test: add self talk test using AF_INET socket

[toidiu]

Description of changes:

socket man page: https://man7.org/linux/man-pages/man2/socket.2.html

Our self talk test use AF_UNIX, which is a local link. This PR adds a self_talk test which uses AF_INET (ipv4 protocols). Using AF_INET is going to be necessary to test kTLS functionality since its not possible to enable kTLS for a AF_UNIX socket.

Testing:

self talk test

Is this a refactor change? If so, how have you proved that the intended behavior hasn't changed?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[toidiu]

OpenBSD fails with. Thinking that this is because we run the test in a OpenBSD VM rather than an actual instance. Planning to ignore running the test on that platform to get around this.

 154/233 Test #154: s2n_self_talk_inet_socket_test ...................***Timeout 1500.14 sec
  FAILED test 8
  !(((connect(fd, (struct sockaddr *) &saddr, addrlen))) == (-1)) is not true  (/Users/runner/work/s2n-tls/s2n-tls/tests/unit/s2n_self_talk_inet_socket_test.c:167)
  Error Message: 'Unimplemented feature'
   Debug String: 'Error encountered in /Users/runner/work/s2n-tls/s2n-tls/error/s2n_errno.c:465'
   System Error: Invalid argument (22)

[toidiu]

fix applied in ffc9b52

OpenBSD fails with. Thinking that this is because we run the test in a OpenBSD VM rather than an actual instance. Planning to ignore running the test on that platform to get around this.

 154/233 Test #154: s2n_self_talk_inet_socket_test ...................***Timeout 1500.14 sec
  FAILED test 8
  !(((connect(fd, (struct sockaddr *) &saddr, addrlen))) == (-1)) is not true  (/Users/runner/work/s2n-tls/s2n-tls/tests/unit/s2n_self_talk_inet_socket_test.c:167)
  Error Message: 'Unimplemented feature'
   Debug String: 'Error encountered in /Users/runner/work/s2n-tls/s2n-tls/error/s2n_errno.c:465'
   System Error: Invalid argument (22)

OpenBSD was failing due the use of INADDR_ANY (network ip). Using INADDR_LOOPBACK 4007dbc fixes the issue but it causes MacOS/FreeBSD to fail (which is why I was using INADDR_ANY).

https://stackoverflow.com/a/34042435 describers the issue in MacOS. To get around this I am going to define the value myself. This is safe because the hex value 0x7f000001 translates to 127.0.0.1 so its a literal conversion and there is no magic translation going on.

#define S2N_TEST_INADDR_LOOPBACK 0x7f000001 /* 127.0.0.1 */

[maddeleine]

Isn't this function only used to see if blinding was invoked? I'm not sure why you'd check it before actually attempting a connection.

[toidiu]

it was a sanity check for myself when writing the test. The previous version with NON_BLOCKING sockets and sleeps required this. I can remove it.

[maddeleine]

Suggested change

	char send_buffer[1] = { 0 };
	char send_buffer[] = { 0 };

Nit: In C you don't need to specify how large the buffer is if you're initializing it with elements.

[maddeleine]

I'm not exactly sure what the point of this test is. You seem to be testing that you can negotiate and send/recv data on a special socket? But I'm not sure why that needs to be tested. Maybe you could add a comment explaining the purpose of this test, as it's not obvious to me.
Are we planning on adding more to this test in the future?

[toidiu]

I mention the reason for this in the PR description. I dont want to add that in the code because this test really has nothing to do with kTLS (it just established the base case).

Adding comments about kTLS is confusing because we could add tests similar to this that dont deal with kTLS. The only special thing about this test is that it uses a AF_INET socket. Thats actually huge because thats what our customers use.

[lrstewart]

If the test has nothing to do with kTLS, then we should have a comment describing what it's testing without mentioning kTLS.

[maddeleine]

Yeah, to me it doesn't really look like you're testing s2n here. It looks like you're testing the INET domain, which isn't really related to s2n. Is the point of this test to get a technique/method in place so that you can test KTLS in the future?

[harrisonkaiser]

I'm uncertain, but I thought we moved away from using explicit forks in our tests. -- Although I'm not sure what they got replaced with.

[lrstewart]

They were replaced with s2n_negotiate_test_server_and_client + non-blocking io sockets or stuffers. You use forks if both sides need to be talking at the same time. If they're going to alternate talking, you don't need forks.

[lrstewart]

Talked to Apoorv offline: he DOES need both sides talking at the same time for the socket listen/connect part. But I wonder if we can isolate just that part with threads or something so that we can otherwise keep everything in the same process?

[harrisonkaiser]

Can't these just use EXPECT_EQ? Why call memcmp to compare a single byte?

[lrstewart]

If this test isn't explicitly for ktls, I'm not sure I understand its purpose. If it is for ktls, then you're likely going to want multiple self-talk tests, and you're likely going to want non-blocking IO. This test won't work for either of those cases.

Maybe what you want is a version of s2n_test_io_pair that uses an AF_INET socket.

[lrstewart]

This model is fine for a one-off test, but it makes writing self-talk tests extremely difficult. You've got a single self-talk test in this whole file :) I would strongly suggest looking into getting this working with s2n_negotiate_test_server_and_client.

[lrstewart]

This works because you're using blocking sockets. If you were using non-blocking sockets, it would be possible for s2n_negotiate to fail with S2N_ERR_IO_BLOCKING and you'd need to handle that.

[toidiu]

spoke offline and while we will eventually want a INET enabled socket, we will only want it to test kTLS. So I am closing this PR until kTLS is complete and testable

[toidiu]

To keep the context and conclusion in one place: #3807 (comment)

Talked to Apoorv offline: he DOES need both sides talking at the same time for the socket listen/connect part. But I wonder if we can isolate just that part with threads or something so that we can otherwise keep everything in the same process?

The current testing strategy(fork) is too verbose and the reason why we moved away from it. Condensing the setup into a setup function and then only including the testing functionality in the test is what we want ideally.

[toidiu]

Continuing this in #4075