Add support for tcpmd5 tests.

Add README.tcpmd5 to describe how to build a simple test setup and run tests. Convert compile time options to run time options [1]. Discussed with: rwatson Suggested by: rwatson [1]
svn path=/head/; revision=174032
2007-11-28 20:33:58 +00:00 · 2007-11-28 20:33:58 +00:00 · 551944a21a · 2020-12-20 02:59:44 +00:00
commit 551944a21a
parent 0a5c91d058
2 changed files with 62 additions and 12 deletions
--- a/tools/regression/netinet/tcpconnect/README.tcp-md5
+++ b/tools/regression/netinet/tcpconnect/README.tcp-md5
@ -0,0 +1,30 @@
+# $FreeBSD$
+
+To test tcp-md5 do:
+
+* compile and install kernel with TCP_SIGNATURE support
+
+* add this to /etc/ipsec.conf (the md5 'secret' is just a sample)
+	add 127.0.0.1 127.0.0.1 tcp 0x1000 -A tcp-md5 "0e3a9ac42ceca8260f1d6fbc46a9707c";
+
+* enable it in /etc/rc.conf with
+	ipsec_enable="YES"
+  and apply it with sh /etc/rc.d/ipsec start
+
+ [ off course you can also manually add it using setkey(8) ]
+
+* compile tcpconnect in here running:
+    make
+
+* start tcpdump (secret as above, port is just a sample):
+    tcpdump -l -n -i lo0 -s 0 -M "0e3a9ac42ceca8260f1d6fbc46a9707c" tcp and port 2345
+
+* run the server (use same port as given to tcpdump):
+    ./tcpconnect server 2345
+
+* run the client (use same port as given to tcpdump):
+    ./tcpconnect client 127.0.0.1 2345 1 tcpmd5
+
+* check tcpdump output
+
+# end
--- a/tools/regression/netinet/tcpconnect/tcpconnect.c
+++ b/tools/regression/netinet/tcpconnect/tcpconnect.c
@ -30,21 +30,24 @@
 #include <sys/socket.h>

 #include <netinet/in.h>
+#include <netinet/tcp.h>

 #include <arpa/inet.h>

 #include <errno.h>
+#include <fcntl.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>

+
 static void
 usage(void)
 {

 	fprintf(stderr, "tcpconnect server port\n");
-	fprintf(stderr, "tcpconnect client ip port count\n");
+	fprintf(stderr, "tcpconnect client ip port count [nonblock] [tcpmd5]\n");
 	exit(-1);
 }

@ -92,9 +95,16 @@ tcpconnect_client(int argc, char *argv[])
 	long count, i, port;
 	char *dummy;
 	int sock;
+	int nonblock = 0, md5enable = 0;

-	if (argc != 3)
+	if (argc < 3 || argc > 5)
 		usage();
+	for (i=3; i < argc; i++) {
+		if (strcmp(argv[i], "nonblock") == 0)
+			nonblock = 1;
+		if (strcmp(argv[i], "tcpmd5") == 0)
+			md5enable = 1;
+	}

 	bzero(&sin, sizeof(sin));
 	sin.sin_len = sizeof(sin);
@ -116,17 +126,27 @@ tcpconnect_client(int argc, char *argv[])
 		if (sock == -1)
 			errx(-1, "socket: %s", strerror(errno));

-#ifdef NONBLOCK
-		if (fcntl(sock, F_SETFL, O_NONBLOCK) != 0)
-			errx(-1, "fcntl(F_SETFL): %s", strerror(errno));
+		/* No warning in default case on ENOPROTOOPT. */
+		if (setsockopt(sock, IPPROTO_TCP, TCP_MD5SIG,
+		    &md5enable, sizeof(md5enable)) != 0) {
+			if (errno == ENOPROTOOPT && md5enable > 0)
+				err(-1, "setsockopt(TCP_MD5SIG)");
+			else if (errno != ENOPROTOOPT)
+				warn("setsockopt(TCP_MD5SIG)");
+		}

-		if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) == -1
-		    && errno != EINPROGRESS)
-			errx(-1, "connect: %s", strerror(errno));
-#else
-		if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) == -1)
-			errx(-1, "connect: %s", strerror(errno));
-#endif
+		if (nonblock) {
+			if (fcntl(sock, F_SETFL, O_NONBLOCK) != 0)
+				errx(-1, "fcntl(F_SETFL): %s", strerror(errno));
+
+			if (connect(sock, (struct sockaddr *)&sin,
+			    sizeof(sin)) == -1 && errno != EINPROGRESS)
+				errx(-1, "connect: %s", strerror(errno));
+		} else {
+			if (connect(sock, (struct sockaddr *)&sin,
+			    sizeof(sin)) == -1)
+				errx(-1, "connect: %s", strerror(errno));
+		}

 		close(sock);
 	}