From 202b1d372d3dd4fb95230c76593f92407330b933 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Thu, 1 Apr 2021 09:15:43 +0200 Subject: [PATCH 1/3] Merge the tls_test.c into netmgr_test.c and extend the tests suite This commit merges TLS tests into the common Network Manager unit tests suite and extends the unit test framework to include support for additional "ping-pong" style tests where all data could be sent via lesser number of connections (the behaviour of the old test suite). The tests for TCP and TLS were extended to make use of the new mode, as this mode better translates to how the code is used in DoH. Both TLS and TCP tests now share most of the unit tests' code, as they are expected to function similarly from a users's perspective anyway. Additionally to the above, the TLS test suite was extended to include TLS tests using the connections quota facility. --- lib/isc/tests/Makefile.am | 13 +- lib/isc/tests/netmgr_test.c | 551 ++++++++++++++++++--- lib/isc/tests/tls_test.c | 945 ------------------------------------ util/copyrights | 1 - 4 files changed, 478 insertions(+), 1032 deletions(-) delete mode 100644 lib/isc/tests/tls_test.c diff --git a/lib/isc/tests/Makefile.am b/lib/isc/tests/Makefile.am index 438cb0c12c..1cee32d754 100644 --- a/lib/isc/tests/Makefile.am +++ b/lib/isc/tests/Makefile.am @@ -47,8 +47,7 @@ TESTS = \ task_test \ taskpool_test \ time_test \ - timer_test \ - tls_test + timer_test check_PROGRAMS = \ $(TESTS) @@ -92,16 +91,6 @@ netmgr_test_LDADD = \ $(LDADD) \ $(LIBUV_LIBS) -tls_test_CPPFLAGS = \ - $(AM_CPPFLAGS) \ - $(LIBUV_CFLAGS) \ - $(OPENSSL_CFLAGS) - -tls_test_LDADD = \ - $(LDADD) \ - $(LIBUV_LIBS) \ - $(OPENSSL_LIBS) - unit-local: check EXTRA_DIST = testdata diff --git a/lib/isc/tests/netmgr_test.c b/lib/isc/tests/netmgr_test.c index 7193be2cc5..805f7a6a58 100644 --- a/lib/isc/tests/netmgr_test.c +++ b/lib/isc/tests/netmgr_test.c @@ -39,6 +39,8 @@ #include "../netmgr/uv-compat.h" #include "isctest.h" +typedef void (*stream_connect_function)(isc_nm_t *nm); + isc_nm_t *listen_nm = NULL; isc_nm_t *connect_nm = NULL; @@ -84,6 +86,9 @@ static atomic_bool check_listener_quota; static bool skip_long_tests = false; +static bool allow_send_back = false; +static bool stream_use_TLS = false; + #define SKIP_IN_CI \ if (skip_long_tests) { \ skip(); \ @@ -301,6 +306,8 @@ nm_setup(void **state __attribute__((unused))) { atomic_store(&cconnects, 0); atomic_store(&csends, 0); atomic_store(&creads, 0); + allow_send_back = false; + stream_use_TLS = false; isc_refcount_init(&active_cconnects, 0); isc_refcount_init(&active_csends, 0); @@ -449,6 +456,11 @@ connect_read_cb(isc_nmhandle_t *handle, isc_result_t eresult, assert_true(magic == stop_magic || magic == send_magic); + if (magic == send_magic && allow_send_back) { + connect_send(handle); + return; + } + unref: atomic_fetch_sub(&active_creads, 1); isc_nmhandle_detach(&handle); @@ -1048,10 +1060,18 @@ udp_half_recv_half_send(void **state __attribute__((unused))) { CHECK_RANGE_HALF(ssends); } -/* TCP */ +/* Common stream protocols code */ static isc_quota_t * -tcp_listener_init_quota(size_t nthreads); +tcp_listener_init_quota(size_t nthreads) { + isc_quota_t *quotap = NULL; + if (atomic_load(&check_listener_quota)) { + unsigned max_quota = ISC_MAX(nthreads / 2, 1); + isc_quota_max(&listener_quota, max_quota); + quotap = &listener_quota; + } + return (quotap); +} static void tcp_connect(isc_nm_t *nm) { @@ -1061,13 +1081,57 @@ tcp_connect(isc_nm_t *nm) { } static void -tcp_noop(void **state __attribute__((unused))) { +tls_connect(isc_nm_t *nm); + +static stream_connect_function +get_stream_connect_function(void) { + if (stream_use_TLS) { + return (tls_connect); + } + return (tcp_connect); +} + +static isc_result_t +stream_listen(isc_nm_accept_cb_t accept_cb, void *accept_cbarg, + size_t extrahandlesize, int backlog, isc_quota_t *quota, + isc_nmsocket_t **sockp) { + isc_result_t result = ISC_R_SUCCESS; + if (stream_use_TLS) { + result = isc_nm_listentls( + listen_nm, (isc_nmiface_t *)&tcp_listen_addr, accept_cb, + accept_cbarg, extrahandlesize, backlog, quota, + tcp_listen_tlsctx, sockp); + } else { + result = isc_nm_listentcp( + listen_nm, (isc_nmiface_t *)&tcp_listen_addr, accept_cb, + accept_cbarg, extrahandlesize, backlog, quota, sockp); + } + + return (result); +} + +static void +stream_connect(isc_nm_cb_t cb, void *cbarg, unsigned int timeout, + size_t extrahandlesize) { + if (stream_use_TLS) { + isc_nm_tlsconnect(connect_nm, + (isc_nmiface_t *)&tcp_connect_addr, + (isc_nmiface_t *)&tcp_listen_addr, cb, cbarg, + tcp_connect_tlsctx, timeout, extrahandlesize); + return; + } + + isc_nm_tcpconnect(connect_nm, (isc_nmiface_t *)&tcp_connect_addr, + (isc_nmiface_t *)&tcp_listen_addr, cb, cbarg, timeout, + extrahandlesize); +} + +static void +stream_noop(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - noop_accept_cb, NULL, 0, 0, NULL, - &listen_sock); + result = stream_listen(noop_accept_cb, NULL, 0, 0, NULL, &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); isc_nm_stoplistening(listen_sock); @@ -1075,9 +1139,7 @@ tcp_noop(void **state __attribute__((unused))) { assert_null(listen_sock); isc_refcount_increment0(&active_cconnects); - isc_nm_tcpconnect(connect_nm, (isc_nmiface_t *)&tcp_connect_addr, - (isc_nmiface_t *)&tcp_listen_addr, noop_connect_cb, - NULL, T_CONNECT, 0); + stream_connect(noop_connect_cb, NULL, T_CONNECT, 0); isc_nm_closedown(connect_nm); atomic_assert_int_eq(cconnects, 0); @@ -1088,19 +1150,15 @@ tcp_noop(void **state __attribute__((unused))) { } static void -tcp_noresponse(void **state __attribute__((unused))) { +stream_noresponse(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - noop_accept_cb, NULL, 0, 0, NULL, - &listen_sock); + result = stream_listen(noop_accept_cb, NULL, 0, 0, NULL, &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); isc_refcount_increment0(&active_cconnects); - isc_nm_tcpconnect(connect_nm, (isc_nmiface_t *)&tcp_connect_addr, - (isc_nmiface_t *)&tcp_listen_addr, connect_connect_cb, - NULL, T_CONNECT, 0); + stream_connect(connect_connect_cb, NULL, T_CONNECT, 0); WAIT_FOR_EQ(cconnects, 1); WAIT_FOR_EQ(csends, 1); @@ -1124,22 +1182,19 @@ tcp_noresponse(void **state __attribute__((unused))) { } static void -tcp_recv_one(void **state __attribute__((unused))) { +stream_recv_one(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; isc_quota_t *quotap = tcp_listener_init_quota(1); atomic_store(&nsends, 1); - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - stream_accept_cb, NULL, 0, 0, quotap, - &listen_sock); + result = stream_listen(stream_accept_cb, NULL, 0, 0, quotap, + &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); isc_refcount_increment0(&active_cconnects); - isc_nm_tcpconnect(connect_nm, (isc_nmiface_t *)&tcp_connect_addr, - (isc_nmiface_t *)&tcp_listen_addr, connect_connect_cb, - NULL, T_CONNECT, 0); + stream_connect(connect_connect_cb, NULL, T_CONNECT, 0); WAIT_FOR_EQ(cconnects, 1); WAIT_FOR_LE(nsends, 0); @@ -1167,29 +1222,24 @@ tcp_recv_one(void **state __attribute__((unused))) { } static void -tcp_recv_two(void **state __attribute__((unused))) { +stream_recv_two(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; isc_quota_t *quotap = tcp_listener_init_quota(1); atomic_store(&nsends, 2); - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - stream_accept_cb, NULL, 0, 0, quotap, - &listen_sock); + result = stream_listen(stream_accept_cb, NULL, 0, 0, quotap, + &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); isc_refcount_increment0(&active_cconnects); - isc_nm_tcpconnect(connect_nm, (isc_nmiface_t *)&tcp_connect_addr, - (isc_nmiface_t *)&tcp_listen_addr, connect_connect_cb, - NULL, T_CONNECT, 0); + stream_connect(connect_connect_cb, NULL, T_CONNECT, 0); WAIT_FOR_EQ(cconnects, 1); isc_refcount_increment0(&active_cconnects); - isc_nm_tcpconnect(connect_nm, (isc_nmiface_t *)&tcp_connect_addr, - (isc_nmiface_t *)&tcp_listen_addr, connect_connect_cb, - NULL, T_CONNECT, 0); + stream_connect(connect_connect_cb, NULL, T_CONNECT, 0); WAIT_FOR_EQ(cconnects, 2); WAIT_FOR_LE(nsends, 0); @@ -1217,7 +1267,7 @@ tcp_recv_two(void **state __attribute__((unused))) { } static void -tcp_recv_send(void **state __attribute__((unused))) { +stream_recv_send(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; isc_thread_t threads[workers]; @@ -1225,17 +1275,21 @@ tcp_recv_send(void **state __attribute__((unused))) { SKIP_IN_CI; - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - stream_accept_cb, NULL, 0, 0, quotap, - &listen_sock); + result = stream_listen(stream_accept_cb, NULL, 0, 0, quotap, + &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); memset(threads, 0, sizeof(threads)); for (size_t i = 0; i < workers; i++) { - isc_thread_create(connect_thread, tcp_connect, &threads[i]); + isc_thread_create(connect_thread, get_stream_connect_function(), + &threads[i]); } - WAIT_FOR_GE(cconnects, esends); + if (allow_send_back) { + WAIT_FOR_GE(cconnects, 1); + } else { + WAIT_FOR_GE(cconnects, esends); + } WAIT_FOR_GE(csends, esends); WAIT_FOR_GE(sreads, esends); WAIT_FOR_GE(ssends, esends / 2); @@ -1264,7 +1318,7 @@ tcp_recv_send(void **state __attribute__((unused))) { } static void -tcp_recv_half_send(void **state __attribute__((unused))) { +stream_recv_half_send(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; isc_thread_t threads[workers]; @@ -1272,17 +1326,21 @@ tcp_recv_half_send(void **state __attribute__((unused))) { SKIP_IN_CI; - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - stream_accept_cb, NULL, 0, 0, quotap, - &listen_sock); + result = stream_listen(stream_accept_cb, NULL, 0, 0, quotap, + &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); memset(threads, 0, sizeof(threads)); for (size_t i = 0; i < workers; i++) { - isc_thread_create(connect_thread, tcp_connect, &threads[i]); + isc_thread_create(connect_thread, get_stream_connect_function(), + &threads[i]); } - WAIT_FOR_GE(cconnects, esends / 2); + if (allow_send_back) { + WAIT_FOR_GE(cconnects, 1); + } else { + WAIT_FOR_GE(cconnects, esends / 2); + } WAIT_FOR_GE(csends, esends / 2); WAIT_FOR_GE(sreads, esends / 2); WAIT_FOR_GE(ssends, esends / 2); @@ -1312,7 +1370,7 @@ tcp_recv_half_send(void **state __attribute__((unused))) { } static void -tcp_half_recv_send(void **state __attribute__((unused))) { +stream_half_recv_send(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; isc_thread_t threads[workers]; @@ -1320,17 +1378,21 @@ tcp_half_recv_send(void **state __attribute__((unused))) { SKIP_IN_CI; - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - stream_accept_cb, NULL, 0, 0, quotap, - &listen_sock); + result = stream_listen(stream_accept_cb, NULL, 0, 0, quotap, + &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); memset(threads, 0, sizeof(threads)); for (size_t i = 0; i < workers; i++) { - isc_thread_create(connect_thread, tcp_connect, &threads[i]); + isc_thread_create(connect_thread, get_stream_connect_function(), + &threads[i]); } - WAIT_FOR_GE(cconnects, esends / 2); + if (allow_send_back) { + WAIT_FOR_GE(cconnects, 1); + } else { + WAIT_FOR_GE(cconnects, esends / 2); + } WAIT_FOR_GE(csends, esends / 2); WAIT_FOR_GE(sreads, esends / 2); WAIT_FOR_GE(ssends, esends / 2); @@ -1363,7 +1425,7 @@ tcp_half_recv_send(void **state __attribute__((unused))) { } static void -tcp_half_recv_half_send(void **state __attribute__((unused))) { +stream_half_recv_half_send(void **state __attribute__((unused))) { isc_result_t result = ISC_R_SUCCESS; isc_nmsocket_t *listen_sock = NULL; isc_thread_t threads[workers]; @@ -1371,17 +1433,21 @@ tcp_half_recv_half_send(void **state __attribute__((unused))) { SKIP_IN_CI; - result = isc_nm_listentcp(listen_nm, (isc_nmiface_t *)&tcp_listen_addr, - stream_accept_cb, NULL, 0, 0, quotap, - &listen_sock); + result = stream_listen(stream_accept_cb, NULL, 0, 0, quotap, + &listen_sock); assert_int_equal(result, ISC_R_SUCCESS); memset(threads, 0, sizeof(threads)); for (size_t i = 0; i < workers; i++) { - isc_thread_create(connect_thread, tcp_connect, &threads[i]); + isc_thread_create(connect_thread, get_stream_connect_function(), + &threads[i]); } - WAIT_FOR_GE(cconnects, esends / 2); + if (allow_send_back) { + WAIT_FOR_GE(cconnects, 1); + } else { + WAIT_FOR_GE(cconnects, esends / 2); + } WAIT_FOR_GE(csends, esends / 2); WAIT_FOR_GE(sreads, esends / 2); WAIT_FOR_GE(ssends, esends / 2); @@ -1409,57 +1475,147 @@ tcp_half_recv_half_send(void **state __attribute__((unused))) { CHECK_RANGE_HALF(ssends); } -/* TCP Quota */ - -static isc_quota_t * -tcp_listener_init_quota(size_t nthreads) { - isc_quota_t *quotap = NULL; - if (atomic_load(&check_listener_quota)) { - unsigned max_quota = ISC_MAX(nthreads / 2, 1); - isc_quota_max(&listener_quota, max_quota); - quotap = &listener_quota; - } - return (quotap); +/* TCP */ +static void +tcp_noop(void **state) { + stream_noop(state); } +static void +tcp_noresponse(void **state) { + stream_noresponse(state); +} + +static void +tcp_recv_one(void **state) { + stream_recv_one(state); +} + +static void +tcp_recv_two(void **state) { + stream_recv_two(state); +} + +static void +tcp_recv_send(void **state) { + SKIP_IN_CI; + stream_recv_send(state); +} + +static void +tcp_recv_half_send(void **state) { + SKIP_IN_CI; + stream_recv_half_send(state); +} + +static void +tcp_half_recv_send(void **state) { + SKIP_IN_CI; + stream_half_recv_send(state); +} + +static void +tcp_half_recv_half_send(void **state) { + SKIP_IN_CI; + stream_half_recv_half_send(state); +} + +static void +tcp_recv_send_sendback(void **state) { + SKIP_IN_CI; + stream_recv_send(state); +} + +static void +tcp_recv_half_send_sendback(void **state) { + SKIP_IN_CI; + stream_recv_half_send(state); +} + +static void +tcp_half_recv_send_sendback(void **state) { + SKIP_IN_CI; + stream_half_recv_send(state); +} + +static void +tcp_half_recv_half_send_sendback(void **state) { + SKIP_IN_CI; + stream_half_recv_half_send(state); +} + +/* TCP Quota */ + static void tcp_recv_one_quota(void **state) { atomic_store(&check_listener_quota, true); - tcp_recv_one(state); + stream_recv_one(state); } static void tcp_recv_two_quota(void **state) { atomic_store(&check_listener_quota, true); - tcp_recv_two(state); + stream_recv_two(state); } static void tcp_recv_send_quota(void **state) { SKIP_IN_CI; atomic_store(&check_listener_quota, true); - tcp_recv_send(state); + stream_recv_send(state); } static void tcp_recv_half_send_quota(void **state) { SKIP_IN_CI; atomic_store(&check_listener_quota, true); - tcp_recv_half_send(state); + stream_recv_half_send(state); } static void tcp_half_recv_send_quota(void **state) { SKIP_IN_CI; atomic_store(&check_listener_quota, true); - tcp_half_recv_send(state); + stream_half_recv_send(state); } static void tcp_half_recv_half_send_quota(void **state) { SKIP_IN_CI; atomic_store(&check_listener_quota, true); - tcp_half_recv_half_send(state); + stream_half_recv_half_send(state); +} + +static void +tcp_recv_send_quota_sendback(void **state) { + SKIP_IN_CI; + atomic_store(&check_listener_quota, true); + allow_send_back = true; + stream_recv_send(state); +} + +static void +tcp_recv_half_send_quota_sendback(void **state) { + SKIP_IN_CI; + atomic_store(&check_listener_quota, true); + allow_send_back = true; + stream_recv_half_send(state); +} + +static void +tcp_half_recv_send_quota_sendback(void **state) { + SKIP_IN_CI; + atomic_store(&check_listener_quota, true); + allow_send_back = true; + stream_half_recv_send(state); +} + +static void +tcp_half_recv_half_send_quota_sendback(void **state) { + SKIP_IN_CI; + atomic_store(&check_listener_quota, true); + allow_send_back = true; + stream_half_recv_half_send(state); } /* TCPDNS */ @@ -1819,6 +1975,181 @@ tcpdns_half_recv_half_send(void **state __attribute__((unused))) { CHECK_RANGE_HALF(ssends); } +/* TLS */ + +static void +tls_connect(isc_nm_t *nm) { + isc_nm_tlsconnect(nm, (isc_nmiface_t *)&tcp_connect_addr, + (isc_nmiface_t *)&tcp_listen_addr, connect_connect_cb, + NULL, tcp_connect_tlsctx, T_CONNECT, 0); +} + +static void +tls_noop(void **state) { + stream_use_TLS = true; + stream_noop(state); +} + +static void +tls_noresponse(void **state) { + stream_use_TLS = true; + stream_noresponse(state); +} + +static void +tls_recv_one(void **state) { + stream_use_TLS = true; + stream_recv_one(state); +} + +static void +tls_recv_two(void **state) { + stream_use_TLS = true; + stream_recv_two(state); +} + +static void +tls_recv_send(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + stream_recv_send(state); +} + +static void +tls_recv_half_send(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + stream_recv_half_send(state); +} + +static void +tls_half_recv_send(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + stream_half_recv_send(state); +} + +static void +tls_half_recv_half_send(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + stream_half_recv_half_send(state); +} + +static void +tls_recv_send_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + stream_recv_send(state); +} + +static void +tls_recv_half_send_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + stream_recv_half_send(state); +} + +static void +tls_half_recv_send_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + stream_half_recv_send(state); +} + +static void +tls_half_recv_half_send_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + stream_half_recv_half_send(state); +} + +/* TLS quota */ + +static void +tls_recv_one_quota(void **state) { + stream_use_TLS = true; + atomic_store(&check_listener_quota, true); + stream_recv_one(state); +} + +static void +tls_recv_two_quota(void **state) { + stream_use_TLS = true; + atomic_store(&check_listener_quota, true); + stream_recv_two(state); +} + +static void +tls_recv_send_quota(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + atomic_store(&check_listener_quota, true); + stream_recv_send(state); +} + +static void +tls_recv_half_send_quota(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + atomic_store(&check_listener_quota, true); + stream_recv_half_send(state); +} + +static void +tls_half_recv_send_quota(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + stream_half_recv_send(state); +} + +static void +tls_half_recv_half_send_quota(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + stream_half_recv_half_send(state); +} + +static void +tls_recv_send_quota_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + atomic_store(&check_listener_quota, true); + stream_recv_send(state); +} + +static void +tls_recv_half_send_quota_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + atomic_store(&check_listener_quota, true); + stream_recv_half_send(state); +} + +static void +tls_half_recv_send_quota_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + atomic_store(&check_listener_quota, true); + stream_half_recv_send(state); +} + +static void +tls_half_recv_half_send_quota_sendback(void **state) { + SKIP_IN_CI; + stream_use_TLS = true; + allow_send_back = true; + atomic_store(&check_listener_quota, true); + stream_half_recv_half_send(state); +} + /* TLSDNS */ static void @@ -2265,6 +2596,15 @@ main(void) { nm_teardown), cmocka_unit_test_setup_teardown(tcp_half_recv_half_send, nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tcp_recv_send_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tcp_recv_half_send_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tcp_half_recv_send_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown( + tcp_half_recv_half_send_sendback, nm_setup, + nm_teardown), /* TCP Quota */ cmocka_unit_test_setup_teardown(tcp_recv_one_quota, nm_setup, @@ -2279,6 +2619,17 @@ main(void) { nm_setup, nm_teardown), cmocka_unit_test_setup_teardown(tcp_half_recv_half_send_quota, nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tcp_recv_send_quota_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown( + tcp_recv_half_send_quota_sendback, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown( + tcp_half_recv_send_quota_sendback, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown( + tcp_half_recv_half_send_quota_sendback, nm_setup, + nm_teardown), /* TCPDNS */ cmocka_unit_test_setup_teardown(tcpdns_recv_one, nm_setup, @@ -2298,6 +2649,58 @@ main(void) { cmocka_unit_test_setup_teardown(tcpdns_half_recv_half_send, nm_setup, nm_teardown), + /* TLS */ + cmocka_unit_test_setup_teardown(tls_noop, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_noresponse, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_one, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_two, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_send, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_half_send, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_half_recv_send, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_half_recv_half_send, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_send_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_half_send_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tls_half_recv_send_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown( + tls_half_recv_half_send_sendback, nm_setup, + nm_teardown), + + /* TLS quota */ + cmocka_unit_test_setup_teardown(tls_recv_one_quota, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_two_quota, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_send_quota, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_half_send_quota, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tls_half_recv_send_quota, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tls_half_recv_half_send_quota, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown(tls_recv_send_quota_sendback, + nm_setup, nm_teardown), + cmocka_unit_test_setup_teardown( + tls_recv_half_send_quota_sendback, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown( + tls_half_recv_send_quota_sendback, nm_setup, + nm_teardown), + cmocka_unit_test_setup_teardown( + tls_half_recv_half_send_quota_sendback, nm_setup, + nm_teardown), + /* TLSDNS */ cmocka_unit_test_setup_teardown(tlsdns_recv_one, nm_setup, nm_teardown), diff --git a/lib/isc/tests/tls_test.c b/lib/isc/tests/tls_test.c deleted file mode 100644 index 800caad24b..0000000000 --- a/lib/isc/tests/tls_test.c +++ /dev/null @@ -1,945 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, you can obtain one at https://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -#if HAVE_CMOCKA -#include /* IWYU pragma: keep */ -#include -#include -#include -#include -#include -#include -#include -#include - -#define UNIT_TESTING -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "uv_wrap.h" -#define KEEP_BEFORE - -#include "../netmgr/netmgr-int.h" -#include "../netmgr/tlsstream.c" -#include "../netmgr/uv-compat.c" -#include "../netmgr/uv-compat.h" -#include "isctest.h" - -#define MAX_NM 2 - -static isc_sockaddr_t tls_listen_addr; - -static uint64_t send_magic = 0; -static uint64_t stop_magic = 0; - -static uv_buf_t send_msg = { .base = (char *)&send_magic, - .len = sizeof(send_magic) }; -static uv_buf_t stop_msg = { .base = (char *)&stop_magic, - .len = sizeof(stop_magic) }; - -static atomic_uint_fast64_t nsends; - -static atomic_uint_fast64_t ssends; -static atomic_uint_fast64_t sreads; - -static atomic_uint_fast64_t cconnects; -static atomic_uint_fast64_t csends; -static atomic_uint_fast64_t creads; -static atomic_uint_fast64_t ctimeouts; - -static atomic_bool slowdown = ATOMIC_VAR_INIT(false); - -static unsigned int workers = 0; - -static isc_tlsctx_t *server_tlsctx = NULL; -static isc_tlsctx_t *client_tlsctx = NULL; - -static atomic_bool was_error = ATOMIC_VAR_INIT(false); - -static bool skip_long_tests = false; - -#define SKIP_IN_CI \ - if (skip_long_tests) { \ - skip(); \ - return; \ - } - -#define NSENDS 100 -#define NWRITES 10 - -#define CHECK_RANGE_FULL(v) \ - { \ - int __v = atomic_load(&v); \ - assert_true(__v > NSENDS * NWRITES * 10 / 100); \ - assert_true(__v <= NSENDS * NWRITES * 110 / 100); \ - } - -#define CHECK_RANGE_HALF(v) \ - { \ - int __v = atomic_load(&v); \ - assert_true(__v > NSENDS * NWRITES * 5 / 100); \ - assert_true(__v <= NSENDS * NWRITES * 110 / 100); \ - } - -/* Enable this to print values while running tests */ -#undef PRINT_DEBUG -#ifdef PRINT_DEBUG -#define X(v) fprintf(stderr, #v " = %" PRIu64 "\n", atomic_load(&v)) -#else -#define X(v) -#endif - -static int -setup_ephemeral_port(isc_sockaddr_t *addr, sa_family_t family) { - isc_result_t result; - socklen_t addrlen = sizeof(*addr); - int fd; - int r; - - isc_sockaddr_fromin6(addr, &in6addr_loopback, 0); - - fd = socket(AF_INET6, family, 0); - if (fd < 0) { - perror("setup_ephemeral_port: socket()"); - return (-1); - } - - r = bind(fd, (const struct sockaddr *)&addr->type.sa, - sizeof(addr->type.sin6)); - if (r != 0) { - perror("setup_ephemeral_port: bind()"); - close(fd); - return (r); - } - - r = getsockname(fd, (struct sockaddr *)&addr->type.sa, &addrlen); - if (r != 0) { - perror("setup_ephemeral_port: getsockname()"); - close(fd); - return (r); - } - - result = isc__nm_socket_reuse(fd); - if (result != ISC_R_SUCCESS && result != ISC_R_NOTIMPLEMENTED) { - fprintf(stderr, - "setup_ephemeral_port: isc__nm_socket_reuse(): %s", - isc_result_totext(result)); - close(fd); - return (-1); - } - - result = isc__nm_socket_reuse_lb(fd); - if (result != ISC_R_SUCCESS && result != ISC_R_NOTIMPLEMENTED) { - fprintf(stderr, - "setup_ephemeral_port: isc__nm_socket_reuse_lb(): %s", - isc_result_totext(result)); - close(fd); - return (-1); - } - -#if IPV6_RECVERR -#define setsockopt_on(socket, level, name) \ - setsockopt(socket, level, name, &(int){ 1 }, sizeof(int)) - - r = setsockopt_on(fd, IPPROTO_IPV6, IPV6_RECVERR); - if (r != 0) { - perror("setup_ephemeral_port"); - close(fd); - return (r); - } -#endif - - return (fd); -} - -static int -_setup(void **state) { - char *p = NULL; - - UNUSED(state); - - if (workers == 0) { - workers = isc_os_ncpus(); - } - p = getenv("ISC_TASK_WORKERS"); - if (p != NULL) { - workers = atoi(p); - } - INSIST(workers != 0); - - if (isc_test_begin(NULL, true, workers) != ISC_R_SUCCESS) { - return (-1); - } - - signal(SIGPIPE, SIG_IGN); - - if (getenv("CI") != NULL && getenv("CI_ENABLE_ALL_TESTS") == NULL) { - skip_long_tests = true; - } - - return (0); -} - -static int -_teardown(void **state) { - UNUSED(state); - - isc_test_end(); - - return (0); -} - -/* Generic */ - -static unsigned int -noop_accept_cb(isc_nmhandle_t *handle, unsigned int result, void *cbarg) { - UNUSED(handle); - UNUSED(result); - UNUSED(cbarg); - - return (0); -} - -static void -noop_connect_cb(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) { - UNUSED(handle); - UNUSED(result); - UNUSED(cbarg); -} - -thread_local uint8_t tls_buffer_storage[4096]; -thread_local size_t tls_buffer_length = 0; - -static int -nm_setup(void **state) { - size_t nworkers = ISC_MAX(ISC_MIN(workers, 32), 1); - int tls_listen_sock = -1; - isc_nm_t **nm = NULL; - - tls_listen_addr = (isc_sockaddr_t){ .length = 0 }; - tls_listen_sock = setup_ephemeral_port(&tls_listen_addr, SOCK_STREAM); - if (tls_listen_sock < 0) { - return (-1); - } - close(tls_listen_sock); - tls_listen_sock = -1; - - atomic_store(&nsends, NSENDS * NWRITES); - - atomic_store(&csends, 0); - atomic_store(&creads, 0); - atomic_store(&sreads, 0); - atomic_store(&ssends, 0); - atomic_store(&ctimeouts, 0); - atomic_store(&cconnects, 0); - - atomic_store(&was_error, false); - - isc_nonce_buf(&send_magic, sizeof(send_magic)); - isc_nonce_buf(&stop_magic, sizeof(stop_magic)); - if (send_magic == stop_magic) { - return (-1); - } - - nm = isc_mem_get(test_mctx, MAX_NM * sizeof(nm[0])); - for (size_t i = 0; i < MAX_NM; i++) { - nm[i] = isc_nm_start(test_mctx, nworkers); - assert_non_null(nm[i]); - } - - INSIST(server_tlsctx == NULL); - isc_tlsctx_createserver(NULL, NULL, &server_tlsctx); - INSIST(client_tlsctx == NULL); - isc_tlsctx_createclient(&client_tlsctx); - - *state = nm; - - return (0); -} - -static int -nm_teardown(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - - for (size_t i = 0; i < MAX_NM; i++) { - isc_nm_destroy(&nm[i]); - assert_null(nm[i]); - } - isc_mem_put(test_mctx, nm, MAX_NM * sizeof(nm[0])); - - INSIST(server_tlsctx != NULL); - isc_tlsctx_free(&server_tlsctx); - INSIST(client_tlsctx != NULL); - isc_tlsctx_free(&client_tlsctx); - - return (0); -} - -thread_local size_t nwrites = NWRITES; - -/* TLS Connect */ - -static void -tls_connect_send_cb(isc_nmhandle_t *handle, isc_result_t eresult, void *cbarg); - -static void -tls_connect_send(isc_nmhandle_t *handle); - -static void -tls_connect_read_cb(isc_nmhandle_t *handle, isc_result_t eresult, - isc_region_t *region, void *cbarg) { - uint64_t magic = 0; - - UNUSED(cbarg); - - assert_non_null(handle); - if (eresult != ISC_R_SUCCESS) { - goto unref; - } - - memmove(tls_buffer_storage + tls_buffer_length, region->base, - region->length); - tls_buffer_length += region->length; - - while (tls_buffer_length >= sizeof(magic)) { - atomic_fetch_add(&creads, 1); - - memmove(&magic, tls_buffer_storage, sizeof(magic)); - assert_true(magic == stop_magic || magic == send_magic); - - tls_buffer_length -= sizeof(magic); - memmove(tls_buffer_storage, tls_buffer_storage + sizeof(magic), - tls_buffer_length); - - if (magic == send_magic) { - tls_connect_send(handle); - return; - } else if (magic == stop_magic) { - /* We are done, so we don't send anything back */ - /* There should be no more packets in the buffer */ - assert_int_equal(tls_buffer_length, 0); - } - } -unref: - isc_nmhandle_detach(&handle); -} - -static void -tls_connect_send_cb(isc_nmhandle_t *handle, isc_result_t eresult, void *cbarg) { - assert_non_null(handle); - UNUSED(cbarg); - - if (eresult == ISC_R_SUCCESS) { - atomic_fetch_add(&csends, 1); - isc_nm_resumeread(handle); - } else { - /* Send failed, we need to stop reading too */ - isc_nm_cancelread(handle); - } -} - -static void -tls_connect_shutdown(isc_nmhandle_t *handle, isc_result_t eresult, - void *cbarg) { - UNUSED(cbarg); - - assert_non_null(handle); - - if (eresult == ISC_R_SUCCESS) { - atomic_fetch_add(&csends, 1); - } else { - /* Send failed, we need to stop reading too */ - isc_nm_cancelread(handle); - } -} - -static void -tls_connect_send(isc_nmhandle_t *handle) { - uint_fast64_t sends = atomic_load(&nsends); - - while (sends > 0) { - /* Continue until we subtract or we are done */ - if (atomic_compare_exchange_weak(&nsends, &sends, sends - 1)) { - sends--; - break; - } - } - - if (sends == 0) { - isc_nm_send(handle, (isc_region_t *)&stop_msg, - tls_connect_shutdown, NULL); - } else { - isc_nm_send(handle, (isc_region_t *)&send_msg, - tls_connect_send_cb, NULL); - } -} - -static void -tls_connect_connect_cb(isc_nmhandle_t *handle, isc_result_t eresult, - void *cbarg) { - isc_nmhandle_t *readhandle = NULL; - - UNUSED(cbarg); - - if (eresult != ISC_R_SUCCESS) { - uint_fast64_t sends = atomic_load(&nsends); - atomic_store(&slowdown, true); - atomic_store(&was_error, true); - - /* We failed to connect; try again */ - while (sends > 0) { - /* Continue until we subtract or we are done */ - if (atomic_compare_exchange_weak(&nsends, &sends, - sends - 1)) { - sends--; - break; - } - } - return; - } - - atomic_fetch_add(&cconnects, 1); - - isc_nmhandle_attach(handle, &readhandle); - isc_nm_read(handle, tls_connect_read_cb, NULL); - - tls_connect_send(handle); -} - -static void -tls_noop(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - isc_sockaddr_t tls_connect_addr; - - tls_connect_addr = (isc_sockaddr_t){ .length = 0 }; - isc_sockaddr_fromin6(&tls_connect_addr, &in6addr_loopback, 0); - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - noop_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - - isc_nm_tlsconnect(connect_nm, (isc_nmiface_t *)&tls_connect_addr, - (isc_nmiface_t *)&tls_listen_addr, noop_connect_cb, - NULL, client_tlsctx, 1, 0); - isc_nm_closedown(connect_nm); - - assert_int_equal(0, atomic_load(&cconnects)); - assert_int_equal(0, atomic_load(&csends)); - assert_int_equal(0, atomic_load(&creads)); - assert_int_equal(0, atomic_load(&ctimeouts)); - assert_int_equal(0, atomic_load(&sreads)); - assert_int_equal(0, atomic_load(&ssends)); -} - -static void -tls_noresponse(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - isc_sockaddr_t tls_connect_addr; - - tls_connect_addr = (isc_sockaddr_t){ .length = 0 }; - isc_sockaddr_fromin6(&tls_connect_addr, &in6addr_loopback, 0); - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - noop_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - isc_nm_tlsconnect(connect_nm, (isc_nmiface_t *)&tls_connect_addr, - (isc_nmiface_t *)&tls_listen_addr, noop_connect_cb, - NULL, client_tlsctx, 1, 0); - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - isc_nm_closedown(connect_nm); -} - -static isc_result_t -tls_listen_accept_cb(isc_nmhandle_t *handle, isc_result_t result, void *cbarg); - -static isc_threadresult_t -tls_connect_thread(isc_threadarg_t arg) { - isc_nm_t *connect_nm = (isc_nm_t *)arg; - isc_sockaddr_t tls_connect_addr; - - tls_connect_addr = (isc_sockaddr_t){ .length = 0 }; - isc_sockaddr_fromin6(&tls_connect_addr, &in6addr_loopback, 0); - - while (atomic_load(&nsends) > 0) { - /* - * We need to back off and slow down if we start getting - * errors, to prevent a thundering herd problem. - */ - if (atomic_load(&slowdown)) { - usleep(1000 * workers); - atomic_store(&slowdown, false); - } - isc_nm_tlsconnect( - connect_nm, (isc_nmiface_t *)&tls_connect_addr, - (isc_nmiface_t *)&tls_listen_addr, - tls_connect_connect_cb, NULL, client_tlsctx, 1, 0); - } - - return ((isc_threadresult_t)0); -} - -static void -tls_recv_one(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - isc_sockaddr_t tls_connect_addr; - - tls_connect_addr = (isc_sockaddr_t){ .length = 0 }; - isc_sockaddr_fromin6(&tls_connect_addr, &in6addr_loopback, 0); - - atomic_store(&nsends, 1); - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - tls_listen_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - isc_nm_tlsconnect(connect_nm, (isc_nmiface_t *)&tls_connect_addr, - (isc_nmiface_t *)&tls_listen_addr, - tls_connect_connect_cb, NULL, client_tlsctx, 1000, 0); - - while (atomic_load(&nsends) > 0) { - if (atomic_load(&was_error)) { - break; - } - isc_thread_yield(); - } - - while (atomic_load(&cconnects) != 1 || atomic_load(&ssends) != 0 || - atomic_load(&sreads) != 1 || atomic_load(&creads) != 0 || - atomic_load(&csends) != 1) - { - if (atomic_load(&was_error)) { - break; - } - isc_thread_yield(); - } - - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - isc_nm_closedown(connect_nm); - - X(cconnects); - X(csends); - X(creads); - X(ctimeouts); - X(sreads); - X(ssends); - - assert_int_equal(atomic_load(&cconnects), 1); - assert_int_equal(atomic_load(&csends), 1); - assert_int_equal(atomic_load(&creads), 0); - assert_int_equal(atomic_load(&ctimeouts), 0); - assert_int_equal(atomic_load(&sreads), 1); - assert_int_equal(atomic_load(&ssends), 0); -} - -static void -tls_recv_two(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - isc_sockaddr_t tls_connect_addr; - - tls_connect_addr = (isc_sockaddr_t){ .length = 0 }; - isc_sockaddr_fromin6(&tls_connect_addr, &in6addr_loopback, 0); - - atomic_store(&nsends, 2); - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - tls_listen_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - isc_nm_tlsconnect(connect_nm, (isc_nmiface_t *)&tls_connect_addr, - (isc_nmiface_t *)&tls_listen_addr, - tls_connect_connect_cb, NULL, client_tlsctx, 100000, - 0); - - while (atomic_load(&nsends) > 0) { - if (atomic_load(&was_error)) { - break; - } - isc_thread_yield(); - } - - while (atomic_load(&sreads) < 2 || atomic_load(&ssends) < 1 || - atomic_load(&csends) < 2 || atomic_load(&creads) < 1) - { - if (atomic_load(&was_error)) { - break; - } - isc_thread_yield(); - } - - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - isc_nm_closedown(connect_nm); - - X(cconnects); - X(csends); - X(creads); - X(ctimeouts); - X(sreads); - X(ssends); - - assert_int_equal(atomic_load(&cconnects), 1); - assert_true(atomic_load(&csends) >= 2); - assert_int_equal(atomic_load(&creads), 1); - assert_int_equal(atomic_load(&ctimeouts), 0); - assert_true(atomic_load(&sreads) >= 2); - assert_int_equal(atomic_load(&ssends), 1); -} - -static void -tls_recv_send(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - size_t nthreads = ISC_MAX(ISC_MIN(workers, 32), 1); - isc_thread_t threads[32] = { 0 }; - - SKIP_IN_CI; - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - tls_listen_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_create(tls_connect_thread, connect_nm, &threads[i]); - } - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_join(threads[i], NULL); - } - - isc_nm_closedown(connect_nm); - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - - X(cconnects); - X(csends); - X(creads); - X(ctimeouts); - X(sreads); - X(ssends); - - CHECK_RANGE_FULL(csends); - CHECK_RANGE_FULL(creads); - CHECK_RANGE_FULL(sreads); - CHECK_RANGE_FULL(ssends); -} - -static void -tls_recv_half_send(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - size_t nthreads = ISC_MAX(ISC_MIN(workers, 32), 1); - isc_thread_t threads[32] = { 0 }; - - SKIP_IN_CI; - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - tls_listen_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_create(tls_connect_thread, connect_nm, &threads[i]); - } - - while (atomic_load(&nsends) >= (NSENDS * NWRITES) / 2) { - isc_thread_yield(); - } - - isc_nm_closedown(connect_nm); - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_join(threads[i], NULL); - } - - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - - X(cconnects); - X(csends); - X(creads); - X(ctimeouts); - X(sreads); - X(ssends); - - CHECK_RANGE_HALF(csends); - CHECK_RANGE_HALF(creads); - CHECK_RANGE_HALF(sreads); - CHECK_RANGE_HALF(ssends); -} - -static void -tls_half_recv_send(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - size_t nthreads = ISC_MAX(ISC_MIN(workers, 32), 1); - isc_thread_t threads[32] = { 0 }; - - SKIP_IN_CI; - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - tls_listen_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_create(tls_connect_thread, connect_nm, &threads[i]); - } - - while (atomic_load(&nsends) >= (NSENDS * NWRITES) / 2) { - isc_thread_yield(); - } - - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_join(threads[i], NULL); - } - - isc_nm_closedown(connect_nm); - - X(cconnects); - X(csends); - X(creads); - X(ctimeouts); - X(sreads); - X(ssends); - - CHECK_RANGE_HALF(csends); - CHECK_RANGE_HALF(creads); - CHECK_RANGE_HALF(sreads); - CHECK_RANGE_HALF(ssends); -} - -static void -tls_half_recv_half_send(void **state) { - isc_nm_t **nm = (isc_nm_t **)*state; - isc_nm_t *listen_nm = nm[0]; - isc_nm_t *connect_nm = nm[1]; - isc_result_t result = ISC_R_SUCCESS; - isc_nmsocket_t *listen_sock = NULL; - size_t nthreads = ISC_MAX(ISC_MIN(workers, 32), 1); - isc_thread_t threads[32] = { 0 }; - - SKIP_IN_CI; - - result = isc_nm_listentls(listen_nm, (isc_nmiface_t *)&tls_listen_addr, - tls_listen_accept_cb, NULL, 0, 0, NULL, - server_tlsctx, &listen_sock); - assert_int_equal(result, ISC_R_SUCCESS); - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_create(tls_connect_thread, connect_nm, &threads[i]); - } - - while (atomic_load(&nsends) >= (NSENDS * NWRITES) / 2) { - isc_thread_yield(); - } - - isc_nm_closedown(connect_nm); - isc_nm_stoplistening(listen_sock); - isc_nmsocket_close(&listen_sock); - assert_null(listen_sock); - - for (size_t i = 0; i < nthreads; i++) { - isc_thread_join(threads[i], NULL); - } - - X(cconnects); - X(csends); - X(creads); - X(ctimeouts); - X(sreads); - X(ssends); - - CHECK_RANGE_HALF(csends); - CHECK_RANGE_HALF(creads); - CHECK_RANGE_HALF(sreads); - CHECK_RANGE_HALF(ssends); -} - -/* TCP Listener */ - -/* - * TODO: - * 1. write a timeout test - * 2. write a test with quota - */ - -static void -tls_listen_read_cb(isc_nmhandle_t *handle, isc_result_t eresult, - isc_region_t *region, void *cbarg); - -static void -tls_listen_send_cb(isc_nmhandle_t *handle, isc_result_t eresult, void *cbarg) { - UNUSED(eresult); - UNUSED(cbarg); - - assert_non_null(handle); - - if (eresult == ISC_R_SUCCESS) { - atomic_fetch_add(&ssends, 1); - isc_nm_resumeread(handle); - } else { - isc_nm_cancelread(handle); - } -} - -static void -tls_listen_read_cb(isc_nmhandle_t *handle, isc_result_t eresult, - isc_region_t *region, void *cbarg) { - uint64_t magic = 0; - - UNUSED(cbarg); - - assert_non_null(handle); - - if (eresult != ISC_R_SUCCESS) { - goto unref; - } - - atomic_fetch_add(&sreads, 1); - - memmove(tls_buffer_storage + tls_buffer_length, region->base, - region->length); - tls_buffer_length += region->length; - - while (tls_buffer_length >= sizeof(magic)) { - memmove(&magic, tls_buffer_storage, sizeof(magic)); - assert_true(magic == stop_magic || magic == send_magic); - - tls_buffer_length -= sizeof(magic); - memmove(tls_buffer_storage, tls_buffer_storage + sizeof(magic), - tls_buffer_length); - - if (magic == send_magic) { - isc_nm_send(handle, region, tls_listen_send_cb, NULL); - return; - } else if (magic == stop_magic) { - /* We are done, so we don't send anything back */ - /* There should be no more packets in the buffer */ - assert_int_equal(tls_buffer_length, 0); - } - } - -unref: - isc_nmhandle_detach(&handle); -} - -static isc_result_t -tls_listen_accept_cb(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) { - isc_nmhandle_t *readhandle = NULL; - - UNUSED(cbarg); - - if (result != ISC_R_SUCCESS) { - return (result); - } - - tls_buffer_length = 0; - - /* atomic_fetch_add(&saccept, 1); */ - - isc_nmhandle_attach(handle, &readhandle); - isc_nm_read(handle, tls_listen_read_cb, NULL); - - return (ISC_R_SUCCESS); -} - -int -main(void) { - const struct CMUnitTest tests[] = { - cmocka_unit_test_setup_teardown(tls_noop, nm_setup, - nm_teardown), - cmocka_unit_test_setup_teardown(tls_noresponse, nm_setup, - nm_teardown), - cmocka_unit_test_setup_teardown(tls_recv_one, nm_setup, - nm_teardown), - cmocka_unit_test_setup_teardown(tls_recv_two, nm_setup, - nm_teardown), - cmocka_unit_test_setup_teardown(tls_recv_send, nm_setup, - nm_teardown), - cmocka_unit_test_setup_teardown(tls_recv_half_send, nm_setup, - nm_teardown), - cmocka_unit_test_setup_teardown(tls_half_recv_send, nm_setup, - nm_teardown), - cmocka_unit_test_setup_teardown(tls_half_recv_half_send, - nm_setup, nm_teardown), - }; - - return (cmocka_run_group_tests(tests, _setup, _teardown)); -} - -#else /* HAVE_CMOCKA */ - -#include - -int -main(void) { - printf("1..0 # Skipped: cmocka not available\n"); - return (SKIPPED_TEST_EXIT_CODE); -} - -#endif /* if HAVE_CMOCKA */ diff --git a/util/copyrights b/util/copyrights index fb258a5370..feb63b8979 100644 --- a/util/copyrights +++ b/util/copyrights @@ -2014,7 +2014,6 @@ ./lib/isc/tests/testdata/file/keep X 2014,2018,2019,2020,2021 ./lib/isc/tests/time_test.c C 2014,2015,2016,2018,2019,2020,2021 ./lib/isc/tests/timer_test.c C 2018,2019,2020,2021 -./lib/isc/tests/tls_test.c C 2021 ./lib/isc/tests/uv_wrap.h C 2020,2021 ./lib/isc/timer.c C 1998,1999,2000,2001,2002,2004,2005,2007,2008,2009,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021 ./lib/isc/tls.c C 2021 From 513cdb52ecd4e63566672217f7390574f68c4d2d Mon Sep 17 00:00:00 2001 From: Artem Boldariev Date: Tue, 13 Apr 2021 18:45:10 +0300 Subject: [PATCH 2/3] TLS: try to close TCP socket descriptor earlier when possible Before this fix underlying TCP sockets could remain opened for longer than it is actually required, causing unit tests to fail with lots of ISC_R_TOOMANYOPENFILES errors. The change also enables graceful SSL shutdown (before that it would happen only in the case when isc_nm_cancelread() were called). --- lib/isc/netmgr/tlsstream.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c index 27a6bfcadb..a682ba00f2 100644 --- a/lib/isc/netmgr/tlsstream.c +++ b/lib/isc/netmgr/tlsstream.c @@ -406,8 +406,22 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, region = (isc_region_t){ .base = &recv_buf[0], .length = len }; + INSIST(VALID_NMHANDLE(sock->statichandle)); sock->recv_cb(sock->statichandle, ISC_R_SUCCESS, ®ion, sock->recv_cbarg); + /* The handle could have been detached in + * sock->recv_cb, making the sock->statichandle + * nullified (it happens in netmgr.c). If it is + * the case, then it means that we are not + * interested in keeping the connection alive + * anymore. Let's shutdown the SSL session, send + * what we have in the SSL buffers, and close + * the connection. + */ + if (sock->statichandle == NULL) { + finish = true; + break; + } } } } From 66432dcd65aea8235845ac0ca59cb62e91ff0e78 Mon Sep 17 00:00:00 2001 From: Artem Boldariev Date: Wed, 14 Apr 2021 19:02:50 +0300 Subject: [PATCH 3/3] Handle a situation when SSL shutdown messages were sent and received It fixes a corner case which was causing dig to print annoying messages like: 14-Apr-2021 18:48:37.099 SSL error in BIO: 1 TLS error (errno: 0). Arguments: received_data: (nil), send_data: (nil), finish: false even when all the data was properly processed. --- lib/isc/netmgr/tlsstream.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c index a682ba00f2..a68838a775 100644 --- a/lib/isc/netmgr/tlsstream.c +++ b/lib/isc/netmgr/tlsstream.c @@ -377,6 +377,9 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, bool received_shutdown = ((SSL_get_shutdown(sock->tlsstream.tls) & SSL_RECEIVED_SHUTDOWN) != 0); + bool sent_shutdown = + ((SSL_get_shutdown(sock->tlsstream.tls) & + SSL_SENT_SHUTDOWN) != 0); rv = SSL_write_ex(sock->tlsstream.tls, send_data->uvbuf.base, send_data->uvbuf.len, &len); @@ -386,7 +389,18 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, send_data->cb.send(send_data->handle, result, send_data->cbarg); send_data = NULL; - if (!received_shutdown) { + /* This situation might occur only when SSL + * shutdown was already sent (see + * tls_send_outgoing()), and we are in the + * process of shutting down the connection (in + * this case tls_senddone() will be called), but + * some code tries to send data over the + * connection and called isc_tls_send(). The + * socket will be detached there, in + * tls_senddone().*/ + if (sent_shutdown && received_shutdown) { + return; + } else if (!received_shutdown) { isc__nmsocket_detach(&sock); return; }