aboutgitcodebugslistschat
path: root/doc/platform-requirements
diff options
context:
space:
mode:
Diffstat (limited to 'doc/platform-requirements')
-rw-r--r--doc/platform-requirements/.gitignore2
-rw-r--r--doc/platform-requirements/Makefile8
-rw-r--r--doc/platform-requirements/common.h1
-rw-r--r--doc/platform-requirements/listen-vs-repair.c128
-rw-r--r--doc/platform-requirements/reuseaddr-priority.c6
-rw-r--r--doc/platform-requirements/tcp-close-rst.c204
6 files changed, 344 insertions, 5 deletions
diff --git a/doc/platform-requirements/.gitignore b/doc/platform-requirements/.gitignore
index 3b5a10a..b2a0069 100644
--- a/doc/platform-requirements/.gitignore
+++ b/doc/platform-requirements/.gitignore
@@ -1,3 +1,5 @@
+/listen-vs-repair
/reuseaddr-priority
/recv-zero
+/tcp-close-rst
/udp-close-dup
diff --git a/doc/platform-requirements/Makefile b/doc/platform-requirements/Makefile
index 6a7d374..204341b 100644
--- a/doc/platform-requirements/Makefile
+++ b/doc/platform-requirements/Makefile
@@ -3,8 +3,10 @@
# Copyright Red Hat
# Author: David Gibson <david@gibson.dropbear.id.au>
-TARGETS = reuseaddr-priority recv-zero udp-close-dup
-SRCS = reuseaddr-priority.c recv-zero.c udp-close-dup.c
+TARGETS = reuseaddr-priority recv-zero udp-close-dup listen-vs-repair \
+ tcp-close-rst
+SRCS = reuseaddr-priority.c recv-zero.c udp-close-dup.c listen-vs-repair.c \
+ tcp-close-rst.c
CFLAGS = -Wall
all: cppcheck clang-tidy $(TARGETS:%=check-%)
@@ -25,6 +27,7 @@ clang-tidy:
clang-tidy --checks=*,\
-altera-id-dependent-backward-branch,\
-altera-unroll-loops,\
+ -android-cloexec-accept,\
-bugprone-easily-swappable-parameters,\
-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,\
-concurrency-mt-unsafe,\
@@ -37,6 +40,7 @@ clang-tidy:
-misc-include-cleaner,\
-modernize-macro-to-enum,\
-readability-braces-around-statements,\
+ -readability-function-cognitive-complexity,\
-readability-identifier-length,\
-readability-isolate-declaration \
$(SRCS)
diff --git a/doc/platform-requirements/common.h b/doc/platform-requirements/common.h
index 8844b1e..e85fc2b 100644
--- a/doc/platform-requirements/common.h
+++ b/doc/platform-requirements/common.h
@@ -15,6 +15,7 @@
#include <stdio.h>
#include <stdlib.h>
+__attribute__((format(printf, 1, 2), noreturn))
static inline void die(const char *fmt, ...)
{
va_list ap;
diff --git a/doc/platform-requirements/listen-vs-repair.c b/doc/platform-requirements/listen-vs-repair.c
new file mode 100644
index 0000000..e21d168
--- /dev/null
+++ b/doc/platform-requirements/listen-vs-repair.c
@@ -0,0 +1,128 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+
+/* liste-vs-repair.c
+ *
+ * Do listening sockets have address conflicts with sockets under repair
+ * ====================================================================
+ *
+ * When we accept() an incoming connection the accept()ed socket will have the
+ * same local address as the listening socket. This can be a complication on
+ * migration. On the migration target we've already set up listening sockets
+ * according to the command line. However to restore connections that we're
+ * migrating in we need to bind the new sockets to the same address, which would
+ * be an address conflict on the face of it. This test program verifies that
+ * enabling repair mode before bind() correctly suppresses that conflict.
+ *
+ * Copyright Red Hat
+ * Author: David Gibson <david@gibson.dropbear.id.au>
+ */
+
+/* NOLINTNEXTLINE(bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp) */
+#define _GNU_SOURCE
+
+#include <arpa/inet.h>
+#include <errno.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+#include <net/if.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <sched.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "common.h"
+
+#define PORT 13256U
+#define CPORT 13257U
+
+/* 127.0.0.1:PORT */
+static const struct sockaddr_in addr = SOCKADDR_INIT(INADDR_LOOPBACK, PORT);
+
+/* 127.0.0.1:CPORT */
+static const struct sockaddr_in caddr = SOCKADDR_INIT(INADDR_LOOPBACK, CPORT);
+
+/* Put ourselves into a network sandbox */
+static void net_sandbox(void)
+{
+ /* NOLINTNEXTLINE(altera-struct-pack-align) */
+ const struct req_t {
+ struct nlmsghdr nlh;
+ struct ifinfomsg ifm;
+ } __attribute__((packed)) req = {
+ .nlh.nlmsg_type = RTM_NEWLINK,
+ .nlh.nlmsg_flags = NLM_F_REQUEST,
+ .nlh.nlmsg_len = sizeof(req),
+ .nlh.nlmsg_seq = 1,
+ .ifm.ifi_family = AF_UNSPEC,
+ .ifm.ifi_index = 1,
+ .ifm.ifi_flags = IFF_UP,
+ .ifm.ifi_change = IFF_UP,
+ };
+ int nl;
+
+ if (unshare(CLONE_NEWUSER | CLONE_NEWNET))
+ die("unshare(): %s\n", strerror(errno));
+
+ /* Bring up lo in the new netns */
+ nl = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_ROUTE);
+ if (nl < 0)
+ die("Can't create netlink socket: %s\n", strerror(errno));
+
+ if (send(nl, &req, sizeof(req), 0) < 0)
+ die("Netlink send(): %s\n", strerror(errno));
+ close(nl);
+}
+
+static void check(void)
+{
+ int s1, s2, op;
+
+ s1 = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+ if (s1 < 0)
+ die("socket() 1: %s\n", strerror(errno));
+
+ if (bind(s1, (struct sockaddr *)&addr, sizeof(addr)))
+ die("bind() 1: %s\n", strerror(errno));
+
+ if (listen(s1, 0))
+ die("listen(): %s\n", strerror(errno));
+
+ s2 = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+ if (s2 < 0)
+ die("socket() 2: %s\n", strerror(errno));
+
+ op = TCP_REPAIR_ON;
+ if (setsockopt(s2, SOL_TCP, TCP_REPAIR, &op, sizeof(op)))
+ die("TCP_REPAIR: %s\n", strerror(errno));
+
+ if (bind(s2, (struct sockaddr *)&addr, sizeof(addr)))
+ die("bind() 2: %s\n", strerror(errno));
+
+ if (connect(s2, (struct sockaddr *)&caddr, sizeof(caddr)))
+ die("connect(): %s\n", strerror(errno));
+
+ op = TCP_REPAIR_OFF_NO_WP;
+ if (setsockopt(s2, SOL_TCP, TCP_REPAIR, &op, sizeof(op)))
+ die("TCP_REPAIR: %s\n", strerror(errno));
+
+ close(s1);
+ close(s2);
+}
+
+int main(int argc, char *argv[])
+{
+ (void)argc;
+ (void)argv;
+
+ net_sandbox();
+
+ check();
+
+ printf("Repair mode appears to properly suppress conflicts with listening sockets\n");
+
+ exit(0);
+}
diff --git a/doc/platform-requirements/reuseaddr-priority.c b/doc/platform-requirements/reuseaddr-priority.c
index 701b6ff..af39a39 100644
--- a/doc/platform-requirements/reuseaddr-priority.c
+++ b/doc/platform-requirements/reuseaddr-priority.c
@@ -46,13 +46,13 @@
/* Different cases for receiving socket configuration */
enum sock_type {
/* Socket is bound to 0.0.0.0:DSTPORT and not connected */
- SOCK_BOUND_ANY = 0,
+ SOCK_BOUND_ANY,
/* Socket is bound to 127.0.0.1:DSTPORT and not connected */
- SOCK_BOUND_LO = 1,
+ SOCK_BOUND_LO,
/* Socket is bound to 0.0.0.0:DSTPORT and connected to 127.0.0.1:SRCPORT */
- SOCK_CONNECTED = 2,
+ SOCK_CONNECTED,
NUM_SOCK_TYPES,
};
diff --git a/doc/platform-requirements/tcp-close-rst.c b/doc/platform-requirements/tcp-close-rst.c
new file mode 100644
index 0000000..0e508f6
--- /dev/null
+++ b/doc/platform-requirements/tcp-close-rst.c
@@ -0,0 +1,204 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+
+/* tcp-close-rst.c
+ *
+ * Check what operations on a TCP socket will trigger an RST.
+ *
+ * Copyright Red Hat
+ * Author: David Gibson <david@gibson.dropbear.id.au>
+ */
+
+#include <arpa/inet.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <net/if.h>
+#include <netinet/in.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <unistd.h>
+
+#include "common.h"
+
+#define DSTPORT 13258U
+
+#define SRCADDR(n) \
+ (0x7f000000U | (n) << 16U | (n) << 8U | 0x1U)
+
+#define BASENUM 100
+
+/* 127.0.0.1:DSTPORT */
+static const struct sockaddr_in lo_dst = SOCKADDR_INIT(INADDR_LOOPBACK, DSTPORT);
+
+#define LINGER 0x01U
+#define SHUT_CLIENT 0x02U
+#define SHUT_SERVER 0x04U
+
+#define NUM_OPTIONS (SHUT_SERVER << 1U)
+
+static void client_close(int sl, unsigned flags)
+{
+ struct sockaddr_in src = SOCKADDR_INIT(SRCADDR(flags), 0);
+ struct linger linger0 = {
+ .l_onoff = 1,
+ .l_linger = 0,
+ };
+ int sockerr, sc, sa;
+ socklen_t errlen = sizeof(sockerr);
+
+ printf("Client close %u:%s%s%s\n", flags,
+ flags & LINGER ? " LINGER" : "",
+ flags & SHUT_CLIENT ? " SHUT_CLIENT" : "",
+ flags & SHUT_SERVER ? " SHUT_SERVER" : "");
+
+ sc = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ if (sc < 0)
+ die("socket() for connect(): %s\n", strerror(errno));
+
+ if (bind(sc, (struct sockaddr *)&src, sizeof(src)) < 0)
+ die("bind() for connect: %s\n", strerror(errno));
+
+ if (connect(sc, (struct sockaddr *)&lo_dst, sizeof(lo_dst)) < 0)
+ die("connect(): %s\n", strerror(errno));
+
+ /* cppcheck-suppress [android-cloexec-accept,unmatchedSuppression] */
+ sa = accept(sl, NULL, NULL);
+ if (sa < 0)
+ die("accept(): %s\n", strerror(errno));
+
+ if (flags & SHUT_SERVER)
+ if (shutdown(sa, SHUT_WR) < 0)
+ die("shutdown() server: %s\n", strerror(errno));
+
+ if (flags & SHUT_CLIENT)
+ if (shutdown(sc, SHUT_WR) < 0)
+ die("shutdown() client: %s\n", strerror(errno));
+
+ if (flags & LINGER)
+ if (setsockopt(sc, SOL_SOCKET, SO_LINGER,
+ &linger0, sizeof(linger0)) < 0)
+ die("SO_LINGER: %s\n", strerror(errno));
+
+ close(sc);
+
+ if (getsockopt(sa, SOL_SOCKET, SO_ERROR, &sockerr, &errlen) < 0)
+ die("SO_ERROR: %s\n", strerror(errno));
+
+ if (errlen != sizeof(sockerr))
+ die("SO_ERROR: bad option length\n");
+
+ printf("Server error: %s\n", strerror(sockerr));
+
+ if (flags & LINGER) {
+ if (!(flags & SHUT_SERVER) || !(flags & SHUT_CLIENT)) {
+ if (sockerr == 0)
+ die("No error after abrupt close(), no RST?\n");
+ } else {
+ if (sockerr != 0)
+ die("Error after full shutdown, bogus RST?\n");
+ }
+ }
+
+ close(sa);
+}
+
+static void server_close(int sl, unsigned flags)
+{
+ struct sockaddr_in src = SOCKADDR_INIT(SRCADDR(flags), 0);
+ struct linger linger0 = {
+ .l_onoff = 1,
+ .l_linger = 0,
+ };
+ int sockerr, sc, sa;
+ socklen_t errlen = sizeof(sockerr);
+
+ printf("Server close %u:%s%s%s\n", flags,
+ flags & LINGER ? " LINGER" : "",
+ flags & SHUT_CLIENT ? " SHUT_CLIENT" : "",
+ flags & SHUT_SERVER ? " SHUT_SERVER" : "");
+
+ sc = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ if (sc < 0)
+ die("socket() for connect(): %s\n", strerror(errno));
+
+ if (bind(sc, (struct sockaddr *)&src, sizeof(src)) < 0)
+ die("bind() for connect: %s\n", strerror(errno));
+
+ if (connect(sc, (struct sockaddr *)&lo_dst, sizeof(lo_dst)) < 0)
+ die("connect(): %s\n", strerror(errno));
+
+ /* cppcheck-suppress [android-cloexec-accept,unmatchedSuppression] */
+ sa = accept(sl, NULL, NULL);
+ if (sa < 0)
+ die("accept(): %s\n", strerror(errno));
+
+ if (flags & SHUT_SERVER)
+ if (shutdown(sa, SHUT_WR) < 0)
+ die("shutdown() server: %s\n", strerror(errno));
+
+ if (flags & SHUT_CLIENT)
+ if (shutdown(sc, SHUT_WR) < 0)
+ die("shutdown() client: %s\n", strerror(errno));
+
+ if (flags & LINGER)
+ if (setsockopt(sa, SOL_SOCKET, SO_LINGER,
+ &linger0, sizeof(linger0)) < 0)
+ die("SO_LINGER: %s\n", strerror(errno));
+
+ close(sa);
+
+ if (getsockopt(sc, SOL_SOCKET, SO_ERROR, &sockerr, &errlen) < 0)
+ die("SO_ERROR: %s\n", strerror(errno));
+
+ if (errlen != sizeof(sockerr))
+ die("SO_ERROR: bad option length\n");
+
+ printf("Client error: %s\n", strerror(sockerr));
+
+ if (flags & LINGER) {
+ if (!(flags & SHUT_SERVER) || !(flags & SHUT_CLIENT)) {
+ if (sockerr == 0)
+ die("No error after abrupt close(), no RST?\n");
+ } else {
+ if (sockerr != 0)
+ die("Error after full shutdown, bogus RST?\n");
+ }
+ }
+
+ close(sc);
+}
+
+int main(int argc, char *argv[])
+{
+ unsigned flags;
+ int y = 1;
+ int sl;
+
+ (void)argc;
+ (void)argv;
+
+ sl = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ if (sl < 0)
+ die("socket() for listen: %s\n", strerror(errno));
+
+ if (setsockopt(sl, SOL_SOCKET, SO_REUSEADDR, &y, sizeof(y)) < 0)
+ die("SO_REUSEADDR for listen: %s\n", strerror(errno));
+
+ if (bind(sl, (struct sockaddr *)&lo_dst, sizeof(lo_dst)) < 0)
+ die("bind() for listen: %s\n", strerror(errno));
+
+ if (listen(sl, 1) < 0)
+ die("listen(): %s\n", strerror(errno));
+
+ printf("Listening on port %u\n", DSTPORT);
+
+ for (flags = 0; flags < NUM_OPTIONS; flags++) {
+ client_close(sl, flags);
+ server_close(sl, flags);
+ }
+
+ close(sl);
+ exit(0);
+}
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-07 15:46:20 +0000