From 53f5dc68e324798bb53325f268c949b9e80166fc Mon Sep 17 00:00:00 2001 From: bluhm Date: Mon, 1 Feb 2021 18:11:46 +0000 Subject: [PATCH] ESP path MTU discovery over IPv6 tunnel has been fixed. Add test. --- regress/sys/netinet/ipsec/Makefile | 82 +++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 6 deletions(-) diff --git a/regress/sys/netinet/ipsec/Makefile b/regress/sys/netinet/ipsec/Makefile index ed7425b7df5..76fa3d46d89 100644 --- a/regress/sys/netinet/ipsec/Makefile +++ b/regress/sys/netinet/ipsec/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.30 2021/01/20 17:38:18 bluhm Exp $ +# $OpenBSD: Makefile,v 1.31 2021/02/01 18:11:46 bluhm Exp $ # This test needs a manual setup of four machines, the make # target create-setup can be used to distribute the configuration. @@ -155,10 +155,10 @@ PROGS = nonxt-sendrecv nonxt-reflect .if empty (IPS_SSH) || empty (RT_SSH) || empty (ECO_SSH) regress: - # This tests needs three remote machines to operate on. - # IPS_SSH RT_SSH ECO_SSH are empty. - # Fill out these variables for additional tests, then - # check whether your test machines are set up properly. + @echo This tests needs three remote machines to operate on. + @echo IPS_SSH RT_SSH ECO_SSH are empty. + @echo Fill out these variables for additional tests, then + @echo check whether your test machines are set up properly. @echo SKIPPED .elif make (regress) || make (all) @@ -365,7 +365,7 @@ run-send-tcp-${host}_${sec}_${mode}_${ipv}: # Send large tcp stream, this should trigger path mtu discovery. # but it works only fo a few cases -.if "${sec}" == ESP && "${mode}" == TUNNEL4 +.if "${sec}" == ESP && ("${mode}" == TUNNEL4 || "${mode}" == TUNNEL6) TARGETS += tcp-pmtu-${host}_${sec}_${mode}_${ipv} tcp pmtu ${host:L} ${sec:L} ${mode:L} ${ipv:L}:\ run-send-tcp-pmtu-${host}_${sec}_${mode}_${ipv} @@ -510,6 +510,20 @@ run-bpf-tcp-pmtu-IPS_ESP_TUNNEL4_IPV6: stamp-stop ${REGEX_REQ_IPS_ESP_TUNNEL4_IPV6_TCP}\ .* 1:1...\(1352\) ack ' enc0.tcpdump +run-bpf-tcp-pmtu-IPS_ESP_TUNNEL6_IPV4: stamp-stop + egrep -q '\ + ${REGEX_ESP}\ + ${REGEX_REQ_TUNNEL6}\ + ${REGEX_REQ_IPS_ESP_TUNNEL6_IPV4_TCP}\ + .* 1:1...\(1352\) ack ' enc0.tcpdump + +run-bpf-tcp-pmtu-IPS_ESP_TUNNEL6_IPV6: stamp-stop + egrep -q '\ + ${REGEX_ESP}\ + ${REGEX_REQ_TUNNEL6}\ + ${REGEX_REQ_IPS_ESP_TUNNEL6_IPV6_TCP}\ + .* 1:1...\(1332\) ack ' enc0.tcpdump + run-bpf-tcp-pmtu-ECO_ESP_TUNNEL4_IPV4: stamp-stop egrep -q '\ ${REGEX_ESP}\ @@ -566,6 +580,62 @@ run-bpf-tcp-pmtu-ECO_ESP_TUNNEL4_IPV6: stamp-stop ${REGEX_REQ_ECO_ESP_TUNNEL4_IPV6_TCP}\ .* 1:1...\(1228\) ack ' enc0.tcpdump +run-bpf-tcp-pmtu-ECO_ESP_TUNNEL6_IPV4: stamp-stop + egrep -q '\ + ${REGEX_ESP}\ + ${REGEX_REQ_TUNNEL6}\ + ${REGEX_REQ_ECO_ESP_TUNNEL6_IPV4_TCP}\ + .* 1:1...\(1352\) ack ' enc0.tcpdump + egrep -q '\ + ${REGEX_ESP}\ + ${REGEX_RPL_TUNNEL4}\ + ${IPS_IN_IPV4} > ${SRC_ESP_TUNNEL_IPV4}:\ + icmp: ${ECO_ESP_TUNNEL6_IPV4} unreachable -\ + need to frag \(mtu 1400\) ' enc0.tcpdump + egrep -q '\ + ${REGEX_ESP}\ + ${REGEX_REQ_TUNNEL6}\ + ${REGEX_REQ_ECO_ESP_TUNNEL6_IPV4_TCP}\ + .* 1:1...\(1348\) ack ' enc0.tcpdump + egrep -q '\ + ${REGEX_ESP}\ + ${REGEX_RPL_TUNNEL4}\ + ${RT_IN_IPV4} > ${SRC_ESP_TUNNEL_IPV4}:\ + icmp: ${ECO_ESP_TUNNEL6_IPV4} unreachable -\ + need to frag \(mtu 1300\) ' enc0.tcpdump + egrep -q '\ + ${REGEX_ESP}\ + ${REGEX_REQ_TUNNEL6}\ + ${REGEX_REQ_ECO_ESP_TUNNEL6_IPV4_TCP}\ + .* 1:1...\(1248\) ack ' enc0.tcpdump + +run-bpf-tcp-pmtu-ECO_ESP_TUNNEL6_IPV6: stamp-stop + egrep '\ + ${REGEX_ESP}\ + ${REGEX_REQ_TUNNEL6}\ + ${REGEX_REQ_ECO_ESP_TUNNEL6_IPV6_TCP}\ + .* 1:1...\(1332\) ack ' enc0.tcpdump + egrep -q '\ + ${REGEX_ESP}\ + ${REGEX_RPL_TUNNEL6}\ + ${IPS_IN_IPV6} > ${SRC_ESP_TUNNEL_IPV6}:\ + icmp6: too big 1400 ' enc0.tcpdump + egrep '\ + ${REGEX_ESP}\ + ${REGEX_REQ_TUNNEL6}\ + ${REGEX_REQ_ECO_ESP_TUNNEL6_IPV6_TCP}\ + .* 1:1...\(1328\) ack ' enc0.tcpdump + egrep -q '\ + ${REGEX_ESP}\ + ${REGEX_RPL_TUNNEL6}\ + ${RT_IN_IPV6} > ${SRC_ESP_TUNNEL_IPV6}:\ + icmp6: too big 1300 ' enc0.tcpdump + egrep '\ + ${REGEX_ESP}\ + ${REGEX_REQ_TUNNEL6}\ + ${REGEX_REQ_ECO_ESP_TUNNEL6_IPV6_TCP}\ + .* 1:1...\(1228\) ack ' enc0.tcpdump + REGRESS_TARGETS = ${TARGETS:S/^/run-send-/} \ ${TARGETS:N*_IPIP_*:N*_BUNDLE_*:N*_IN_*:N*_OUT_*:N*-SRC_*:Nudp-*_IPCOMP_*:Ntcp-*_IPCOMP_*:N*-small-*:Nnonxt-*_IPCOMP_*:S/-big-/-/:S/^/run-bpf-/} \ ${TARGETS:N*_IPIP_*:N*_IPCOMP_*:N*_IN_*:N*_OUT_*:N*-SRC_*:N*-small-*:N*-pmtu-*:S/-big-/-/:S/^/run-pflog-/} -- 2.20.1