Received: by 2002:a05:6358:5282:b0:b5:90e7:25cb with SMTP id g2csp3856019rwa; Tue, 23 Aug 2022 11:17:19 -0700 (PDT) X-Google-Smtp-Source: AA6agR5/TVxaBr7B9yOlLxrJK1cUVDKLygCCiJH9YIxmwmo3NdeaJHVm6V0+5dqDgzpF0Ycdc0TU X-Received: by 2002:a17:906:9b16:b0:73d:af6f:746e with SMTP id eo22-20020a1709069b1600b0073daf6f746emr574255ejc.32.1661278639004; Tue, 23 Aug 2022 11:17:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661278638; cv=none; d=google.com; s=arc-20160816; b=u9RJdXy1eTo4JoC11yxHap8s3SZUYwUGgA7aHVWpDgaqnPjfHBu9mNwfABuPX7Jzu5 UWbV+vFdtyVGrU5ObVAHbHliLFC6QB95qRIT1aa8A2MOrHrsEhjkullwCnKFxwZPRuhG CPzkn9ZGvwQ0ais3wlaRxlOXw8x7U5OGMQqTPrCQ4q764DTUXvUR8/OwVBa+Dx0i/kl5 IqbOLyV+v36RLxEBBb/7hyfCZKde/0v82+P51Utm+KXLWWBw1t3RdgD7vOpDbQCbOh+x X9sRSWAzIt8gVZmvZIiZtgDCwjPozEUaPK36TBoaHBHPn302ZD4rbaKn8QdHwPW1hsaj 2owg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=KRDDD/ZTQOm4jKNRqZwPa4ZNh2t/HyznlxFVrDjnB8U=; b=Jo1B0wv+x+GwZtIuCRnPGxJoECTXGubG2kXzZ2bz/E9A2a5c/3ofvnSKGhUCkY+kcR LoLFuqbEJlKY1egLcUWxa3ZpDKKSXYO30JNTyEtX1XnUtZPh+akihBeL8Phlb6ttivWc YnbAaMuxWK4TpmMJJtkwA9Le4CTN7WEVhZ2Gg3B1N0fGmom/EIsULyBmSFuzmbSgaQ3U BzgEHO7a81v+ELeT/lYHn5diUc6Ox/zw0K8J/Q4ROPU/x+/aIDcEGBCrju5fK+xPUSwd wRo1/AdEIuJ47y7jwxGoutY2axZHZLzgPzO+QE4Lf4W54dwL3EfncQz2Tzhuk4Y6+8CZ jd0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=google header.b="U0+/YUjF"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v15-20020a17090606cf00b0073d751c96adsi243236ejb.1000.2022.08.23.11.16.53; Tue, 23 Aug 2022 11:17:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=google header.b="U0+/YUjF"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229906AbiHWRsw (ORCPT + 99 others); Tue, 23 Aug 2022 13:48:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39028 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231147AbiHWRs0 (ORCPT ); Tue, 23 Aug 2022 13:48:26 -0400 Received: from mail-oo1-xc31.google.com (mail-oo1-xc31.google.com [IPv6:2607:f8b0:4864:20::c31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D02B6AF0CB for ; Tue, 23 Aug 2022 08:47:41 -0700 (PDT) Received: by mail-oo1-xc31.google.com with SMTP id n11-20020a4aa7cb000000b0044b3583d373so441004oom.2 for ; Tue, 23 Aug 2022 08:47:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=google; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject:from:to:cc; bh=KRDDD/ZTQOm4jKNRqZwPa4ZNh2t/HyznlxFVrDjnB8U=; b=U0+/YUjFon/lph3ldYw4TkScr3J/MCVglErPGQ/vLneIjcO1gaF5o5kOCT+o/eHcGQ SupMAksppFSPyPxykYtJXnXyLaFvHiVLigvoxvWN3yO7JXzpn2KnJa5J+9jQQMgD94ah TJMxrcFPWD6bdOXSgMKgdNxUyhd05pKT4u84M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject :x-gm-message-state:from:to:cc; bh=KRDDD/ZTQOm4jKNRqZwPa4ZNh2t/HyznlxFVrDjnB8U=; b=sChEDfQC+x5mO0n1NRMgIkfvmgO/Kvup7/R8YrpagnwVimLMQ4oZspDfy/2v+cvCFi 996tD1EuvS7oTzMAj3y3nceCDJSZKtKfIAK/+2uFGJ2pXwKDEYQJzwrAmkEqLzfPtzpP LEiW/Caw3yD9PeXowDfoJvrs2MeOTcMsb5IcDimuxtPb3OUYnftXkCRDQcp21XugFlMn 78EI9GZmkg2HTvaxKuu3vggL9aRti/QU8iDUpjqy7acnkcp9zHV0YJa6VdTvi/vKqDUw vClfLN/5MdvYE2qcirdEAGNZvdeVeNgQppcj9f95mevF1i3DX7bJcys6Gx5ztmuhX2Tg gqZw== X-Gm-Message-State: ACgBeo1zaKqajeLpMi3Kfzuk/JfMDH4HyK+W1Y3Eqf6P1OeDpP0Takd6 Ue39Akm1hmvg4jlXHMdNSQ1g9w== X-Received: by 2002:a4a:4541:0:b0:435:cf9f:1a45 with SMTP id y62-20020a4a4541000000b00435cf9f1a45mr8241849ooa.17.1661269661024; Tue, 23 Aug 2022 08:47:41 -0700 (PDT) Received: from [192.168.1.128] ([38.15.45.1]) by smtp.gmail.com with ESMTPSA id b23-20020a056830105700b006373175cde0sm3894735otp.44.2022.08.23.08.47.39 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 23 Aug 2022 08:47:40 -0700 (PDT) Subject: Re: [PATCH 25/31] selftests/net: Add TCP-AO library To: Dmitry Safonov , Eric Dumazet , "David S. Miller" , linux-kernel@vger.kernel.org Cc: Andy Lutomirski , Ard Biesheuvel , Bob Gilligan , David Ahern , Dmitry Safonov <0x7f454c46@gmail.com>, Eric Biggers , Francesco Ruggeri , Herbert Xu , Hideaki YOSHIFUJI , Ivan Delalande , Jakub Kicinski , Leonard Crestez , Paolo Abeni , Salam Noureddine , Shuah Khan , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, Shuah Khan References: <20220818170005.747015-1-dima@arista.com> <20220818170005.747015-26-dima@arista.com> From: Shuah Khan Message-ID: Date: Tue, 23 Aug 2022 09:47:37 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: <20220818170005.747015-26-dima@arista.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 8/18/22 10:59 AM, Dmitry Safonov wrote: > Provide functions to create selftests dedicated to TCP-AO. > They can run in parallel, as they use temporary net namespaces. > They can be very specific to the feature being tested. > This will allow to create a lot of TCP-AO tests, without complicating > one binary with many --options and to create scenarios, that are > hard to put in bash script that uses one binary. > > Signed-off-by: Dmitry Safonov > --- > tools/testing/selftests/Makefile | 1 + > tools/testing/selftests/net/tcp_ao/.gitignore | 2 + > tools/testing/selftests/net/tcp_ao/Makefile | 45 +++ > tools/testing/selftests/net/tcp_ao/connect.c | 81 +++++ > .../testing/selftests/net/tcp_ao/lib/aolib.h | 333 +++++++++++++++++ > .../selftests/net/tcp_ao/lib/netlink.c | 341 ++++++++++++++++++ > tools/testing/selftests/net/tcp_ao/lib/proc.c | 267 ++++++++++++++ > .../testing/selftests/net/tcp_ao/lib/setup.c | 297 +++++++++++++++ > tools/testing/selftests/net/tcp_ao/lib/sock.c | 294 +++++++++++++++ > .../testing/selftests/net/tcp_ao/lib/utils.c | 30 ++ > 10 files changed, 1691 insertions(+) > create mode 100644 tools/testing/selftests/net/tcp_ao/.gitignore > create mode 100644 tools/testing/selftests/net/tcp_ao/Makefile > create mode 100644 tools/testing/selftests/net/tcp_ao/connect.c > create mode 100644 tools/testing/selftests/net/tcp_ao/lib/aolib.h > create mode 100644 tools/testing/selftests/net/tcp_ao/lib/netlink.c > create mode 100644 tools/testing/selftests/net/tcp_ao/lib/proc.c > create mode 100644 tools/testing/selftests/net/tcp_ao/lib/setup.c > create mode 100644 tools/testing/selftests/net/tcp_ao/lib/sock.c > create mode 100644 tools/testing/selftests/net/tcp_ao/lib/utils.c > > diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile > index 10b34bb03bc1..2a3b15a13ccb 100644 > --- a/tools/testing/selftests/Makefile > +++ b/tools/testing/selftests/Makefile > @@ -46,6 +46,7 @@ TARGETS += net > TARGETS += net/af_unix > TARGETS += net/forwarding > TARGETS += net/mptcp > +TARGETS += net/tcp_ao Please look into a wayto invoke all of them instead of adding individual net/* to the main Makefile. This list seems to be growing. :) > TARGETS += netfilter > TARGETS += nsfs > TARGETS += pidfd [snip] > + > +__attribute__((__format__(__printf__, 2, 3))) > +static inline void __test_print(void (*fn)(const char *), const char *fmt, ...) > +{ > +#define TEST_MSG_BUFFER_SIZE 4096 > + char buf[TEST_MSG_BUFFER_SIZE]; > + va_list arg; > + > + va_start(arg, fmt); > + vsnprintf(buf, sizeof(buf), fmt, arg); > + va_end(arg); > + fn(buf); > +} > + Is there a reason add these instead of using kselftest_* print functions? > +#define test_print(fmt, ...) \ > + __test_print(__test_msg, "%ld[%s:%u] " fmt "\n", \ > + syscall(SYS_gettid), \ > + __FILE__, __LINE__, ##__VA_ARGS__) > + > +#define test_ok(fmt, ...) \ > + __test_print(__test_ok, fmt "\n", ##__VA_ARGS__) > + > +#define test_fail(fmt, ...) \ > +do { \ > + if (errno) \ > + __test_print(__test_fail, fmt ": %m\n", ##__VA_ARGS__); \ > + else \ > + __test_print(__test_fail, fmt "\n", ##__VA_ARGS__); \ > + test_failed(); \ > +} while(0) > + > +#define KSFT_FAIL 1 > +#define test_error(fmt, ...) \ > +do { \ > + if (errno) \ > + __test_print(__test_error, "%ld[%s:%u] " fmt ": %m\n", \ > + syscall(SYS_gettid), __FILE__, __LINE__, \ > + ##__VA_ARGS__); \ > + else \ > + __test_print(__test_error, "%ld[%s:%u] " fmt "\n", \ > + syscall(SYS_gettid), __FILE__, __LINE__, \ > + ##__VA_ARGS__); \ > + exit(KSFT_FAIL); \ > +} while(0) > + Is there a reason add these instead of using kselftest_* print functions? > + * Timeout on syscalls where failure is not expected. > + * You may want to rise it if the test machine is very busy. > + */ > +#ifndef TEST_TIMEOUT_SEC > +#define TEST_TIMEOUT_SEC 5 > +#endif > + Where is the TEST_TIMEOUT_SEC usually defined? Does this come from shell wrapper that runs this test? Can we add a message before starting the test print the timeout used? > +/* > + * Timeout on connect() where a failure is expected. > + * If set to 0 - kernel will try to retransmit SYN number of times, set in > + * /proc/sys/net/ipv4/tcp_syn_retries > + * By default set to 1 to make tests pass faster on non-busy machine. > + */ > +#ifndef TEST_RETRANSMIT_SEC > +#define TEST_RETRANSMIT_SEC 1 > +#endif > + Where would this TEST_RETRANSMIT_SEC defined usually? > + > +static inline int _test_connect_socket(int sk, const union tcp_addr taddr, > + unsigned port, time_t timeout) > +{ > +#ifdef IPV6_TEST > + struct sockaddr_in6 addr = { > + .sin6_family = AF_INET6, > + .sin6_port = htons(port), > + .sin6_addr = taddr.a6, > + }; > +#else > + struct sockaddr_in addr = { > + .sin_family = AF_INET, > + .sin_port = htons(port), > + .sin_addr = taddr.a4, > + }; > +#endif Why do we defined these here - are they also defined in a kernel header? > + return __test_connect_socket(sk, (void *)&addr, sizeof(addr), timeout); > +} > + > +static inline int test_connect_socket(int sk, > + const union tcp_addr taddr, unsigned port) > +{ > + return _test_connect_socket(sk, taddr, port, TEST_TIMEOUT_SEC); > +} > + > +extern int test_prepare_ao_sockaddr(struct tcp_ao *ao, > + const char *alg, uint16_t flags, > + void *addr, size_t addr_sz, uint8_t prefix, > + uint8_t sndid, uint8_t rcvid, uint8_t maclen, > + uint8_t keyflags, uint8_t keylen, const char *key); > + > +static inline int test_prepare_ao(struct tcp_ao *ao, > + const char *alg, uint16_t flags, > + union tcp_addr in_addr, uint8_t prefix, > + uint8_t sndid, uint8_t rcvid, uint8_t maclen, > + uint8_t keyflags, uint8_t keylen, const char *key) > +{ > +#ifdef IPV6_TEST > + struct sockaddr_in6 addr = { > + .sin6_family = AF_INET6, > + .sin6_port = 0, > + .sin6_addr = in_addr.a6, > + }; > +#else > + struct sockaddr_in addr = { > + .sin_family = AF_INET, > + .sin_port = 0, > + .sin_addr = in_addr.a4, > + }; > +#endif > + Same question here. In general having these ifdefs isn't ideal without a good reason. > + return test_prepare_ao_sockaddr(ao, alg, flags, > + (void *)&addr, sizeof(addr), prefix, sndid, rcvid, > + maclen, keyflags, keylen, key); > +} > + > +static inline int test_prepare_def_ao(struct tcp_ao *ao, > + const char *key, uint16_t flags, > + union tcp_addr in_addr, uint8_t prefix, > + uint8_t sndid, uint8_t rcvid) > +{ > + if (prefix > DEFAULT_TEST_PREFIX) > + prefix = DEFAULT_TEST_PREFIX; > + > + return test_prepare_ao(ao, DEFAULT_TEST_ALGO, flags, in_addr, > + prefix, sndid, rcvid, 0, 0, strlen(key), key); > +} > + > +extern int test_get_one_ao(int sk, struct tcp_ao_getsockopt *out, > + uint16_t flags, void *addr, size_t addr_sz, > + uint8_t prefix, uint8_t sndid, uint8_t rcvid); > +extern int test_cmp_getsockopt_setsockopt(const struct tcp_ao *a, > + const struct tcp_ao_getsockopt *b); > + > +static inline int test_verify_socket_ao(int sk, struct tcp_ao *ao) > +{ > + struct tcp_ao_getsockopt tmp; > + int err; > + > + err = test_get_one_ao(sk, &tmp, 0, &ao->tcpa_addr, > + sizeof(ao->tcpa_addr), ao->tcpa_prefix, > + ao->tcpa_sndid, ao->tcpa_rcvid); > + if (err) > + return err; Is this always an error or could this a skip if dependencies aren't met to run the test? This is a global comment for all error cases. > + > + return test_cmp_getsockopt_setsockopt(ao, &tmp); > +} > + > +static inline int test_set_ao(int sk, const char *key, uint16_t flags, > + union tcp_addr in_addr, uint8_t prefix, > + uint8_t sndid, uint8_t rcvid) > +{ > + struct tcp_ao tmp; > + int err; > + > + err = test_prepare_def_ao(&tmp, key, flags, in_addr, > + prefix, sndid, rcvid); > + if (err) > + return err; Same comment as above here. > + > + if (setsockopt(sk, IPPROTO_TCP, TCP_AO, &tmp, sizeof(tmp)) < 0) > + return -errno; > + > + return test_verify_socket_ao(sk, &tmp); > +} > + > +extern ssize_t test_server_run(int sk, ssize_t quota, time_t timeout_sec); > +extern ssize_t test_client_loop(int sk, char *buf, size_t buf_sz, > + const size_t msg_len, time_t timeout_sec); > +extern int test_client_verify(int sk, const size_t msg_len, const size_t nr, > + time_t timeout_sec); > + > +struct netstat; > +extern struct netstat *netstat_read(void); > +extern void netstat_free(struct netstat *ns); > +extern void netstat_print_diff(struct netstat *nsa, struct netstat *nsb); > +extern uint64_t netstat_get(struct netstat *ns, > + const char *name, bool *not_found); > + > +static inline uint64_t netstat_get_one(const char *name, bool *not_found) > +{ > + struct netstat *ns = netstat_read(); > + uint64_t ret; > + > + ret = netstat_get(ns, name, not_found); > + > + netstat_free(ns); > + return ret; > +} > + > +#endif /* _AOLIB_H_ */ > diff --git a/tools/testing/selftests/net/tcp_ao/lib/netlink.c b/tools/testing/selftests/net/tcp_ao/lib/netlink.c > new file mode 100644 > index 000000000000..f04757c921d0 > --- /dev/null > +++ b/tools/testing/selftests/net/tcp_ao/lib/netlink.c > @@ -0,0 +1,341 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* Original from tools/testing/selftests/net/ipsec.c */ > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +#include "aolib.h" > + > +#define MAX_PAYLOAD 2048 tools/testing/selftests/net/gro.c seem to define this as: #define MAX_PAYLOAD (IP_MAXPACKET - sizeof(struct tcphdr) - sizeof(struct ipv6hdr)) Can you do the same instead of hard-coding? > + > +const struct sockaddr_in6 addr_any6 = { > + .sin6_family = AF_INET6, > +}; > + > +const struct sockaddr_in addr_any4 = { > + .sin_family = AF_INET, > +}; > A couple of things to look at closely. For some failures such as memory allocation for the test or not being able to open a file fnetstat = fopen("/proc/net/netstat", "r"); Is this a failure or missing config or not having the right permissions to open the fail. All of these cases would be a SKIP and not a test fail. thanks, -- Shuah