| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251016040159.3534435-5-kuniyu@google.com>
Date: Thu, 16 Oct 2025 04:00:36 +0000
From: Kuniyuki Iwashima <kuniyu@...gle.com>
To: Eric Dumazet <edumazet@...gle.com>, Neal Cardwell <ncardwell@...gle.com>,
"David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>
Cc: Simon Horman <horms@...nel.org>, Yuchung Cheng <ycheng@...gle.com>,
Willem de Bruijn <willemb@...gle.com>, Kuniyuki Iwashima <kuniyu@...gle.com>,
Kuniyuki Iwashima <kuni1840@...il.com>, netdev@...r.kernel.org
Subject: [PATCH v1 net-next 4/4] selftest: packetdrill: Import client_synack-data.pkt.
client_synack-data.pkt tests various TFO client scenarios for
SYN+ACK payload processing, which never happen with Linux server.
In addition to the common changes mentioned in the cover letter,
the following changes are added to the original script:
1. Add payload to SYN+ACK for TFO fallback client to cover
the previous patch
2. Add TCPI_OPT_SYN_DATA assertion in each test case
3. Add TcpExtPAWSActive check in the last test case
Signed-off-by: Kuniyuki Iwashima <kuniyu@...gle.com>
---
.../tcp_fastopen_client_synack-data.pkt | 150 ++++++++++++++++++
1 file changed, 150 insertions(+)
create mode 100644 tools/testing/selftests/net/packetdrill/tcp_fastopen_client_synack-data.pkt
diff --git a/tools/testing/selftests/net/packetdrill/tcp_fastopen_client_synack-data.pkt b/tools/testing/selftests/net/packetdrill/tcp_fastopen_client_synack-data.pkt
new file mode 100644
index 0000000000000..c49cfd3d491e5
--- /dev/null
+++ b/tools/testing/selftests/net/packetdrill/tcp_fastopen_client_synack-data.pkt
@@ -0,0 +1,150 @@
+// SPDX-License-Identifier: GPL-2.0
+//
+// Test server sending SYNACK with data
+//
+--tcp_ts_ecr_scaled // used in TEST 5
+
+`./defaults.sh
+ ./set_sysctls.py /proc/sys/net/ipv4/tcp_timestamps=0`
+
+
+//
+// Cache warmup: send a Fast Open cookie request
+// SYN-ACK payload must not be ACKed
+//
+ 0 socket(..., SOCK_STREAM|SOCK_NONBLOCK, IPPROTO_TCP) = 3
+ +0 sendto(3, ..., 0, MSG_FASTOPEN, ..., ...) = -1 EINPROGRESS (Operation is now in progress)
+ +0 > S 0:0(0) <mss 1460,nop,nop,sackOK,nop,wscale 8,FO,nop,nop>
+ +0 < S. 123:133(10) ack 1 win 5840 <mss 1040,nop,nop,sackOK,nop,wscale 6,FO abcd1234,nop,nop>
+// SYN+ACK data cannot be ACKed for TFO fallback client
+ +0 > . 1:1(0) ack 1
+
+ +0 %{ assert (tcpi_options & TCPI_OPT_SYN_DATA) == 0, tcpi_options }%
+ +0 read(3, ..., 1000) = -1 EAGAIN (Resource temporarily unavailable)
+ +0 close(3) = 0
+ +0 > F. 1:1(0) ack 1
+ +.01 < F. 1:1(0) ack 2 win 92
+ +0 > . 2:2(0) ack 2
+
+
+//
+// TEST1: Servers sends SYN-ACK with data and another two data packets
+//
+ +0 socket(..., SOCK_STREAM|SOCK_NONBLOCK, IPPROTO_TCP) = 4
+ +0 sendto(4, ..., 1000, MSG_FASTOPEN, ..., ...) = 1000
+ +0 > S 0:1000(1000) <mss 1460,nop,nop,sackOK,nop,wscale 8,FO abcd1234,nop,nop>
+ +0 < S. 1000000:1001400(1400) ack 1001 win 5840 <mss 1040,nop,nop,sackOK,nop,wscale 6>
+ +0 < . 1401:2801(1400) ack 1001 win 257
+ +0 < P. 2801:3001(200) ack 1001 win 257
+ +0 > . 1001:1001(0) ack 1401
+ +0 > . 1001:1001(0) ack 2801
+ +0 > . 1001:1001(0) ack 3001
+
+ +0 %{ assert (tcpi_options & TCPI_OPT_SYN_DATA) != 0, tcpi_options }%
+ +0 read(4, ..., 100000) = 3000
+ +0 close(4) = 0
+ +0 > F. 1001:1001(0) ack 3001
+ +.01 < F. 3001:3001(0) ack 1002 win 257
+ +0 > . 1002:1002(0) ack 3002
+
+
+//
+// TEST2: SYN-ACK-DATA-FIN is accepted. state SYN_SENT -> CLOSE_WAIT.
+// poll() functions correctly.
+//
+ +0 socket(..., SOCK_STREAM|SOCK_NONBLOCK, IPPROTO_TCP) = 4
+ +0 sendto(4, ..., 1000, MSG_FASTOPEN, ..., ...) = 1000
+ +0...0.010 poll([{fd=4,
+ events=POLLIN|POLLOUT|POLLERR|POLLRDHUP,
+ revents=POLLIN|POLLOUT|POLLRDHUP}], 1, 100) = 1
+ +0 > S 0:1000(1000) <mss 1460,nop,nop,sackOK,nop,wscale 8,FO abcd1234,nop,nop>
+ +.01 < SF. 1000000:1001400(1400) ack 1001 win 5840 <mss 1040,nop,nop,sackOK,nop,wscale 6>
+
+ +0 %{ assert tcpi_state == TCP_CLOSE_WAIT, tcpi_state }%
+ +0 %{ assert (tcpi_options & TCPI_OPT_SYN_DATA) != 0, tcpi_options }%
+ +0 read(4, ..., 100000) = 1400
+ +0 read(4, ..., 100000) = 0
+ +0 > . 1001:1001(0) ack 1402
+ +0 close(4) = 0
+ +0 > F. 1001:1001(0) ack 1402
+ +.01 < . 1402:1402(0) ack 1002 win 257
+
+
+//
+// TEST3: Servers sends SYN-ACK with data and another two data packets. SYN-ACK
+// is lost and the two data packets are ignored. Client timed out and
+// retransmitted SYN.
+//
+ +0 socket(..., SOCK_STREAM|SOCK_NONBLOCK, IPPROTO_TCP) = 4
+ +0 sendto(4, ..., 1000, MSG_FASTOPEN, ..., ...) = 1000
+ +0 > S 0:1000(1000) <mss 1460,nop,nop,sackOK,nop,wscale 8,FO abcd1234,nop,nop>
+ +.01 < . 1401:2801(1400) ack 1001 win 257
+ +0 < P. 2801:3001(200) ack 1001 win 257
+
+// SYN timeout
+ +.99~+1.1 > S 0:0(0) <mss 1460,nop,nop,sackOK,nop,wscale 8>
+ +.01 < S. 1000000:1001400(1400) ack 1001 win 5840 <mss 1040,nop,nop,sackOK,nop,wscale 6>
+ +0 > . 1001:1001(0) ack 1401
+ +.01 < . 1401:2801(1400) ack 1001 win 257
+ +0 > . 1001:1001(0) ack 2801
+ +0 < P. 2801:3001(200) ack 1001 win 257
+ +0 > . 1001:1001(0) ack 3001
+
+ +0 %{ assert (tcpi_options & TCPI_OPT_SYN_DATA) != 0, tcpi_options }%
+ +0 read(4, ..., 100000) = 3000
+ +0 close(4) = 0
+ +0 > F. 1001:1001(0) ack 3001
+ +.1 < F. 3001:3001(0) ack 1002 win 257
+ +0 > . 1002:1002(0) ack 3002
+
+
+//
+// TEST4: SYN-ACK-DATA with TS opt. Also test poll()
+//
+ +0 `sysctl -q net.ipv4.tcp_timestamps=1`
+
+ +0 socket(..., SOCK_STREAM|SOCK_NONBLOCK, IPPROTO_TCP) = 4
+ +0 sendto(4, ..., 1000, MSG_FASTOPEN, ..., ...) = 1000
+ +0...0.010 poll([{fd=4,
+ events=POLLIN|POLLOUT|POLLERR,
+ revents=POLLIN|POLLOUT}], 1, 100) = 1
+ +0 > S 0:1000(1000) <mss 1460,sackOK,TS val 1 ecr 0,nop,wscale 8,FO abcd1234,nop,nop>
+ +.01 < S. 1000000:1001400(1400) ack 1001 win 5840 <mss 1040,TS val 1000000 ecr 1,sackOK,nop,wscale 6>
+ +0 > . 1001:1001(0) ack 1401 <nop,nop,TS val 101 ecr 1000000>
+ +0 < . 1401:2801(1400) ack 1001 win 257 <nop,nop,TS val 1000000 ecr 1>
+ +0 > . 1001:1001(0) ack 2801 <nop,nop,TS val 101 ecr 1000000>
+ +0 < P. 2801:3001(200) ack 1001 win 257 <nop,nop,TS val 1000000 ecr 1>
+ +0 > . 1001:1001(0) ack 3001 <nop,nop,TS val 101 ecr 1000000>
+
+ +0 %{ assert (tcpi_options & TCPI_OPT_SYN_DATA) != 0, tcpi_options }%
+ +0 read(4, ..., 100000) = 3000
+ +0 close(4) = 0
+ +0 > F. 1001:1001(0) ack 3001 <nop,nop,TS val 301 ecr 1000000>
+ +.01 < F. 3001:3001(0) ack 1002 win 257 <nop,nop,TS val 1000300 ecr 301>
+ +0 > . 1002:1002(0) ack 3002 <nop,nop,TS val 401 ecr 1000300>
+
+
+//
+// TEST5: SYN-ACK-DATA with bad TS opt is repelled with an RST.
+//
+ +0 `nstat > /dev/null`
+ +0 socket(..., SOCK_STREAM|SOCK_NONBLOCK, IPPROTO_TCP) = 4
+ +0 sendto(4, ..., 1000, MSG_FASTOPEN, ..., ...) = 1000
+ +0 > S 0:1000(1000) <mss 1460,sackOK,TS val 1 ecr 0,nop,wscale 8,FO abcd1234,nop,nop>
+
+// bad ECR value is rejected as LINUX_MIB_PAWSACTIVEREJECTED
+ +.01 < S. 1000000:1001400(1400) ack 1001 win 5840 <mss 1040,TS val 1000000 ecr 9999,sackOK,nop,wscale 6>
+ +0 > R 1001:1001(0)
+
+// A later valid SYN establishes the connection
+ +.01 < S. 1000000:1000100(100) ack 1001 win 5840 <mss 1040,TS val 1000000 ecr 1,sackOK,nop,wscale 6>
+ +0 > . 1001:1001(0) ack 101 <nop,nop,TS val 21 ecr 1000000>
+
+// Make sure the RST above incremented LINUX_MIB_PAWSACTIVEREJECTED
+ +0 `nstat | grep -q TcpExtPAWSActive`
+
+ +0 %{ assert (tcpi_options & TCPI_OPT_SYN_DATA) != 0, tcpi_options }%
+ +0 read(4, ..., 100000) = 100
+ +0 %{ assert tcpi_state == TCP_ESTABLISHED, tcpi_state }%
+
+`/tmp/sysctl_restore_${PPID}.sh`
\ No newline at end of file
--
2.51.0.788.g6d19910ace-goog
Powered by blists - more mailing lists