1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3# 4# rotate TFO keys for ipv4/ipv6 and verify that the client does 5# not present an invalid cookie. 6 7set +x 8set -e 9 10readonly NETNS="ns-$(mktemp -u XXXXXX)" 11 12setup() { 13 ip netns add "${NETNS}" 14 ip -netns "${NETNS}" link set lo up 15 ip netns exec "${NETNS}" sysctl -w net.ipv4.tcp_fastopen=3 \ 16 >/dev/null 2>&1 17} 18 19cleanup() { 20 ip netns del "${NETNS}" 21} 22 23trap cleanup EXIT 24setup 25 26do_test() { 27 # flush routes before each run, otherwise successive runs can 28 # initially present an old TFO cookie 29 ip netns exec "${NETNS}" ip tcp_metrics flush 30 ip netns exec "${NETNS}" ./tcp_fastopen_backup_key "$1" 31 val=$(ip netns exec "${NETNS}" nstat -az | \ 32 grep TcpExtTCPFastOpenPassiveFail | awk '{print $2}') 33 if [ "$val" != 0 ]; then 34 echo "FAIL: TcpExtTCPFastOpenPassiveFail non-zero" 35 return 1 36 fi 37} 38 39do_test "-4" 40do_test "-6" 41do_test "-4" 42do_test "-6" 43do_test "-4s" 44do_test "-6s" 45do_test "-4s" 46do_test "-6s" 47do_test "-4r" 48do_test "-6r" 49do_test "-4r" 50do_test "-6r" 51do_test "-4sr" 52do_test "-6sr" 53do_test "-4sr" 54do_test "-6sr" 55echo "all tests done" 56