diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c index 27a6bfcadb..a68838a775 100644 --- a/lib/isc/netmgr/tlsstream.c +++ b/lib/isc/netmgr/tlsstream.c @@ -377,6 +377,9 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, bool received_shutdown = ((SSL_get_shutdown(sock->tlsstream.tls) & SSL_RECEIVED_SHUTDOWN) != 0); + bool sent_shutdown = + ((SSL_get_shutdown(sock->tlsstream.tls) & + SSL_SENT_SHUTDOWN) != 0); rv = SSL_write_ex(sock->tlsstream.tls, send_data->uvbuf.base, send_data->uvbuf.len, &len); @@ -386,7 +389,18 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, send_data->cb.send(send_data->handle, result, send_data->cbarg); send_data = NULL; - if (!received_shutdown) { + /* This situation might occur only when SSL + * shutdown was already sent (see + * tls_send_outgoing()), and we are in the + * process of shutting down the connection (in + * this case tls_senddone() will be called), but + * some code tries to send data over the + * connection and called isc_tls_send(). The + * socket will be detached there, in + * tls_senddone().*/ + if (sent_shutdown && received_shutdown) { + return; + } else if (!received_shutdown) { isc__nmsocket_detach(&sock); return; } @@ -406,8 +420,22 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, region = (isc_region_t){ .base = &recv_buf[0], .length = len }; + INSIST(VALID_NMHANDLE(sock->statichandle)); sock->recv_cb(sock->statichandle, ISC_R_SUCCESS, ®ion, sock->recv_cbarg); + /* The handle could have been detached in + * sock->recv_cb, making the sock->statichandle + * nullified (it happens in netmgr.c). If it is + * the case, then it means that we are not + * interested in keeping the connection alive + * anymore. Let's shutdown the SSL session, send + * what we have in the SSL buffers, and close + * the connection. + */ + if (sock->statichandle == NULL) { + finish = true; + break; + } } } } diff --git a/lib/isc/tests/Makefile.am b/lib/isc/tests/Makefile.am index 438cb0c12c..1cee32d754 100644 --- a/lib/isc/tests/Makefile.am +++ b/lib/isc/tests/Makefile.am @@ -47,8 +47,7 @@ TESTS = \ task_test \ taskpool_test \ time_test \ - timer_test \ - tls_test + timer_test check_PROGRAMS = \ $(TESTS) @@ -92,16 +91,6 @@ netmgr_test_LDADD = \ $(LDADD) \ $(LIBUV_LIBS) -tls_test_CPPFLAGS = \ - $(AM_CPPFLAGS) \ - $(LIBUV_CFLAGS) \ - $(OPENSSL_CFLAGS) - -tls_test_LDADD = \ - $(LDADD) \ - $(LIBUV_LIBS) \ - $(OPENSSL_LIBS) - unit-local: check EXTRA_DIST = testdata diff --git a/lib/isc/tests/netmgr_test.c b/lib/isc/tests/netmgr_test.c index 7193be2cc5..805f7a6a58 100644 --- a/lib/isc/tests/netmgr_test.c +++ b/lib/isc/tests/netmgr_test.c @@ -39,6 +39,8 @@ #include "../netmgr/uv-compat.h" #include "isctest.h" +typedef void (*stream_connect_function)(isc_nm_t *nm); + isc_nm_t *listen_nm = NULL; isc_nm_t *connect_nm = NULL; @@ -84,6 +86,9 @@ static atomic_bool check_listener_quota; static bool skip_long_tests = false; +static bool allow_send_back = false; +static bool stream_use_TLS = false; + #define SKIP_IN_CI \ if (skip_long_tests) { \ skip(); \ @@ -301,6 +306,8 @@ nm_setup(void **state __attribute__((unused))) { atomic_store(&cconnects, 0); atomic_store(&csends, 0); atomic_store(&creads, 0); + allow_send_back = false; + stream_use_TLS = false; isc_refcount_init(&active_cconnects, 0); isc_refcount_init(&active_csends, 0); @@ -449,6 +456,11 @@ connect_read_cb(isc_nmhandle_t *handle, isc_result_t eresult, assert_true(magic == stop_magic || magic == send_magic); + if (magic == send_magic && allow_send_back) { + connect_send(handle); + return; + } + unref: atomic_fetch_sub(&active_creads, 1); isc_nmhandle_detach(&handle); @@ -1048,10 +1060,18 @@ udp_half_recv_half_send(void **state __attribute__((unused))) { CHECK_RANGE_HALF(ssends); } -/* TCP */ +/* Common stream protocols code */ static isc_quota_t * -tcp_listener_init_quota(size_t nthreads); +tcp_listener_init_quota(size_t nthreads) { + isc_quota_t *quotap = NULL; + if (atomic_load(&check_listener_quota)) { + unsigned max_quota = ISC_MAX(nthreads / 2, 1); + isc_quota_max(&listener_quota, max_quota); + quotap = &listener_quota; + } + return (quotap); +} static void tcp_connect(isc_nm_t *nm) { @@ -1061,13 +1081,57 @@ tcp_connect(isc_nm_t *nm) { } static void -tcp_noop(void **state __attribute__((unused))) { +tls_connect(isc_nm_t *nm); + +static stream_connect_function +get_stream_connect_function(void) { + if (stream_use_TLS) { + return (tls_connect); + } + return (tcp_connect); +} + +static isc_result_t +stream_listen(isc_nm_accept_cb_t accept_cb, void *accept_cbarg, + size_t extrahandlesize, int backlog, isc_quota_t *quota, + isc_nmsocket_t **sockp) { + isc_result_t result = ISC_R_SUCCESS; + if (stream_use_TLS) { + result = isc_nm_listentls( + listen_nm, (isc_nmiface_t *)&tcp_listen_addr, accept_cb, + accept_cbarg, extrahandlesize, backlog, quota, + tcp_listen_tlsctx, sockp); + } else { + result = isc_nm_listentcp( + listen_nm, (isc_nmiface_t *)&tcp_listen_addr, accept_cb, + accept_cbarg, extrahandlesize, backlog, quota, sockp); + } + + return (result); +} + +static void +stream_connect(isc_nm_cb_t cb, void *cbarg, unsigned int timeout, + size_t extrahandlesize) { + if (stream_use_TLS) { + isc_nm_tlsconnect(connect_nm, + (isc_nmiface_t *)&tcp_connect_addr, + (isc_nmiface_t *)&tcp_listen_addr, cb, cbarg, + tcp_connect_tlsctx, timeout, extrahandlesize); + return; + } + + isc_nm_tcpconnect(connect_nm, (isc_nmiface_t *)&tcp_connect_addr, + (isc_nmiface_t *)&tcp_listen_addr, cb, cbarg, timeout, + extrahandlesize); +} + +static void +stream_noop(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - noop_accept_cb, NULL, 0, 0, NULL, - &listen_sock); + result = stream_listen(noop_accept_cb, NULL, 0, 0, NULL, &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); isc_nm_stoplistening(listen_sock); @@ -1075,9 +1139,7 @@ tcp_noop(void **state __attribute__((unused))) { assert_null(listen_sock); isc_refcount_increment0(&active_cconnects); - isc_nm_tcpconnect(connect_nm, (isc_nmiface_t *)&tcp_connect_addr, - (isc_nmiface_t *)&tcp_listen_addr, noop_connect_cb, - NULL, T_CONNECT, 0); + stream_connect(noop_connect_cb, NULL, T_CONNECT, 0); isc_nm_closedown(connect_nm); atomic_assert_int_eq(cconnects, 0); @@ -1088,19 +1150,15 @@ tcp_noop(void **state __attribute__((unused))) { } static void -tcp_noresponse(void **state __attribute__((unused))) { +stream_noresponse(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - noop_accept_cb, NULL, 0, 0, NULL, - &listen_sock); + result = stream_listen(noop_accept_cb, NULL, 0, 0, NULL, &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); isc_refcount_increment0(&active_cconnects); - isc_nm_tcpconnect(connect_nm, (isc_nmiface_t *)&tcp_connect_addr, - (isc_nmiface_t *)&tcp_listen_addr, connect_connect_cb, - NULL, T_CONNECT, 0); + stream_connect(connect_connect_cb, NULL, T_CONNECT, 0); WAIT_FOR_EQ(cconnects, 1); WAIT_FOR_EQ(csends, 1); @@ -1124,22 +1182,19 @@ tcp_noresponse(void **state __attribute__((unused))) { } static void -tcp_recv_one(void **state __attribute__((unused))) { +stream_recv_one(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; isc_quota_t *quotap = tcp_listener_init_quota(1); atomic_store(&nsends, 1); - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - stream_accept_cb, NULL, 0, 0, quotap, - &listen_sock); + result = stream_listen(stream_accept_cb, NULL, 0, 0, quotap, + &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); isc_refcount_increment0(&active_cconnects); - isc_nm_tcpconnect(connect_nm, (isc_nmiface_t *)&tcp_connect_addr, - (isc_nmiface_t *)&tcp_listen_addr, connect_connect_cb, - NULL, T_CONNECT, 0); + stream_connect(connect_connect_cb, NULL, T_CONNECT, 0); WAIT_FOR_EQ(cconnects, 1); WAIT_FOR_LE(nsends, 0); @@ -1167,29 +1222,24 @@ tcp_recv_one(void **state __attribute__((unused))) { } static void -tcp_recv_two(void **state __attribute__((unused))) { +stream_recv_two(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; isc_quota_t *quotap = tcp_listener_init_quota(1); atomic_store(&nsends, 2); - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - stream_accept_cb, NULL, 0, 0, quotap, - &listen_sock); + result = stream_listen(stream_accept_cb, NULL, 0, 0, quotap, + &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); isc_refcount_increment0(&active_cconnects); - isc_nm_tcpconnect(connect_nm, (isc_nmiface_t *)&tcp_connect_addr, - (isc_nmiface_t *)&tcp_listen_addr, connect_connect_cb, - NULL, T_CONNECT, 0); + stream_connect(connect_connect_cb, NULL, T_CONNECT, 0); WAIT_FOR_EQ(cconnects, 1); isc_refcount_increment0(&active_cconnects); - isc_nm_tcpconnect(connect_nm, (isc_nmiface_t *)&tcp_connect_addr, - (isc_nmiface_t *)&tcp_listen_addr, connect_connect_cb, - NULL, T_CONNECT, 0); + stream_connect(connect_connect_cb, NULL, T_CONNECT, 0); WAIT_FOR_EQ(cconnects, 2); WAIT_FOR_LE(nsends, 0); @@ -1217,7 +1267,7 @@ tcp_recv_two(void **state __attribute__((unused))) { } static void -tcp_recv_send(void **state __attribute__((unused))) { +stream_recv_send(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; isc_thread_t threads[workers]; @@ -1225,17 +1275,21 @@ tcp_recv_send(void **state __attribute__((unused))) { SKIP_IN_CI; - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - stream_accept_cb, NULL, 0, 0, quotap, - &listen_sock); + result = stream_listen(stream_accept_cb, NULL, 0, 0, quotap, + &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); memset(threads, 0, sizeof(threads)); for (size_t i = 0; i < workers; i++) { - isc_thread_create(connect_thread, tcp_connect, &threads[i]); + isc_thread_create(connect_thread, get_stream_connect_function(), + &threads[i]); } - WAIT_FOR_GE(cconnects, esends); + if (allow_send_back) { + WAIT_FOR_GE(cconnects, 1); + } else { + WAIT_FOR_GE(cconnects, esends); + } WAIT_FOR_GE(csends, esends); WAIT_FOR_GE(sreads, esends); WAIT_FOR_GE(ssends, esends / 2); @@ -1264,7 +1318,7 @@ tcp_recv_send(void **state __attribute__((unused))) { } static void -tcp_recv_half_send(void **state __attribute__((unused))) { +stream_recv_half_send(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; isc_thread_t threads[workers]; @@ -1272,17 +1326,21 @@ tcp_recv_half_send(void **state __attribute__((unused))) { SKIP_IN_CI; - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - stream_accept_cb, NULL, 0, 0, quotap, - &listen_sock); + result = stream_listen(stream_accept_cb, NULL, 0, 0, quotap, + &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); memset(threads, 0, sizeof(threads)); for (size_t i = 0; i < workers; i++) { - isc_thread_create(connect_thread, tcp_connect, &threads[i]); + isc_thread_create(connect_thread, get_stream_connect_function(), + &threads[i]); } - WAIT_FOR_GE(cconnects, esends / 2); + if (allow_send_back) { + WAIT_FOR_GE(cconnects, 1); + } else { + WAIT_FOR_GE(cconnects, esends / 2); + } WAIT_FOR_GE(csends, esends / 2); WAIT_FOR_GE(sreads, esends / 2); WAIT_FOR_GE(ssends, esends / 2); @@ -1312,7 +1370,7 @@ tcp_recv_half_send(void **state __attribute__((unused))) { } static void -tcp_half_recv_send(void **state __attribute__((unused))) { +stream_half_recv_send(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; isc_thread_t threads[workers]; @@ -1320,17 +1378,21 @@ tcp_half_recv_send(void **state __attribute__((unused))) { SKIP_IN_CI; - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - stream_accept_cb, NULL, 0, 0, quotap, - &listen_sock); + result = stream_listen(stream_accept_cb, NULL, 0, 0, quotap, + &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); memset(threads, 0, sizeof(threads)); for (size_t i = 0; i < workers; i++) { - isc_thread_create(connect_thread, tcp_connect, &threads[i]); + isc_thread_create(connect_thread, get_stream_connect_function(), + &threads[i]); } - WAIT_FOR_GE(cconnects, esends / 2); + if (allow_send_back) { + WAIT_FOR_GE(cconnects, 1); + } else { + WAIT_FOR_GE(cconnects, esends / 2); + } WAIT_FOR_GE(csends, esends / 2); WAIT_FOR_GE(sreads, esends / 2); WAIT_FOR_GE(ssends, esends / 2); @@ -1363,7 +1425,7 @@ tcp_half_recv_send(void **state __attribute__((unused))) { } static void -tcp_half_recv_half_send(void **state __attribute__((unused))) { +stream_half_recv_half_send(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; isc_thread_t threads[workers]; @@ -1371,17 +1433,21 @@ tcp_half_recv_half_send(void **state __attribute__((unused))) { SKIP_IN_CI; - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - stream_accept_cb, NULL, 0, 0, quotap, - &listen_sock); + result = stream_listen(stream_accept_cb, NULL, 0, 0, quotap, + &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); memset(threads, 0, sizeof(threads)); for (size_t i = 0; i < workers; i++) { - isc_thread_create(connect_thread, tcp_connect, &threads[i]); + isc_thread_create(connect_thread, get_stream_connect_function(), + &threads[i]); } - WAIT_FOR_GE(cconnects, esends / 2); + if (allow_send_back) { + WAIT_FOR_GE(cconnects, 1); + } else { + WAIT_FOR_GE(cconnects, esends / 2); + } WAIT_FOR_GE(csends, esends / 2); WAIT_FOR_GE(sreads, esends / 2); WAIT_FOR_GE(ssends, esends / 2); @@ -1409,57 +1475,147 @@ tcp_half_recv_half_send(void **state __attribute__((unused))) { CHECK_RANGE_HALF(ssends); } -/* TCP Quota */ - -static isc_quota_t * -tcp_listener_init_quota(size_t nthreads) { - isc_quota_t *quotap = NULL; - if (atomic_load(&check_listener_quota)) { - unsigned max_quota = ISC_MAX(nthreads / 2, 1); - isc_quota_max(&listener_quota, max_quota); - quotap = &listener_quota; - } - return (quotap); +/* TCP */ +static void +tcp_noop(void **state) { + stream_noop(state); } +static void +tcp_noresponse(void **state) { + stream_noresponse(state); +} + +static void +tcp_recv_one(void **state) { + stream_recv_one(state); +} + +static void +tcp_recv_two(void **state) { + stream_recv_two(state); +} + +static void +tcp_recv_send(void **state) { + SKIP_IN_CI; + stream_recv_send(state); +} + +static void +tcp_recv_half_send(void **state) { + SKIP_IN_CI; + stream_recv_half_send(state); +} + +static void +tcp_half_recv_send(void **state) { + SKIP_IN_CI; + stream_half_recv_send(state); +} + +static void +tcp_half_recv_half_send(void **state) { + SKIP_IN_CI; + stream_half_recv_half_send(state); +} + +static void +tcp_recv_send_sendback(void **state) { + SKIP_IN_CI; + stream_recv_send(state); +} + +static void +tcp_recv_half_send_sendback(void **state) { + SKIP_IN_CI; + stream_recv_half_send(state); +} + +static void +tcp_half_recv_send_sendback(void **state) { + SKIP_IN_CI; + stream_half_recv_send(state); +} + +static void +tcp_half_recv_half_send_sendback(void **state) { + SKIP_IN_CI; + stream_half_recv_half_send(state); +} + +/* TCP Quota */ + static void tcp_recv_one_quota(void **state) { atomic_store(&check_listener_quota, true); - tcp_recv_one(state); + stream_recv_one(state); } static void tcp_recv_two_quota(void **state) { atomic_store(&check_listener_quota, true); - tcp_recv_two(state); + stream_recv_two(state); } static void tcp_recv_send_quota(void **state) { SKIP_IN_CI; atomic_store(&check_listener_quota, true); - tcp_recv_send(state); + stream_recv_send(state); } static void tcp_recv_half_send_quota(void **state) { SKIP_IN_CI; atomic_store(&check_listener_quota, true); - tcp_recv_half_send(state); + stream_recv_half_send(state); } static void tcp_half_recv_send_quota(void **state) { SKIP_IN_CI; atomic_store(&check_listener_quota, true); - tcp_half_recv_send(state); + stream_half_recv_send(state); } static void tcp_half_recv_half_send_quota(void **state) { SKIP_IN_CI; atomic_store(&check_listener_quota, true); - tcp_half_recv_half_send(state); + stream_half_recv_half_send(state); +} + +static void +tcp_recv_send_quota_sendback(void **state) { + SKIP_IN_CI; + atomic_store(&check_listener_quota, true); + allow_send_back = true; + stream_recv_send(state); +} + +static void +tcp_recv_half_send_quota_sendback(void **state) { + SKIP_IN_CI; + atomic_store(&check_listener_quota, true); + allow_send_back = true; + stream_recv_half_send(state); +} + +static void +tcp_half_recv_send_quota_sendback(void **state) { + SKIP_IN_CI; + atomic_store(&check_listener_quota, true); + allow_send_back = true; + stream_half_recv_send(state); +} + +static void +tcp_half_recv_half_send_quota_sendback(void **state) { + SKIP_IN_CI; + atomic_store(&check_listener_quota, true); + allow_send_back = true; + stream_half_recv_half_send(state); } /* TCPDNS */ @@ -1819,6 +1975,181 @@ tcpdns_half_recv_half_send(void **state __attribute__((unused))) { CHECK_RANGE_HALF(ssends); } +/* TLS */ + +static void +tls_connect(isc_nm_t *nm) { + isc_nm_tlsconnect(nm, (isc_nmiface_t *)&tcp_connect_addr, + (isc_nmiface_t *)&tcp_listen_addr, connect_connect_cb, + NULL, tcp_connect_tlsctx, T_CONNECT, 0); +} + +static void +tls_noop(void **state) { + stream_use_TLS = true; + stream_noop(state); +} + +static void +tls_noresponse(void **state) { + stream_use_TLS = true; + stream_noresponse(state); +} + +static void +tls_recv_one(void **state) { + stream_use_TLS = true; + stream_recv_one(state); +} + +static void +tls_recv_two(void **state) { + stream_use_TLS = true; + stream_recv_two(state); +} + +static void +tls_recv_send(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + stream_recv_send(state); +} + +static void +tls_recv_half_send(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + stream_recv_half_send(state); +} + +static void +tls_half_recv_send(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + stream_half_recv_send(state); +} + +static void +tls_half_recv_half_send(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + stream_half_recv_half_send(state); +} + +static void +tls_recv_send_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + stream_recv_send(state); +} + +static void +tls_recv_half_send_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + stream_recv_half_send(state); +} + +static void +tls_half_recv_send_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + stream_half_recv_send(state); +} + +static void +tls_half_recv_half_send_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + stream_half_recv_half_send(state); +} + +/* TLS quota */ + +static void +tls_recv_one_quota(void **state) { + stream_use_TLS = true; + atomic_store(&check_listener_quota, true); + stream_recv_one(state); +} + +static void +tls_recv_two_quota(void **state) { + stream_use_TLS = true; + atomic_store(&check_listener_quota, true); + stream_recv_two(state); +} + +static void +tls_recv_send_quota(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + atomic_store(&check_listener_quota, true); + stream_recv_send(state); +} + +static void +tls_recv_half_send_quota(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + atomic_store(&check_listener_quota, true); + stream_recv_half_send(state); +} + +static void +tls_half_recv_send_quota(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + stream_half_recv_send(state); +} + +static void +tls_half_recv_half_send_quota(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + stream_half_recv_half_send(state); +} + +static void +tls_recv_send_quota_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + atomic_store(&check_listener_quota, true); + stream_recv_send(state); +} + +static void +tls_recv_half_send_quota_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + atomic_store(&check_listener_quota, true); + stream_recv_half_send(state); +} + +static void +tls_half_recv_send_quota_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + atomic_store(&check_listener_quota, true); + stream_half_recv_send(state); +} + +static void +tls_half_recv_half_send_quota_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + atomic_store(&check_listener_quota, true); + stream_half_recv_half_send(state); +} + /* TLSDNS */ static void @@ -2265,6 +2596,15 @@ main(void) { nm_teardown), cmocka_unit_test_setup_teardown(tcp_half_recv_half_send, nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tcp_recv_send_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tcp_recv_half_send_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tcp_half_recv_send_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown( + tcp_half_recv_half_send_sendback, nm_setup, + nm_teardown), /* TCP Quota */ cmocka_unit_test_setup_teardown(tcp_recv_one_quota, nm_setup, @@ -2279,6 +2619,17 @@ main(void) { nm_setup, nm_teardown), cmocka_unit_test_setup_teardown(tcp_half_recv_half_send_quota, nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tcp_recv_send_quota_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown( + tcp_recv_half_send_quota_sendback, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown( + tcp_half_recv_send_quota_sendback, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown( + tcp_half_recv_half_send_quota_sendback, nm_setup, + nm_teardown), /* TCPDNS */ cmocka_unit_test_setup_teardown(tcpdns_recv_one, nm_setup, @@ -2298,6 +2649,58 @@ main(void) { cmocka_unit_test_setup_teardown(tcpdns_half_recv_half_send, nm_setup, nm_teardown), + /* TLS */ + cmocka_unit_test_setup_teardown(tls_noop, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_noresponse, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_one, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_two, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_send, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_half_send, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_half_recv_send, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_half_recv_half_send, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_send_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_half_send_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tls_half_recv_send_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown( + tls_half_recv_half_send_sendback, nm_setup, + nm_teardown), + + /* TLS quota */ + cmocka_unit_test_setup_teardown(tls_recv_one_quota, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_two_quota, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_send_quota, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_half_send_quota, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tls_half_recv_send_quota, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tls_half_recv_half_send_quota, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_send_quota_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown( + tls_recv_half_send_quota_sendback, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown( + tls_half_recv_send_quota_sendback, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown( + tls_half_recv_half_send_quota_sendback, nm_setup, + nm_teardown), + /* TLSDNS */ cmocka_unit_test_setup_teardown(tlsdns_recv_one, nm_setup, nm_teardown), diff --git a/lib/isc/tests/tls_test.c b/lib/isc/tests/tls_test.c deleted file mode 100644 index 800caad24b..0000000000 --- a/lib/isc/tests/tls_test.c +++ /dev/null @@ -1,945 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, you can obtain one at https://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -#if HAVE_CMOCKA -#include /* IWYU pragma: keep */ -#include -#include -#include -#include -#include -#include -#include -#include - -#define UNIT_TESTING -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "uv_wrap.h" -#define KEEP_BEFORE - -#include "../netmgr/netmgr-int.h" -#include "../netmgr/tlsstream.c" -#include "../netmgr/uv-compat.c" -#include "../netmgr/uv-compat.h" -#include "isctest.h" - -#define MAX_NM 2 - -static isc_sockaddr_t tls_listen_addr; - -static uint64_t send_magic = 0; -static uint64_t stop_magic = 0; - -static uv_buf_t send_msg = { .base = (char *)&send_magic, - .len = sizeof(send_magic) }; -static uv_buf_t stop_msg = { .base = (char *)&stop_magic, - .len = sizeof(stop_magic) }; - -static atomic_uint_fast64_t nsends; - -static atomic_uint_fast64_t ssends; -static atomic_uint_fast64_t sreads; - -static atomic_uint_fast64_t cconnects; -static atomic_uint_fast64_t csends; -static atomic_uint_fast64_t creads; -static atomic_uint_fast64_t ctimeouts; - -static atomic_bool slowdown = ATOMIC_VAR_INIT(false); - -static unsigned int workers = 0; - -static isc_tlsctx_t *server_tlsctx = NULL; -static isc_tlsctx_t *client_tlsctx = NULL; - -static atomic_bool was_error = ATOMIC_VAR_INIT(false); - -static bool skip_long_tests = false; - -#define SKIP_IN_CI \ - if (skip_long_tests) { \ - skip(); \ - return; \ - } - -#define NSENDS 100 -#define NWRITES 10 - -#define CHECK_RANGE_FULL(v) \ - { \ - int __v = atomic_load(&v); \ - assert_true(__v > NSENDS * NWRITES * 10 / 100); \ - assert_true(__v <= NSENDS * NWRITES * 110 / 100); \ - } - -#define CHECK_RANGE_HALF(v) \ - { \ - int __v = atomic_load(&v); \ - assert_true(__v > NSENDS * NWRITES * 5 / 100); \ - assert_true(__v <= NSENDS * NWRITES * 110 / 100); \ - } - -/* Enable this to print values while running tests */ -#undef PRINT_DEBUG -#ifdef PRINT_DEBUG -#define X(v) fprintf(stderr, #v " = %" PRIu64 "\n", atomic_load(&v)) -#else -#define X(v) -#endif - -static int -setup_ephemeral_port(isc_sockaddr_t *addr, sa_family_t family) { - isc_result_t result; - socklen_t addrlen = sizeof(*addr); - int fd; - int r; - - isc_sockaddr_fromin6(addr, &in6addr_loopback, 0); - - fd = socket(AF_INET6, family, 0); - if (fd < 0) { - perror("setup_ephemeral_port: socket()"); - return (-1); - } - - r = bind(fd, (const struct sockaddr *)&addr->type.sa, - sizeof(addr->type.sin6)); - if (r != 0) { - perror("setup_ephemeral_port: bind()"); - close(fd); - return (r); - } - - r = getsockname(fd, (struct sockaddr *)&addr->type.sa, &addrlen); - if (r != 0) { - perror("setup_ephemeral_port: getsockname()"); - close(fd); - return (r); - } - - result = isc__nm_socket_reuse(fd); - if (result != ISC_R_SUCCESS && result != ISC_R_NOTIMPLEMENTED) { - fprintf(stderr, - "setup_ephemeral_port: isc__nm_socket_reuse(): %s", - isc_result_totext(result)); - close(fd); - return (-1); - } - - result = isc__nm_socket_reuse_lb(fd); - if (result != ISC_R_SUCCESS && result != ISC_R_NOTIMPLEMENTED) { - fprintf(stderr, - "setup_ephemeral_port: isc__nm_socket_reuse_lb(): %s", - isc_result_totext(result)); - close(fd); - return (-1); - } - -#if IPV6_RECVERR -#define setsockopt_on(socket, level, name) \ - setsockopt(socket, level, name, &(int){ 1 }, sizeof(int)) - - r = setsockopt_on(fd, IPPROTO_IPV6, IPV6_RECVERR); - if (r != 0) { - perror("setup_ephemeral_port"); - close(fd); - return (r); - } -#endif - - return (fd); -} - -static int -_setup(void **state) { - char *p = NULL; - - UNUSED(state); - - if (workers == 0) { - workers = isc_os_ncpus(); - } - p = getenv("ISC_TASK_WORKERS"); - if (p != NULL) { - workers = atoi(p); - } - INSIST(workers != 0); - - if (isc_test_begin(NULL, true, workers) != ISC_R_SUCCESS) { - return (-1); - } - - signal(SIGPIPE, SIG_IGN); - - if (getenv("CI") != NULL && getenv("CI_ENABLE_ALL_TESTS") == NULL) { - skip_long_tests = true; - } - - return (0); -} - -static int -_teardown(void **state) { - UNUSED(state); - - isc_test_end(); - - return (0); -} - -/* Generic */ - -static unsigned int -noop_accept_cb(isc_nmhandle_t *handle, unsigned int result, void *cbarg) { - UNUSED(handle); - UNUSED(result); - UNUSED(cbarg); - - return (0); -} - -static void -noop_connect_cb(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) { - UNUSED(handle); - UNUSED(result); - UNUSED(cbarg); -} - -thread_local uint8_t tls_buffer_storage[4096]; -thread_local size_t tls_buffer_length = 0; - -static int -nm_setup(void **state) { - size_t nworkers = ISC_MAX(ISC_MIN(workers, 32), 1); - int tls_listen_sock = -1; - isc_nm_t **nm = NULL; - - tls_listen_addr = (isc_sockaddr_t){ .length = 0 }; - tls_listen_sock = setup_ephemeral_port(&tls_listen_addr, SOCK_STREAM); - if (tls_listen_sock < 0) { - return (-1); - } - close(tls_listen_sock); - tls_listen_sock = -1; - - atomic_store(&nsends, NSENDS * NWRITES); - - atomic_store(&csends, 0); - atomic_store(&creads, 0); - atomic_store(&sreads, 0); - atomic_store(&ssends, 0); - atomic_store(&ctimeouts, 0); - atomic_store(&cconnects, 0); - - atomic_store(&was_error, false); - - isc_nonce_buf(&send_magic, sizeof(send_magic)); - isc_nonce_buf(&stop_magic, sizeof(stop_magic)); - if (send_magic == stop_magic) { - return (-1); - } - - nm = isc_mem_get(test_mctx, MAX_NM * sizeof(nm[0])); - for (size_t i = 0; i < MAX_NM; i++) { - nm[i] = isc_nm_start(test_mctx, nworkers); - assert_non_null(nm[i]); - } - - INSIST(server_tlsctx == NULL); - isc_tlsctx_createserver(NULL, NULL, &server_tlsctx); - INSIST(client_tlsctx == NULL); - isc_tlsctx_createclient(&client_tlsctx); - - *state = nm; - - return (0); -} - -static int -nm_teardown(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - - for (size_t i = 0; i < MAX_NM; i++) { - isc_nm_destroy(&nm[i]); - assert_null(nm[i]); - } - isc_mem_put(test_mctx, nm, MAX_NM * sizeof(nm[0])); - - INSIST(server_tlsctx != NULL); - isc_tlsctx_free(&server_tlsctx); - INSIST(client_tlsctx != NULL); - isc_tlsctx_free(&client_tlsctx); - - return (0); -} - -thread_local size_t nwrites = NWRITES; - -/* TLS Connect */ - -static void -tls_connect_send_cb(isc_nmhandle_t *handle, isc_result_t eresult, void *cbarg); - -static void -tls_connect_send(isc_nmhandle_t *handle); - -static void -tls_connect_read_cb(isc_nmhandle_t *handle, isc_result_t eresult, - isc_region_t *region, void *cbarg) { - uint64_t magic = 0; - - UNUSED(cbarg); - - assert_non_null(handle); - if (eresult != ISC_R_SUCCESS) { - goto unref; - } - - memmove(tls_buffer_storage + tls_buffer_length, region->base, - region->length); - tls_buffer_length += region->length; - - while (tls_buffer_length >= sizeof(magic)) { - atomic_fetch_add(&creads, 1); - - memmove(&magic, tls_buffer_storage, sizeof(magic)); - assert_true(magic == stop_magic || magic == send_magic); - - tls_buffer_length -= sizeof(magic); - memmove(tls_buffer_storage, tls_buffer_storage + sizeof(magic), - tls_buffer_length); - - if (magic == send_magic) { - tls_connect_send(handle); - return; - } else if (magic == stop_magic) { - /* We are done, so we don't send anything back */ - /* There should be no more packets in the buffer */ - assert_int_equal(tls_buffer_length, 0); - } - } -unref: - isc_nmhandle_detach(&handle); -} - -static void -tls_connect_send_cb(isc_nmhandle_t *handle, isc_result_t eresult, void *cbarg) { - assert_non_null(handle); - UNUSED(cbarg); - - if (eresult == ISC_R_SUCCESS) { - atomic_fetch_add(&csends, 1); - isc_nm_resumeread(handle); - } else { - /* Send failed, we need to stop reading too */ - isc_nm_cancelread(handle); - } -} - -static void -tls_connect_shutdown(isc_nmhandle_t *handle, isc_result_t eresult, - void *cbarg) { - UNUSED(cbarg); - - assert_non_null(handle); - - if (eresult == ISC_R_SUCCESS) { - atomic_fetch_add(&csends, 1); - } else { - /* Send failed, we need to stop reading too */ - isc_nm_cancelread(handle); - } -} - -static void -tls_connect_send(isc_nmhandle_t *handle) { - uint_fast64_t sends = atomic_load(&nsends); - - while (sends > 0) { - /* Continue until we subtract or we are done */ - if (atomic_compare_exchange_weak(&nsends, &sends, sends - 1)) { - sends--; - break; - } - } - - if (sends == 0) { - isc_nm_send(handle, (isc_region_t *)&stop_msg, - tls_connect_shutdown, NULL); - } else { - isc_nm_send(handle, (isc_region_t *)&send_msg, - tls_connect_send_cb, NULL); - } -} - -static void -tls_connect_connect_cb(isc_nmhandle_t *handle, isc_result_t eresult, - void *cbarg) { - isc_nmhandle_t *readhandle = NULL; - - UNUSED(cbarg); - - if (eresult != ISC_R_SUCCESS) { - uint_fast64_t sends = atomic_load(&nsends); - atomic_store(&slowdown, true); - atomic_store(&was_error, true); - - /* We failed to connect; try again */ - while (sends > 0) { - /* Continue until we subtract or we are done */ - if (atomic_compare_exchange_weak(&nsends, &sends, - sends - 1)) { - sends--; - break; - } - } - return; - } - - atomic_fetch_add(&cconnects, 1); - - isc_nmhandle_attach(handle, &readhandle); - isc_nm_read(handle, tls_connect_read_cb, NULL); - - tls_connect_send(handle); -} - -static void -tls_noop(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - isc_sockaddr_t tls_connect_addr; - - tls_connect_addr = (isc_sockaddr_t){ .length = 0 }; - isc_sockaddr_fromin6(&tls_connect_addr, &in6addr_loopback, 0); - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - noop_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - - isc_nm_tlsconnect(connect_nm, (isc_nmiface_t *)&tls_connect_addr, - (isc_nmiface_t *)&tls_listen_addr, noop_connect_cb, - NULL, client_tlsctx, 1, 0); - isc_nm_closedown(connect_nm); - - assert_int_equal(0, atomic_load(&cconnects)); - assert_int_equal(0, atomic_load(&csends)); - assert_int_equal(0, atomic_load(&creads)); - assert_int_equal(0, atomic_load(&ctimeouts)); - assert_int_equal(0, atomic_load(&sreads)); - assert_int_equal(0, atomic_load(&ssends)); -} - -static void -tls_noresponse(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - isc_sockaddr_t tls_connect_addr; - - tls_connect_addr = (isc_sockaddr_t){ .length = 0 }; - isc_sockaddr_fromin6(&tls_connect_addr, &in6addr_loopback, 0); - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - noop_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - isc_nm_tlsconnect(connect_nm, (isc_nmiface_t *)&tls_connect_addr, - (isc_nmiface_t *)&tls_listen_addr, noop_connect_cb, - NULL, client_tlsctx, 1, 0); - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - isc_nm_closedown(connect_nm); -} - -static isc_result_t -tls_listen_accept_cb(isc_nmhandle_t *handle, isc_result_t result, void *cbarg); - -static isc_threadresult_t -tls_connect_thread(isc_threadarg_t arg) { - isc_nm_t *connect_nm = (isc_nm_t *)arg; - isc_sockaddr_t tls_connect_addr; - - tls_connect_addr = (isc_sockaddr_t){ .length = 0 }; - isc_sockaddr_fromin6(&tls_connect_addr, &in6addr_loopback, 0); - - while (atomic_load(&nsends) > 0) { - /* - * We need to back off and slow down if we start getting - * errors, to prevent a thundering herd problem. - */ - if (atomic_load(&slowdown)) { - usleep(1000 * workers); - atomic_store(&slowdown, false); - } - isc_nm_tlsconnect( - connect_nm, (isc_nmiface_t *)&tls_connect_addr, - (isc_nmiface_t *)&tls_listen_addr, - tls_connect_connect_cb, NULL, client_tlsctx, 1, 0); - } - - return ((isc_threadresult_t)0); -} - -static void -tls_recv_one(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - isc_sockaddr_t tls_connect_addr; - - tls_connect_addr = (isc_sockaddr_t){ .length = 0 }; - isc_sockaddr_fromin6(&tls_connect_addr, &in6addr_loopback, 0); - - atomic_store(&nsends, 1); - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - tls_listen_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - isc_nm_tlsconnect(connect_nm, (isc_nmiface_t *)&tls_connect_addr, - (isc_nmiface_t *)&tls_listen_addr, - tls_connect_connect_cb, NULL, client_tlsctx, 1000, 0); - - while (atomic_load(&nsends) > 0) { - if (atomic_load(&was_error)) { - break; - } - isc_thread_yield(); - } - - while (atomic_load(&cconnects) != 1 || atomic_load(&ssends) != 0 || - atomic_load(&sreads) != 1 || atomic_load(&creads) != 0 || - atomic_load(&csends) != 1) - { - if (atomic_load(&was_error)) { - break; - } - isc_thread_yield(); - } - - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - isc_nm_closedown(connect_nm); - - X(cconnects); - X(csends); - X(creads); - X(ctimeouts); - X(sreads); - X(ssends); - - assert_int_equal(atomic_load(&cconnects), 1); - assert_int_equal(atomic_load(&csends), 1); - assert_int_equal(atomic_load(&creads), 0); - assert_int_equal(atomic_load(&ctimeouts), 0); - assert_int_equal(atomic_load(&sreads), 1); - assert_int_equal(atomic_load(&ssends), 0); -} - -static void -tls_recv_two(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - isc_sockaddr_t tls_connect_addr; - - tls_connect_addr = (isc_sockaddr_t){ .length = 0 }; - isc_sockaddr_fromin6(&tls_connect_addr, &in6addr_loopback, 0); - - atomic_store(&nsends, 2); - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - tls_listen_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - isc_nm_tlsconnect(connect_nm, (isc_nmiface_t *)&tls_connect_addr, - (isc_nmiface_t *)&tls_listen_addr, - tls_connect_connect_cb, NULL, client_tlsctx, 100000, - 0); - - while (atomic_load(&nsends) > 0) { - if (atomic_load(&was_error)) { - break; - } - isc_thread_yield(); - } - - while (atomic_load(&sreads) < 2 || atomic_load(&ssends) < 1 || - atomic_load(&csends) < 2 || atomic_load(&creads) < 1) - { - if (atomic_load(&was_error)) { - break; - } - isc_thread_yield(); - } - - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - isc_nm_closedown(connect_nm); - - X(cconnects); - X(csends); - X(creads); - X(ctimeouts); - X(sreads); - X(ssends); - - assert_int_equal(atomic_load(&cconnects), 1); - assert_true(atomic_load(&csends) >= 2); - assert_int_equal(atomic_load(&creads), 1); - assert_int_equal(atomic_load(&ctimeouts), 0); - assert_true(atomic_load(&sreads) >= 2); - assert_int_equal(atomic_load(&ssends), 1); -} - -static void -tls_recv_send(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - size_t nthreads = ISC_MAX(ISC_MIN(workers, 32), 1); - isc_thread_t threads[32] = { 0 }; - - SKIP_IN_CI; - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - tls_listen_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_create(tls_connect_thread, connect_nm, &threads[i]); - } - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_join(threads[i], NULL); - } - - isc_nm_closedown(connect_nm); - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - - X(cconnects); - X(csends); - X(creads); - X(ctimeouts); - X(sreads); - X(ssends); - - CHECK_RANGE_FULL(csends); - CHECK_RANGE_FULL(creads); - CHECK_RANGE_FULL(sreads); - CHECK_RANGE_FULL(ssends); -} - -static void -tls_recv_half_send(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - size_t nthreads = ISC_MAX(ISC_MIN(workers, 32), 1); - isc_thread_t threads[32] = { 0 }; - - SKIP_IN_CI; - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - tls_listen_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_create(tls_connect_thread, connect_nm, &threads[i]); - } - - while (atomic_load(&nsends) >= (NSENDS * NWRITES) / 2) { - isc_thread_yield(); - } - - isc_nm_closedown(connect_nm); - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_join(threads[i], NULL); - } - - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - - X(cconnects); - X(csends); - X(creads); - X(ctimeouts); - X(sreads); - X(ssends); - - CHECK_RANGE_HALF(csends); - CHECK_RANGE_HALF(creads); - CHECK_RANGE_HALF(sreads); - CHECK_RANGE_HALF(ssends); -} - -static void -tls_half_recv_send(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - size_t nthreads = ISC_MAX(ISC_MIN(workers, 32), 1); - isc_thread_t threads[32] = { 0 }; - - SKIP_IN_CI; - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - tls_listen_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_create(tls_connect_thread, connect_nm, &threads[i]); - } - - while (atomic_load(&nsends) >= (NSENDS * NWRITES) / 2) { - isc_thread_yield(); - } - - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_join(threads[i], NULL); - } - - isc_nm_closedown(connect_nm); - - X(cconnects); - X(csends); - X(creads); - X(ctimeouts); - X(sreads); - X(ssends); - - CHECK_RANGE_HALF(csends); - CHECK_RANGE_HALF(creads); - CHECK_RANGE_HALF(sreads); - CHECK_RANGE_HALF(ssends); -} - -static void -tls_half_recv_half_send(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - size_t nthreads = ISC_MAX(ISC_MIN(workers, 32), 1); - isc_thread_t threads[32] = { 0 }; - - SKIP_IN_CI; - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - tls_listen_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_create(tls_connect_thread, connect_nm, &threads[i]); - } - - while (atomic_load(&nsends) >= (NSENDS * NWRITES) / 2) { - isc_thread_yield(); - } - - isc_nm_closedown(connect_nm); - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_join(threads[i], NULL); - } - - X(cconnects); - X(csends); - X(creads); - X(ctimeouts); - X(sreads); - X(ssends); - - CHECK_RANGE_HALF(csends); - CHECK_RANGE_HALF(creads); - CHECK_RANGE_HALF(sreads); - CHECK_RANGE_HALF(ssends); -} - -/* TCP Listener */ - -/* - * TODO: - * 1. write a timeout test - * 2. write a test with quota - */ - -static void -tls_listen_read_cb(isc_nmhandle_t *handle, isc_result_t eresult, - isc_region_t *region, void *cbarg); - -static void -tls_listen_send_cb(isc_nmhandle_t *handle, isc_result_t eresult, void *cbarg) { - UNUSED(eresult); - UNUSED(cbarg); - - assert_non_null(handle); - - if (eresult == ISC_R_SUCCESS) { - atomic_fetch_add(&ssends, 1); - isc_nm_resumeread(handle); - } else { - isc_nm_cancelread(handle); - } -} - -static void -tls_listen_read_cb(isc_nmhandle_t *handle, isc_result_t eresult, - isc_region_t *region, void *cbarg) { - uint64_t magic = 0; - - UNUSED(cbarg); - - assert_non_null(handle); - - if (eresult != ISC_R_SUCCESS) { - goto unref; - } - - atomic_fetch_add(&sreads, 1); - - memmove(tls_buffer_storage + tls_buffer_length, region->base, - region->length); - tls_buffer_length += region->length; - - while (tls_buffer_length >= sizeof(magic)) { - memmove(&magic, tls_buffer_storage, sizeof(magic)); - assert_true(magic == stop_magic || magic == send_magic); - - tls_buffer_length -= sizeof(magic); - memmove(tls_buffer_storage, tls_buffer_storage + sizeof(magic), - tls_buffer_length); - - if (magic == send_magic) { - isc_nm_send(handle, region, tls_listen_send_cb, NULL); - return; - } else if (magic == stop_magic) { - /* We are done, so we don't send anything back */ - /* There should be no more packets in the buffer */ - assert_int_equal(tls_buffer_length, 0); - } - } - -unref: - isc_nmhandle_detach(&handle); -} - -static isc_result_t -tls_listen_accept_cb(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) { - isc_nmhandle_t *readhandle = NULL; - - UNUSED(cbarg); - - if (result != ISC_R_SUCCESS) { - return (result); - } - - tls_buffer_length = 0; - - /* atomic_fetch_add(&saccept, 1); */ - - isc_nmhandle_attach(handle, &readhandle); - isc_nm_read(handle, tls_listen_read_cb, NULL); - - return (ISC_R_SUCCESS); -} - -int -main(void) { - const struct CMUnitTest tests[] = { - cmocka_unit_test_setup_teardown(tls_noop, nm_setup, - nm_teardown), - cmocka_unit_test_setup_teardown(tls_noresponse, nm_setup, - nm_teardown), - cmocka_unit_test_setup_teardown(tls_recv_one, nm_setup, - nm_teardown), - cmocka_unit_test_setup_teardown(tls_recv_two, nm_setup, - nm_teardown), - cmocka_unit_test_setup_teardown(tls_recv_send, nm_setup, - nm_teardown), - cmocka_unit_test_setup_teardown(tls_recv_half_send, nm_setup, - nm_teardown), - cmocka_unit_test_setup_teardown(tls_half_recv_send, nm_setup, - nm_teardown), - cmocka_unit_test_setup_teardown(tls_half_recv_half_send, - nm_setup, nm_teardown), - }; - - return (cmocka_run_group_tests(tests, _setup, _teardown)); -} - -#else /* HAVE_CMOCKA */ - -#include - -int -main(void) { - printf("1..0 # Skipped: cmocka not available\n"); - return (SKIPPED_TEST_EXIT_CODE); -} - -#endif /* if HAVE_CMOCKA */ diff --git a/util/copyrights b/util/copyrights index fb258a5370..feb63b8979 100644 --- a/util/copyrights +++ b/util/copyrights @@ -2014,7 +2014,6 @@ ./lib/isc/tests/testdata/file/keep X 2014,2018,2019,2020,2021 ./lib/isc/tests/time_test.c C 2014,2015,2016,2018,2019,2020,2021 ./lib/isc/tests/timer_test.c C 2018,2019,2020,2021 -./lib/isc/tests/tls_test.c C 2021 ./lib/isc/tests/uv_wrap.h C 2020,2021 ./lib/isc/timer.c C 1998,1999,2000,2001,2002,2004,2005,2007,2008,2009,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021 ./lib/isc/tls.c C 2021