Skip to content

Commit

Permalink
add ktls test
Browse files Browse the repository at this point in the history
Signed-off-by: Geliang Tang <[email protected]>
  • Loading branch information
geliangtang authored and Geliang Tang committed May 27, 2024
1 parent a553a00 commit e42930f
Show file tree
Hide file tree
Showing 3 changed files with 208 additions and 6 deletions.
2 changes: 2 additions & 0 deletions net/mptcp/protocol.h
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
#include <uapi/linux/mptcp.h>
#include <net/genetlink.h>
#include <net/rstreason.h>
#include <net/tls.h>

#define MPTCP_SUPPORTED_VERSION 1

Expand Down Expand Up @@ -499,6 +500,7 @@ DECLARE_PER_CPU(struct mptcp_delegated_action, mptcp_delegated_actions);
struct mptcp_subflow_context {
struct list_head node;/* conn_list of subflows */

struct tls_context tls;
struct_group(reset,

unsigned long avg_pacing_rate; /* protected by msk socket lock */
Expand Down
39 changes: 38 additions & 1 deletion net/mptcp/sockopt.c
Original file line number Diff line number Diff line change
Expand Up @@ -567,6 +567,7 @@ static bool mptcp_supported_sockopt(int level, int optname)
case TCP_FASTOPEN_CONNECT:
case TCP_FASTOPEN_KEY:
case TCP_FASTOPEN_NO_COOKIE:
case TCP_ULP:
return true;
}

Expand All @@ -579,6 +580,42 @@ static bool mptcp_supported_sockopt(int level, int optname)
return false;
}

static int mptcp_setsockopt_sol_tcp_ulp(struct mptcp_sock *msk, sockptr_t optval,
unsigned int optlen)
{
struct mptcp_subflow_context *subflow;
struct sock *sk = (struct sock *)msk;
char name[TCP_ULP_NAME_MAX];
int ret;

if (optlen < 1)
return -EINVAL;

ret = strncpy_from_sockptr(name, optval,
min_t(long, TCP_ULP_NAME_MAX - 1, optlen));
if (ret < 0)
return -EFAULT;
name[ret] = 0;

ret = 0;
lock_sock(sk);
sockopt_seq_inc(msk);
mptcp_for_each_subflow(msk, subflow) {
struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
int err;

lock_sock(ssk);
err = tcp_set_ulp(ssk, name);
if (err < 0 && ret == 0)
ret = err;
subflow->setsockopt_seq = msk->setsockopt_seq;
release_sock(ssk);
}

release_sock(sk);
return ret;
}

static int mptcp_setsockopt_sol_tcp_congestion(struct mptcp_sock *msk, sockptr_t optval,
unsigned int optlen)
{
Expand Down Expand Up @@ -806,7 +843,7 @@ static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname,

switch (optname) {
case TCP_ULP:
return -EOPNOTSUPP;
return mptcp_setsockopt_sol_tcp_ulp(msk, optval, optlen);
case TCP_CONGESTION:
return mptcp_setsockopt_sol_tcp_congestion(msk, optval, optlen);
case TCP_DEFER_ACCEPT:
Expand Down
173 changes: 168 additions & 5 deletions tools/testing/selftests/bpf/prog_tests/mptcp.c
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

#include <linux/const.h>
#include <netinet/in.h>
#include <linux/tls.h>
#include <test_progs.h>
#include "cgroup_helpers.h"
#include "network_helpers.h"
Expand Down Expand Up @@ -41,6 +42,10 @@
#define MPTCP_INFO_FLAG_REMOTE_KEY_RECEIVED _BITUL(1)
#endif

#ifndef TCP_ULP
#define TCP_ULP 31
#endif

#ifndef TCP_CA_NAME_MAX
#define TCP_CA_NAME_MAX 16
#endif
Expand Down Expand Up @@ -430,6 +435,165 @@ static void test_subflow(void)
close(cgroup_fd);
}

static int sockmap_init_ktls(int fd)
{
struct tls12_crypto_info_aes_gcm_128 tls_tx = {
.info = {
.version = TLS_1_2_VERSION,
.cipher_type = TLS_CIPHER_AES_GCM_128,
},
};
struct tls12_crypto_info_aes_gcm_128 tls_rx = {
.info = {
.version = TLS_1_2_VERSION,
.cipher_type = TLS_CIPHER_AES_GCM_128,
},
};
int so_buf = 6553500;
int err;

err = setsockopt(fd, SOL_TCP, TCP_ULP, "tls", sizeof("tls"));
if (!ASSERT_OK(err, "setsockopt TCP_ULP"))
return err;
err = setsockopt(fd, SOL_TLS, TLS_TX, (void *)&tls_tx, sizeof(tls_tx));
if (!ASSERT_OK(err, "setsockopt TLS_TX"))
return err;
err = setsockopt(fd, SOL_TLS, TLS_RX, (void *)&tls_rx, sizeof(tls_rx));
if (!ASSERT_OK(err, "setsockopt TLS_RX"))
return err;
err = setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &so_buf, sizeof(so_buf));
if (!ASSERT_OK(err, "setsockopt SO_SNDBUF"))
return err;
err = setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &so_buf, sizeof(so_buf));
if (!ASSERT_OK(err, "setsockopt SO_RCVBUF"))
return err;

return 0;
}

static int has_bytes_sent(char *dst)
{
return _ss_search(ADDR_1, dst, "sport", "bytes_sent:");
}

static int ktls_cb(int fd)
{
int err;

err = settimeo(fd, 0);
if (err)
return err;
err = sockmap_init_ktls(fd);
if (err)
return err;

return 0;
}

static void run_tcp_ktls(void)
{
int server_fd, client_fd;

server_fd = start_server(AF_INET, SOCK_STREAM, ADDR_1, PORT_1, 0);
if (!ASSERT_GE(server_fd, 0, "start_server"))
return;

client_fd = connect_to_fd(server_fd, 0);
if (!ASSERT_GE(client_fd, 0, "connect to fd"))
goto fail;

if (!ASSERT_OK(sockmap_init_ktls(client_fd), "init_ktls client_fd"))
goto fail;

if (!ASSERT_OK(send_recv_data(server_fd, client_fd,
total_bytes, ktls_cb),
"send_recv_data"))
goto fail;

//CHECK(has_bytes_sent(ADDR_1), "tcp_ktls", "should have bytes_sent on addr1\n");
CHECK(!has_bytes_sent(ADDR_2), "tcp_ktls", "shouldn't have bytes_sent on addr2\n");

close(client_fd);
fail:
close(server_fd);
}

static void test_tcp_ktls(void)
{
struct nstoken *nstoken;
int cgroup_fd;

cgroup_fd = test__join_cgroup("/tcp_ktls");
if (!ASSERT_GE(cgroup_fd, 0, "join_cgroup: tcp_ktls"))
return;

nstoken = create_netns(NS_TEST);
if (!ASSERT_OK_PTR(nstoken, "create_netns: tcp_ktls"))
goto close_cgroup;

if (!ASSERT_OK(endpoint_init("subflow"), "endpoint_init: tcp_ktls"))
goto close_netns;

run_tcp_ktls();

close_netns:
cleanup_netns(nstoken);
close_cgroup:
close(cgroup_fd);
}

static void run_mptcp_ktls(void)
{
int server_fd, client_fd;

server_fd = start_mptcp_server(AF_INET, ADDR_1, PORT_1, 0);
if (!ASSERT_GE(server_fd, 0, "start_mptcp_server"))
return;

client_fd = connect_to_fd(server_fd, 0);
if (!ASSERT_GE(client_fd, 0, "connect to fd"))
goto fail;

//if (!ASSERT_OK(sockmap_init_ktls(client_fd), "init_ktls client_fd"))
// goto fail;

if (!ASSERT_OK(send_recv_data(server_fd, client_fd,
total_bytes, NULL), //total_bytes, ktls_cb),
"send_recv_data"))
goto fail;

CHECK(has_bytes_sent(ADDR_1), "mptcp ktls", "should have bytes_sent on addr1\n");
CHECK(has_bytes_sent(ADDR_2), "mptcp ktls", "should have bytes_sent on addr2\n");

close(client_fd);
fail:
close(server_fd);
}

static void test_mptcp_ktls(void)
{
struct nstoken *nstoken;
int cgroup_fd;

cgroup_fd = test__join_cgroup("/mptcp_ktls");
if (!ASSERT_GE(cgroup_fd, 0, "join_cgroup: mptcp_ktls"))
return;

nstoken = create_netns(NS_TEST);
if (!ASSERT_OK_PTR(nstoken, "create_netns: mptcp_ktls"))
goto close_cgroup;

if (!ASSERT_OK(endpoint_init("subflow"), "endpoint_init: mptcp_ktls"))
goto close_netns;

run_mptcp_ktls();

close_netns:
cleanup_netns(nstoken);
close_cgroup:
close(cgroup_fd);
}

static struct nstoken *sched_init(char *flags, char *sched)
{
struct nstoken *nstoken;
Expand All @@ -449,11 +613,6 @@ static struct nstoken *sched_init(char *flags, char *sched)
return NULL;
}

static int has_bytes_sent(char *dst)
{
return _ss_search(ADDR_1, dst, "sport", "bytes_sent:");
}

static void send_data_and_verify(char *sched, bool addr1, bool addr2)
{
struct timespec start, end;
Expand Down Expand Up @@ -617,6 +776,10 @@ void test_mptcp(void)
test_mptcpify();
if (test__start_subtest("subflow"))
test_subflow();
if (test__start_subtest("tcp_ktls"))
test_tcp_ktls();
if (test__start_subtest("mptcp_ktls"))
test_mptcp_ktls();
if (test__start_subtest("default"))
test_default();
if (test__start_subtest("first"))
Expand Down

0 comments on commit e42930f

Please sign in to comment.