Re: [Qemu-block] [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode

[Eric Blake]

On 11/16/18 11:20 AM, Eric Blake wrote:
> On 11/16/18 9:53 AM, Daniel P. Berrangé wrote:
> > Add tests that validate it is possible to connect to an NBD server
> > running TLS mode. Also test mis-matched TLS vs non-TLS connections
> > correctly fail.
> > ---

> > +== check TLS client to plain server fails ==
> > +option negotiation failed: read failed: Unexpected end-of-file before 
> > all bytes were read
>
> Annoying message; I wonder if we can clean that up. But not this patch's 
> problem.

Actually, I tracked this message down to using socat (which actually 
connects and then abruptly exits) when probing whether the socket is up 
and listening.  That is, the message is being produced as a side effect 
of nbd_server_wait_for_tcp_socket rather than during the actual 
$QEMU_IMG command we are interested in testing.


> >   nbd_pid_file="${TEST_DIR}/qemu-nbd.pid"
> >   function nbd_server_stop()
> > @@ -62,3 +63,49 @@ function nbd_server_start_unix_socket()
> >       $QEMU_NBD -v -t -k "$nbd_unix_socket" $@ &
> >       nbd_server_wait_for_unix_socket $!
> >   }
> > +
> > +function nbd_server_set_tcp_port()
> > +{
> > +    for port in `seq 10809 10909`
> > +    do
> > +    socat TCP:$nbd_tcp_addr:$port STDIO < /dev/null 1>/dev/null 2>&1
>
> This is the first use of socat in iotests.  Might not be the most 
> portable, but I don't know if I have better ideas. 
> nbdkit.git/tests/test-ip.sh greps the output of 'ss -ltn' to locate free 
> ports, but I don't know if ss is any better than socat.

So, I'm planning to squash this in, to use ss instead of socat, as follows:

diff --git i/tests/qemu-iotests/common.nbd w/tests/qemu-iotests/common.nbd
index 0483ea7c55a..d73af285abd 100644
--- i/tests/qemu-iotests/common.nbd
+++ w/tests/qemu-iotests/common.nbd
@@ -66,12 +66,12 @@ function nbd_server_start_unix_socket()

 function nbd_server_set_tcp_port()
 {
-    for port in `seq 10809 10909`
+    (ss --help) >/dev/null 2>&1 || _notrun "ss utility not found, 
skipping test"
+
+    for ((port = 10809; port <= 10909; port++))
     do
-       socat TCP:$nbd_tcp_addr:$port STDIO < /dev/null 1>/dev/null 2>&1
-        if test $? != 0
-       then
-           nbd_tcp_port=$port
+        if ! ss -tln | grep -sqE ":$port\b"; then
+            nbd_tcp_port=$port
             return
         fi
     done
@@ -86,9 +86,7 @@ function nbd_server_wait_for_tcp_socket()

     for ((i = 0; i < 300; i++))
     do
-        socat TCP:localhost:$nbd_tcp_port STDIO < /dev/null 1>/dev/null 
2>&1
-        if test $? == 0
-       then
+        if ss -tln | grep -sqE ":$nbd_tcp_port\b"; then
             return
         fi
         kill -s 0 $pid 2>/dev/null
diff --git i/tests/qemu-iotests/233.out w/tests/qemu-iotests/233.out
index eaa410c2703..eb4077f9fd7 100644
--- i/tests/qemu-iotests/233.out
+++ w/tests/qemu-iotests/233.out
@@ -11,12 +11,10 @@ Generating a signed certificate...
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864

 == check TLS client to plain server fails ==
-option negotiation failed: read failed: Unexpected end-of-file before 
all bytes were read
 qemu-img: Could not open 
'driver=nbd,host=127.0.0.1,port=10809,tls-creds=tls0': Denied by server 
for option 5 (starttls)
 server reported: TLS not configured

 == check plain client to TLS server fails ==
-option negotiation failed: read failed: Unexpected end-of-file before 
all bytes were read
 qemu-img: Could not open 'nbd://localhost:10809': TLS negotiation 
required before option 8 (structured reply)
 server reported: Option 0x8 not permitted before TLS
 write failed (error message): Unable to write to socket: Broken pipe


Also, you have to sanitize 233.out to change 10809 into PORT, so the 
test can still pass when it picked a different port.

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org