Message ID | 3f6d654c1c36f489b471e2892c9231d6fa8fad7a.1628544649.git.cdleonard@gmail.com |
---|---|
State | New |
Headers | show |
Series | tcp: Initial support for RFC5925 auth option | expand |
On 8/9/21 3:35 PM, Leonard Crestez wrote: > Just test that a correct password is required. > This test suite needs to be comprehensive that the UAPI works as designed and fails when it should - cleanly and with an extack message as to why some config option fails. Tests should cover the datapath - that it works properly when it should and fails cleanly when it should not. If addresses are involved in the configuration, then the tests need to be written for non VRFs, with VRFs and default VRF since addresses are relative. Also, in tree test suites are best for the maintenance of this code going forward.
On 11.08.2021 16:46, David Ahern wrote: > On 8/9/21 3:35 PM, Leonard Crestez wrote: >> Just test that a correct password is required. >> > > This test suite needs to be comprehensive that the UAPI works as > designed and fails when it should - cleanly and with an extack message > as to why some config option fails. Tests should cover the datapath - > that it works properly when it should and fails cleanly when it should > not. If addresses are involved in the configuration, then the tests need > to be written for non VRFs, with VRFs and default VRF since addresses > are relative. > > Also, in tree test suites are best for the maintenance of this code > going forward. I can try to integrate my python test suite into kselftest. It's not a very orthodox choice but a rewrite in C would be much larger. -- Regards, Leonard
diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index a8ad92850e63..569c340040f4 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -788,10 +788,31 @@ ipv4_ping() } ################################################################################ # IPv4 TCP +# +# TCP Authentication Option Tests +# +ipv4_tcp_authopt() +{ + # basic use case + log_start + run_cmd nettest -s -A ${MD5_PW} & + sleep 1 + run_cmd_nsb nettest -r ${NSA_IP} -A ${MD5_PW} + log_test $? 0 "AO: Simple password" + + # wrong password + log_start + show_hint "Should timeout since client uses wrong password" + run_cmd nettest -s -A ${MD5_PW} & + sleep 1 + run_cmd_nsb nettest -r ${NSA_IP} -A ${MD5_WRONG_PW} + log_test $? 2 "AO: Client uses wrong password" +} + # # MD5 tests without VRF # ipv4_tcp_md5_novrf() { @@ -1119,10 +1140,11 @@ ipv4_tcp_novrf() show_hint "Should fail 'Connection refused'" run_cmd nettest -d ${NSA_DEV} -r ${a} log_test_addr ${a} $? 1 "No server, device client, local conn" ipv4_tcp_md5_novrf + ipv4_tcp_authopt } ipv4_tcp_vrf() { local a
Just test that a correct password is required. Signed-off-by: Leonard Crestez <cdleonard@gmail.com> --- tools/testing/selftests/net/fcnal-test.sh | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)