forked from Minki/linux
10fbcdd12a
Demonstrate how the primary and backup TFO keys can be rotated while minimizing the number of client cookies that are rejected. Signed-off-by: Jason Baron <jbaron@akamai.com> Signed-off-by: Christoph Paasch <cpaasch@apple.com> Acked-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
56 lines
1.1 KiB
Bash
Executable File
56 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# rotate TFO keys for ipv4/ipv6 and verify that the client does
|
|
# not present an invalid cookie.
|
|
|
|
set +x
|
|
set -e
|
|
|
|
readonly NETNS="ns-$(mktemp -u XXXXXX)"
|
|
|
|
setup() {
|
|
ip netns add "${NETNS}"
|
|
ip -netns "${NETNS}" link set lo up
|
|
ip netns exec "${NETNS}" sysctl -w net.ipv4.tcp_fastopen=3 \
|
|
>/dev/null 2>&1
|
|
}
|
|
|
|
cleanup() {
|
|
ip netns del "${NETNS}"
|
|
}
|
|
|
|
trap cleanup EXIT
|
|
setup
|
|
|
|
do_test() {
|
|
# flush routes before each run, otherwise successive runs can
|
|
# initially present an old TFO cookie
|
|
ip netns exec "${NETNS}" ip tcp_metrics flush
|
|
ip netns exec "${NETNS}" ./tcp_fastopen_backup_key "$1"
|
|
val=$(ip netns exec "${NETNS}" nstat -az | \
|
|
grep TcpExtTCPFastOpenPassiveFail | awk '{print $2}')
|
|
if [ $val -ne 0 ]; then
|
|
echo "FAIL: TcpExtTCPFastOpenPassiveFail non-zero"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
do_test "-4"
|
|
do_test "-6"
|
|
do_test "-4"
|
|
do_test "-6"
|
|
do_test "-4s"
|
|
do_test "-6s"
|
|
do_test "-4s"
|
|
do_test "-6s"
|
|
do_test "-4r"
|
|
do_test "-6r"
|
|
do_test "-4r"
|
|
do_test "-6r"
|
|
do_test "-4sr"
|
|
do_test "-6sr"
|
|
do_test "-4sr"
|
|
do_test "-6sr"
|
|
echo "all tests done"
|