summaryrefslogtreecommitdiffstats
path: root/tools/testing/selftests/net/tcp_fastopen_backup_key.sh
diff options
context:
space:
mode:
authorJason Baron <jbaron@akamai.com>2019-05-29 18:34:01 +0200
committerDavid S. Miller <davem@davemloft.net>2019-05-30 22:41:26 +0200
commit10fbcdd12aa24fdb4b357a39abc03686d15f04fd (patch)
tree0d30a02c064add3df6acf89bfda325e2eff610bf /tools/testing/selftests/net/tcp_fastopen_backup_key.sh
parentDocumentation: ip-sysctl.txt: Document tcp_fastopen_key (diff)
downloadlinux-10fbcdd12aa24fdb4b357a39abc03686d15f04fd.tar.xz
linux-10fbcdd12aa24fdb4b357a39abc03686d15f04fd.zip
selftests/net: add TFO key rotation selftest
Demonstrate how the primary and backup TFO keys can be rotated while minimizing the number of client cookies that are rejected. Signed-off-by: Jason Baron <jbaron@akamai.com> Signed-off-by: Christoph Paasch <cpaasch@apple.com> Acked-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'tools/testing/selftests/net/tcp_fastopen_backup_key.sh')
-rwxr-xr-xtools/testing/selftests/net/tcp_fastopen_backup_key.sh55
1 files changed, 55 insertions, 0 deletions
diff --git a/tools/testing/selftests/net/tcp_fastopen_backup_key.sh b/tools/testing/selftests/net/tcp_fastopen_backup_key.sh
new file mode 100755
index 000000000000..41476399e184
--- /dev/null
+++ b/tools/testing/selftests/net/tcp_fastopen_backup_key.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+#
+# rotate TFO keys for ipv4/ipv6 and verify that the client does
+# not present an invalid cookie.
+
+set +x
+set -e
+
+readonly NETNS="ns-$(mktemp -u XXXXXX)"
+
+setup() {
+ ip netns add "${NETNS}"
+ ip -netns "${NETNS}" link set lo up
+ ip netns exec "${NETNS}" sysctl -w net.ipv4.tcp_fastopen=3 \
+ >/dev/null 2>&1
+}
+
+cleanup() {
+ ip netns del "${NETNS}"
+}
+
+trap cleanup EXIT
+setup
+
+do_test() {
+ # flush routes before each run, otherwise successive runs can
+ # initially present an old TFO cookie
+ ip netns exec "${NETNS}" ip tcp_metrics flush
+ ip netns exec "${NETNS}" ./tcp_fastopen_backup_key "$1"
+ val=$(ip netns exec "${NETNS}" nstat -az | \
+ grep TcpExtTCPFastOpenPassiveFail | awk '{print $2}')
+ if [ $val -ne 0 ]; then
+ echo "FAIL: TcpExtTCPFastOpenPassiveFail non-zero"
+ return 1
+ fi
+}
+
+do_test "-4"
+do_test "-6"
+do_test "-4"
+do_test "-6"
+do_test "-4s"
+do_test "-6s"
+do_test "-4s"
+do_test "-6s"
+do_test "-4r"
+do_test "-6r"
+do_test "-4r"
+do_test "-6r"
+do_test "-4sr"
+do_test "-6sr"
+do_test "-4sr"
+do_test "-6sr"
+echo "all tests done"