1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
|
// Copyright 2018 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package tcp_test
import (
"bytes"
"math/rand"
"testing"
"time"
"gvisor.googlesource.com/gvisor/pkg/tcpip"
"gvisor.googlesource.com/gvisor/pkg/tcpip/buffer"
"gvisor.googlesource.com/gvisor/pkg/tcpip/checker"
"gvisor.googlesource.com/gvisor/pkg/tcpip/header"
"gvisor.googlesource.com/gvisor/pkg/tcpip/transport/tcp"
"gvisor.googlesource.com/gvisor/pkg/tcpip/transport/tcp/testing/context"
"gvisor.googlesource.com/gvisor/pkg/waiter"
)
// createConnectedWithTimestampOption creates and connects c.ep with the
// timestamp option enabled.
func createConnectedWithTimestampOption(c *context.Context) *context.RawEndpoint {
return c.CreateConnectedWithOptions(header.TCPSynOptions{TS: true, TSVal: 1})
}
// TestTimeStampEnabledConnect tests that netstack sends the timestamp option on
// an active connect and sets the TS Echo Reply fields correctly when the
// SYN-ACK also indicates support for the TS option and provides a TSVal.
func TestTimeStampEnabledConnect(t *testing.T) {
c := context.New(t, defaultMTU)
defer c.Cleanup()
rep := createConnectedWithTimestampOption(c)
// Register for read and validate that we have data to read.
we, ch := waiter.NewChannelEntry(nil)
c.WQ.EventRegister(&we, waiter.EventIn)
defer c.WQ.EventUnregister(&we)
// The following tests ensure that TS option once enabled behaves
// correctly as described in
// https://tools.ietf.org/html/rfc7323#section-4.3.
//
// We are not testing delayed ACKs here, but we do test out of order
// packet delivery and filling the sequence number hole created due to
// the out of order packet.
//
// The test also verifies that the sequence numbers and timestamps are
// as expected.
data := []byte{1, 2, 3}
// First we increment tsVal by a small amount.
tsVal := rep.TSVal + 100
rep.SendPacketWithTS(data, tsVal)
rep.VerifyACKWithTS(tsVal)
// Next we send an out of order packet.
rep.NextSeqNum += 3
tsVal += 200
rep.SendPacketWithTS(data, tsVal)
// The ACK should contain the original sequenceNumber and an older TS.
rep.NextSeqNum -= 6
rep.VerifyACKWithTS(tsVal - 200)
// Next we fill the hole and the returned ACK should contain the
// cumulative sequence number acking all data sent till now and have the
// latest timestamp sent below in its TSEcr field.
tsVal -= 100
rep.SendPacketWithTS(data, tsVal)
rep.NextSeqNum += 3
rep.VerifyACKWithTS(tsVal)
// Increment tsVal by a large value that doesn't result in a wrap around.
tsVal += 0x7fffffff
rep.SendPacketWithTS(data, tsVal)
rep.VerifyACKWithTS(tsVal)
// Increment tsVal again by a large value which should cause the
// timestamp value to wrap around. The returned ACK should contain the
// wrapped around timestamp in its tsEcr field and not the tsVal from
// the previous packet sent above.
tsVal += 0x7fffffff
rep.SendPacketWithTS(data, tsVal)
rep.VerifyACKWithTS(tsVal)
select {
case <-ch:
case <-time.After(1 * time.Second):
t.Fatalf("Timed out waiting for data to arrive")
}
// There should be 5 views to read and each of them should
// contain the same data.
for i := 0; i < 5; i++ {
got, _, err := c.EP.Read(nil)
if err != nil {
t.Fatalf("Unexpected error from Read: %v", err)
}
if want := data; bytes.Compare(got, want) != 0 {
t.Fatalf("Data is different: got: %v, want: %v", got, want)
}
}
}
// TestTimeStampDisabledConnect tests that netstack sends timestamp option on an
// active connect but if the SYN-ACK doesn't specify the TS option then
// timestamp option is not enabled and future packets do not contain a
// timestamp.
func TestTimeStampDisabledConnect(t *testing.T) {
c := context.New(t, defaultMTU)
defer c.Cleanup()
c.CreateConnectedWithOptions(header.TCPSynOptions{})
}
func timeStampEnabledAccept(t *testing.T, cookieEnabled bool, wndScale int, wndSize uint16) {
savedSynCountThreshold := tcp.SynRcvdCountThreshold
defer func() {
tcp.SynRcvdCountThreshold = savedSynCountThreshold
}()
if cookieEnabled {
tcp.SynRcvdCountThreshold = 0
}
c := context.New(t, defaultMTU)
defer c.Cleanup()
t.Logf("Test w/ CookieEnabled = %v", cookieEnabled)
tsVal := rand.Uint32()
c.AcceptWithOptions(wndScale, header.TCPSynOptions{MSS: defaultIPv4MSS, TS: true, TSVal: tsVal})
// Now send some data and validate that timestamp is echoed correctly in the ACK.
data := []byte{1, 2, 3}
view := buffer.NewView(len(data))
copy(view, data)
if _, _, err := c.EP.Write(tcpip.SlicePayload(view), tcpip.WriteOptions{}); err != nil {
t.Fatalf("Unexpected error from Write: %v", err)
}
// Check that data is received and that the timestamp option TSEcr field
// matches the expected value.
b := c.GetPacket()
checker.IPv4(t, b,
// Add 12 bytes for the timestamp option + 2 NOPs to align at 4
// byte boundary.
checker.PayloadLen(len(data)+header.TCPMinimumSize+12),
checker.TCP(
checker.DstPort(context.TestPort),
checker.SeqNum(uint32(c.IRS)+1),
checker.AckNum(790),
checker.Window(wndSize),
checker.TCPFlagsMatch(header.TCPFlagAck, ^uint8(header.TCPFlagPsh)),
checker.TCPTimestampChecker(true, 0, tsVal+1),
),
)
}
// TestTimeStampEnabledAccept tests that if the SYN on a passive connect
// specifies the Timestamp option then the Timestamp option is sent on a SYN-ACK
// and echoes the tsVal field of the original SYN in the tcEcr field of the
// SYN-ACK. We cover the cases where SYN cookies are enabled/disabled and verify
// that Timestamp option is enabled in both cases if requested in the original
// SYN.
func TestTimeStampEnabledAccept(t *testing.T) {
testCases := []struct {
cookieEnabled bool
wndScale int
wndSize uint16
}{
{true, -1, 0xffff}, // When cookie is used window scaling is disabled.
{false, 5, 0x8000}, // 0x8000 * 2^5 = 1<<20 = 1MB window (the default).
}
for _, tc := range testCases {
timeStampEnabledAccept(t, tc.cookieEnabled, tc.wndScale, tc.wndSize)
}
}
func timeStampDisabledAccept(t *testing.T, cookieEnabled bool, wndScale int, wndSize uint16) {
savedSynCountThreshold := tcp.SynRcvdCountThreshold
defer func() {
tcp.SynRcvdCountThreshold = savedSynCountThreshold
}()
if cookieEnabled {
tcp.SynRcvdCountThreshold = 0
}
c := context.New(t, defaultMTU)
defer c.Cleanup()
t.Logf("Test w/ CookieEnabled = %v", cookieEnabled)
c.AcceptWithOptions(wndScale, header.TCPSynOptions{MSS: defaultIPv4MSS})
// Now send some data with the accepted connection endpoint and validate
// that no timestamp option is sent in the TCP segment.
data := []byte{1, 2, 3}
view := buffer.NewView(len(data))
copy(view, data)
if _, _, err := c.EP.Write(tcpip.SlicePayload(view), tcpip.WriteOptions{}); err != nil {
t.Fatalf("Unexpected error from Write: %v", err)
}
// Check that data is received and that the timestamp option is disabled
// when SYN cookies are enabled/disabled.
b := c.GetPacket()
checker.IPv4(t, b,
checker.PayloadLen(len(data)+header.TCPMinimumSize),
checker.TCP(
checker.DstPort(context.TestPort),
checker.SeqNum(uint32(c.IRS)+1),
checker.AckNum(790),
checker.Window(wndSize),
checker.TCPFlagsMatch(header.TCPFlagAck, ^uint8(header.TCPFlagPsh)),
checker.TCPTimestampChecker(false, 0, 0),
),
)
}
// TestTimeStampDisabledAccept tests that Timestamp option is not used when the
// peer doesn't advertise it and connection is established with Accept().
func TestTimeStampDisabledAccept(t *testing.T) {
testCases := []struct {
cookieEnabled bool
wndScale int
wndSize uint16
}{
{true, -1, 0xffff}, // When cookie is used window scaling is disabled.
{false, 5, 0x8000}, // 0x8000 * 2^5 = 1<<20 = 1MB window (the default).
}
for _, tc := range testCases {
timeStampDisabledAccept(t, tc.cookieEnabled, tc.wndScale, tc.wndSize)
}
}
func TestSendGreaterThanMTUWithOptions(t *testing.T) {
const maxPayload = 100
c := context.New(t, uint32(header.TCPMinimumSize+header.IPv4MinimumSize+maxPayload))
defer c.Cleanup()
createConnectedWithTimestampOption(c)
testBrokenUpWrite(t, c, maxPayload)
}
func TestSegmentDropWhenTimestampMissing(t *testing.T) {
const maxPayload = 100
c := context.New(t, uint32(header.TCPMinimumSize+header.IPv4MinimumSize+maxPayload))
defer c.Cleanup()
rep := createConnectedWithTimestampOption(c)
// Register for read.
we, ch := waiter.NewChannelEntry(nil)
c.WQ.EventRegister(&we, waiter.EventIn)
defer c.WQ.EventUnregister(&we)
droppedPacketsStat := c.Stack().Stats().DroppedPackets
droppedPackets := droppedPacketsStat.Value()
data := []byte{1, 2, 3}
// Save the sequence number as we will reset it later down
// in the test.
savedSeqNum := rep.NextSeqNum
rep.SendPacket(data, nil)
select {
case <-ch:
t.Fatalf("Got data to read when we expect packet to be dropped")
case <-time.After(1 * time.Second):
// We expect that no data will be available to read.
}
// Assert that DroppedPackets was incremented by 1.
if got, want := droppedPacketsStat.Value(), droppedPackets+1; got != want {
t.Fatalf("incorrect number of dropped packets, got: %v, want: %v", got, want)
}
droppedPackets = droppedPacketsStat.Value()
// Reset the sequence number so that the other endpoint accepts
// this segment and does not treat it like an out of order delivery.
rep.NextSeqNum = savedSeqNum
// Now send a packet with timestamp and we should get the data.
rep.SendPacketWithTS(data, rep.TSVal+1)
select {
case <-ch:
case <-time.After(1 * time.Second):
t.Fatalf("Timed out waiting for data to arrive")
}
// Assert that DroppedPackets was not incremented by 1.
if got, want := droppedPacketsStat.Value(), droppedPackets; got != want {
t.Fatalf("incorrect number of dropped packets, got: %v, want: %v", got, want)
}
// Issue a read and we should data.
got, _, err := c.EP.Read(nil)
if err != nil {
t.Fatalf("Unexpected error from Read: %v", err)
}
if want := data; bytes.Compare(got, want) != 0 {
t.Fatalf("Data is different: got: %v, want: %v", got, want)
}
}
|