Logging: TCP Fast Open

10 files changed, 103 insertions, 199 deletions

diff --git a/test/confs/1990 b/test/confs/1990
new file mode 100644
index 000000000..4c2bdc29d
--- /dev/null
+++ b/test/confs/1990
@@ -0,0 +1,48 @@
+# Exim test configuration 1990
+# TCP Fast Open
+
+SERVER=
+
+.include DIR/aux-var/std_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept
+log_selector = +received_recipients +millisec
+
+# ----- Routers -----
+
+begin routers
+
+server:
+  driver = redirect
+  condition = ${if eq {SERVER}{server} {yes}{no}}
+  data = :blackhole:
+
+client:
+  driver = accept
+  condition = ${if eq {SERVER}{server}{no}{yes}}
+  transport = send_to_server
+
+
+# ----- Transports -----
+
+begin transports
+
+send_to_server:
+  driver = smtp
+  allow_localhost
+  hosts = 127.0.0.1
+  port = PORT_D
+  hosts_try_fastopen = *
+
+# ----- Retry -----
+
+begin retry
+
+* * F,5d,10s
+
+
+# End
diff --git a/test/confs/2052 b/test/confs/2052
deleted file mode 100644
index fd1f4d1c0..000000000
--- a/test/confs/2052
+++ /dev/null
@@ -1,67 +0,0 @@
-# Exim test configuration 2052
-# as per 2000 but with TCP Fast Open
-
-SERVER=
-
-.include DIR/aux-var/tls_conf_prefix
-
-primary_hostname = myhost.test.ex
-
-# ----- Main settings -----
-
-acl_smtp_rcpt = accept
-
-log_selector =  +tls_peerdn
-
-queue_only
-queue_run_in_order
-
-tls_advertise_hosts = *
-# needed to force generation
-tls_dhparam = historic
-
-# Set certificate only if server
-
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-
-tls_verify_hosts = *
-tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail}
-
-
-# ----- Routers -----
-
-begin routers
-
-client:
-  driver = accept
-  condition = ${if eq {SERVER}{server}{no}{yes}}
-  retry_use_local_part
-  transport = send_to_server
-
-
-# ----- Transports -----
-
-begin transports
-
-send_to_server:
-  driver = smtp
-  allow_localhost
-  hosts = 127.0.0.1
-  port = PORT_D
-  hosts_try_fastopen = *
-  tls_certificate = DIR/aux-fixed/cert2
-  tls_privatekey = DIR/aux-fixed/cert2
-  tls_verify_certificates = DIR/aux-fixed/cert2
-  tls_try_verify_hosts =
-
-
-# ----- Retry -----
-
-
-begin retry
-
-* * F,5d,10s
-
-
-# End
diff --git a/test/confs/2152 b/test/confs/2152
deleted file mode 100644
index a8b6c15f1..000000000
--- a/test/confs/2152
+++ /dev/null
@@ -1,68 +0,0 @@
-# Exim test configuration 2152
-# as per 2100 but with TCP Fast Open
-
-SERVER=
-
-.include DIR/aux-var/tls_conf_prefix
-
-primary_hostname = myhost.test.ex
-
-.ifdef _HAVE_TLS
-# that was purely to trigger the lazy-create of builtin macros
-.endif
-# ----- Main settings -----
-
-acl_smtp_rcpt = accept
-
-log_selector =  +tls_peerdn
-
-queue_only
-queue_run_in_order
-
-tls_advertise_hosts = *
-
-# Set certificate only if server
-
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-
-tls_verify_hosts = *
-tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail}
-
-
-# ----- Routers -----
-
-begin routers
-
-client:
-  driver = accept
-  condition = ${if eq {SERVER}{server}{no}{yes}}
-  retry_use_local_part
-  transport = send_to_server
-
-
-# ----- Transports -----
-
-begin transports
-
-send_to_server:
-  driver = smtp
-  allow_localhost
-  hosts = 127.0.0.1
-  port = PORT_D
-  hosts_try_fastopen = *
-  tls_certificate = DIR/aux-fixed/cert2
-  tls_privatekey = DIR/aux-fixed/cert2
-  tls_verify_certificates = DIR/aux-fixed/cert2
-  tls_try_verify_hosts = :
-
-
-# ----- Retry -----
-
-
-begin retry
-
-* * F,5d,10s
-
-
-# End
diff --git a/test/log/1990 b/test/log/1990
new file mode 100644
index 000000000..36a7a56b6
--- /dev/null
+++ b/test/log/1990
@@ -0,0 +1,15 @@
+2017-07-30 18:51:05.712 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for a@test.ex
+2017-07-30 18:51:05.712 10HmaX-0005vi-00 => a@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+2017-07-30 18:51:05.712 10HmaX-0005vi-00 Completed
+2017-07-30 18:51:05.712 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for b@test.ex
+2017-07-30 18:51:05.712 10HmaZ-0005vi-00 => b@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] TFO C="250 OK id=10HmbA-0005vi-00"
+2017-07-30 18:51:05.712 10HmaZ-0005vi-00 Completed
+
+******** SERVER ********
+2017-07-30 18:51:05.712 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+2017-07-30 18:51:05.712 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex for a@test.ex
+2017-07-30 18:51:05.712 10HmaY-0005vi-00 => :blackhole: <a@test.ex> R=server
+2017-07-30 18:51:05.712 10HmaY-0005vi-00 Completed
+2017-07-30 18:51:05.712 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] TFO P=esmtp S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for b@test.ex
+2017-07-30 18:51:05.712 10HmbA-0005vi-00 => :blackhole: <b@test.ex> R=server
+2017-07-30 18:51:05.712 10HmbA-0005vi-00 Completed
diff --git a/test/log/2052 b/test/log/2052
deleted file mode 100644
index 04c72f5eb..000000000
--- a/test/log/2052
+++ /dev/null
@@ -1,12 +0,0 @@
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (certificate verification failed): certificate invalid: delivering unencrypted to H=127.0.0.1 [127.0.0.1] (not in hosts_require_tls)
-1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
-1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 End queue run: pid=pppp -qf
-
-******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad
-1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (send): The specified session has been invalidated for some reason.
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex
diff --git a/test/log/2152 b/test/log/2152
deleted file mode 100644
index 1ed6351ff..000000000
--- a/test/log/2152
+++ /dev/null
@@ -1,9 +0,0 @@
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
-1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 End queue run: pid=pppp -qf
-
-******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmaX-0005vi-00@myhost.test.ex
diff --git a/test/scripts/1990-TCP-Fast-Open/1990 b/test/scripts/1990-TCP-Fast-Open/1990
new file mode 100644
index 000000000..47b77af0e
--- /dev/null
+++ b/test/scripts/1990-TCP-Fast-Open/1990
@@ -0,0 +1,39 @@
+# TCP Fast Open
+#
+# Linux:
+# Both server and client-side TFO support must be enabled in the
+# kernel, 'sudo sh -c "echo 3 > /proc/sys/net/ipv4/tcp_fastopen"'.
+#
+# A packet capture on the loopback interface will show the TFO
+# option on the SYN, but the fast-output SMTP banner will not
+# be seen unless you also deliberately emulate a long path:
+# 'sudo tc qdisc add dev lo root netem delay 100ms'
+#
+# First time runs will see a TFO request option only; subsequent
+# ones should see the TFO cookie and fast-output SMTP banner
+# (currently on a separate packet after the server SYN,ACK but before
+# the client ACK).
+#
+# The log <= line should have a "TFO" element.
+#
+# If the client-side is disabled in the kernel, Exim logs
+# will become noisy.
+#
+#
+# FreeBSD: it looks like you have to compile a custom kernel, with
+# 'options TCP_RFC7413' in the config.  Also set
+# 'net.inet.tcp.fastopen.enabled=1' in /etc/sysctl.conf
+# Untested.
+#
+exim -DSERVER=server -bd -oX PORT_D
+****
+exim a@test.ex
+Testing
+****
+sleep 3
+exim b@test.ex
+Testing
+****
+sleep 3
+killdaemon
+no_msglog_check
diff --git a/test/scripts/1990-TCP-Fast-Open/REQUIRES b/test/scripts/1990-TCP-Fast-Open/REQUIRES
new file mode 100644
index 000000000..48cd58b67
--- /dev/null
+++ b/test/scripts/1990-TCP-Fast-Open/REQUIRES
@@ -0,0 +1 @@
+support TCP_Fast_Open
diff --git a/test/scripts/2000-GnuTLS/2052 b/test/scripts/2000-GnuTLS/2052
deleted file mode 100644
index fa76b4849..000000000
--- a/test/scripts/2000-GnuTLS/2052
+++ /dev/null
@@ -1,22 +0,0 @@
-# TLS client: TLS setup fails - retry in clear (with fastopen)
-#
-# If all works you'll not see any difference.  To enable in the
-# kernel, 'sudo sh -c "echo 3 > /proc/sys/net/ipv4/tcp_fastopen"'.
-# A packet capture on the loopback interface will show the TFU
-# option on the SYN, but the fast-output SMTP banner will not
-# be seen unless you also deliberately emulate a long path:
-# 'sudo tc qdisc add dev lo root netem delay 100ms'
-#
-# If the client-side is disabled in the kernel, Exim logs
-# will become noisy.
-#
-gnutls
-exim -DSERVER=server -bd -oX PORT_D
-****
-exim CALLER@test.ex
-Testing
-****
-exim -qf
-****
-killdaemon
-no_msglog_check
diff --git a/test/scripts/2100-OpenSSL/2152 b/test/scripts/2100-OpenSSL/2152
deleted file mode 100644
index 12a482a93..000000000
--- a/test/scripts/2100-OpenSSL/2152
+++ /dev/null
@@ -1,21 +0,0 @@
-# TLS client: TLS setup fails - retry in clear (with fastopen)
-#
-# If all works you'll not see any difference.  To enable in the
-# kernel, 'sudo sh -c "echo 3 > /proc/sys/net/ipv4/tcp_fastopen"'.
-# A packet capture on the loopback interface will show the TFO
-# option on the SYN, but the fast-output SMTP banner will not
-# be seen unless you also deliberately emulate a long path:
-# 'sudo tc qdisc add dev lo root netem delay 100ms'
-#
-# If the client-side is disabled in the kernel, Exim logs
-# will become noisy.
-#
-exim -DSERVER=server -bd -oX PORT_D
-****
-exim CALLER@test.ex
-Testing
-****
-exim -qf
-****
-killdaemon
-no_msglog_check