git: 50959e884063 - stable/13 - ktls_test: Permit an option to skip tests not using ifnet TLS.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 13 Jul 2022 16:47:39 UTC
The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=50959e884063ad7e2abbd86fd0b1575905a84f99 commit 50959e884063ad7e2abbd86fd0b1575905a84f99 Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2022-06-14 17:35:01 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2022-07-13 16:19:39 +0000 ktls_test: Permit an option to skip tests not using ifnet TLS. If ktls.require_ifnet is set to true, then check the TLS offload mode for tests sending and receiving records and skip the test if the offload mode is not ifnet mode. This can be used along with ktls.host to run KTLS tests against a NIC supporting ifnet TLS and verify that expected cipher suites and directions used ifnet TLS rather than software TLS. Receive tests may result in a false positive as receive ifnet TLS can use software as a fallback. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D35427 (cherry picked from commit ea4ebdcb4da94a30fae53da74eda302aaa4ff1f3) --- tests/sys/kern/ktls_test.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/sys/kern/ktls_test.c b/tests/sys/kern/ktls_test.c index 914b05edfd31..b36de88adfa2 100644 --- a/tests/sys/kern/ktls_test.c +++ b/tests/sys/kern/ktls_test.c @@ -67,6 +67,22 @@ require_ktls(void) #define ATF_REQUIRE_KTLS() require_ktls() +static void +check_tls_mode(const atf_tc_t *tc, int s, int sockopt) +{ + if (atf_tc_get_config_var_as_bool_wd(tc, "ktls.require_ifnet", false)) { + socklen_t len; + int mode; + + len = sizeof(mode); + if (getsockopt(s, IPPROTO_TCP, sockopt, &mode, &len) == -1) + atf_libc_error(errno, "Failed to fetch TLS mode"); + + if (mode != TCP_TLS_MODE_IFNET) + atf_tc_skip("connection did not use ifnet TLS"); + } +} + static char rdigit(void) { @@ -981,6 +997,7 @@ test_ktls_transmit_app_data(const atf_tc_t *tc, struct tls_enable *en, ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en, sizeof(*en)) == 0); + check_tls_mode(tc, sockets[1], TCP_TXTLS_MODE); EV_SET(&ev, sockets[0], EVFILT_READ, EV_ADD, 0, 0, NULL); ATF_REQUIRE(kevent(kq, &ev, 1, NULL, 0, NULL) == 0); @@ -1117,6 +1134,7 @@ test_ktls_transmit_control(const atf_tc_t *tc, struct tls_enable *en, ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en, sizeof(*en)) == 0); + check_tls_mode(tc, sockets[1], TCP_TXTLS_MODE); fd_set_blocking(sockets[0]); fd_set_blocking(sockets[1]); @@ -1171,6 +1189,7 @@ test_ktls_transmit_empty_fragment(const atf_tc_t *tc, struct tls_enable *en, ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en, sizeof(*en)) == 0); + check_tls_mode(tc, sockets[1], TCP_TXTLS_MODE); fd_set_blocking(sockets[0]); fd_set_blocking(sockets[1]); @@ -1281,6 +1300,7 @@ test_ktls_receive_app_data(const atf_tc_t *tc, struct tls_enable *en, ATF_REQUIRE(setsockopt(sockets[0], IPPROTO_TCP, TCP_RXTLS_ENABLE, en, sizeof(*en)) == 0); + check_tls_mode(tc, sockets[0], TCP_RXTLS_MODE); EV_SET(&ev, sockets[0], EVFILT_READ, EV_ADD, 0, 0, NULL); ATF_REQUIRE(kevent(kq, &ev, 1, NULL, 0, NULL) == 0);