Module Name: src
Committed By: martin
Date: Tue Nov 21 11:11:20 UTC 2017
Modified Files:
src/sys/netipsec [netbsd-8]: key.c
src/tests/net/ipsec [netbsd-8]: t_ipsec_misc.sh
Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #360):
tests/net/ipsec/t_ipsec_misc.sh: revision 1.21
tests/net/ipsec/t_ipsec_misc.sh: revision 1.22
sys/netipsec/key.c: revision 1.235
Mark key_timehandler_ch callout as MP-safe (just forgot to do so)
"Mark key_timehandler_ch callout as MP-safe" change needs one more sec to make
lifetime tests stable
Dedup some checks
And the change a bit optimizes checks of SA expirations, which
may shorten testing time.
To generate a diff of this commit:
cvs rdiff -u -r1.163.2.1 -r1.163.2.2 src/sys/netipsec/key.c
cvs rdiff -u -r1.6.2.2 -r1.6.2.3 src/tests/net/ipsec/t_ipsec_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.163.2.1 src/sys/netipsec/key.c:1.163.2.2
--- src/sys/netipsec/key.c:1.163.2.1 Sat Oct 21 19:43:54 2017
+++ src/sys/netipsec/key.c Tue Nov 21 11:11:20 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.163.2.1 2017/10/21 19:43:54 snj Exp $ */
+/* $NetBSD: key.c,v 1.163.2.2 2017/11/21 11:11:20 martin Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.163.2.1 2017/10/21 19:43:54 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.163.2.2 2017/11/21 11:11:20 martin Exp $");
/*
* This code is referred to RFC 2367
@@ -8106,7 +8106,7 @@ key_do_init(void)
pfkeystat_percpu = percpu_alloc(sizeof(uint64_t) * PFKEY_NSTATS);
- callout_init(&key_timehandler_ch, 0);
+ callout_init(&key_timehandler_ch, CALLOUT_MPSAFE);
error = workqueue_create(&key_timehandler_wq, "key_timehandler",
key_timehandler_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE);
if (error != 0)
Index: src/tests/net/ipsec/t_ipsec_misc.sh
diff -u src/tests/net/ipsec/t_ipsec_misc.sh:1.6.2.2 src/tests/net/ipsec/t_ipsec_misc.sh:1.6.2.3
--- src/tests/net/ipsec/t_ipsec_misc.sh:1.6.2.2 Sat Oct 21 19:43:55 2017
+++ src/tests/net/ipsec/t_ipsec_misc.sh Tue Nov 21 11:11:20 2017
@@ -1,4 +1,4 @@
-# $NetBSD: t_ipsec_misc.sh,v 1.6.2.2 2017/10/21 19:43:55 snj Exp $
+# $NetBSD: t_ipsec_misc.sh,v 1.6.2.3 2017/11/21 11:11:20 martin Exp $
#
# Copyright (c) 2017 Internet Initiative Japan Inc.
# All rights reserved.
@@ -78,6 +78,42 @@ setup_sasp()
#check_sa_entries $SOCK_PEER $ip_local $ip_peer
}
+test_sad_disapper_until()
+{
+ local time=$1
+ local check_dead_sa=$2
+ local setkey_opts=
+ local n=$time
+ local tmpfile=./__tmp
+ local sock= ok=
+
+ if $check_dead_sa; then
+ setkey_opts="-D -a"
+ else
+ setkey_opts="-D"
+ fi
+
+ while [ $n -ne 0 ]; do
+ ok=0
+ sleep 1
+ for sock in $SOCK_LOCAL $SOCK_PEER; do
+ export RUMP_SERVER=$sock
+ $HIJACKING setkey $setkey_opts > $tmpfile
+ $DEBUG && cat $tmpfile
+ if grep -q 'No SAD entries.' $tmpfile; then
+ ok=$((ok + 1))
+ fi
+ done
+ if [ $ok -eq 2 ]; then
+ return
+ fi
+
+ n=$((n - 1))
+ done
+
+ atf_fail "SAs didn't disappear after $time sec."
+}
+
test_ipsec4_lifetime()
{
local proto=$1
@@ -88,6 +124,7 @@ test_ipsec4_lifetime()
local proto_cap=$(echo $proto | tr 'a-z' 'A-Z')
local algo_args="$(generate_algo_args $proto $algo)"
local lifetime=3
+ local buffertime=2
rump_server_crypto_start $SOCK_LOCAL netipsec
rump_server_crypto_start $SOCK_PEER netipsec
@@ -118,16 +155,8 @@ test_ipsec4_lifetime()
# Set up SAs with lifetime 1 sec.
setup_sasp $proto "$algo_args" $ip_local $ip_peer 1
- # Wait for the SAs to be expired
- atf_check -s exit:0 sleep 2
-
# Check the SAs have been expired
- export RUMP_SERVER=$SOCK_LOCAL
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D
- export RUMP_SERVER=$SOCK_PEER
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D
+ test_sad_disapper_until $((1 + $buffertime)) false
# Clean up SPs
export RUMP_SERVER=$SOCK_LOCAL
@@ -148,15 +177,8 @@ test_ipsec4_lifetime()
atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \
cat $outfile
- atf_check -s exit:0 sleep $((lifetime + 1))
-
- export RUMP_SERVER=$SOCK_LOCAL
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D -a
-
- export RUMP_SERVER=$SOCK_PEER
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D -a
+ # Check the SAs have been expired
+ test_sad_disapper_until $((lifetime + $buffertime)) true
export RUMP_SERVER=$SOCK_LOCAL
atf_check -s not-exit:0 -o match:'0 packets received' \
@@ -176,6 +198,7 @@ test_ipsec6_lifetime()
local proto_cap=$(echo $proto | tr 'a-z' 'A-Z')
local algo_args="$(generate_algo_args $proto $algo)"
local lifetime=3
+ local buffertime=2
rump_server_crypto_start $SOCK_LOCAL netinet6 netipsec
rump_server_crypto_start $SOCK_PEER netinet6 netipsec
@@ -204,16 +227,8 @@ test_ipsec6_lifetime()
# Set up SAs with lifetime 1 sec.
setup_sasp $proto "$algo_args" $ip_local $ip_peer 1
- # Wait for the SAs to be expired
- atf_check -s exit:0 sleep 2
-
# Check the SAs have been expired
- export RUMP_SERVER=$SOCK_LOCAL
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D
- export RUMP_SERVER=$SOCK_PEER
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D
+ test_sad_disapper_until $((1 + $buffertime)) false
# Clean up SPs
export RUMP_SERVER=$SOCK_LOCAL
@@ -234,15 +249,8 @@ test_ipsec6_lifetime()
atf_check -s exit:0 -o match:"$ip_peer > $ip_local: $proto_cap" \
cat $outfile
- atf_check -s exit:0 sleep $((lifetime + 1))
-
- export RUMP_SERVER=$SOCK_LOCAL
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D -a
-
- export RUMP_SERVER=$SOCK_PEER
- $DEBUG && $HIJACKING setkey -D
- atf_check -s exit:0 -o match:'No SAD entries.' $HIJACKING setkey -D -a
+ # Check the SAs have been expired
+ test_sad_disapper_until $((lifetime + $buffertime)) true
export RUMP_SERVER=$SOCK_LOCAL
atf_check -s not-exit:0 -o match:'0 packets received' \
