Commit b6e074e1 authored by Geliang Tang's avatar Geliang Tang Committed by David S. Miller

selftests: mptcp: add infinite map testcase

Add the single subflow test case for MP_FAIL, to test the infinite
mapping case. Use the test_linkfail value to make 128KB test files.

Add a new function reset_with_fail(), in it use 'iptables' and 'tc
action pedit' rules to produce the bit flips to trigger the checksum
failures. Set validate_checksum to enable checksums for the MP_FAIL
tests without passing the '-C' argument. Set check_invert flag to
enable the invert bytes check for the output data in check_transfer().
Instead of the file mismatch error, this test prints out the inverted
bytes.

Add a new function pedit_action_pkts() to get the numbers of the packets
edited by the tc pedit actions. Print this numbers to the output.

Also add the needed kernel configures in the selftests config file.
Suggested-by: default avatarDavide Caratti <dcaratti@redhat.com>
Co-developed-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: default avatarGeliang Tang <geliang.tang@suse.com>
Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b1190d51
...@@ -12,6 +12,9 @@ CONFIG_NF_TABLES=m ...@@ -12,6 +12,9 @@ CONFIG_NF_TABLES=m
CONFIG_NFT_COMPAT=m CONFIG_NFT_COMPAT=m
CONFIG_NETFILTER_XTABLES=m CONFIG_NETFILTER_XTABLES=m
CONFIG_NETFILTER_XT_MATCH_BPF=m CONFIG_NETFILTER_XT_MATCH_BPF=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NF_TABLES_INET=y CONFIG_NF_TABLES_INET=y
CONFIG_NFT_TPROXY=m CONFIG_NFT_TPROXY=m
CONFIG_NFT_SOCKET=m CONFIG_NFT_SOCKET=m
...@@ -19,3 +22,8 @@ CONFIG_IP_ADVANCED_ROUTER=y ...@@ -19,3 +22,8 @@ CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_NET_ACT_CSUM=m
CONFIG_NET_ACT_PEDIT=m
CONFIG_NET_CLS_ACT=y
CONFIG_NET_CLS_FW=m
CONFIG_NET_SCH_INGRESS=m
...@@ -266,6 +266,58 @@ reset_with_allow_join_id0() ...@@ -266,6 +266,58 @@ reset_with_allow_join_id0()
ip netns exec $ns2 sysctl -q net.mptcp.allow_join_initial_addr_port=$ns2_enable ip netns exec $ns2 sysctl -q net.mptcp.allow_join_initial_addr_port=$ns2_enable
} }
# Modify TCP payload without corrupting the TCP packet
#
# This rule inverts a 8-bit word at byte offset 148 for the 2nd TCP ACK packets
# carrying enough data.
# Once it is done, the TCP Checksum field is updated so the packet is still
# considered as valid at the TCP level.
# Because the MPTCP checksum, covering the TCP options and data, has not been
# updated, the modification will be detected and an MP_FAIL will be emitted:
# what we want to validate here without corrupting "random" MPTCP options.
#
# To avoid having tc producing this pr_info() message for each TCP ACK packets
# not carrying enough data:
#
# tc action pedit offset 162 out of bounds
#
# Netfilter is used to mark packets with enough data.
reset_with_fail()
{
reset "${1}" || return 1
ip netns exec $ns1 sysctl -q net.mptcp.checksum_enabled=1
ip netns exec $ns2 sysctl -q net.mptcp.checksum_enabled=1
check_invert=1
validate_checksum=1
local i="$2"
local ip="${3:-4}"
local tables
tables="iptables"
if [ $ip -eq 6 ]; then
tables="ip6tables"
fi
ip netns exec $ns2 $tables \
-t mangle \
-A OUTPUT \
-o ns2eth$i \
-p tcp \
-m length --length 150:9999 \
-m statistic --mode nth --packet 1 --every 99999 \
-j MARK --set-mark 42 || exit 1
tc -n $ns2 qdisc add dev ns2eth$i clsact || exit 1
tc -n $ns2 filter add dev ns2eth$i egress \
protocol ip prio 1000 \
handle 42 fw \
action pedit munge offset 148 u8 invert \
pipe csum tcp \
index 100 || exit 1
}
fail_test() fail_test()
{ {
ret=1 ret=1
...@@ -1199,7 +1251,7 @@ chk_join_nr() ...@@ -1199,7 +1251,7 @@ chk_join_nr()
echo "[ ok ]" echo "[ ok ]"
fi fi
[ "${dump_stats}" = 1 ] && dump_stats [ "${dump_stats}" = 1 ] && dump_stats
if [ $checksum -eq 1 ]; then if [ $validate_checksum -eq 1 ]; then
chk_csum_nr $csum_ns1 $csum_ns2 chk_csum_nr $csum_ns1 $csum_ns2
chk_fail_nr $fail_nr $fail_nr chk_fail_nr $fail_nr $fail_nr
chk_rst_nr $rst_nr $rst_nr chk_rst_nr $rst_nr $rst_nr
...@@ -2590,6 +2642,21 @@ fastclose_tests() ...@@ -2590,6 +2642,21 @@ fastclose_tests()
fi fi
} }
pedit_action_pkts()
{
tc -n $ns2 -j -s action show action pedit index 100 | \
sed 's/.*"packets":\([0-9]\+\),.*/\1/'
}
fail_tests()
{
# single subflow
if reset_with_fail "Infinite map" 1; then
run_tests $ns1 $ns2 10.0.1.1 128
chk_join_nr 0 0 0 +1 +0 1 0 1 "$(pedit_action_pkts)"
fi
}
implicit_tests() implicit_tests()
{ {
# userspace pm type prevents add_addr # userspace pm type prevents add_addr
...@@ -2658,6 +2725,7 @@ all_tests_sorted=( ...@@ -2658,6 +2725,7 @@ all_tests_sorted=(
d@deny_join_id0_tests d@deny_join_id0_tests
m@fullmesh_tests m@fullmesh_tests
z@fastclose_tests z@fastclose_tests
F@fail_tests
I@implicit_tests I@implicit_tests
) )
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment