Add support for tcpmd5 tests.

Add README.tcpmd5 to describe how to build a simple test setup
and run tests.

Convert compile time options to run time options [1].

Discussed with:	rwatson
Suggested by:	rwatson [1]
This commit is contained in:
Bjoern A. Zeeb 2007-11-28 20:33:58 +00:00
parent 0a5c91d058
commit 551944a21a
2 changed files with 62 additions and 12 deletions

View File

@ -0,0 +1,30 @@
# $FreeBSD$
To test tcp-md5 do:
* compile and install kernel with TCP_SIGNATURE support
* add this to /etc/ipsec.conf (the md5 'secret' is just a sample)
add 127.0.0.1 127.0.0.1 tcp 0x1000 -A tcp-md5 "0e3a9ac42ceca8260f1d6fbc46a9707c";
* enable it in /etc/rc.conf with
ipsec_enable="YES"
and apply it with sh /etc/rc.d/ipsec start
[ off course you can also manually add it using setkey(8) ]
* compile tcpconnect in here running:
make
* start tcpdump (secret as above, port is just a sample):
tcpdump -l -n -i lo0 -s 0 -M "0e3a9ac42ceca8260f1d6fbc46a9707c" tcp and port 2345
* run the server (use same port as given to tcpdump):
./tcpconnect server 2345
* run the client (use same port as given to tcpdump):
./tcpconnect client 127.0.0.1 2345 1 tcpmd5
* check tcpdump output
# end

View File

@ -30,21 +30,24 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
static void
usage(void)
{
fprintf(stderr, "tcpconnect server port\n");
fprintf(stderr, "tcpconnect client ip port count\n");
fprintf(stderr, "tcpconnect client ip port count [nonblock] [tcpmd5]\n");
exit(-1);
}
@ -92,9 +95,16 @@ tcpconnect_client(int argc, char *argv[])
long count, i, port;
char *dummy;
int sock;
int nonblock = 0, md5enable = 0;
if (argc != 3)
if (argc < 3 || argc > 5)
usage();
for (i=3; i < argc; i++) {
if (strcmp(argv[i], "nonblock") == 0)
nonblock = 1;
if (strcmp(argv[i], "tcpmd5") == 0)
md5enable = 1;
}
bzero(&sin, sizeof(sin));
sin.sin_len = sizeof(sin);
@ -116,17 +126,27 @@ tcpconnect_client(int argc, char *argv[])
if (sock == -1)
errx(-1, "socket: %s", strerror(errno));
#ifdef NONBLOCK
if (fcntl(sock, F_SETFL, O_NONBLOCK) != 0)
errx(-1, "fcntl(F_SETFL): %s", strerror(errno));
/* No warning in default case on ENOPROTOOPT. */
if (setsockopt(sock, IPPROTO_TCP, TCP_MD5SIG,
&md5enable, sizeof(md5enable)) != 0) {
if (errno == ENOPROTOOPT && md5enable > 0)
err(-1, "setsockopt(TCP_MD5SIG)");
else if (errno != ENOPROTOOPT)
warn("setsockopt(TCP_MD5SIG)");
}
if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) == -1
&& errno != EINPROGRESS)
errx(-1, "connect: %s", strerror(errno));
#else
if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) == -1)
errx(-1, "connect: %s", strerror(errno));
#endif
if (nonblock) {
if (fcntl(sock, F_SETFL, O_NONBLOCK) != 0)
errx(-1, "fcntl(F_SETFL): %s", strerror(errno));
if (connect(sock, (struct sockaddr *)&sin,
sizeof(sin)) == -1 && errno != EINPROGRESS)
errx(-1, "connect: %s", strerror(errno));
} else {
if (connect(sock, (struct sockaddr *)&sin,
sizeof(sin)) == -1)
errx(-1, "connect: %s", strerror(errno));
}
close(sock);
}