git: 50959e884063 - stable/13 - ktls_test: Permit an option to skip tests not using ifnet TLS.

From: John Baldwin <jhb_at_FreeBSD.org>
Date: Wed, 13 Jul 2022 16:47:39 UTC
The branch stable/13 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=50959e884063ad7e2abbd86fd0b1575905a84f99

commit 50959e884063ad7e2abbd86fd0b1575905a84f99
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-06-14 17:35:01 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2022-07-13 16:19:39 +0000

    ktls_test: Permit an option to skip tests not using ifnet TLS.
    
    If ktls.require_ifnet is set to true, then check the TLS offload mode
    for tests sending and receiving records and skip the test if the
    offload mode is not ifnet mode.
    
    This can be used along with ktls.host to run KTLS tests against a NIC
    supporting ifnet TLS and verify that expected cipher suites and
    directions used ifnet TLS rather than software TLS.  Receive tests may
    result in a false positive as receive ifnet TLS can use software as a
    fallback.
    
    Reviewed by:    markj
    Sponsored by:   Chelsio Communications
    Differential Revision:  https://reviews.freebsd.org/D35427
    
    (cherry picked from commit ea4ebdcb4da94a30fae53da74eda302aaa4ff1f3)
---
 tests/sys/kern/ktls_test.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/tests/sys/kern/ktls_test.c b/tests/sys/kern/ktls_test.c
index 914b05edfd31..b36de88adfa2 100644
--- a/tests/sys/kern/ktls_test.c
+++ b/tests/sys/kern/ktls_test.c
@@ -67,6 +67,22 @@ require_ktls(void)
 
 #define	ATF_REQUIRE_KTLS()	require_ktls()
 
+static void
+check_tls_mode(const atf_tc_t *tc, int s, int sockopt)
+{
+	if (atf_tc_get_config_var_as_bool_wd(tc, "ktls.require_ifnet", false)) {
+		socklen_t len;
+		int mode;
+
+		len = sizeof(mode);
+		if (getsockopt(s, IPPROTO_TCP, sockopt, &mode, &len) == -1)
+			atf_libc_error(errno, "Failed to fetch TLS mode");
+
+		if (mode != TCP_TLS_MODE_IFNET)
+			atf_tc_skip("connection did not use ifnet TLS");
+	}
+}
+
 static char
 rdigit(void)
 {
@@ -981,6 +997,7 @@ test_ktls_transmit_app_data(const atf_tc_t *tc, struct tls_enable *en,
 
 	ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en,
 	    sizeof(*en)) == 0);
+	check_tls_mode(tc, sockets[1], TCP_TXTLS_MODE);
 
 	EV_SET(&ev, sockets[0], EVFILT_READ, EV_ADD, 0, 0, NULL);
 	ATF_REQUIRE(kevent(kq, &ev, 1, NULL, 0, NULL) == 0);
@@ -1117,6 +1134,7 @@ test_ktls_transmit_control(const atf_tc_t *tc, struct tls_enable *en,
 
 	ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en,
 	    sizeof(*en)) == 0);
+	check_tls_mode(tc, sockets[1], TCP_TXTLS_MODE);
 
 	fd_set_blocking(sockets[0]);
 	fd_set_blocking(sockets[1]);
@@ -1171,6 +1189,7 @@ test_ktls_transmit_empty_fragment(const atf_tc_t *tc, struct tls_enable *en,
 
 	ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en,
 	    sizeof(*en)) == 0);
+	check_tls_mode(tc, sockets[1], TCP_TXTLS_MODE);
 
 	fd_set_blocking(sockets[0]);
 	fd_set_blocking(sockets[1]);
@@ -1281,6 +1300,7 @@ test_ktls_receive_app_data(const atf_tc_t *tc, struct tls_enable *en,
 
 	ATF_REQUIRE(setsockopt(sockets[0], IPPROTO_TCP, TCP_RXTLS_ENABLE, en,
 	    sizeof(*en)) == 0);
+	check_tls_mode(tc, sockets[0], TCP_RXTLS_MODE);
 
 	EV_SET(&ev, sockets[0], EVFILT_READ, EV_ADD, 0, 0, NULL);
 	ATF_REQUIRE(kevent(kq, &ev, 1, NULL, 0, NULL) == 0);