /* 1: MKT added => connect() */
123 if (test_connect_socket(sk, this_ip_dest, server_port) <= 0)
124 test_error("failed to connect()");
125
126 synchronize_threads(); /* 2: accepted => send data */
127 if (test_client_verify(sk, msg_len, nr_packets))
128 test_fail("pre-migrate verify failed");
129
130 test_enable_repair(sk);
131 test_sock_checkpoint(sk, img, saddr);
132 test_ao_checkpoint(sk, ao_img);
133 test_kill_sk(sk);
134 }
135
test_sk_restore(const char * tst_name,unsigned int server_port,sockaddr_af * saddr,struct tcp_sock_state * img,struct tcp_ao_repair * ao_img,fault_t inj,test_cnt cnt_expected)136 static void test_sk_restore(const char *tst_name, unsigned int server_port,
137 sockaddr_af *saddr, struct tcp_sock_state *img,
138 struct tcp_ao_repair *ao_img,
139 fault_t inj, test_cnt cnt_expected)
140 {
141 test_cnt poll_cnt = (cnt_expected == TEST_CNT_GOOD) ? 0 : cnt_expected;
142 const char *cnt_name = "TCPAOGood";
143 struct tcp_counters cnt1, cnt2;
144 uint64_t before_cnt, after_cnt;
145 int sk, dummy;
146
147 if (fault(TIMEOUT))
148 cnt_name = "TCPAOBad";
149
150 before_cnt = netstat_get_one(cnt_name, NULL);
151 sk = socket(test_family, SOCK_STREAM, IPPROTO_TCP);
152 if (sk < 0)
153 test_error("socket()");
154
155 test_enable_repair(sk);
156 test_sock_restore(sk, img, saddr, this_ip_dest, server_port);
157 if (test_add_repaired_key(sk, DEFAULT_TEST_PASSWORD, 0, this_ip_dest, -1, 100, 100))
158 test_error("setsockopt(TCP_AO_ADD_KEY)");
159 test_ao_restore(sk, ao_img);
160
161 if (test_get_tcp_counters(sk, &cnt1))
162 test_error("test_get_tcp_counters()");
163
164 test_disable_repair(sk);
165 test_sock_state_free(img);
166
167 if (test_skpair_client(sk, msg_len, nr_packets, poll_cnt, &dummy)) {
168 if (fault(TIMEOUT))
169 test_ok("%s: post-migrate connection is broken", tst_name);
170 else
171 test_fail("%s: post-migrate connection is working", tst_name);
172 } else {
173 if (fault(TIMEOUT))
174 test_fail("%s: post-migrate connection is working", tst_name);
175 else
176 test_ok("%s: post-migrate connection is alive", tst_name);
177 }
178
179 synchronize_threads(); /* 3: counters checks */
180 if (test_get_tcp_counters(sk, &cnt2))
181 test_error("test_get_tcp_counters()");
182 after_cnt = netstat_get_one(cnt_name, NULL);
183
184 test_assert_counters(tst_name, &cnt1, &cnt2, cnt_expected);
185
186 if (after_cnt <= before_cnt) {
187 test_fail("%s: %s counter did not increase: %" PRIu64 " <= %" PRIu64,
188 tst_name, cnt_name, after_cnt, before_cnt);
189 } else {
190 test_ok("%s: counter %s increased %" PRIu64 " => %" PRIu64,
191 tst_name, cnt_name, before_cnt, after_cnt);
192 }
193 synchronize_threads(); /* 4: verified => closed */
194 close(sk);
195 }
196
client_fn(void * arg)197 static void *client_fn(void *arg)
198 {
199 unsigned int port = test_server_port;
200 struct tcp_sock_state tcp_img;
201 struct tcp_ao_repair ao_img;
202 sockaddr_af saddr;
203
204 test_get_sk_checkpoint(port, &saddr, &tcp_img, &ao_img);
205 test_sk_restore("TCP-AO migrate to another socket (client)", port++,
206 &saddr, &tcp_img, &ao_img, 0, TEST_CNT_GOOD);
207
208 test_get_sk_checkpoint(port, &saddr, &tcp_img, &ao_img);
209 ao_img.snt_isn += 1;
210 trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_addr, this_ip_dest,
211 -1, port, 0, -1, -1, -1, -1, -1, 100, 100, -1);
212 trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_dest, this_ip_addr,
213 port, -1, 0, -1, -1, -1, -1, -1, 100, 100, -1);
214 test_sk_restore("TCP-AO with wrong send ISN (client)", port++,
215 &saddr, &tcp_img, &ao_img, FAULT_TIMEOUT, TEST_CNT_BAD);
216
217 test_get_sk_checkpoint(port, &saddr, &tcp_img, &ao_img);
218 ao_img.rcv_isn += 1;
219 trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_addr, this_ip_dest,
220 -1, port, 0, -1, -1, -1, -1, -1, 100, 100, -1);
221 trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_dest, this_ip_addr,
222 port, -1, 0, -1, -1, -1, -1, -1, 100, 100, -1);
223 test_sk_restore("TCP-AO with wrong receive ISN (client)", port++,
224 &saddr, &tcp_img, &ao_img, FAULT_TIMEOUT, TEST_CNT_BAD);
225
226 test_get_sk_checkpoint(port, &saddr, &tcp_img, &ao_img);
227 ao_img.snd_sne += 1;
228 trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_addr, this_ip_dest,
229 -1, port, 0, -1, -1, -1, -1, -1, 100, 100, -1);
230 /* not expecting server => client mismatches as only snd sne is broken */
231 test_sk_restore("TCP-AO with wrong send SEQ ext number (client)",
232 port++, &saddr, &tcp_img, &ao_img, FAULT_TIMEOUT,
233 TEST_CNT_NS_BAD | TEST_CNT_GOOD);
234
235 test_get_sk_checkpoint(port, &saddr, &tcp_img, &ao_img);
236 ao_img.rcv_sne += 1;
237 /* not expecting client => server mismatches as only rcv sne is broken */
238 trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_dest, this_ip_addr,
239 port, -1, 0, -1, -1, -1, -1, -1, 100, 100, -1);
240 test_sk_restore("TCP-AO with wrong receive SEQ ext number (client)",
241 port++, &saddr, &tcp_img, &ao_img, FAULT_TIMEOUT,
242 TEST_CNT_NS_GOOD | TEST_CNT_BAD);
243
244 return NULL;
245 }
246
main(int argc,char * argv[])247 int main(int argc, char *argv[])
248 {
249 test_init(21, server_fn, client_fn);
250 return 0;
251 }
252