diff options
Diffstat (limited to 'tests')
25 files changed, 550 insertions, 160 deletions
diff --git a/tests/atf_python/sys/net/vnet.py b/tests/atf_python/sys/net/vnet.py index c96eb5d671fc..f75a3eaa693e 100644 --- a/tests/atf_python/sys/net/vnet.py +++ b/tests/atf_python/sys/net/vnet.py @@ -283,14 +283,15 @@ class VnetFactory(object): time.sleep(0.1) return not_matched - def create_vnet(self, vnet_alias: str, ifaces: List[VnetInterface]): + def create_vnet(self, vnet_alias: str, ifaces: List[VnetInterface], opts: List[str]): vnet_name = "pytest:{}".format(convert_test_name(self.topology_id)) if self._vnets: # add number to distinguish jails vnet_name = "{}_{}".format(vnet_name, len(self._vnets) + 1) iface_cmds = " ".join(["vnet.interface={}".format(i.name) for i in ifaces]) - cmd = "/usr/sbin/jail -i -c name={} persist vnet {}".format( - vnet_name, iface_cmds + opt_cmds = " ".join(["{}".format(i) for i in opts]) + cmd = "/usr/sbin/jail -i -c name={} persist vnet {} {}".format( + vnet_name, iface_cmds, opt_cmds ) jid = 0 try: @@ -421,7 +422,10 @@ class VnetTestTemplate(BaseTest): idx = len(iface_map[iface_alias].vnet_aliases) iface_map[iface_alias].vnet_aliases.append(obj_name) vnet_ifaces.append(iface_map[iface_alias].ifaces[idx]) - vnet = vnet_factory.create_vnet(obj_name, vnet_ifaces) + opts = [] + if "opts" in obj_data: + opts = obj_data["opts"] + vnet = vnet_factory.create_vnet(obj_name, vnet_ifaces, opts) vnet_map[obj_name] = vnet # Allow reference to VNETs as attributes setattr(self, obj_name, vnet) diff --git a/tests/atf_python/sys/netpfil/ipfw/insns.py b/tests/atf_python/sys/netpfil/ipfw/insns.py index 12f145f49393..f8a56de901ae 100644 --- a/tests/atf_python/sys/netpfil/ipfw/insns.py +++ b/tests/atf_python/sys/netpfil/ipfw/insns.py @@ -510,7 +510,7 @@ class InsnIp6(Insn): insn_attrs = prepare_attrs_map( [ - AttrDescr(IpFwOpcode.O_CHECK_STATE, Insn), + AttrDescr(IpFwOpcode.O_CHECK_STATE, InsnU32), AttrDescr(IpFwOpcode.O_ACCEPT, InsnEmpty), AttrDescr(IpFwOpcode.O_COUNT, InsnEmpty), @@ -521,16 +521,19 @@ insn_attrs = prepare_attrs_map( AttrDescr(IpFwOpcode.O_COUNT, InsnEmpty), AttrDescr(IpFwOpcode.O_QUEUE, Insn), AttrDescr(IpFwOpcode.O_PIPE, Insn), - AttrDescr(IpFwOpcode.O_SKIPTO, Insn), + AttrDescr(IpFwOpcode.O_SKIPTO, InsnU32), AttrDescr(IpFwOpcode.O_NETGRAPH, Insn), AttrDescr(IpFwOpcode.O_NGTEE, Insn), AttrDescr(IpFwOpcode.O_DIVERT, Insn), AttrDescr(IpFwOpcode.O_TEE, Insn), - AttrDescr(IpFwOpcode.O_CALLRETURN, Insn), + AttrDescr(IpFwOpcode.O_CALLRETURN, InsnU32), AttrDescr(IpFwOpcode.O_SETFIB, Insn), AttrDescr(IpFwOpcode.O_SETDSCP, Insn), AttrDescr(IpFwOpcode.O_REASS, InsnEmpty), - AttrDescr(IpFwOpcode.O_SETMARK, Insn), + AttrDescr(IpFwOpcode.O_SETMARK, InsnU32), + + AttrDescr(IpFwOpcode.O_EXTERNAL_ACTION, InsnU32), + AttrDescr(IpFwOpcode.O_EXTERNAL_INSTANCE, InsnU32), @@ -545,11 +548,11 @@ insn_attrs = prepare_attrs_map( AttrDescr(IpFwOpcode.O_IP_DST, InsnIp), AttrDescr(IpFwOpcode.O_IP6_DST, InsnIp6), AttrDescr(IpFwOpcode.O_IP6_SRC, InsnIp6), - AttrDescr(IpFwOpcode.O_IP_SRC_LOOKUP, InsnTable), - AttrDescr(IpFwOpcode.O_IP_DST_LOOKUP, InsnTable), + AttrDescr(IpFwOpcode.O_IP_SRC_LOOKUP, InsnU32), + AttrDescr(IpFwOpcode.O_IP_DST_LOOKUP, InsnU32), AttrDescr(IpFwOpcode.O_IP_SRCPORT, InsnPorts), AttrDescr(IpFwOpcode.O_IP_DSTPORT, InsnPorts), - AttrDescr(IpFwOpcode.O_PROBE_STATE, Insn), - AttrDescr(IpFwOpcode.O_KEEP_STATE, Insn), + AttrDescr(IpFwOpcode.O_PROBE_STATE, InsnU32), + AttrDescr(IpFwOpcode.O_KEEP_STATE, InsnU32), ] ) diff --git a/tests/oclo/Makefile b/tests/oclo/Makefile index 350c9f857c85..6f73aec0ff7c 100644 --- a/tests/oclo/Makefile +++ b/tests/oclo/Makefile @@ -5,7 +5,6 @@ TESTSDIR= ${TESTSBASE}/cddl/oclo PLAIN_TESTS_C= oclo oclo_errors ocloexec_verify SRCS.oclo= oclo.c -LIBADD.oclo+= openbsd LIBADD.ocloexec_verify+= util .include <bsd.test.mk> diff --git a/tests/sys/aio/aio_test.c b/tests/sys/aio/aio_test.c index b9f8e7062203..def8a9d548d6 100644 --- a/tests/sys/aio/aio_test.c +++ b/tests/sys/aio/aio_test.c @@ -775,7 +775,7 @@ ATF_TC_BODY(pipe_waitcomplete, tc) aio_pipe_test(waitcomplete, NULL); } -#define MD_LEN GLOBAL_MAX +#define DEVICE_IO_LEN GLOBAL_MAX #define MDUNIT_LINK "mdunit_link" static int @@ -794,7 +794,7 @@ aio_md_setup(void) mdio.md_version = MDIOVERSION; mdio.md_type = MD_MALLOC; mdio.md_options = MD_AUTOUNIT | MD_COMPRESS; - mdio.md_mediasize = GLOBAL_MAX; + mdio.md_mediasize = 1024 * 1024; /* 1 MB, enough for max_buf_aio up to 2047 */ mdio.md_sectorsize = 512; strlcpy(buf, __func__, sizeof(buf)); mdio.md_label = buf; @@ -856,7 +856,7 @@ aio_md_test(completion comp, struct sigevent *sev, bool vectored) int fd; fd = aio_md_setup(); - aio_context_init(&ac, fd, fd, MD_LEN); + aio_context_init(&ac, fd, fd, DEVICE_IO_LEN); if (vectored) { aio_writev_test(&ac, comp, sev); aio_readv_test(&ac, comp, sev); @@ -1846,7 +1846,9 @@ ATF_TC_BODY(vectored_big_iovcnt, tc) atf_tc_fail("aio failed: %s", strerror(errno)); if (len != buflen) - atf_tc_fail("aio short write (%jd)", (intmax_t)len); + atf_tc_fail("aio short write: got %jd, expected: %jd " + "(max_buf_aio=%d, iovcnt=%zu)", + (intmax_t)len, (intmax_t)buflen, max_buf_aio, aio.aio_iovcnt); bzero(&aio, sizeof(aio)); aio.aio_fildes = fd; @@ -1995,7 +1997,7 @@ aio_zvol_test(completion comp, struct sigevent *sev, bool vectored, int fd; fd = aio_zvol_setup(unique); - aio_context_init(&ac, fd, fd, MD_LEN); + aio_context_init(&ac, fd, fd, DEVICE_IO_LEN); if (vectored) { aio_writev_test(&ac, comp, sev); aio_readv_test(&ac, comp, sev); diff --git a/tests/sys/file/Makefile b/tests/sys/file/Makefile index f80d1b271b85..beb4452359b7 100644 --- a/tests/sys/file/Makefile +++ b/tests/sys/file/Makefile @@ -5,7 +5,7 @@ BINDIR= ${TESTSDIR} ATF_TESTS_C+= path_test TAP_TESTS_C+= closefrom_test TAP_TESTS_C+= dup_test -TAP_TESTS_C+= fcntlflags_test +ATF_TESTS_C+= fcntlflags_test TAP_TESTS_SH+= flock_test PLAIN_TESTS_C+= ftruncate_test PLAIN_TESTS_C+= newfileops_on_fork_test diff --git a/tests/sys/file/fcntlflags_test.c b/tests/sys/file/fcntlflags_test.c index c5026e38c48b..15a18c113c4a 100644 --- a/tests/sys/file/fcntlflags_test.c +++ b/tests/sys/file/fcntlflags_test.c @@ -24,85 +24,110 @@ * SUCH DAMAGE. */ -#include <sys/cdefs.h> - +#include <sys/filio.h> +#include <errno.h> #include <fcntl.h> #include <stdio.h> #include <unistd.h> +#include <atf-c.h> + /* * O_ACCMODE is currently defined incorrectly. This is what it should be. * Various code depends on the incorrect value. */ #define CORRECT_O_ACCMODE (O_ACCMODE | O_EXEC) -static int testnum; - static void -subtests(const char *path, int omode, const char *omodetext) +basic_tests(const char *path, int omode, const char *omodetext) { int fd, flags1, flags2, flags3; fd = open(path, omode); - if (fd == -1) - printf("not ok %d - open(\"%s\", %s) failed\n", - testnum++, path, omodetext); - else - printf("ok %d - open(\"%s\", %s) succeeded\n", - testnum++, path, omodetext); + ATF_REQUIRE_MSG(fd != -1, "open(\"%s\", %s) failed: %s", path, + omodetext, strerror(errno)); + flags1 = fcntl(fd, F_GETFL); - if (flags1 == -1) - printf("not ok %d - fcntl(F_GETFL) failed\n", testnum++); - else if ((flags1 & CORRECT_O_ACCMODE) == omode) - printf("ok %d - fcntl(F_GETFL) gave correct result\n", - testnum++); - else - printf("not ok %d - fcntl(F_GETFL) gave incorrect result " - "(%#x & %#x != %#x)\n", - testnum++, flags1, CORRECT_O_ACCMODE, omode); - if (fcntl(fd, F_SETFL, flags1) == -1) - printf("not ok %d - fcntl(F_SETFL) same flags failed\n", - testnum++); - else - printf("ok %d - fcntl(F_SETFL) same flags succeeded\n", - testnum++); + ATF_REQUIRE_MSG(flags1 != -1, "fcntl(F_GETFL) (1) failed: %s", + strerror(errno)); + ATF_REQUIRE_INTEQ(omode, flags1 & CORRECT_O_ACCMODE); + ATF_REQUIRE((flags1 & O_NONBLOCK) == 0); + + ATF_REQUIRE_MSG(fcntl(fd, F_SETFL, flags1) != -1, + "fcntl(F_SETFL) same flags failed: %s", strerror(errno)); + flags2 = fcntl(fd, F_GETFL); - if (flags2 == -1) - printf("not ok %d - fcntl(F_GETFL) failed\n", testnum++); - else if (flags2 == flags1) - printf("ok %d - fcntl(F_GETFL) gave same result\n", - testnum++); - else - printf("not ok %d - fcntl(F_SETFL) caused fcntl(F_GETFL) to " - "change from %#x to %#x\n", - testnum++, flags1, flags2); - if (fcntl(fd, F_SETFL, flags2 | O_NONBLOCK) == -1) - printf("not ok %d - fcntl(F_SETFL) O_NONBLOCK failed\n", - testnum++); - else - printf("ok %d - fcntl(F_SETFL) O_NONBLOCK succeeded\n", - testnum++); + ATF_REQUIRE_MSG(flags2 != -1, "fcntl(F_GETFL) (2) failed: %s", + strerror(errno)); + ATF_REQUIRE_INTEQ(flags1, flags2); + + ATF_REQUIRE_MSG(fcntl(fd, F_SETFL, flags2 | O_NONBLOCK) != -1, + "fcntl(F_SETFL) O_NONBLOCK failed: %s", strerror(errno)); + flags3 = fcntl(fd, F_GETFL); - if (flags3 == -1) - printf("not ok %d - fcntl(F_GETFL) failed\n", testnum++); - else if (flags3 == (flags2 | O_NONBLOCK)) - printf("ok %d - fcntl(F_GETFL) gave expected result\n", - testnum++); - else - printf("not ok %d - fcntl(F_SETFL) gave unexpected result " - "(%#x != %#x)\n", - testnum++, flags3, flags2 | O_NONBLOCK); + ATF_REQUIRE_MSG(flags3 != -1, "fcntl(F_GETFL) (3) failed: %s", + strerror(errno)); + ATF_REQUIRE_INTEQ(flags2 | O_NONBLOCK, flags3); + (void)close(fd); } -int -main(int argc __unused, char **argv __unused) +ATF_TC_WITHOUT_HEAD(read_only_null); +ATF_TC_BODY(read_only_null, tc) { - printf("1..24\n"); - testnum = 1; - subtests("/dev/null", O_RDONLY, "O_RDONLY"); - subtests("/dev/null", O_WRONLY, "O_WRONLY"); - subtests("/dev/null", O_RDWR, "O_RDWR"); - subtests("/bin/sh", O_EXEC, "O_EXEC"); - return (0); + basic_tests("/dev/null", O_RDONLY, "O_RDONLY"); +} + +ATF_TC_WITHOUT_HEAD(write_only_null); +ATF_TC_BODY(write_only_null, tc) +{ + basic_tests("/dev/null", O_WRONLY, "O_WRONLY"); +} + +ATF_TC_WITHOUT_HEAD(read_write_null); +ATF_TC_BODY(read_write_null, tc) +{ + basic_tests("/dev/null", O_RDWR, "O_RDWR"); +} + +ATF_TC_WITHOUT_HEAD(exec_only_sh); +ATF_TC_BODY(exec_only_sh, tc) +{ + basic_tests("/bin/sh", O_EXEC, "O_EXEC"); +} + +ATF_TC_WITHOUT_HEAD(fioasync_dev_null); +ATF_TC_BODY(fioasync_dev_null, tc) +{ + int fd, flags1, flags2, val; + + fd = open("/dev/null", O_RDONLY); + ATF_REQUIRE_MSG(fd != -1, "open(\"/dev/null\") failed: %s", + strerror(errno)); + + flags1 = fcntl(fd, F_GETFL); + ATF_REQUIRE_MSG(flags1 != -1, "fcntl(F_GETFL) (1) failed: %s", + strerror(errno)); + ATF_REQUIRE((flags1 & O_ASYNC) == 0); + + val = 1; + ATF_REQUIRE_ERRNO(EINVAL, ioctl(fd, FIOASYNC, &val) == -1); + + flags2 = fcntl(fd, F_GETFL); + ATF_REQUIRE_MSG(flags2 != -1, "fcntl(F_GETFL) (2) failed: %s", + strerror(errno)); + ATF_REQUIRE_INTEQ(flags1, flags2); + + (void)close(fd); +} + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, read_only_null); + ATF_TP_ADD_TC(tp, write_only_null); + ATF_TP_ADD_TC(tp, read_write_null); + ATF_TP_ADD_TC(tp, exec_only_sh); + ATF_TP_ADD_TC(tp, fioasync_dev_null); + + return (atf_no_error()); } diff --git a/tests/sys/fs/tarfs/tarfs_test.sh b/tests/sys/fs/tarfs/tarfs_test.sh index 20baadfea5c5..d4de71271985 100644 --- a/tests/sys/fs/tarfs/tarfs_test.sh +++ b/tests/sys/fs/tarfs/tarfs_test.sh @@ -67,9 +67,9 @@ tarfs_basic_body() { mktar "${tarball}" atf_check mount -rt tarfs "${tarball}" "${mnt}" atf_check -o match:"^${tarball} on ${mnt} \(tarfs," mount - atf_check_equal "$(stat -f%d,%i "${mnt}"/sparse_file)" "$(stat -f%d,%i "${mnt}"/hard_link)" - atf_check_equal "$(stat -f%d,%i "${mnt}"/sparse_file)" "$(stat -L -f%d,%i "${mnt}"/short_link)" - atf_check_equal "$(stat -f%d,%i "${mnt}"/sparse_file)" "$(stat -L -f%d,%i "${mnt}"/long_link)" + atf_check test "${mnt}"/sparse_file -ef "${mnt}"/hard_link + atf_check test "${mnt}"/sparse_file -ef "${mnt}"/short_link + atf_check test "${mnt}"/sparse_file -ef "${mnt}"/long_link atf_check -o inline:"${sum}\n" sha256 -q "${mnt}"/sparse_file atf_check -o inline:"2,40755\n" stat -f%l,%p "${mnt}"/directory atf_check -o inline:"1,100644\n" stat -f%l,%p "${mnt}"/file diff --git a/tests/sys/mac/ipacl/Makefile b/tests/sys/mac/ipacl/Makefile index e083f6c1a69c..93b29e250ea5 100644 --- a/tests/sys/mac/ipacl/Makefile +++ b/tests/sys/mac/ipacl/Makefile @@ -6,4 +6,9 @@ ATF_TESTS_SH+= ipacl_test ${PACKAGE}FILES+= utils.subr +.for t in ${ATF_TESTS_SH} +TEST_METADATA.$t+= required_kmods="mac_ipacl" +TEST_METADATA.$t+= is_exclusive="true" +.endfor + .include <bsd.test.mk> diff --git a/tests/sys/mac/ipacl/ipacl_test.sh b/tests/sys/mac/ipacl/ipacl_test.sh index 0de1b414857b..892f4c154b66 100644 --- a/tests/sys/mac/ipacl/ipacl_test.sh +++ b/tests/sys/mac/ipacl/ipacl_test.sh @@ -40,6 +40,9 @@ ipacl_v4_body() { ipacl_test_init + prev_ipacl_ipv4="$(sysctl -n security.mac.ipacl.ipv4)" + prev_ipacl_rules="$(sysctl -n security.mac.ipacl.rules)" + epairA=$(vnet_mkepair) epairB=$(vnet_mkepair) epairC=$(vnet_mkepair) @@ -130,8 +133,9 @@ ipacl_v4_body() atf_check -s not-exit:0 -e ignore \ jexec A ifconfig ${epairA}b 203.0.113.1/24 up - # Reset rules OID. - sysctl security.mac.ipacl.rules= + # Reset sysctls. + sysctl security.mac.ipacl.rules="${prev_ipacl_rules}" + sysctl security.mac.ipacl.ipv4="${prev_ipacl_ipv4}" } ipacl_v4_cleanup() @@ -151,6 +155,9 @@ ipacl_v6_body() { ipacl_test_init + prev_ipacl_ipv6="$(sysctl -n security.mac.ipacl.ipv6)" + prev_ipacl_rules="$(sysctl -n security.mac.ipacl.rules)" + epairA=$(vnet_mkepair) epairB=$(vnet_mkepair) epairC=$(vnet_mkepair) @@ -265,8 +272,9 @@ ipacl_v6_body() atf_check -s not-exit:0 -e ignore jexec A ifconfig \ ${epairA}b inet6 2001:db8::abcd/32 up - # Reset rules OID. - sysctl security.mac.ipacl.rules= + # Reset sysctls. + sysctl security.mac.ipacl.rules="${prev_ipacl_rules}" + sysctl security.mac.ipacl.ipv6="${prev_ipacl_ipv6}" } ipacl_v6_cleanup() diff --git a/tests/sys/mac/ipacl/utils.subr b/tests/sys/mac/ipacl/utils.subr index 1d80414bafea..2fff8b1862da 100644 --- a/tests/sys/mac/ipacl/utils.subr +++ b/tests/sys/mac/ipacl/utils.subr @@ -5,10 +5,6 @@ ipacl_test_init() { vnet_init - - if ! kldstat -q -m mac_ipacl; then - atf_skip "mac_ipacl is not loaded" - fi } ipacl_test_cleanup() diff --git a/tests/sys/mac/portacl/Makefile b/tests/sys/mac/portacl/Makefile index 856a85d331d5..28c3a5cd71ce 100644 --- a/tests/sys/mac/portacl/Makefile +++ b/tests/sys/mac/portacl/Makefile @@ -8,6 +8,7 @@ TAP_TESTS_SH+= nobody_test TAP_TESTS_SH+= root_test .for t in ${TAP_TESTS_SH} +TEST_METADATA.$t+= required_kmods="mac_portacl" TEST_METADATA.$t+= required_user="root" TEST_METADATA.$t+= timeout="450" TEST_METADATA.$t+= is_exclusive="true" diff --git a/tests/sys/mac/portacl/misc.sh b/tests/sys/mac/portacl/misc.sh index a1b729c87777..4d3f18fce1c1 100644 --- a/tests/sys/mac/portacl/misc.sh +++ b/tests/sys/mac/portacl/misc.sh @@ -1,15 +1,5 @@ #!/bin/sh -sysctl security.mac.portacl >/dev/null 2>&1 -if [ $? -ne 0 ]; then - echo "1..0 # SKIP MAC_PORTACL is unavailable." - exit 0 -fi -if [ $(id -u) -ne 0 ]; then - echo "1..0 # SKIP testcases must be run as root" - exit 0 -fi - ntest=1 check_bind() { @@ -95,6 +85,7 @@ bind_test() { sysctl security.mac.portacl.rules= >/dev/null } +portacl_enabled=$(sysctl -n security.mac.portacl.enabled) reserved_high=$(sysctl -n net.inet.ip.portrange.reservedhigh) suser_exempt=$(sysctl -n security.mac.portacl.suser_exempt) port_high=$(sysctl -n security.mac.portacl.port_high) @@ -103,4 +94,5 @@ restore_settings() { sysctl -n net.inet.ip.portrange.reservedhigh=${reserved_high} >/dev/null sysctl -n security.mac.portacl.suser_exempt=${suser_exempt} >/dev/null sysctl -n security.mac.portacl.port_high=${port_high} >/dev/null + sysctl -n security.mac.portacl.enabled=${portacl_enabled} >/dev/null } diff --git a/tests/sys/mac/portacl/nobody_test.sh b/tests/sys/mac/portacl/nobody_test.sh index 7e64f68113ea..a3f2168dc81d 100644 --- a/tests/sys/mac/portacl/nobody_test.sh +++ b/tests/sys/mac/portacl/nobody_test.sh @@ -13,6 +13,7 @@ trap restore_settings EXIT INT TERM sysctl security.mac.portacl.suser_exempt=1 >/dev/null sysctl net.inet.ip.portrange.reservedhigh=78 >/dev/null +sysctl security.mac.portacl.enabled=1 >/dev/null bind_test fl fl uid nobody tcp 77 bind_test ok ok uid nobody tcp 7777 diff --git a/tests/sys/mac/portacl/root_test.sh b/tests/sys/mac/portacl/root_test.sh index daa5b147b4fa..d8898ff4f80e 100644 --- a/tests/sys/mac/portacl/root_test.sh +++ b/tests/sys/mac/portacl/root_test.sh @@ -10,6 +10,7 @@ echo "1..48" trap restore_settings EXIT INT TERM sysctl security.mac.portacl.suser_exempt=1 >/dev/null +sysctl security.mac.portacl.enabled=1 >/dev/null bind_test ok ok uid root tcp 77 bind_test ok ok uid root tcp 7777 diff --git a/tests/sys/netinet/Makefile b/tests/sys/netinet/Makefile index cc525bf24480..b742342beecb 100644 --- a/tests/sys/netinet/Makefile +++ b/tests/sys/netinet/Makefile @@ -48,7 +48,7 @@ TEST_METADATA.forward+= required_programs="python" \ TEST_METADATA.output+= required_programs="python" TEST_METADATA.redirect+= required_programs="python" -PROGS= udp_dontroute tcp_user_cookie sendto-IP_MULTICAST_IF +PROGS= udp_dontroute tcp_user_cookie multicast-send multicast-receive ${PACKAGE}FILES+= redirect.py diff --git a/tests/sys/netinet/multicast-receive.c b/tests/sys/netinet/multicast-receive.c new file mode 100644 index 000000000000..81d0f10f5cfe --- /dev/null +++ b/tests/sys/netinet/multicast-receive.c @@ -0,0 +1,130 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2025 Gleb Smirnoff <glebius@FreeBSD.org> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/socket.h> +#include <netinet/in.h> +#include <netinet/ip.h> +#include <arpa/inet.h> +#include <net/if.h> +#include <assert.h> +#include <errno.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <limits.h> +#include <err.h> + +static in_port_t +atop(const char *c) +{ + unsigned long ul; + + errno = 0; + if ((ul = strtol(c, NULL, 10)) < 1 || ul > IPPORT_MAX || errno != 0) + err(1, "can't parse %s", c); + + return ((in_port_t)ul); +} + +int +main(int argc, char *argv[]) +{ + char buf[IP_MAXPACKET + 1]; + struct sockaddr_in sin = { + .sin_family = AF_INET, + .sin_len = sizeof(struct sockaddr_in), + }; + socklen_t slen = sizeof(struct sockaddr_in); + struct in_addr maddr, ifaddr; + ssize_t len; + int s, ifindex; + bool index; + + if (argc < 4) +usage: + errx(1, "Usage: %s (ip_mreq|ip_mreqn|group_req) " + "IPv4-group port interface", argv[0]); + + if (inet_pton(AF_INET, argv[2], &maddr) != 1) + err(1, "inet_pton(%s) failed", argv[2]); + sin.sin_port = htons(atop(argv[3])); + if (inet_pton(AF_INET, argv[4], &ifaddr) == 1) + index = false; + else if ((ifindex = if_nametoindex(argv[4])) > 0) + index = true; + else if (strcmp(argv[4], "0") == 0) { + ifindex = 0; + index = true; + } else + err(1, "if_nametoindex(%s) failed", argv[4]); + + assert((s = socket(PF_INET, SOCK_DGRAM, 0)) > 0); + assert(bind(s, (struct sockaddr *)&sin, sizeof(sin)) == 0); + + if (strcmp(argv[1], "ip_mreq") == 0) { + if (index) + errx(1, "ip_mreq doesn't accept index"); + struct ip_mreq mreq = { + .imr_multiaddr = maddr, + .imr_interface = ifaddr, + }; + assert(setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, + sizeof(mreq)) == 0); + } else if (strcmp(argv[1], "ip_mreqn") == 0) { + /* + * ip_mreqn shall be used with index, but for testing + * purposes accept address too. + */ + struct ip_mreqn mreqn = { + .imr_multiaddr = maddr, + .imr_address = index ? (struct in_addr){ 0 } : ifaddr, + .imr_ifindex = index ? ifindex : 0, + }; + assert(setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreqn, + sizeof(mreqn)) == 0); + } else if (strcmp(argv[1], "group_req") == 0) { + if (!index) + errx(1, "group_req expects index"); + struct group_req greq = { .gr_interface = ifindex }; + struct sockaddr_in *gsa = (struct sockaddr_in *)&greq.gr_group; + + gsa->sin_family = AF_INET; + gsa->sin_len = sizeof(struct sockaddr_in); + gsa->sin_addr = maddr; + assert(setsockopt(s, IPPROTO_IP, MCAST_JOIN_GROUP, &greq, + sizeof(greq)) == 0); + } else + goto usage; + + assert((len = recvfrom(s, buf, sizeof(buf) - 1, 0, + (struct sockaddr *)&sin, &slen)) > 0); + buf[len] = '\0'; + printf("%s:%u %s\n", inet_ntoa(sin.sin_addr), ntohs(sin.sin_port), buf); + + return (0); +} diff --git a/tests/sys/netinet/sendto-IP_MULTICAST_IF.c b/tests/sys/netinet/multicast-send.c index d478e4da0b3b..f10b2b6338dd 100644 --- a/tests/sys/netinet/sendto-IP_MULTICAST_IF.c +++ b/tests/sys/netinet/multicast-send.c @@ -28,35 +28,69 @@ #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> +#include <net/if.h> #include <assert.h> +#include <errno.h> +#include <limits.h> +#include <stdbool.h> +#include <stdlib.h> +#include <string.h> #include <err.h> +static in_port_t +atop(const char *c) +{ + unsigned long ul; + + errno = 0; + if ((ul = strtol(c, NULL, 10)) < 1 || ul > IPPORT_MAX || errno != 0) + err(1, "can't parse %s", c); + + return ((in_port_t)ul); +} + int main(int argc, char *argv[]) { - struct sockaddr_in sin = { + struct sockaddr_in src = { + .sin_family = AF_INET, + .sin_len = sizeof(struct sockaddr_in), + }, dst = { .sin_family = AF_INET, .sin_len = sizeof(struct sockaddr_in), }; + struct ip_mreqn mreqn; struct in_addr in; - int s, rv; + int s; + bool index; - if (argc < 2) - errx(1, "Usage: %s IPv4-address", argv[0]); + if (argc < 7) + errx(1, "Usage: %s src-IPv4 src-port dst-IPv4 dst-port " + "interface payload", argv[0]); - if (inet_pton(AF_INET, argv[1], &in) != 1) + if (inet_pton(AF_INET, argv[1], &src.sin_addr) != 1) err(1, "inet_pton(%s) failed", argv[1]); + src.sin_port = htons(atop(argv[2])); + if (inet_pton(AF_INET, argv[3], &dst.sin_addr) != 1) + err(1, "inet_pton(%s) failed", argv[3]); + dst.sin_port = htons(atop(argv[4])); + if (inet_pton(AF_INET, argv[5], &in) == 1) + index = false; + else if ((mreqn.imr_ifindex = if_nametoindex(argv[5])) > 0) + index = true; + else + err(1, "if_nametoindex(%s) failed", argv[5]); assert((s = socket(PF_INET, SOCK_DGRAM, 0)) > 0); - assert(bind(s, (struct sockaddr *)&sin, sizeof(sin)) == 0); - assert(setsockopt(s, IPPROTO_IP, IP_MULTICAST_IF, &in, sizeof(in)) - == 0); - /* RFC 6676 */ - assert(inet_pton(AF_INET, "233.252.0.1", &sin.sin_addr) == 1); - sin.sin_port = htons(6676); - rv = sendto(s, &sin, sizeof(sin), 0, - (struct sockaddr *)&sin, sizeof(sin)); - if (rv != sizeof(sin)) + assert(bind(s, (struct sockaddr *)&src, sizeof(src)) == 0); + if (index) + assert(setsockopt(s, IPPROTO_IP, IP_MULTICAST_IF, &mreqn, + sizeof(mreqn)) == 0); + else + assert(setsockopt(s, IPPROTO_IP, IP_MULTICAST_IF, &in, + sizeof(in)) == 0); + if (sendto(s, argv[6], strlen(argv[6]) + 1, 0, (struct sockaddr *)&dst, + sizeof(dst)) != (ssize_t)strlen(argv[6]) + 1) err(1, "sendto failed"); return (0); diff --git a/tests/sys/netinet/multicast.sh b/tests/sys/netinet/multicast.sh index eb2b962dac70..a3854fd2fd20 100644..100755 --- a/tests/sys/netinet/multicast.sh +++ b/tests/sys/netinet/multicast.sh @@ -26,36 +26,130 @@ . $(atf_get_srcdir)/../common/vnet.subr -# See regression fixed in baad45c9c12028964acd0b58096f3aaa0fb22859 -atf_test_case "IP_MULTICAST_IF" "cleanup" -IP_MULTICAST_IF_head() +# Set up two jails, mjail1 and mjail2, connected with two interface pairs +multicast_vnet_init() { - atf_set descr \ - 'sendto() for IP_MULTICAST_IF socket does not do routing lookup' + + vnet_init + epair1=$(vnet_mkepair) + epair2=$(vnet_mkepair) + vnet_mkjail mjail1 ${epair1}a ${epair2}a + jexec mjail1 ifconfig ${epair1}a up + jexec mjail1 ifconfig ${epair1}a 192.0.2.1/24 + jexec mjail1 ifconfig ${epair2}a up + jexec mjail1 ifconfig ${epair2}a 192.0.3.1/24 + vnet_mkjail mjail2 ${epair1}b ${epair2}b + jexec mjail2 ifconfig ${epair1}b up + jexec mjail2 ifconfig ${epair1}b 192.0.2.2/24 + jexec mjail2 ifconfig ${epair2}b up + jexec mjail2 ifconfig ${epair2}b 192.0.3.2/24 +} + +atf_test_case "IP_ADD_MEMBERSHIP_ip_mreq" "cleanup" +IP_ADD_MEMBERSHIP_ip_mreq_head() +{ + atf_set descr 'IP_ADD_MEMBERSHIP / IP_MULTICAST_IF with ip_mreq' atf_set require.user root +} +IP_ADD_MEMBERSHIP_ip_mreq_body() +{ + multicast_vnet_init + + # join group on interface with IP address 192.0.2.2 + jexec mjail2 $(atf_get_srcdir)/multicast-receive \ + ip_mreq 233.252.0.1 6676 192.0.2.2 > out & pid=$! + atf_check -s exit:0 -o empty \ + jexec mjail1 $(atf_get_srcdir)/multicast-send \ + 0.0.0.0 6676 233.252.0.1 6676 192.0.2.1 hello + atf_check -s exit:0 sh -c "wait $pid; exit $?" + atf_check -s exit:0 -o inline:"192.0.2.1:6676 hello\n" cat out + # join group on interface with IP address 192.0.3.2 + jexec mjail2 $(atf_get_srcdir)/multicast-receive \ + ip_mreq 233.252.0.1 6676 192.0.3.2 > out & pid=$! + atf_check -s exit:0 -o empty \ + jexec mjail1 $(atf_get_srcdir)/multicast-send \ + 0.0.0.0 6676 233.252.0.1 6676 192.0.3.1 hello + atf_check -s exit:0 sh -c "wait $pid; exit $?" + atf_check -s exit:0 -o inline:"192.0.3.1:6676 hello\n" cat out +} +IP_ADD_MEMBERSHIP_ip_mreq_cleanup() +{ + rm out + vnet_cleanup } -IP_MULTICAST_IF_body() +atf_test_case "IP_ADD_MEMBERSHIP_ip_mreqn" "cleanup" +IP_ADD_MEMBERSHIP_ip_mreqn_head() +{ + atf_set descr 'IP_ADD_MEMBERSHIP / IP_MULTICAST_IF with ip_mreqn' + atf_set require.user root +} +IP_ADD_MEMBERSHIP_ip_mreqn_body() { - local epair mjail + multicast_vnet_init - vnet_init - # The test doesn't use our half of epair - epair=$(vnet_mkepair) - vnet_mkjail mjail ${epair}a - jexec mjail ifconfig ${epair}a up - jexec mjail ifconfig ${epair}a 192.0.2.1/24 + # join group on interface epair2 + jexec mjail2 $(atf_get_srcdir)/multicast-receive \ + ip_mreqn 233.252.0.1 6676 ${epair1}b > out & pid=$! + atf_check -s exit:0 -o empty \ + jexec mjail1 $(atf_get_srcdir)/multicast-send \ + 0.0.0.0 6676 233.252.0.1 6676 ${epair1}a hello + atf_check -s exit:0 sh -c "wait $pid; exit $?" + atf_check -s exit:0 -o inline:"192.0.2.1:6676 hello\n" cat out + + # join group on interface epair2 + jexec mjail2 $(atf_get_srcdir)/multicast-receive \ + ip_mreqn 233.252.0.1 6676 ${epair2}b > out & pid=$! atf_check -s exit:0 -o empty \ - jexec mjail $(atf_get_srcdir)/sendto-IP_MULTICAST_IF 192.0.2.1 + jexec mjail1 $(atf_get_srcdir)/multicast-send \ + 0.0.0.0 6676 233.252.0.1 6676 ${epair2}a hello + atf_check -s exit:0 sh -c "wait $pid; exit $?" + atf_check -s exit:0 -o inline:"192.0.3.1:6676 hello\n" cat out +} +IP_ADD_MEMBERSHIP_ip_mreqn_cleanup() +{ + rm out + vnet_cleanup } -IP_MULTICAST_IF_cleanup() +atf_test_case "MCAST_JOIN_GROUP" "cleanup" +MCAST_JOIN_GROUP_head() +{ + atf_set descr 'MCAST_JOIN_GROUP' + atf_set require.user root +} +MCAST_JOIN_GROUP_body() +{ + multicast_vnet_init + + # join group on interface epair2 + jexec mjail2 $(atf_get_srcdir)/multicast-receive \ + group_req 233.252.0.1 6676 ${epair1}b > out & pid=$! + atf_check -s exit:0 -o empty \ + jexec mjail1 $(atf_get_srcdir)/multicast-send \ + 0.0.0.0 6676 233.252.0.1 6676 ${epair1}a hello + atf_check -s exit:0 sh -c "wait $pid; exit $?" + atf_check -s exit:0 -o inline:"192.0.2.1:6676 hello\n" cat out + + # join group on interface epair2 + jexec mjail2 $(atf_get_srcdir)/multicast-receive \ + group_req 233.252.0.1 6676 ${epair2}b > out & pid=$! + atf_check -s exit:0 -o empty \ + jexec mjail1 $(atf_get_srcdir)/multicast-send \ + 0.0.0.0 6676 233.252.0.1 6676 ${epair2}a hello + atf_check -s exit:0 sh -c "wait $pid; exit $?" + atf_check -s exit:0 -o inline:"192.0.3.1:6676 hello\n" cat out +} +MCAST_JOIN_GROUP_cleanup() { + rm out vnet_cleanup } atf_init_test_cases() { - atf_add_test_case "IP_MULTICAST_IF" + atf_add_test_case "IP_ADD_MEMBERSHIP_ip_mreq" + atf_add_test_case "IP_ADD_MEMBERSHIP_ip_mreqn" + atf_add_test_case "MCAST_JOIN_GROUP" } diff --git a/tests/sys/netinet/so_reuseport_lb_test.c b/tests/sys/netinet/so_reuseport_lb_test.c index fa9d6e425884..0479bd070ca6 100644 --- a/tests/sys/netinet/so_reuseport_lb_test.c +++ b/tests/sys/netinet/so_reuseport_lb_test.c @@ -375,6 +375,11 @@ ATF_TC_BODY(concurrent_add, tc) usleep(20000); } + + for (size_t j = nitems(threads); j > 0; j--) { + ATF_REQUIRE(pthread_cancel(threads[j - 1]) == 0); + ATF_REQUIRE(pthread_join(threads[j - 1], NULL) == 0); + } } /* diff --git a/tests/sys/netinet6/ndp.sh b/tests/sys/netinet6/ndp.sh index bac9764ee3c9..21a50cda02ba 100755 --- a/tests/sys/netinet6/ndp.sh +++ b/tests/sys/netinet6/ndp.sh @@ -188,9 +188,48 @@ ndp_slaac_default_route_cleanup() { vnet_cleanup } +atf_test_case "ndp_prefix_len_mismatch" "cleanup" +ndp_prefix_len_mismatch_head() { + atf_set descr 'Test RAs on an interface without a /64 lladdr' + atf_set require.user root + atf_set require.progs python3 scapy +} + +ndp_prefix_len_mismatch_body() { + vnet_init + + epair=$(vnet_mkepair) + + vnet_mkjail alcatraz ${epair}a + + jexec alcatraz ifconfig ${epair}a inet6 -auto_linklocal + jexec alcatraz ifconfig ${epair}a inet6 -ifdisabled + jexec alcatraz ifconfig ${epair}a inet6 accept_rtadv + jexec alcatraz ifconfig ${epair}a inet6 fe80::5a9c:fcff:fe10:5d07/127 + jexec alcatraz ifconfig ${epair}a up + + ifconfig ${epair}b inet6 -ifdisabled + ifconfig ${epair}b up + + atf_check -e ignore python3 $(atf_get_srcdir)/ra.py \ + --sendif ${epair}b \ + --dst $(ndp_if_lladdr ${epair}a alcatraz) \ + --src $(ndp_if_lladdr ${epair}b) \ + --prefix "2001:db8:ffff:1000::" --prefixlen 64 + + atf_check \ + -o match:"inet6 2001:db8:ffff:1000:.* prefixlen 64.*autoconf.*" \ + jexec alcatraz ifconfig ${epair}a +} + +ndp_prefix_len_mismatch_cleanup() { + vnet_cleanup +} + atf_init_test_cases() { atf_add_test_case "ndp_add_gu_success" atf_add_test_case "ndp_del_gu_success" atf_add_test_case "ndp_slaac_default_route" + atf_add_test_case "ndp_prefix_len_mismatch" } diff --git a/tests/sys/netpfil/pf/Makefile b/tests/sys/netpfil/pf/Makefile index 99500fc90806..b363e0b17c76 100644 --- a/tests/sys/netpfil/pf/Makefile +++ b/tests/sys/netpfil/pf/Makefile @@ -72,7 +72,7 @@ ATF_TESTS_PYTEST+= tcp.py # Allow tests to run in parallel in their own jails TEST_METADATA+= execenv="jail" -TEST_METADATA+= execenv_jail_params="vnet allow.raw_sockets" +TEST_METADATA+= execenv_jail_params="vnet allow.raw_sockets allow.read_msgbuf" ${PACKAGE}FILES+= \ bsnmpd.conf \ diff --git a/tests/sys/netpfil/pf/mld.py b/tests/sys/netpfil/pf/mld.py index d118a34c8a7d..b3ef6c21b3de 100644 --- a/tests/sys/netpfil/pf/mld.py +++ b/tests/sys/netpfil/pf/mld.py @@ -32,23 +32,22 @@ from atf_python.sys.net.vnet import VnetTestTemplate class TestMLD(VnetTestTemplate): REQUIRED_MODULES = [ "pf" ] TOPOLOGY = { - "vnet1": {"ifaces": ["if1"]}, + "vnet1": {"ifaces": ["if1"], "opts": ["allow.read_msgbuf"]}, "vnet2": {"ifaces": ["if1"]}, "if1": {"prefixes6": [("2001:db8::2/64", "2001:db8::1/64")]}, } def vnet2_handler(self, vnet): ifname = vnet.iface_alias_map["if1"].name - #ToolsHelper.print_output("/sbin/pfctl -e") + ToolsHelper.print_output("/sbin/pfctl -e") ToolsHelper.pf_rules([ "pass", ]) ToolsHelper.print_output("/sbin/pfctl -x loud") - #ToolsHelper.print_output("echo \"j 230.0.0.1 %s\ns 3600\nq\" | /usr/sbin/mtest" % ifname) def find_mld_reply(self, pkt, ifname): pkt.show() - s = DelayedSend(pkt) + s = DelayedSend(pkt, ifname) found = False packets = self.sp.sniff(iface=ifname, timeout=5) @@ -66,7 +65,6 @@ class TestMLD(VnetTestTemplate): def test_router_alert(self): """Verify that we allow MLD packets with router alert extension header""" ifname = self.vnet.iface_alias_map["if1"].name - #ToolsHelper.print_output("/sbin/ifconfig %s inet6 -ifdisable" % ifname) ToolsHelper.print_output("/sbin/ifconfig") # Import in the correct vnet, so at to not confuse Scapy @@ -76,20 +74,17 @@ class TestMLD(VnetTestTemplate): self.sp = sp self.sc = sc - # A correct MLD query gets a reply - pkt = sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=1) \ - / sp.RouterAlert(value=0) \ + # MLD packets with an incorrect hop limit get dropped. + pkt = sp.Ether() \ + / sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=2) \ + / sp.IPv6ExtHdrHopByHop(options=[ \ + sp.RouterAlert(value=0) \ + ]) \ / sp.ICMPv6MLQuery2() - assert self.find_mld_reply(pkt, ifname) + # We can't reliably test this by checking for a reply, because + # the other jail may just send a spontaneous MLD reply. + self.find_mld_reply(pkt, ifname) - # The wrong extension header does not - pkt = sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=1) \ - / sp.IPv6ExtHdrRouting() \ - / sp.ICMPv6MLQuery2() - assert not self.find_mld_reply(pkt, ifname) - - # Neither does an incorrect hop limit - pkt = sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=2) \ - / sp.RouterAlert(value=0) \ - / sp.ICMPv6MLQuery2() - assert not self.find_mld_reply(pkt, ifname) + # Check if we logged dropping the MLD paacket + dmesg = ToolsHelper.get_output("/sbin/dmesg") + assert dmesg.find("Invalid MLD") != -1 diff --git a/tests/sys/netpfil/pf/nat.sh b/tests/sys/netpfil/pf/nat.sh index 170d813d57fe..e55f46418221 100644 --- a/tests/sys/netpfil/pf/nat.sh +++ b/tests/sys/netpfil/pf/nat.sh @@ -838,7 +838,7 @@ dummynet_mask_body() jexec gw dnctl pipe 1 config delay 100 mask src-ip 0xffffff00 jexec gw pfctl -e pft_set_rules gw \ - "nat pass on ${epair_srv}b inet from 192.0.2.0/24 to any -> (${epair_srv}b)" \ + "nat on ${epair_srv}b inet from 192.0.2.0/24 to any -> (${epair_srv}b)" \ "pass out dnpipe 1" atf_check -s exit:0 -o ignore \ diff --git a/tests/sys/netpfil/pf/rdr.sh b/tests/sys/netpfil/pf/rdr.sh index f7c920bbfa8f..24b95b2047f4 100644 --- a/tests/sys/netpfil/pf/rdr.sh +++ b/tests/sys/netpfil/pf/rdr.sh @@ -281,8 +281,66 @@ srcport_pass_cleanup() pft_cleanup } +atf_test_case "natpass" "cleanup" +natpass_head() +{ + atf_set descr 'Test rdr pass' + atf_set require.user root +} + +natpass_body() +{ + pft_init + + epair=$(vnet_mkepair) + epair_link=$(vnet_mkepair) + + ifconfig ${epair}a 192.0.2.2/24 up + + vnet_mkjail alcatraz ${epair}b ${epair_link}a + jexec alcatraz ifconfig lo0 inet 127.0.0.1/8 up + jexec alcatraz ifconfig ${epair}b inet 192.0.2.1/24 up + jexec alcatraz ifconfig ${epair_link}a 198.51.100.1/24 up + jexec alcatraz sysctl net.inet.ip.forwarding=1 + + vnet_mkjail srv ${epair_link}b + jexec srv ifconfig ${epair_link}b inet 198.51.100.2/24 up + jexec srv route add default 198.51.100.1 + + # Sanity check + atf_check -s exit:0 -o ignore \ + ping -c 1 192.0.2.1 + atf_check -s exit:0 -o ignore \ + jexec alcatraz ping -c 1 198.51.100.2 + + jexec alcatraz pfctl -e + pft_set_rules alcatraz \ + "rdr pass on ${epair}b proto udp from any to 192.0.2.1 port 80 -> 198.51.100.2" \ + "nat on ${epair}b inet from 198.51.100.0/24 to any -> 192.0.2.1" \ + "block in proto udp from any to any port 80" \ + "pass in proto icmp" + + echo "foo" | jexec srv nc -u -l 80 & + sleep 1 # Give the above a moment to start + + out=$(echo 1 | nc -u -w 1 192.0.2.1 80) + echo "out ${out}" + if [ "${out}" != "foo" ]; + then + jexec alcatraz pfctl -sn -vv + jexec alcatraz pfctl -ss -vv + atf_fail "rdr failed" + fi +} + +natpass_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { + atf_add_test_case "natpass" atf_add_test_case "tcp_v6_compat" atf_add_test_case "tcp_v6_pass" atf_add_test_case "srcport_compat" diff --git a/tests/sys/sys/bitstring_test.c b/tests/sys/sys/bitstring_test.c index a48042a4a063..bf436040c00f 100644 --- a/tests/sys/sys/bitstring_test.c +++ b/tests/sys/sys/bitstring_test.c @@ -559,14 +559,13 @@ BITSTRING_TC_DEFINE(bit_nclear) bit_nclear(bitstr, i, j); bit_ffc(bitstr, nbits, &found_clear_bit); - ATF_REQUIRE_MSG( - found_clear_bit == i, + ATF_REQUIRE_INTEQ_MSG(i, found_clear_bit, "bit_nclear_%d_%d_%d%s: Failed with result %d", nbits, i, j, memloc, found_clear_bit); bit_ffs_at(bitstr, i, nbits, &found_set_bit); - ATF_REQUIRE_MSG( - (j + 1 < nbits) ? found_set_bit == j + 1 : -1, + ATF_REQUIRE_INTEQ_MSG((j + 1 < nbits) ? j + 1 : -1, + found_set_bit, "bit_nset_%d_%d_%d%s: Failed with result %d", nbits, i, j, memloc, found_set_bit); } @@ -586,14 +585,13 @@ BITSTRING_TC_DEFINE(bit_nset) bit_nset(bitstr, i, j); bit_ffs(bitstr, nbits, &found_set_bit); - ATF_REQUIRE_MSG( - found_set_bit == i, + ATF_REQUIRE_INTEQ_MSG(i, found_set_bit, "bit_nset_%d_%d_%d%s: Failed with result %d", nbits, i, j, memloc, found_set_bit); bit_ffc_at(bitstr, i, nbits, &found_clear_bit); - ATF_REQUIRE_MSG( - (j + 1 < nbits) ? found_clear_bit == j + 1 : -1, + ATF_REQUIRE_INTEQ_MSG((j + 1 < nbits) ? j + 1 : -1, + found_clear_bit, "bit_nset_%d_%d_%d%s: Failed with result %d", nbits, i, j, memloc, found_clear_bit); } |