1 // SPDX-License-Identifier: GPL-2.0 2 /* Author: Dmitry Safonov <dima@arista.com> */ 3 /* This is over-simplified TCP_REPAIR for TCP_ESTABLISHED sockets 4 * It tests that TCP-AO enabled connection can be restored. 5 * For the proper socket repair see: 6 * https://github.com/checkpoint-restore/criu/blob/criu-dev/soccr/soccr.h 7 */ 8 #include <inttypes.h> 9 #include "aolib.h" 10 11 const size_t nr_packets = 20; 12 const size_t msg_len = 100; 13 const size_t quota = nr_packets * msg_len; 14 #define fault(type) (inj == FAULT_ ## type) 15 16 static void try_server_run(const char *tst_name, unsigned int port, 17 fault_t inj, test_cnt cnt_expected) 18 { 19 test_cnt poll_cnt = (cnt_expected == TEST_CNT_GOOD) ? 0 : cnt_expected; 20 const char *cnt_name = "TCPAOGood"; 21 struct tcp_counters cnt1, cnt2; 22 uint64_t before_cnt, after_cnt; 23 int sk, lsk, dummy; 24 ssize_t bytes; 25 26 if (fault(TIMEOUT)) 27 cnt_name = "TCPAOBad"; 28 lsk = test_listen_socket(this_ip_addr, port, 1); 29 30 if (test_add_key(lsk, DEFAULT_TEST_PASSWORD, this_ip_dest, -1, 100, 100)) 31 test_error("setsockopt(TCP_AO_ADD_KEY)"); 32 synchronize_threads(); /* 1: MKT added => connect() */ 33 34 if (test_wait_fd(lsk, TEST_TIMEOUT_SEC, 0)) 35 test_error("test_wait_fd()"); 36 37 sk = accept(lsk, NULL, NULL); 38 if (sk < 0) 39 test_error("accept()"); 40 41 synchronize_threads(); /* 2: accepted => send data */ 42 close(lsk); 43 44 bytes = test_server_run(sk, quota, TEST_TIMEOUT_SEC); 45 if (bytes != quota) { 46 test_fail("%s: server served: %zd", tst_name, bytes); 47 goto out; 48 } 49 50 before_cnt = netstat_get_one(cnt_name, NULL); 51 if (test_get_tcp_counters(sk, &cnt1)) 52 test_error("test_get_tcp_counters()"); 53 54 bytes = test_skpair_server(sk, quota, poll_cnt, &dummy); 55 if (fault(TIMEOUT)) { 56 if (bytes > 0) 57 test_fail("%s: server served: %zd", tst_name, bytes); 58 else 59 test_ok("%s: server couldn't serve", tst_name); 60 } else { 61 if (bytes != quota) 62 test_fail("%s: server served: %zd", tst_name, bytes); 63 else 64 test_ok("%s: server alive", tst_name); 65 } 66 synchronize_threads(); /* 3: counters checks */ 67 if (test_get_tcp_counters(sk, &cnt2)) 68 test_error("test_get_tcp_counters()"); 69 after_cnt = netstat_get_one(cnt_name, NULL); 70 71 test_assert_counters(tst_name, &cnt1, &cnt2, cnt_expected); 72 73 if (after_cnt <= before_cnt) { 74 test_fail("%s(server): %s counter did not increase: %" PRIu64 " <= %" PRIu64, 75 tst_name, cnt_name, after_cnt, before_cnt); 76 } else { 77 test_ok("%s(server): counter %s increased %" PRIu64 " => %" PRIu64, 78 tst_name, cnt_name, before_cnt, after_cnt); 79 } 80 81 /* 82 * Before close() as that will send FIN and move the peer in TCP_CLOSE 83 * and that will prevent reading AO counters from the peer's socket. 84 */ 85 synchronize_threads(); /* 4: verified => closed */ 86 out: 87 close(sk); 88 } 89 90 static void *server_fn(void *arg) 91 { 92 unsigned int port = test_server_port; 93 94 try_server_run("TCP-AO migrate to another socket (server)", port++, 95 0, TEST_CNT_GOOD); 96 try_server_run("TCP-AO with wrong send ISN (server)", port++, 97 FAULT_TIMEOUT, TEST_CNT_BAD); 98 try_server_run("TCP-AO with wrong receive ISN (server)", port++, 99 FAULT_TIMEOUT, TEST_CNT_BAD); 100 try_server_run("TCP-AO with wrong send SEQ ext number (server)", port++, 101 FAULT_TIMEOUT, TEST_CNT_BAD); 102 try_server_run("TCP-AO with wrong receive SEQ ext number (server)", 103 port++, FAULT_TIMEOUT, TEST_CNT_NS_BAD | TEST_CNT_GOOD); 104 105 synchronize_threads(); /* don't race to exit: client exits */ 106 return NULL; 107 } 108 109 static void test_get_sk_checkpoint(unsigned int server_port, sockaddr_af *saddr, 110 struct tcp_sock_state *img, 111 struct tcp_ao_repair *ao_img) 112 { 113 int sk; 114 115 sk = socket(test_family, SOCK_STREAM, IPPROTO_TCP); 116 if (sk < 0) 117 test_error("socket()"); 118 119 if (test_add_key(sk, DEFAULT_TEST_PASSWORD, this_ip_dest, -1, 100, 100)) 120 test_error("setsockopt(TCP_AO_ADD_KEY)"); 121 122 synchronize_threads(); /* 1: MKT added => connect() */ 123 if (test_connect_socket(sk, this_ip_dest, server_port) <= 0) 124 test_error("failed to connect()"); 125 126 synchronize_threads(); /* 2: accepted => send data */ 127 if (test_client_verify(sk, msg_len, nr_packets)) 128 test_fail("pre-migrate verify failed"); 129 130 test_enable_repair(sk); 131 test_sock_checkpoint(sk, img, saddr); 132 test_ao_checkpoint(sk, ao_img); 133 test_kill_sk(sk); 134 } 135 136 static void test_sk_restore(const char *tst_name, unsigned int server_port, 137 sockaddr_af *saddr, struct tcp_sock_state *img, 138 struct tcp_ao_repair *ao_img, 139 fault_t inj, test_cnt cnt_expected) 140 { 141 test_cnt poll_cnt = (cnt_expected == TEST_CNT_GOOD) ? 0 : cnt_expected; 142 const char *cnt_name = "TCPAOGood"; 143 struct tcp_counters cnt1, cnt2; 144 uint64_t before_cnt, after_cnt; 145 int sk, dummy; 146 147 if (fault(TIMEOUT)) 148 cnt_name = "TCPAOBad"; 149 150 before_cnt = netstat_get_one(cnt_name, NULL); 151 sk = socket(test_family, SOCK_STREAM, IPPROTO_TCP); 152 if (sk < 0) 153 test_error("socket()"); 154 155 test_enable_repair(sk); 156 test_sock_restore(sk, img, saddr, this_ip_dest, server_port); 157 if (test_add_repaired_key(sk, DEFAULT_TEST_PASSWORD, 0, this_ip_dest, -1, 100, 100)) 158 test_error("setsockopt(TCP_AO_ADD_KEY)"); 159 test_ao_restore(sk, ao_img); 160 161 if (test_get_tcp_counters(sk, &cnt1)) 162 test_error("test_get_tcp_counters()"); 163 164 test_disable_repair(sk); 165 test_sock_state_free(img); 166 167 if (test_skpair_client(sk, msg_len, nr_packets, poll_cnt, &dummy)) { 168 if (fault(TIMEOUT)) 169 test_ok("%s: post-migrate connection is broken", tst_name); 170 else 171 test_fail("%s: post-migrate connection is working", tst_name); 172 } else { 173 if (fault(TIMEOUT)) 174 test_fail("%s: post-migrate connection is working", tst_name); 175 else 176 test_ok("%s: post-migrate connection is alive", tst_name); 177 } 178 179 synchronize_threads(); /* 3: counters checks */ 180 if (test_get_tcp_counters(sk, &cnt2)) 181 test_error("test_get_tcp_counters()"); 182 after_cnt = netstat_get_one(cnt_name, NULL); 183 184 test_assert_counters(tst_name, &cnt1, &cnt2, cnt_expected); 185 186 if (after_cnt <= before_cnt) { 187 test_fail("%s: %s counter did not increase: %" PRIu64 " <= %" PRIu64, 188 tst_name, cnt_name, after_cnt, before_cnt); 189 } else { 190 test_ok("%s: counter %s increased %" PRIu64 " => %" PRIu64, 191 tst_name, cnt_name, before_cnt, after_cnt); 192 } 193 synchronize_threads(); /* 4: verified => closed */ 194 close(sk); 195 } 196 197 static void *client_fn(void *arg) 198 { 199 unsigned int port = test_server_port; 200 struct tcp_sock_state tcp_img; 201 struct tcp_ao_repair ao_img; 202 sockaddr_af saddr; 203 204 test_get_sk_checkpoint(port, &saddr, &tcp_img, &ao_img); 205 test_sk_restore("TCP-AO migrate to another socket (client)", port++, 206 &saddr, &tcp_img, &ao_img, 0, TEST_CNT_GOOD); 207 208 test_get_sk_checkpoint(port, &saddr, &tcp_img, &ao_img); 209 ao_img.snt_isn += 1; 210 trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_addr, this_ip_dest, 211 -1, port, 0, -1, -1, -1, -1, -1, 100, 100, -1); 212 trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_dest, this_ip_addr, 213 port, -1, 0, -1, -1, -1, -1, -1, 100, 100, -1); 214 test_sk_restore("TCP-AO with wrong send ISN (client)", port++, 215 &saddr, &tcp_img, &ao_img, FAULT_TIMEOUT, TEST_CNT_BAD); 216 217 test_get_sk_checkpoint(port, &saddr, &tcp_img, &ao_img); 218 ao_img.rcv_isn += 1; 219 trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_addr, this_ip_dest, 220 -1, port, 0, -1, -1, -1, -1, -1, 100, 100, -1); 221 trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_dest, this_ip_addr, 222 port, -1, 0, -1, -1, -1, -1, -1, 100, 100, -1); 223 test_sk_restore("TCP-AO with wrong receive ISN (client)", port++, 224 &saddr, &tcp_img, &ao_img, FAULT_TIMEOUT, TEST_CNT_BAD); 225 226 test_get_sk_checkpoint(port, &saddr, &tcp_img, &ao_img); 227 ao_img.snd_sne += 1; 228 trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_addr, this_ip_dest, 229 -1, port, 0, -1, -1, -1, -1, -1, 100, 100, -1); 230 /* not expecting server => client mismatches as only snd sne is broken */ 231 test_sk_restore("TCP-AO with wrong send SEQ ext number (client)", 232 port++, &saddr, &tcp_img, &ao_img, FAULT_TIMEOUT, 233 TEST_CNT_NS_BAD | TEST_CNT_GOOD); 234 235 test_get_sk_checkpoint(port, &saddr, &tcp_img, &ao_img); 236 ao_img.rcv_sne += 1; 237 /* not expecting client => server mismatches as only rcv sne is broken */ 238 trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_dest, this_ip_addr, 239 port, -1, 0, -1, -1, -1, -1, -1, 100, 100, -1); 240 test_sk_restore("TCP-AO with wrong receive SEQ ext number (client)", 241 port++, &saddr, &tcp_img, &ao_img, FAULT_TIMEOUT, 242 TEST_CNT_NS_GOOD | TEST_CNT_BAD); 243 244 return NULL; 245 } 246 247 int main(int argc, char *argv[]) 248 { 249 test_init(21, server_fn, client_fn); 250 return 0; 251 } 252