selftest: packetdrill: Import sockopt-fastopen-key.pkt

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

sockopt-fastopen-key.pkt does not have the non-experimental
version, so the Experimental version is converted, FOEXP -> FO.

The test sets net.ipv4.tcp_fastopen_key=0-0-0-0 and instead
sets another key via setsockopt(TCP_FASTOPEN_KEY).

The first listener generates a valid cookie in response to TFO
option without cookie, and the second listner creates a TFO socket
using the valid cookie.

TCP_FASTOPEN_KEY is adjusted to use the common key in default.sh
so that we can use TFO_COOKIE and support dualstack. Similarly,
TFO_COOKIE_ZERO for the 0-0-0-0 key is defined.

Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Link: https://patch.msgid.link/20250927213022.1850048-13-kuniyu@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Kuniyuki Iwashima and committed by

Jakub Kicinski 6 months ago 05b9f505 be90c7b3

+76

2 changed files

expand all

tools

testing

selftests

net

packetdrill

ksft_runner.sh

tcp_fastopen_server_sockopt-fastopen-key.pkt

tools/testing/selftests/net/packetdrill/ksft_runner.sh

··· 10 10 --netmask_ip=255.255.0.0 11 11 --remote_ip=192.0.2.1 12 12 -D TFO_COOKIE=3021b9d889017eeb 13 + -D TFO_COOKIE_ZERO=b7c12350a90dc8f5 13 14 -D CMSG_LEVEL_IP=SOL_IP 14 15 -D CMSG_TYPE_RECVERR=IP_RECVERR" 15 16 [ipv6]="--ip_version=ipv6 ··· 19 18 --gateway_ip=fd3d:0a0b:17d6:8888::1 20 19 --remote_ip=fd3d:fa7b:d17d::1 21 20 -D TFO_COOKIE=c1d1e9742a47a9bc 21 + -D TFO_COOKIE_ZERO=82af1a8f9a205c34 22 22 -D CMSG_LEVEL_IP=SOL_IPV6 23 23 -D CMSG_TYPE_RECVERR=IPV6_RECVERR" 24 24 )

+74

tools/testing/selftests/net/packetdrill/tcp_fastopen_server_sockopt-fastopen-key.pkt

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + // 3 + // Test the server cookie is generated by aes64 encoding of remote and local 4 + // IP addresses with a master key specified via sockopt TCP_FASTOPEN_KEY 5 + // 6 + `./defaults.sh 7 + ./set_sysctls.py /proc/sys/net/ipv4/tcp_fastopen_key=00000000-00000000-00000000-00000000` 8 + 9 + 0 socket(..., SOCK_STREAM|SOCK_NONBLOCK, IPPROTO_TCP) = 3 10 + +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 11 + 12 + // Set a key of a1a1a1a1-b2b2b2b2-c3c3c3c3-d4d4d4d4 (big endian). 13 + // This would produce a cookie of TFO_COOKIE like many other 14 + // tests (which the same key but set via sysctl). 15 + +0 setsockopt(3, SOL_TCP, TCP_FASTOPEN_KEY, 16 + "\xa1\xa1\xa1\xa1\xb2\xb2\xb2\xb2\xc3\xc3\xc3\xc3\xd4\xd4\xd4\xd4", 16) = 0 17 + 18 + +0 bind(3, ..., ...) = 0 19 + +0 listen(3, 1) = 0 20 + +0 setsockopt(3, SOL_TCP, TCP_FASTOPEN, [1], 4) = 0 21 + 22 + // Request a valid cookie TFO_COOKIE 23 + +0 < S 1428932:1428942(10) win 10000 <mss 1012,nop,nop,FO,sackOK,TS val 1 ecr 0,nop,wscale 7> 24 + +0 > S. 0:0(0) ack 1428933 <mss 1460,sackOK,TS val 10000 ecr 1,nop,wscale 8,FO TFO_COOKIE,nop,nop> 25 + +0 < . 1:1(0) ack 1 win 257 <nop,nop,TS val 2 ecr 10000> 26 + +0 accept(3, ..., ...) = 4 27 + +0 %{ assert (tcpi_options & TCPI_OPT_SYN_DATA) == 0, tcpi_options }% 28 + 29 + +0 close(4) = 0 30 + +0 > F. 1:1(0) ack 1 <nop,nop,TS val 10001 ecr 2> 31 + +0 < F. 1:1(0) ack 2 win 257 <nop,nop,TS val 3 ecr 10001> 32 + +0 > . 2:2(0) ack 2 <nop,nop,TS val 10002 ecr 3> 33 + 34 + +0 close(3) = 0 35 + 36 + // Restart the listener 37 + +0 socket(..., SOCK_STREAM|SOCK_NONBLOCK, IPPROTO_TCP) = 3 38 + +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 39 + +0 bind(3, ..., ...) = 0 40 + +0 listen(3, 1) = 0 41 + +0 setsockopt(3, SOL_TCP, TCP_FASTOPEN, [1], 4) = 0 42 + 43 + // Test setting the key in the listen state, and produces an identical cookie 44 + +0 setsockopt(3, SOL_TCP, TCP_FASTOPEN_KEY, 45 + "\xa1\xa1\xa1\xa1\xb2\xb2\xb2\xb2\xc3\xc3\xc3\xc3\xd4\xd4\xd4\xd4", 16) = 0 46 + 47 + +0 < S 6814000:6815000(1000) win 10000 <mss 1012,nop,nop,FO TFO_COOKIE,sackOK,TS val 10 ecr 0,nop,wscale 7> 48 + +0 > S. 0:0(0) ack 6815001 <mss 1460,sackOK,TS val 10000 ecr 10,nop,wscale 8> 49 + +0 accept(3, ..., ...) = 4 50 + +0 %{ assert (tcpi_options & TCPI_OPT_SYN_DATA) != 0, tcpi_options }% 51 + +0 < . 1001:1001(0) ack 1 win 257 <nop,nop,TS val 12 ecr 10000> 52 + +0 read(4, ..., 8192) = 1000 53 + 54 + +0 close(4) = 0 55 + +0 > F. 1:1(0) ack 1001 <nop,nop,TS val 10101 ecr 12> 56 + +0 < F. 1001:1001(0) ack 2 win 257 <nop,nop,TS val 112 ecr 10101> 57 + +0 > . 2:2(0) ack 1002 <nop,nop,TS val 10102 ecr 112> 58 + 59 + +0 close(3) = 0 60 + 61 + // Restart the listener 62 + +0 socket(..., SOCK_STREAM|SOCK_NONBLOCK, IPPROTO_TCP) = 3 63 + +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 64 + +0 bind(3, ..., ...) = 0 65 + +0 listen(3, 1) = 0 66 + +0 setsockopt(3, SOL_TCP, TCP_FASTOPEN, [1], 4) = 0 67 + 68 + // Test invalid key length (must be 16 bytes) 69 + +0 setsockopt(3, SOL_TCP, TCP_FASTOPEN_KEY, "", 0) = -1 (Invalid Argument) 70 + +0 setsockopt(3, SOL_TCP, TCP_FASTOPEN_KEY, "", 3) = -1 (Invalid Argument) 71 + 72 + // Previous cookie won't be accepted b/c this listener uses the global key (0-0-0-0) 73 + +0 < S 6814000:6815000(1000) win 10000 <mss 1012,nop,nop,FO TFO_COOKIE,sackOK,TS val 10 ecr 0,nop,wscale 7> 74 + +0 > S. 0:0(0) ack 6814001 <mss 1460,sackOK,TS val 10000 ecr 10,nop,wscale 8,FO TFO_COOKIE_ZERO,nop,nop>