Menu
▾
▴
[Audit-test-developer] [PATCH 15/26] network: properly test timeout on connect() expres=fail
|
From: Jiri J. <jja...@re...> - 2013-10-07 11:31:59
|
Original code *relies* on the server giving up sooner than the client:
1. "recv" operation on port 4300 is requested from server
2. client tries to connect() with an invalid context, packets get
dropped on the server side (no replies sent)
3. server times out after 10 seconds (original -t 10 in xinetd conf)
4. when client sends another TCP SYN (conn request), it hits a closed
port and the server replies with TCP RST, which connect()
interprets as ECONNREFUSED, passing the test
This is an incorrect approach, because it doesn't verify the packet
droping behavior, only that the connection didn't succeed. If, for some
unexpected reason, the remote socket never started listening, the test
would pass anyway.
Furthermore, it presumes that the client continues connecting even
after the server times out, which is *not* guaranteed and - in fact -
is the reason that inspired this patch.
The new approach is based on the fact that the testing machine now
controls both start and exit of the test server (after recent changes),
making it possible to keep the remote "recv" operation active until
the expres=fail tests properly time out, verifying the correct behavior.
Signed-off-by: Jiri Jaburek <jja...@re...>
---
audit-test/network/run.conf | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/audit-test/network/run.conf b/audit-test/network/run.conf
index 3699a60..0a88e17 100644
--- a/audit-test/network/run.conf
+++ b/audit-test/network/run.conf
@@ -1533,12 +1533,12 @@ if [[ $PPROFILE == lspp ]]; then
'$host_remote tcp $port'
## TESTCASE: local IPsec IPv4, mac failure (incomp)
+ connect \
- mlsop=incomp expres=fail err=ECONNREFUSED \
+ mlsop=incomp expres=fail err=ETIMEDOUT \
host=local type=ipsec op=recv_tcp ipv=ipv4 port=$tst_port3 \
'$host_remote tcp $port'
## TESTCASE: local IPsec IPv4, mac failure (dom)
+ connect \
- mlsop=dom expres=fail err=ECONNREFUSED \
+ mlsop=dom expres=fail err=ETIMEDOUT \
host=local type=ipsec op=recv_tcp ipv=ipv4 port=$tst_port3 \
'$host_remote tcp $port'
## TESTCASE: local IPsec IPv4, mac success (domby)
@@ -1553,12 +1553,12 @@ if [[ $PPROFILE == lspp ]]; then
'$host_remote tcp $port'
## TESTCASE: remote IPsec IPv4, mac failure (incomp)
+ connect \
- mlsop=incomp expres=fail err=ECONNREFUSED \
+ mlsop=incomp expres=fail err=ETIMEDOUT \
host=remote type=ipsec op=recv_tcp ipv=ipv4 port=$tst_port3 \
'$host_remote tcp $port'
## TESTCASE: remote IPsec IPv4, mac failure (dom)
+ connect \
- mlsop=dom expres=fail err=ECONNREFUSED \
+ mlsop=dom expres=fail err=ETIMEDOUT \
host=remote type=ipsec op=recv_tcp ipv=ipv4 port=$tst_port3 \
'$host_remote tcp $port'
## TESTCASE: remote IPsec IPv4, mac success (domby)
@@ -1573,12 +1573,12 @@ if [[ $PPROFILE == lspp ]]; then
'$host_remote tcp $port'
## TESTCASE: local IPsec IPv6, mac failure (incomp)
+ connect \
- mlsop=incomp expres=fail err=ECONNREFUSED \
+ mlsop=incomp expres=fail err=ETIMEDOUT \
host=local type=ipsec op=recv_tcp ipv=ipv6 port=$tst_port3 \
'$host_remote tcp $port'
## TESTCASE: local IPsec IPv6, mac failure (dom)
+ connect \
- mlsop=dom expres=fail err=ECONNREFUSED \
+ mlsop=dom expres=fail err=ETIMEDOUT \
host=local type=ipsec op=recv_tcp ipv=ipv6 port=$tst_port3 \
'$host_remote tcp $port'
## TESTCASE: local IPsec IPv6, mac success (domby)
@@ -1593,12 +1593,12 @@ if [[ $PPROFILE == lspp ]]; then
'$host_remote tcp $port'
## TESTCASE: remote IPsec IPv6, mac failure (incomp)
+ connect \
- mlsop=incomp expres=fail err=ECONNREFUSED \
+ mlsop=incomp expres=fail err=ETIMEDOUT \
host=remote type=ipsec op=recv_tcp ipv=ipv6 port=$tst_port3 \
'$host_remote tcp $port'
## TESTCASE: remote IPsec IPv6, mac failure (dom)
+ connect \
- mlsop=dom expres=fail err=ECONNREFUSED \
+ mlsop=dom expres=fail err=ETIMEDOUT \
host=remote type=ipsec op=recv_tcp ipv=ipv6 port=$tst_port3 \
'$host_remote tcp $port'
## TESTCASE: remote IPsec IPv6, mac success (domby)
--
1.8.3.1
|
