diff options
author | Jason Baron <jbaron@akamai.com> | 2019-05-29 18:34:01 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2019-05-30 22:41:26 +0200 |
commit | 10fbcdd12aa24fdb4b357a39abc03686d15f04fd (patch) | |
tree | 0d30a02c064add3df6acf89bfda325e2eff610bf /tools/testing/selftests/net/tcp_fastopen_backup_key.sh | |
parent | Documentation: ip-sysctl.txt: Document tcp_fastopen_key (diff) | |
download | linux-10fbcdd12aa24fdb4b357a39abc03686d15f04fd.tar.xz linux-10fbcdd12aa24fdb4b357a39abc03686d15f04fd.zip |
selftests/net: add TFO key rotation selftest
Demonstrate how the primary and backup TFO keys can be rotated while
minimizing the number of client cookies that are rejected.
Signed-off-by: Jason Baron <jbaron@akamai.com>
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'tools/testing/selftests/net/tcp_fastopen_backup_key.sh')
-rwxr-xr-x | tools/testing/selftests/net/tcp_fastopen_backup_key.sh | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/tools/testing/selftests/net/tcp_fastopen_backup_key.sh b/tools/testing/selftests/net/tcp_fastopen_backup_key.sh new file mode 100755 index 000000000000..41476399e184 --- /dev/null +++ b/tools/testing/selftests/net/tcp_fastopen_backup_key.sh @@ -0,0 +1,55 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# rotate TFO keys for ipv4/ipv6 and verify that the client does +# not present an invalid cookie. + +set +x +set -e + +readonly NETNS="ns-$(mktemp -u XXXXXX)" + +setup() { + ip netns add "${NETNS}" + ip -netns "${NETNS}" link set lo up + ip netns exec "${NETNS}" sysctl -w net.ipv4.tcp_fastopen=3 \ + >/dev/null 2>&1 +} + +cleanup() { + ip netns del "${NETNS}" +} + +trap cleanup EXIT +setup + +do_test() { + # flush routes before each run, otherwise successive runs can + # initially present an old TFO cookie + ip netns exec "${NETNS}" ip tcp_metrics flush + ip netns exec "${NETNS}" ./tcp_fastopen_backup_key "$1" + val=$(ip netns exec "${NETNS}" nstat -az | \ + grep TcpExtTCPFastOpenPassiveFail | awk '{print $2}') + if [ $val -ne 0 ]; then + echo "FAIL: TcpExtTCPFastOpenPassiveFail non-zero" + return 1 + fi +} + +do_test "-4" +do_test "-6" +do_test "-4" +do_test "-6" +do_test "-4s" +do_test "-6s" +do_test "-4s" +do_test "-6s" +do_test "-4r" +do_test "-6r" +do_test "-4r" +do_test "-6r" +do_test "-4sr" +do_test "-6sr" +do_test "-4sr" +do_test "-6sr" +echo "all tests done" |