summaryrefslogtreecommitdiffhomepage
path: root/test/packetdrill
diff options
context:
space:
mode:
Diffstat (limited to 'test/packetdrill')
-rw-r--r--test/packetdrill/BUILD48
-rw-r--r--test/packetdrill/Dockerfile9
-rw-r--r--test/packetdrill/accept_ack_drop.pkt27
-rw-r--r--test/packetdrill/defs.bzl87
-rw-r--r--test/packetdrill/fin_wait2_timeout.pkt23
-rw-r--r--test/packetdrill/linux/tcp_user_timeout.pkt39
-rw-r--r--test/packetdrill/listen_close_before_handshake_complete.pkt31
-rw-r--r--test/packetdrill/netstack/tcp_user_timeout.pkt38
-rw-r--r--test/packetdrill/no_rst_to_rst.pkt36
-rwxr-xr-xtest/packetdrill/packetdrill_setup.sh26
-rwxr-xr-xtest/packetdrill/packetdrill_test.sh225
-rw-r--r--test/packetdrill/reset_for_ack_when_no_syn_cookies_in_use.pkt9
-rw-r--r--test/packetdrill/sanity_test.pkt7
-rw-r--r--test/packetdrill/tcp_defer_accept.pkt48
-rw-r--r--test/packetdrill/tcp_defer_accept_timeout.pkt48
15 files changed, 0 insertions, 701 deletions
diff --git a/test/packetdrill/BUILD b/test/packetdrill/BUILD
deleted file mode 100644
index fb0b2db41..000000000
--- a/test/packetdrill/BUILD
+++ /dev/null
@@ -1,48 +0,0 @@
-load("defs.bzl", "packetdrill_linux_test", "packetdrill_netstack_test", "packetdrill_test")
-
-package(licenses = ["notice"])
-
-packetdrill_test(
- name = "packetdrill_sanity_test",
- scripts = ["sanity_test.pkt"],
-)
-
-packetdrill_test(
- name = "accept_ack_drop_test",
- scripts = ["accept_ack_drop.pkt"],
-)
-
-packetdrill_test(
- name = "fin_wait2_timeout_test",
- scripts = ["fin_wait2_timeout.pkt"],
-)
-
-packetdrill_linux_test(
- name = "tcp_user_timeout_test_linux_test",
- scripts = ["linux/tcp_user_timeout.pkt"],
-)
-
-packetdrill_netstack_test(
- name = "tcp_user_timeout_test_netstack_test",
- scripts = ["netstack/tcp_user_timeout.pkt"],
-)
-
-packetdrill_test(
- name = "listen_close_before_handshake_complete_test",
- scripts = ["listen_close_before_handshake_complete.pkt"],
-)
-
-packetdrill_test(
- name = "no_rst_to_rst_test",
- scripts = ["no_rst_to_rst.pkt"],
-)
-
-packetdrill_test(
- name = "tcp_defer_accept_test",
- scripts = ["tcp_defer_accept.pkt"],
-)
-
-packetdrill_test(
- name = "tcp_defer_accept_timeout_test",
- scripts = ["tcp_defer_accept_timeout.pkt"],
-)
diff --git a/test/packetdrill/Dockerfile b/test/packetdrill/Dockerfile
deleted file mode 100644
index 4b75e9527..000000000
--- a/test/packetdrill/Dockerfile
+++ /dev/null
@@ -1,9 +0,0 @@
-FROM ubuntu:bionic
-
-RUN apt-get update && apt-get install -y net-tools git iptables iputils-ping \
- netcat tcpdump jq tar bison flex make
-RUN hash -r
-RUN git clone --branch packetdrill-v2.0 \
- https://github.com/google/packetdrill.git
-RUN cd packetdrill/gtests/net/packetdrill && ./configure && make
-CMD /bin/bash
diff --git a/test/packetdrill/accept_ack_drop.pkt b/test/packetdrill/accept_ack_drop.pkt
deleted file mode 100644
index 76e638fd4..000000000
--- a/test/packetdrill/accept_ack_drop.pkt
+++ /dev/null
@@ -1,27 +0,0 @@
-// Test that the accept works if the final ACK is dropped and an ack with data
-// follows the dropped ack.
-
-0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
-+0 bind(3, ..., ...) = 0
-
-// Set backlog to 1 so that we can easily test.
-+0 listen(3, 1) = 0
-
-// Establish a connection without timestamps.
-+0.0 < S 0:0(0) win 32792 <mss 1460,sackOK,nop,nop,nop,wscale 7>
-+0.0 > S. 0:0(0) ack 1 <...>
-
-+0.0 < . 1:5(4) ack 1 win 257
-+0.0 > . 1:1(0) ack 5 <...>
-
-// This should cause connection to transition to connected state.
-+0.000 accept(3, ..., ...) = 4
-+0.000 fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
-
-// Now read the data and we should get 4 bytes.
-+0.000 read(4,..., 4) = 4
-+0.000 close(4) = 0
-
-+0.0 > F. 1:1(0) ack 5 <...>
-+0.0 < F. 5:5(0) ack 2 win 257
-+0.01 > . 2:2(0) ack 6 <...> \ No newline at end of file
diff --git a/test/packetdrill/defs.bzl b/test/packetdrill/defs.bzl
deleted file mode 100644
index f499c177b..000000000
--- a/test/packetdrill/defs.bzl
+++ /dev/null
@@ -1,87 +0,0 @@
-"""Defines a rule for packetdrill test targets."""
-
-def _packetdrill_test_impl(ctx):
- test_runner = ctx.executable._test_runner
- runner = ctx.actions.declare_file("%s-runner" % ctx.label.name)
-
- script_paths = []
- for script in ctx.files.scripts:
- script_paths.append(script.short_path)
- runner_content = "\n".join([
- "#!/bin/bash",
- # This test will run part in a distinct user namespace. This can cause
- # permission problems, because all runfiles may not be owned by the
- # current user, and no other users will be mapped in that namespace.
- # Make sure that everything is readable here.
- "find . -type f -exec chmod a+rx {} \\;",
- "find . -type d -exec chmod a+rx {} \\;",
- "%s %s --init_script %s $@ -- %s\n" % (
- test_runner.short_path,
- " ".join(ctx.attr.flags),
- ctx.files._init_script[0].short_path,
- " ".join(script_paths),
- ),
- ])
- ctx.actions.write(runner, runner_content, is_executable = True)
-
- transitive_files = depset()
- if hasattr(ctx.attr._test_runner, "data_runfiles"):
- transitive_files = depset(ctx.attr._test_runner.data_runfiles.files)
- runfiles = ctx.runfiles(
- files = [test_runner] + ctx.files._init_script + ctx.files.scripts,
- transitive_files = transitive_files,
- collect_default = True,
- collect_data = True,
- )
- return [DefaultInfo(executable = runner, runfiles = runfiles)]
-
-_packetdrill_test = rule(
- attrs = {
- "_test_runner": attr.label(
- executable = True,
- cfg = "host",
- allow_files = True,
- default = "packetdrill_test.sh",
- ),
- "_init_script": attr.label(
- allow_single_file = True,
- default = "packetdrill_setup.sh",
- ),
- "flags": attr.string_list(
- mandatory = False,
- default = [],
- ),
- "scripts": attr.label_list(
- mandatory = True,
- allow_files = True,
- ),
- },
- test = True,
- implementation = _packetdrill_test_impl,
-)
-
-_PACKETDRILL_TAGS = ["local", "manual"]
-
-def packetdrill_linux_test(name, **kwargs):
- if "tags" not in kwargs:
- kwargs["tags"] = _PACKETDRILL_TAGS
- _packetdrill_test(
- name = name,
- flags = ["--dut_platform", "linux"],
- **kwargs
- )
-
-def packetdrill_netstack_test(name, **kwargs):
- if "tags" not in kwargs:
- kwargs["tags"] = _PACKETDRILL_TAGS
- _packetdrill_test(
- name = name,
- # This is the default runtime unless
- # "--test_arg=--runtime=OTHER_RUNTIME" is used to override the value.
- flags = ["--dut_platform", "netstack", "--runtime", "runsc-d"],
- **kwargs
- )
-
-def packetdrill_test(name, **kwargs):
- packetdrill_linux_test(name + "_linux_test", **kwargs)
- packetdrill_netstack_test(name + "_netstack_test", **kwargs)
diff --git a/test/packetdrill/fin_wait2_timeout.pkt b/test/packetdrill/fin_wait2_timeout.pkt
deleted file mode 100644
index 613f0bec9..000000000
--- a/test/packetdrill/fin_wait2_timeout.pkt
+++ /dev/null
@@ -1,23 +0,0 @@
-// Test that a socket in FIN_WAIT_2 eventually times out and a subsequent
-// packet generates a RST.
-
-0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
-+0 bind(3, ..., ...) = 0
-
-+0 listen(3, 1) = 0
-
-// Establish a connection without timestamps.
-+0 < S 0:0(0) win 32792 <mss 1460,sackOK,nop,nop,nop,wscale 7>
-+0 > S. 0:0(0) ack 1 <...>
-+0 < P. 1:1(0) ack 1 win 257
-
-+0.100 accept(3, ..., ...) = 4
-// set FIN_WAIT2 timeout to 1 seconds.
-+0.100 setsockopt(4, SOL_TCP, TCP_LINGER2, [1], 4) = 0
-+0 close(4) = 0
-
-+0 > F. 1:1(0) ack 1 <...>
-+0 < . 1:1(0) ack 2 win 257
-
-+1.1 < . 1:1(0) ack 2 win 257
-+0 > R 2:2(0) win 0
diff --git a/test/packetdrill/linux/tcp_user_timeout.pkt b/test/packetdrill/linux/tcp_user_timeout.pkt
deleted file mode 100644
index 38018cb42..000000000
--- a/test/packetdrill/linux/tcp_user_timeout.pkt
+++ /dev/null
@@ -1,39 +0,0 @@
-// Test that a socket w/ TCP_USER_TIMEOUT set aborts the connection
-// if there is pending unacked data after the user specified timeout.
-
-0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
-+0 bind(3, ..., ...) = 0
-
-+0 listen(3, 1) = 0
-
-// Establish a connection without timestamps.
-+0 < S 0:0(0) win 32792 <mss 1460,sackOK,nop,nop,nop,wscale 7>
-+0 > S. 0:0(0) ack 1 <...>
-+0.1 < . 1:1(0) ack 1 win 32792
-
-+0.100 accept(3, ..., ...) = 4
-
-// Okay, we received nothing, and decide to close this idle socket.
-// We set TCP_USER_TIMEOUT to 3 seconds because really it is not worth
-// trying hard to cleanly close this flow, at the price of keeping
-// a TCP structure in kernel for about 1 minute!
-+2 setsockopt(4, SOL_TCP, TCP_USER_TIMEOUT, [3000], 4) = 0
-
-// The write/ack is required mainly for netstack as netstack does
-// not update its RTO during the handshake.
-+0 write(4, ..., 100) = 100
-+0 > P. 1:101(100) ack 1 <...>
-+0 < . 1:1(0) ack 101 win 32792
-
-+0 close(4) = 0
-
-+0 > F. 101:101(0) ack 1 <...>
-+.3~+.400 > F. 101:101(0) ack 1 <...>
-+.3~+.400 > F. 101:101(0) ack 1 <...>
-+.6~+.800 > F. 101:101(0) ack 1 <...>
-+1.2~+1.300 > F. 101:101(0) ack 1 <...>
-
-// We finally receive something from the peer, but it is way too late
-// Our socket vanished because TCP_USER_TIMEOUT was really small.
-+.1 < . 1:2(1) ack 102 win 32792
-+0 > R 102:102(0) win 0
diff --git a/test/packetdrill/listen_close_before_handshake_complete.pkt b/test/packetdrill/listen_close_before_handshake_complete.pkt
deleted file mode 100644
index 51c3f1a32..000000000
--- a/test/packetdrill/listen_close_before_handshake_complete.pkt
+++ /dev/null
@@ -1,31 +0,0 @@
-// Test that closing a listening socket closes any connections in SYN-RCVD
-// state and any packets bound for these connections generate a RESET.
-
-0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
-+0 bind(3, ..., ...) = 0
-
-// Set backlog to 1 so that we can easily test.
-+0 listen(3, 1) = 0
-
-// Establish a connection without timestamps.
-+0 < S 0:0(0) win 32792 <mss 1460,sackOK,nop,nop,nop,wscale 7>
-+0 > S. 0:0(0) ack 1 <...>
-
-+0.100 close(3) = 0
-+0.1 < P. 1:1(0) ack 1 win 257
-
-// Linux generates a reset with no ack number/bit set. This is contradictory to
-// what is specified in Rule 1 under Reset Generation in
-// https://tools.ietf.org/html/rfc793#section-3.4.
-// "1. If the connection does not exist (CLOSED) then a reset is sent
-// in response to any incoming segment except another reset. In
-// particular, SYNs addressed to a non-existent connection are rejected
-// by this means.
-//
-// If the incoming segment has an ACK field, the reset takes its
-// sequence number from the ACK field of the segment, otherwise the
-// reset has sequence number zero and the ACK field is set to the sum
-// of the sequence number and segment length of the incoming segment.
-// The connection remains in the CLOSED state."
-
-+0.0 > R 1:1(0) win 0 \ No newline at end of file
diff --git a/test/packetdrill/netstack/tcp_user_timeout.pkt b/test/packetdrill/netstack/tcp_user_timeout.pkt
deleted file mode 100644
index 60103adba..000000000
--- a/test/packetdrill/netstack/tcp_user_timeout.pkt
+++ /dev/null
@@ -1,38 +0,0 @@
-// Test that a socket w/ TCP_USER_TIMEOUT set aborts the connection
-// if there is pending unacked data after the user specified timeout.
-
-0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
-+0 bind(3, ..., ...) = 0
-
-+0 listen(3, 1) = 0
-
-// Establish a connection without timestamps.
-+0 < S 0:0(0) win 32792 <mss 1460,sackOK,nop,nop,nop,wscale 7>
-+0 > S. 0:0(0) ack 1 <...>
-+0.1 < . 1:1(0) ack 1 win 32792
-
-+0.100 accept(3, ..., ...) = 4
-
-// Okay, we received nothing, and decide to close this idle socket.
-// We set TCP_USER_TIMEOUT to 3 seconds because really it is not worth
-// trying hard to cleanly close this flow, at the price of keeping
-// a TCP structure in kernel for about 1 minute!
-+2 setsockopt(4, SOL_TCP, TCP_USER_TIMEOUT, [3000], 4) = 0
-
-// The write/ack is required mainly for netstack as netstack does
-// not update its RTO during the handshake.
-+0 write(4, ..., 100) = 100
-+0 > P. 1:101(100) ack 1 <...>
-+0 < . 1:1(0) ack 101 win 32792
-
-+0 close(4) = 0
-
-+0 > F. 101:101(0) ack 1 <...>
-+.2~+.300 > F. 101:101(0) ack 1 <...>
-+.4~+.500 > F. 101:101(0) ack 1 <...>
-+.8~+.900 > F. 101:101(0) ack 1 <...>
-
-// We finally receive something from the peer, but it is way too late
-// Our socket vanished because TCP_USER_TIMEOUT was really small.
-+1.61 < . 1:2(1) ack 102 win 32792
-+0 > R 102:102(0) win 0
diff --git a/test/packetdrill/no_rst_to_rst.pkt b/test/packetdrill/no_rst_to_rst.pkt
deleted file mode 100644
index 612747827..000000000
--- a/test/packetdrill/no_rst_to_rst.pkt
+++ /dev/null
@@ -1,36 +0,0 @@
-// Test a RST is not generated in response to a RST and a RST is correctly
-// generated when an accepted endpoint is RST due to an incoming RST.
-
-0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
-+0 bind(3, ..., ...) = 0
-
-+0 listen(3, 1) = 0
-
-// Establish a connection without timestamps.
-+0 < S 0:0(0) win 32792 <mss 1460,sackOK,nop,nop,nop,wscale 7>
-+0 > S. 0:0(0) ack 1 <...>
-+0 < P. 1:1(0) ack 1 win 257
-
-+0.100 accept(3, ..., ...) = 4
-
-+0.200 < R 1:1(0) win 0
-
-+0.300 read(4,..., 4) = -1 ECONNRESET (Connection Reset by Peer)
-
-+0.00 < . 1:1(0) ack 1 win 257
-
-// Linux generates a reset with no ack number/bit set. This is contradictory to
-// what is specified in Rule 1 under Reset Generation in
-// https://tools.ietf.org/html/rfc793#section-3.4.
-// "1. If the connection does not exist (CLOSED) then a reset is sent
-// in response to any incoming segment except another reset. In
-// particular, SYNs addressed to a non-existent connection are rejected
-// by this means.
-//
-// If the incoming segment has an ACK field, the reset takes its
-// sequence number from the ACK field of the segment, otherwise the
-// reset has sequence number zero and the ACK field is set to the sum
-// of the sequence number and segment length of the incoming segment.
-// The connection remains in the CLOSED state."
-
-+0.00 > R 1:1(0) win 0 \ No newline at end of file
diff --git a/test/packetdrill/packetdrill_setup.sh b/test/packetdrill/packetdrill_setup.sh
deleted file mode 100755
index b858072f0..000000000
--- a/test/packetdrill/packetdrill_setup.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-
-# Copyright 2018 The gVisor Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# This script runs both within the sentry context and natively. It should tweak
-# TCP parameters to match expectations found in the script files.
-sysctl -q net.ipv4.tcp_sack=1
-sysctl -q net.ipv4.tcp_rmem="4096 2097152 $((8*1024*1024))"
-sysctl -q net.ipv4.tcp_wmem="4096 2097152 $((8*1024*1024))"
-
-# There may be errors from the above, but they will show up in the test logs and
-# we always want to proceed from this point. It's possible that values were
-# already set correctly and the nodes were not available in the namespace.
-exit 0
diff --git a/test/packetdrill/packetdrill_test.sh b/test/packetdrill/packetdrill_test.sh
deleted file mode 100755
index c8268170f..000000000
--- a/test/packetdrill/packetdrill_test.sh
+++ /dev/null
@@ -1,225 +0,0 @@
-#!/bin/bash
-
-# Copyright 2020 The gVisor Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Run a packetdrill test. Two docker containers are made, one for the
-# Device-Under-Test (DUT) and one for the test runner. Each is attached with
-# two networks, one for control packets that aid the test and one for test
-# packets which are sent as part of the test and observed for correctness.
-
-set -euxo pipefail
-
-function failure() {
- local lineno=$1
- local msg=$2
- local filename="$0"
- echo "FAIL: $filename:$lineno: $msg"
-}
-trap 'failure ${LINENO} "$BASH_COMMAND"' ERR
-
-declare -r LONGOPTS="dut_platform:,init_script:,runtime:"
-
-# Don't use declare below so that the error from getopt will end the script.
-PARSED=$(getopt --options "" --longoptions=$LONGOPTS --name "$0" -- "$@")
-
-eval set -- "$PARSED"
-
-while true; do
- case "$1" in
- --dut_platform)
- # Either "linux" or "netstack".
- declare -r DUT_PLATFORM="$2"
- shift 2
- ;;
- --init_script)
- declare -r INIT_SCRIPT="$2"
- shift 2
- ;;
- --runtime)
- # Not readonly because there might be multiple --runtime arguments and we
- # want to use just the last one. Only used if --dut_platform is
- # "netstack".
- declare RUNTIME="$2"
- shift 2
- ;;
- --)
- shift
- break
- ;;
- *)
- echo "Programming error"
- exit 3
- esac
-done
-
-# All the other arguments are scripts.
-declare -r scripts="$@"
-
-# Check that the required flags are defined in a way that is safe for "set -u".
-if [[ "${DUT_PLATFORM-}" == "netstack" ]]; then
- if [[ -z "${RUNTIME-}" ]]; then
- echo "FAIL: Missing --runtime argument: ${RUNTIME-}"
- exit 2
- fi
- declare -r RUNTIME_ARG="--runtime ${RUNTIME}"
-elif [[ "${DUT_PLATFORM-}" == "linux" ]]; then
- declare -r RUNTIME_ARG=""
-else
- echo "FAIL: Bad or missing --dut_platform argument: ${DUT_PLATFORM-}"
- exit 2
-fi
-if [[ ! -x "${INIT_SCRIPT-}" ]]; then
- echo "FAIL: Bad or missing --init_script: ${INIT_SCRIPT-}"
- exit 2
-fi
-
-# Variables specific to the control network and interface start with CTRL_.
-# Variables specific to the test network and interface start with TEST_.
-# Variables specific to the DUT start with DUT_.
-# Variables specific to the test runner start with TEST_RUNNER_.
-declare -r PACKETDRILL="/packetdrill/gtests/net/packetdrill/packetdrill"
-# Use random numbers so that test networks don't collide.
-declare -r CTRL_NET="ctrl_net-$(shuf -i 0-99999999 -n 1)"
-declare -r TEST_NET="test_net-$(shuf -i 0-99999999 -n 1)"
-declare -r tolerance_usecs=100000
-# On both DUT and test runner, testing packets are on the eth2 interface.
-declare -r TEST_DEVICE="eth2"
-# Number of bits in the *_NET_PREFIX variables.
-declare -r NET_MASK="24"
-function new_net_prefix() {
- # Class C, 192.0.0.0 to 223.255.255.255, transitionally has mask 24.
- echo "$(shuf -i 192-223 -n 1).$(shuf -i 0-255 -n 1).$(shuf -i 0-255 -n 1)"
-}
-# Last bits of the DUT's IP address.
-declare -r DUT_NET_SUFFIX=".10"
-# Control port.
-declare -r CTRL_PORT="40000"
-# Last bits of the test runner's IP address.
-declare -r TEST_RUNNER_NET_SUFFIX=".20"
-declare -r TIMEOUT="60"
-declare -r IMAGE_TAG="gcr.io/gvisor-presubmit/packetdrill"
-
-# Make sure that docker is installed.
-docker --version
-
-function finish {
- local cleanup_success=1
- for net in "${CTRL_NET}" "${TEST_NET}"; do
- # Kill all processes attached to ${net}.
- for docker_command in "kill" "rm"; do
- (docker network inspect "${net}" \
- --format '{{range $key, $value := .Containers}}{{$key}} {{end}}' \
- | xargs -r docker "${docker_command}") || \
- cleanup_success=0
- done
- # Remove the network.
- docker network rm "${net}" || \
- cleanup_success=0
- done
-
- if ((!$cleanup_success)); then
- echo "FAIL: Cleanup command failed"
- exit 4
- fi
-}
-trap finish EXIT
-
-# Subnet for control packets between test runner and DUT.
-declare CTRL_NET_PREFIX=$(new_net_prefix)
-while ! docker network create \
- "--subnet=${CTRL_NET_PREFIX}.0/${NET_MASK}" "${CTRL_NET}"; do
- sleep 0.1
- declare CTRL_NET_PREFIX=$(new_net_prefix)
-done
-
-# Subnet for the packets that are part of the test.
-declare TEST_NET_PREFIX=$(new_net_prefix)
-while ! docker network create \
- "--subnet=${TEST_NET_PREFIX}.0/${NET_MASK}" "${TEST_NET}"; do
- sleep 0.1
- declare TEST_NET_PREFIX=$(new_net_prefix)
-done
-
-docker pull "${IMAGE_TAG}"
-
-# Create the DUT container and connect to network.
-DUT=$(docker create ${RUNTIME_ARG} --privileged --rm \
- --stop-timeout ${TIMEOUT} -it ${IMAGE_TAG})
-docker network connect "${CTRL_NET}" \
- --ip "${CTRL_NET_PREFIX}${DUT_NET_SUFFIX}" "${DUT}" \
- || (docker kill ${DUT}; docker rm ${DUT}; false)
-docker network connect "${TEST_NET}" \
- --ip "${TEST_NET_PREFIX}${DUT_NET_SUFFIX}" "${DUT}" \
- || (docker kill ${DUT}; docker rm ${DUT}; false)
-docker start "${DUT}"
-
-# Create the test runner container and connect to network.
-TEST_RUNNER=$(docker create --privileged --rm \
- --stop-timeout ${TIMEOUT} -it ${IMAGE_TAG})
-docker network connect "${CTRL_NET}" \
- --ip "${CTRL_NET_PREFIX}${TEST_RUNNER_NET_SUFFIX}" "${TEST_RUNNER}" \
- || (docker kill ${TEST_RUNNER}; docker rm ${REST_RUNNER}; false)
-docker network connect "${TEST_NET}" \
- --ip "${TEST_NET_PREFIX}${TEST_RUNNER_NET_SUFFIX}" "${TEST_RUNNER}" \
- || (docker kill ${TEST_RUNNER}; docker rm ${REST_RUNNER}; false)
-docker start "${TEST_RUNNER}"
-
-# Run tcpdump in the test runner unbuffered, without dns resolution, just on the
-# interface with the test packets.
-docker exec -t ${TEST_RUNNER} tcpdump -U -n -i "${TEST_DEVICE}" &
-
-# Start a packetdrill server on the test_runner. The packetdrill server sends
-# packets and asserts that they are received.
-docker exec -d "${TEST_RUNNER}" \
- ${PACKETDRILL} --wire_server --wire_server_dev="${TEST_DEVICE}" \
- --wire_server_ip="${CTRL_NET_PREFIX}${TEST_RUNNER_NET_SUFFIX}" \
- --wire_server_port="${CTRL_PORT}" \
- --local_ip="${TEST_NET_PREFIX}${TEST_RUNNER_NET_SUFFIX}" \
- --remote_ip="${TEST_NET_PREFIX}${DUT_NET_SUFFIX}"
-
-# Because the Linux kernel receives the SYN-ACK but didn't send the SYN it will
-# issue a RST. To prevent this IPtables can be used to filter those out.
-docker exec "${TEST_RUNNER}" \
- iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP
-
-# Wait for the packetdrill server on the test runner to come. Attempt to
-# connect to it from the DUT every 100 milliseconds until success.
-while ! docker exec "${DUT}" \
- nc -zv "${CTRL_NET_PREFIX}${TEST_RUNNER_NET_SUFFIX}" "${CTRL_PORT}"; do
- sleep 0.1
-done
-
-# Copy the packetdrill setup script to the DUT.
-docker cp -L "${INIT_SCRIPT}" "${DUT}:packetdrill_setup.sh"
-
-# Copy the packetdrill scripts to the DUT.
-declare -a dut_scripts
-for script in $scripts; do
- docker cp -L "${script}" "${DUT}:$(basename ${script})"
- dut_scripts+=("/$(basename ${script})")
-done
-
-# Start a packetdrill client on the DUT. The packetdrill client runs POSIX
-# socket commands and also sends instructions to the server.
-docker exec -t "${DUT}" \
- ${PACKETDRILL} --wire_client --wire_client_dev="${TEST_DEVICE}" \
- --wire_server_ip="${CTRL_NET_PREFIX}${TEST_RUNNER_NET_SUFFIX}" \
- --wire_server_port="${CTRL_PORT}" \
- --local_ip="${TEST_NET_PREFIX}${DUT_NET_SUFFIX}" \
- --remote_ip="${TEST_NET_PREFIX}${TEST_RUNNER_NET_SUFFIX}" \
- --init_scripts=/packetdrill_setup.sh \
- --tolerance_usecs="${tolerance_usecs}" "${dut_scripts[@]}"
-
-echo PASS: No errors.
diff --git a/test/packetdrill/reset_for_ack_when_no_syn_cookies_in_use.pkt b/test/packetdrill/reset_for_ack_when_no_syn_cookies_in_use.pkt
deleted file mode 100644
index a86b90ce6..000000000
--- a/test/packetdrill/reset_for_ack_when_no_syn_cookies_in_use.pkt
+++ /dev/null
@@ -1,9 +0,0 @@
-// Test that a listening socket generates a RST when it receives an
-// ACK and syn cookies are not in use.
-
-0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
-+0 bind(3, ..., ...) = 0
-
-+0 listen(3, 1) = 0
-+0.1 < . 1:1(0) ack 1 win 32792
-+0 > R 1:1(0) ack 0 win 0 \ No newline at end of file
diff --git a/test/packetdrill/sanity_test.pkt b/test/packetdrill/sanity_test.pkt
deleted file mode 100644
index b3b58c366..000000000
--- a/test/packetdrill/sanity_test.pkt
+++ /dev/null
@@ -1,7 +0,0 @@
-// Basic sanity test. One system call.
-//
-// All of the plumbing has to be working however, and the packetdrill wire
-// client needs to be able to connect to the wire server and send the script,
-// probe local interfaces, run through the test w/ timings, etc.
-
-0.000 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
diff --git a/test/packetdrill/tcp_defer_accept.pkt b/test/packetdrill/tcp_defer_accept.pkt
deleted file mode 100644
index a17f946db..000000000
--- a/test/packetdrill/tcp_defer_accept.pkt
+++ /dev/null
@@ -1,48 +0,0 @@
-// Test that a bare ACK does not complete a connection when TCP_DEFER_ACCEPT
-// timeout is not hit but an ACK w/ data does complete and deliver the
-// connection to the accept queue.
-
-0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
-+0 setsockopt(3, SOL_TCP, TCP_DEFER_ACCEPT, [5], 4) = 0
-+0.000 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
-+0 bind(3, ..., ...) = 0
-
-// Set backlog to 1 so that we can easily test.
-+0 listen(3, 1) = 0
-
-// Establish a connection without timestamps.
-+0.0 < S 0:0(0) win 32792 <mss 1460,sackOK,nop,nop,nop,wscale 7>
-+0.0 > S. 0:0(0) ack 1 <...>
-
-// Send a bare ACK this should not complete the connection as we
-// set the TCP_DEFER_ACCEPT above.
-+0.0 < . 1:1(0) ack 1 win 257
-
-// The bare ACK should be dropped and no connection should be delivered
-// to the accept queue.
-+0.100 accept(3, ..., ...) = -1 EWOULDBLOCK (operation would block)
-
-// Send another bare ACK and it should still fail we set TCP_DEFER_ACCEPT
-// to 5 seconds above.
-+2.5 < . 1:1(0) ack 1 win 257
-+0.100 accept(3, ..., ...) = -1 EWOULDBLOCK (operation would block)
-
-// set accept socket back to blocking.
-+0.000 fcntl(3, F_SETFL, O_RDWR) = 0
-
-// Now send an ACK w/ data. This should complete the connection
-// and deliver the socket to the accept queue.
-+0.1 < . 1:5(4) ack 1 win 257
-+0.0 > . 1:1(0) ack 5 <...>
-
-// This should cause connection to transition to connected state.
-+0.000 accept(3, ..., ...) = 4
-+0.000 fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
-
-// Now read the data and we should get 4 bytes.
-+0.000 read(4,..., 4) = 4
-+0.000 close(4) = 0
-
-+0.0 > F. 1:1(0) ack 5 <...>
-+0.0 < F. 5:5(0) ack 2 win 257
-+0.01 > . 2:2(0) ack 6 <...> \ No newline at end of file
diff --git a/test/packetdrill/tcp_defer_accept_timeout.pkt b/test/packetdrill/tcp_defer_accept_timeout.pkt
deleted file mode 100644
index 201fdeb14..000000000
--- a/test/packetdrill/tcp_defer_accept_timeout.pkt
+++ /dev/null
@@ -1,48 +0,0 @@
-// Test that a bare ACK is accepted after TCP_DEFER_ACCEPT timeout
-// is hit and a connection is delivered.
-
-0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
-+0 setsockopt(3, SOL_TCP, TCP_DEFER_ACCEPT, [3], 4) = 0
-+0.000 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
-+0 bind(3, ..., ...) = 0
-
-// Set backlog to 1 so that we can easily test.
-+0 listen(3, 1) = 0
-
-// Establish a connection without timestamps.
-+0.0 < S 0:0(0) win 32792 <mss 1460,sackOK,nop,nop,nop,wscale 7>
-+0.0 > S. 0:0(0) ack 1 <...>
-
-// Send a bare ACK this should not complete the connection as we
-// set the TCP_DEFER_ACCEPT above.
-+0.0 < . 1:1(0) ack 1 win 257
-
-// The bare ACK should be dropped and no connection should be delivered
-// to the accept queue.
-+0.100 accept(3, ..., ...) = -1 EWOULDBLOCK (operation would block)
-
-// Send another bare ACK and it should still fail we set TCP_DEFER_ACCEPT
-// to 5 seconds above.
-+2.5 < . 1:1(0) ack 1 win 257
-+0.100 accept(3, ..., ...) = -1 EWOULDBLOCK (operation would block)
-
-// set accept socket back to blocking.
-+0.000 fcntl(3, F_SETFL, O_RDWR) = 0
-
-// We should see one more retransmit of the SYN-ACK as a last ditch
-// attempt when TCP_DEFER_ACCEPT timeout is hit to trigger another
-// ACK or a packet with data.
-+.35~+2.35 > S. 0:0(0) ack 1 <...>
-
-// Now send another bare ACK after TCP_DEFER_ACCEPT time has been passed.
-+0.0 < . 1:1(0) ack 1 win 257
-
-// The ACK above should cause connection to transition to connected state.
-+0.000 accept(3, ..., ...) = 4
-+0.000 fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
-
-+0.000 close(4) = 0
-
-+0.0 > F. 1:1(0) ack 1 <...>
-+0.0 < F. 1:1(0) ack 2 win 257
-+0.01 > . 2:2(0) ack 2 <...>