git: 50959e884063 - stable/13 - ktls_test: Permit an option to skip tests not using ifnet TLS.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 13 Jul 2022 16:47:39 UTC
The branch stable/13 has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=50959e884063ad7e2abbd86fd0b1575905a84f99
commit 50959e884063ad7e2abbd86fd0b1575905a84f99
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-06-14 17:35:01 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2022-07-13 16:19:39 +0000
ktls_test: Permit an option to skip tests not using ifnet TLS.
If ktls.require_ifnet is set to true, then check the TLS offload mode
for tests sending and receiving records and skip the test if the
offload mode is not ifnet mode.
This can be used along with ktls.host to run KTLS tests against a NIC
supporting ifnet TLS and verify that expected cipher suites and
directions used ifnet TLS rather than software TLS. Receive tests may
result in a false positive as receive ifnet TLS can use software as a
fallback.
Reviewed by: markj
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D35427
(cherry picked from commit ea4ebdcb4da94a30fae53da74eda302aaa4ff1f3)
---
tests/sys/kern/ktls_test.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/tests/sys/kern/ktls_test.c b/tests/sys/kern/ktls_test.c
index 914b05edfd31..b36de88adfa2 100644
--- a/tests/sys/kern/ktls_test.c
+++ b/tests/sys/kern/ktls_test.c
@@ -67,6 +67,22 @@ require_ktls(void)
#define ATF_REQUIRE_KTLS() require_ktls()
+static void
+check_tls_mode(const atf_tc_t *tc, int s, int sockopt)
+{
+ if (atf_tc_get_config_var_as_bool_wd(tc, "ktls.require_ifnet", false)) {
+ socklen_t len;
+ int mode;
+
+ len = sizeof(mode);
+ if (getsockopt(s, IPPROTO_TCP, sockopt, &mode, &len) == -1)
+ atf_libc_error(errno, "Failed to fetch TLS mode");
+
+ if (mode != TCP_TLS_MODE_IFNET)
+ atf_tc_skip("connection did not use ifnet TLS");
+ }
+}
+
static char
rdigit(void)
{
@@ -981,6 +997,7 @@ test_ktls_transmit_app_data(const atf_tc_t *tc, struct tls_enable *en,
ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en,
sizeof(*en)) == 0);
+ check_tls_mode(tc, sockets[1], TCP_TXTLS_MODE);
EV_SET(&ev, sockets[0], EVFILT_READ, EV_ADD, 0, 0, NULL);
ATF_REQUIRE(kevent(kq, &ev, 1, NULL, 0, NULL) == 0);
@@ -1117,6 +1134,7 @@ test_ktls_transmit_control(const atf_tc_t *tc, struct tls_enable *en,
ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en,
sizeof(*en)) == 0);
+ check_tls_mode(tc, sockets[1], TCP_TXTLS_MODE);
fd_set_blocking(sockets[0]);
fd_set_blocking(sockets[1]);
@@ -1171,6 +1189,7 @@ test_ktls_transmit_empty_fragment(const atf_tc_t *tc, struct tls_enable *en,
ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en,
sizeof(*en)) == 0);
+ check_tls_mode(tc, sockets[1], TCP_TXTLS_MODE);
fd_set_blocking(sockets[0]);
fd_set_blocking(sockets[1]);
@@ -1281,6 +1300,7 @@ test_ktls_receive_app_data(const atf_tc_t *tc, struct tls_enable *en,
ATF_REQUIRE(setsockopt(sockets[0], IPPROTO_TCP, TCP_RXTLS_ENABLE, en,
sizeof(*en)) == 0);
+ check_tls_mode(tc, sockets[0], TCP_RXTLS_MODE);
EV_SET(&ev, sockets[0], EVFILT_READ, EV_ADD, 0, 0, NULL);
ATF_REQUIRE(kevent(kq, &ev, 1, NULL, 0, NULL) == 0);