From fb05276aaee4c27b6f20fb1f32290ee40a929064 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 21 Oct 2016 00:26:14 +0100 Subject: TCP Fast Open --- test/confs/2052 | 67 +++++++++++++++++++++++++++++++++++++++++ test/confs/2152 | 68 ++++++++++++++++++++++++++++++++++++++++++ test/log/2052 | 13 ++++++++ test/log/2152 | 9 ++++++ test/scripts/2000-GnuTLS/2052 | 22 ++++++++++++++ test/scripts/2100-OpenSSL/2152 | 21 +++++++++++++ test/stderr/0388 | 6 ++-- test/stderr/0398 | 3 +- test/stderr/0432 | 9 ++++-- test/stderr/5403 | 3 +- test/stderr/5410 | 9 ++++-- test/stderr/5420 | 9 ++++-- test/stderr/5840 | 3 +- test/stdout/0572 | 1 + 14 files changed, 229 insertions(+), 14 deletions(-) create mode 100644 test/confs/2052 create mode 100644 test/confs/2152 create mode 100644 test/log/2052 create mode 100644 test/log/2152 create mode 100644 test/scripts/2000-GnuTLS/2052 create mode 100644 test/scripts/2100-OpenSSL/2152 (limited to 'test') diff --git a/test/confs/2052 b/test/confs/2052 new file mode 100644 index 000000000..fd1f4d1c0 --- /dev/null +++ b/test/confs/2052 @@ -0,0 +1,67 @@ +# Exim test configuration 2052 +# as per 2000 but with TCP Fast Open + +SERVER= + +.include DIR/aux-var/tls_conf_prefix + +primary_hostname = myhost.test.ex + +# ----- Main settings ----- + +acl_smtp_rcpt = accept + +log_selector = +tls_peerdn + +queue_only +queue_run_in_order + +tls_advertise_hosts = * +# needed to force generation +tls_dhparam = historic + +# Set certificate only if server + +tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} +tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} + +tls_verify_hosts = * +tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail} + + +# ----- Routers ----- + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + retry_use_local_part + transport = send_to_server + + +# ----- Transports ----- + +begin transports + +send_to_server: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + hosts_try_fastopen = * + tls_certificate = DIR/aux-fixed/cert2 + tls_privatekey = DIR/aux-fixed/cert2 + tls_verify_certificates = DIR/aux-fixed/cert2 + tls_try_verify_hosts = + + +# ----- Retry ----- + + +begin retry + +* * F,5d,10s + + +# End diff --git a/test/confs/2152 b/test/confs/2152 new file mode 100644 index 000000000..a8b6c15f1 --- /dev/null +++ b/test/confs/2152 @@ -0,0 +1,68 @@ +# Exim test configuration 2152 +# as per 2100 but with TCP Fast Open + +SERVER= + +.include DIR/aux-var/tls_conf_prefix + +primary_hostname = myhost.test.ex + +.ifdef _HAVE_TLS +# that was purely to trigger the lazy-create of builtin macros +.endif +# ----- Main settings ----- + +acl_smtp_rcpt = accept + +log_selector = +tls_peerdn + +queue_only +queue_run_in_order + +tls_advertise_hosts = * + +# Set certificate only if server + +tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} +tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} + +tls_verify_hosts = * +tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail} + + +# ----- Routers ----- + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + retry_use_local_part + transport = send_to_server + + +# ----- Transports ----- + +begin transports + +send_to_server: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + hosts_try_fastopen = * + tls_certificate = DIR/aux-fixed/cert2 + tls_privatekey = DIR/aux-fixed/cert2 + tls_verify_certificates = DIR/aux-fixed/cert2 + tls_try_verify_hosts = : + + +# ----- Retry ----- + + +begin retry + +* * F,5d,10s + + +# End diff --git a/test/log/2052 b/test/log/2052 new file mode 100644 index 000000000..68c88a330 --- /dev/null +++ b/test/log/2052 @@ -0,0 +1,13 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate invalid +1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) +1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qf + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (send): The specified session has been invalidated for some reason. +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex diff --git a/test/log/2152 b/test/log/2152 new file mode 100644 index 000000000..1ed6351ff --- /dev/null +++ b/test/log/2152 @@ -0,0 +1,9 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qf + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmaX-0005vi-00@myhost.test.ex diff --git a/test/scripts/2000-GnuTLS/2052 b/test/scripts/2000-GnuTLS/2052 new file mode 100644 index 000000000..fa76b4849 --- /dev/null +++ b/test/scripts/2000-GnuTLS/2052 @@ -0,0 +1,22 @@ +# TLS client: TLS setup fails - retry in clear (with fastopen) +# +# If all works you'll not see any difference. To enable in the +# kernel, 'sudo sh -c "echo 3 > /proc/sys/net/ipv4/tcp_fastopen"'. +# A packet capture on the loopback interface will show the TFU +# option on the SYN, but the fast-output SMTP banner will not +# be seen unless you also deliberately emulate a long path: +# 'sudo tc qdisc add dev lo root netem delay 100ms' +# +# If the client-side is disabled in the kernel, Exim logs +# will become noisy. +# +gnutls +exim -DSERVER=server -bd -oX PORT_D +**** +exim CALLER@test.ex +Testing +**** +exim -qf +**** +killdaemon +no_msglog_check diff --git a/test/scripts/2100-OpenSSL/2152 b/test/scripts/2100-OpenSSL/2152 new file mode 100644 index 000000000..329e42051 --- /dev/null +++ b/test/scripts/2100-OpenSSL/2152 @@ -0,0 +1,21 @@ +# TLS client: TLS setup fails - retry in clear (with fastopen) +# +# If all works you'll not see any difference. To enable in the +# kernel, 'sudo sh -c "echo 3 > /proc/sys/net/ipv4/tcp_fastopen"'. +# A packet capture on the loopback interface will show the TFU +# option on the SYN, but the fast-output SMTP banner will not +# be seen unless you also deliberately emulate a long path: +# 'sudo tc qdisc add dev lo root netem delay 100ms' +# +# If the client-side is disabled in the kernel, Exim logs +# will become noisy. +# +exim -DSERVER=server -bd -oX PORT_D +**** +exim CALLER@test.ex +Testing +**** +exim -qf +**** +killdaemon +no_msglog_check diff --git a/test/stderr/0388 b/test/stderr/0388 index 92b3f23e1..f8866380e 100644 --- a/test/stderr/0388 +++ b/test/stderr/0388 @@ -81,7 +81,8 @@ returned from EXIM_DBOPEN no retry data available 127.0.0.1 in serialize_hosts? no (option unset) set_process_info: pppp delivering 10HmaX-0005vi-00 to 127.0.0.1 [127.0.0.1] (x@y) -Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected +Connecting to 127.0.0.1 [127.0.0.1]:1224 ... 127.0.0.1 in hosts_try_fastopen? no (option unset) +connected SMTP<< 220 Server ready 127.0.0.1 in hosts_avoid_esmtp? no (option unset) SMTP>> EHLO myhost.test.ex @@ -112,7 +113,8 @@ returned from EXIM_DBOPEN no retry data available V4NET.0.0.0 in serialize_hosts? no (option unset) set_process_info: pppp delivering 10HmaX-0005vi-00 to V4NET.0.0.0 [V4NET.0.0.0] (x@y) -Connecting to V4NET.0.0.0 [V4NET.0.0.0]:1224 ... failed: Network Error +Connecting to V4NET.0.0.0 [V4NET.0.0.0]:1224 ... V4NET.0.0.0 in hosts_try_fastopen? no (option unset) +failed: Network Error LOG: MAIN H=V4NET.0.0.0 [V4NET.0.0.0] Network Error set_process_info: pppp delivering 10HmaX-0005vi-00: just tried V4NET.0.0.0 [V4NET.0.0.0] for x@y: result DEFER diff --git a/test/stderr/0398 b/test/stderr/0398 index 3e3994b99..1dcb998f7 100644 --- a/test/stderr/0398 +++ b/test/stderr/0398 @@ -129,7 +129,8 @@ dbfn_read: key=qq@remote callout cache: no address record found for qq@remote closed hints database and lockfile interface=NULL port=1224 -Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected +Connecting to 127.0.0.1 [127.0.0.1]:1224 ... 127.0.0.1 in hosts_try_fastopen? no (option unset) +connected SMTP<< 220 Server ready 127.0.0.1 in hosts_avoid_esmtp? no (option unset) SMTP>> EHLO mail.test.ex diff --git a/test/stderr/0432 b/test/stderr/0432 index 2fe0ca868..76111d5d7 100644 --- a/test/stderr/0432 +++ b/test/stderr/0432 @@ -90,7 +90,8 @@ dbfn_read: key=x@y callout cache: no address record found for x@y closed hints database and lockfile interface=NULL port=1224 -Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected +Connecting to 127.0.0.1 [127.0.0.1]:1224 ... 127.0.0.1 in hosts_try_fastopen? no (option unset) +connected SMTP<< 220 server ready 127.0.0.1 in hosts_avoid_esmtp? no (option unset) SMTP>> EHLO myhost.test.ex @@ -255,7 +256,8 @@ MUNGED: ::1 will be omitted in what follows >>> callout cache: no domain record found for b >>> callout cache: no address record found for a@b >>> interface=NULL port=1224 ->>> Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected +>>> Connecting to 127.0.0.1 [127.0.0.1]:1224 ... 127.0.0.1 in hosts_try_fastopen? no (option unset) +>>> connected >>> SMTP<< 220 server ready >>> 127.0.0.1 in hosts_avoid_esmtp? no (option unset) >>> SMTP>> EHLO myhost.test.ex @@ -300,7 +302,8 @@ MUNGED: ::1 will be omitted in what follows >>> callout cache: no domain record found for q >>> callout cache: no address record found for p1@q >>> interface=NULL port=1224 ->>> Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected +>>> Connecting to 127.0.0.1 [127.0.0.1]:1224 ... 127.0.0.1 in hosts_try_fastopen? no (option unset) +>>> connected >>> SMTP<< 220 server ready >>> 127.0.0.1 in hosts_avoid_esmtp? no (option unset) >>> SMTP>> EHLO myhost.test.ex diff --git a/test/stderr/5403 b/test/stderr/5403 index dfb5a97e4..0ae10f727 100644 --- a/test/stderr/5403 +++ b/test/stderr/5403 @@ -69,7 +69,8 @@ MUNGED: ::1 will be omitted in what follows >>> Attempting full verification using callout >>> callout cache: disabled by no_cache >>> interface=ip4.ip4.ip4.ip4 port=1224 ->>> Connecting to 127.0.0.1 [127.0.0.1]:1224 from ip4.ip4.ip4.ip4 ... connected +>>> Connecting to 127.0.0.1 [127.0.0.1]:1224 from ip4.ip4.ip4.ip4 ... 127.0.0.1 in hosts_try_fastopen? no (option unset) +>>> connected >>> SMTP<< 220 server ready >>> 127.0.0.1 in hosts_avoid_esmtp? no (option unset) >>> SMTP>> EHLO myhost.test.ex diff --git a/test/stderr/5410 b/test/stderr/5410 index 7916518b7..e7323f581 100644 --- a/test/stderr/5410 +++ b/test/stderr/5410 @@ -49,7 +49,8 @@ considering: $local_part expanding: $local_part result: userx domain.com in "*"? yes (matched "*") -Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected +Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... 127.0.0.1 in hosts_try_fastopen? no (option unset) +connected considering: $primary_hostname expanding: $primary_hostname result: myhost.test.ex @@ -313,7 +314,8 @@ considering: $local_part expanding: $local_part result: usery domain.com in "*"? yes (matched "*") -Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected +Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... 127.0.0.1 in hosts_try_fastopen? no (option unset) +connected considering: $primary_hostname expanding: $primary_hostname result: myhost.test.ex @@ -544,7 +546,8 @@ considering: $local_part expanding: $local_part result: usery domain.com in "*"? yes (matched "*") -Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected +Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... 127.0.0.1 in hosts_try_fastopen? no (option unset) +connected considering: $primary_hostname expanding: $primary_hostname result: myhost.test.ex diff --git a/test/stderr/5420 b/test/stderr/5420 index a12451575..684629e68 100644 --- a/test/stderr/5420 +++ b/test/stderr/5420 @@ -49,7 +49,8 @@ considering: $local_part expanding: $local_part result: userx domain.com in "*"? yes (matched "*") -Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected +Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... 127.0.0.1 in hosts_try_fastopen? no (option unset) +connected considering: $primary_hostname expanding: $primary_hostname result: myhost.test.ex @@ -312,7 +313,8 @@ considering: $local_part expanding: $local_part result: usery domain.com in "*"? yes (matched "*") -Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected +Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... 127.0.0.1 in hosts_try_fastopen? no (option unset) +connected considering: $primary_hostname expanding: $primary_hostname result: myhost.test.ex @@ -543,7 +545,8 @@ considering: $local_part expanding: $local_part result: usery domain.com in "*"? yes (matched "*") -Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected +Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... 127.0.0.1 in hosts_try_fastopen? no (option unset) +connected considering: $primary_hostname expanding: $primary_hostname result: myhost.test.ex diff --git a/test/stderr/5840 b/test/stderr/5840 index b4b035a29..29ca2804a 100644 --- a/test/stderr/5840 +++ b/test/stderr/5840 @@ -18,7 +18,8 @@ >>> callout cache: no domain record found for dane256ee.test.ex >>> callout cache: no address record found for CALLER@dane256ee.test.ex >>> interface=NULL port=1225 ->>> Connecting to dane256ee.test.ex [ip4.ip4.ip4.ip4]:1225 ... connected +>>> Connecting to dane256ee.test.ex [ip4.ip4.ip4.ip4]:1225 ... ip4.ip4.ip4.ip4 in hosts_try_fastopen? no (option unset) +>>> connected MUNGED: ::1 will be omitted in what follows >>> get[host|ipnode]byname[2] looked up these IP addresses: >>> name=thishost.test.ex address=127.0.0.1 diff --git a/test/stdout/0572 b/test/stdout/0572 index 12cd05b78..d50a643b4 100644 --- a/test/stdout/0572 +++ b/test/stdout/0572 @@ -58,6 +58,7 @@ no_hosts_randomize hosts_require_auth = hosts_try_auth = hosts_try_chunking = * +hosts_try_fastopen = hosts_try_prdr = * interface = ip4.ip4.ip4.ip4 keepalive -- cgit v1.2.3