about summary refs log tree commit diff
path: root/support
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2017-07-05 12:53:14 +0200
committerFlorian Weimer <fweimer@redhat.com>2017-07-05 19:04:39 +0200
commit76637a921f5d657998aa9a06981bf8a062ffd497 (patch)
tree11f2497f7d2b3a6f70a09f9d90f977e63cdac5be /support
parent97e7b6aa422d0bcfebefba591a3a9b8f883916e1 (diff)
downloadglibc-76637a921f5d657998aa9a06981bf8a062ffd497.tar.gz
glibc-76637a921f5d657998aa9a06981bf8a062ffd497.tar.xz
glibc-76637a921f5d657998aa9a06981bf8a062ffd497.zip
support: Check isolation of loopback addresses in tst-support-namespace
Diffstat (limited to 'support')
-rw-r--r--support/tst-support-namespace.c84
1 files changed, 82 insertions, 2 deletions
diff --git a/support/tst-support-namespace.c b/support/tst-support-namespace.c
index a50b074f5e..dbe7cc07c8 100644
--- a/support/tst-support-namespace.c
+++ b/support/tst-support-namespace.c
@@ -16,18 +16,98 @@
    License along with the GNU C Library; if not, see
    <http://www.gnu.org/licenses/>.  */
 
+#include <errno.h>
+#include <netdb.h>
 #include <stdio.h>
+#include <support/check.h>
 #include <support/namespace.h>
+#include <support/xsocket.h>
+#include <support/xunistd.h>
+
+/* Check that the loopback interface provides multiple addresses which
+   can be used to run independent servers.  */
+static void
+test_localhost_bind (void)
+{
+  printf ("info: testing loopback interface with multiple addresses\n");
+
+  /* Create the two server addresses.  */
+  static const struct addrinfo hints =
+    {
+      .ai_family = AF_INET,
+      .ai_socktype = SOCK_DGRAM,
+      .ai_protocol = IPPROTO_UDP,
+    };
+  struct addrinfo *ai[3];
+  TEST_VERIFY_EXIT (getaddrinfo ("127.0.0.1", "53", &hints, ai + 0) == 0);
+  TEST_VERIFY_EXIT (getaddrinfo ("127.0.0.2", "53", &hints, ai + 1) == 0);
+  TEST_VERIFY_EXIT (getaddrinfo ("127.0.0.3", "53", &hints, ai + 2) == 0);
+
+  /* Create the server scokets and bind them to these addresses.  */
+  int sockets[3];
+  for (int i = 0; i < 3; ++i)
+    {
+      sockets[i] = xsocket
+        (ai[i]->ai_family, ai[i]->ai_socktype, ai[i]->ai_protocol);
+      xbind (sockets[i], ai[i]->ai_addr, ai[i]->ai_addrlen);
+    }
+
+  /* Send two packets to each server.  */
+  int client = xsocket (AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+  for (int i = 0; i < 3; ++i)
+    {
+      TEST_VERIFY (sendto (client, &i, sizeof (i), 0,
+                           ai[i]->ai_addr, ai[i]->ai_addrlen) == sizeof (i));
+      int j = i + 256;
+      TEST_VERIFY (sendto (client, &j, sizeof (j), 0,
+                           ai[i]->ai_addr, ai[i]->ai_addrlen) == sizeof (j));
+    }
+
+  /* Check that the packets can be received with the expected
+     contents.  Note that the receive calls interleave differently,
+     which hopefully proves that the sockets are, indeed,
+     independent.  */
+  for (int i = 0; i < 3; ++i)
+    {
+      int buf;
+      TEST_VERIFY (recv (sockets[i], &buf, sizeof (buf), 0) == sizeof (buf));
+      TEST_VERIFY (buf == i);
+    }
+  for (int i = 0; i < 3; ++i)
+    {
+      int buf;
+      TEST_VERIFY (recv (sockets[i], &buf, sizeof (buf), 0) == sizeof (buf));
+      TEST_VERIFY (buf == i + 256);
+      /* Check that there is no more data to receive.  */
+      TEST_VERIFY (recv (sockets[i], &buf, sizeof (buf), MSG_DONTWAIT) == -1);
+      TEST_VERIFY (errno == EWOULDBLOCK || errno == EAGAIN);
+    }
+
+  /* Close all sockets and free the addresses.  */
+  for (int i = 0; i < 3; ++i)
+    {
+      freeaddrinfo (ai[i]);
+      xclose (sockets[i]);
+    }
+  xclose (client);
+}
+
 
 static int
 do_test (void)
 {
-  if (support_become_root ())
+  bool root = support_become_root ();
+  if (root)
     printf ("info: acquired root-like privileges\n");
-  if (support_enter_network_namespace ())
+  bool netns = support_enter_network_namespace ();
+  if (netns)
     printf ("info: entered network namespace\n");
   if (support_in_uts_namespace ())
     printf ("info: also entered UTS namespace\n");
+
+  if (root && netns)
+    test_localhost_bind ();
+
   return 0;
 }