From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 7 Feb 2024 14:08:22 +0000 (+0100)
Subject: test: add a simple test for MaxConnectionsPerSocket=
X-Git-Tag: v256-rc1~896^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F31242%2Fhead;p=thirdparty%2Fsystemd.git

test: add a simple test for MaxConnectionsPerSocket=
---

diff --git a/test/units/testsuite-74.socket.sh b/test/units/testsuite-74.socket.sh
new file mode 100755
index 00000000000..b9f0e828997
--- /dev/null
+++ b/test/units/testsuite-74.socket.sh
@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# shellcheck disable=SC2016
+set -eux
+set -o pipefail
+
+# shellcheck source=test/units/util.sh
+. "$(dirname "$0")"/util.sh
+
+at_exit() {
+    systemctl stop per-source-limit.socket
+    rm -f /run/systemd/system/per-source-limit.socket /run/systemd/system/per-source-limit@.service
+    rm -f /tmp/foo.conn1 /tmp/foo.conn2 /tmp/foo.conn3 /tmp/foo.conn4
+    systemctl daemon-reload
+}
+
+trap at_exit EXIT
+
+cat > /run/systemd/system/per-source-limit.socket <<EOF
+[Socket]
+ListenStream=/run/per-source-limit.sk
+MaxConnectionsPerSource=2
+Accept=yes
+EOF
+
+cat > /run/systemd/system/per-source-limit@.service <<EOF
+[Unit]
+BindsTo=per-source-limit.socket
+After=per-source-limit.socket
+
+[Service]
+ExecStartPre=echo waldo
+ExecStart=sleep infinity
+StandardOutput=socket
+EOF
+
+systemctl daemon-reload
+systemctl start per-source-limit.socket
+
+# So these two should take up the first two connection slots
+socat - UNIX-CONNECT:/run/per-source-limit.sk > /tmp/foo.conn1 &
+J1="$!"
+socat - UNIX-CONNECT:/run/per-source-limit.sk > /tmp/foo.conn2 &
+J2="$!"
+
+waitfor() {
+    while ! grep -q "waldo" "$1" ; do
+        sleep .2
+    done
+}
+
+# Wait until the word "waldo" shows in the output files
+waitfor /tmp/foo.conn1
+waitfor /tmp/foo.conn2
+
+# The next connection should fail, because the limit is hit
+socat - UNIX-CONNECT:/run/per-source-limit.sk > /tmp/foo.conn3 &
+J3="$!"
+
+# But this one should work, because done under a differen UID
+setpriv --reuid=1 socat - UNIX-CONNECT:/run/per-source-limit.sk > /tmp/foo.conn4 &
+J4="$!"
+
+waitfor /tmp/foo.conn4
+
+# The third job should fail quickly, wait for it
+wait "$J3"
+
+# The other jobs will hang forever, since we run "sleep infinity" on the server side. Let's kill the jobs now.
+kill "$J1"
+kill "$J2"
+kill "$J4"
+
+# The 3rd connection should not have seen "waldo", since it should have been refused too early
+(! grep -q "waldo" /tmp/foo.conn3 )