| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VOP_BMAP is purely advisory. If VOP_BMAP returns an error during
readahead, cluster_read should still succeed, because the actual data
was still read just fine.
Add a regression test for PR 264196, wherein cluster_read would fail if
VOP_BMAP did.
PR: 264196
MFC with: 62aef3f73f38db9fb68bffc12cc8900fecd58f0e
Reported by: danfe
Reviewed by: arrowd
Differential Revision: https://reviews.freebsd.org/D51316
|
| |
|
|
| |
Approved by: so
|
| |
|
|
|
|
|
|
|
| |
This greatly speeds up skipping a test that can't be run.
MFC after: 2 weeks
Sponsored by: ConnectWise
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D53215
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Ensure we always have a non-NULL rule pointer (ctx.rm).
It might have gotten set to NULL by pf_get_translation().
While here also restore the previous rdr behaviour be re-adding the incorrectly
removed 'break' in pf_match_translation_rule.
PR: 290177
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D53191
|
| |
|
|
|
|
|
| |
Reviewed by: asomers
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D53178
|
| |
|
|
|
|
|
|
| |
Otherwise routed logs a warning:
"MCAST_LEAVE_GROUP ALLROUTERS: Can't assign requested address"
that may be misinterpreted as a problem.
|
| |
|
|
|
|
|
|
|
|
|
| |
The code to do the route lookup was already there, but was used only for
the legacy IP_ADD_MEMBERSHIP when called without index. Do same lookup
for IP_ADD_MEMBERSHIP with index and what is more important for
MCAST_JOIN_GROUP, if the supplied index is 0. This is a neat feature and
Linux does that, so this should make a few applications easier portable to
FreeBSD.
Differential Revision: https://reviews.freebsd.org/D52918
|
| |
|
|
|
|
|
|
|
|
| |
The send operations are waiting on the peer's socket buffer, but we shall
use our timeout value. Provide a test for that.
Reported by: phk
Reviewed by: asomers
Differential Revision: https://reviews.freebsd.org/D53081
Fixes: d15792780760ef94647af9b377b5f0a80e1826bc
|
| |
|
|
|
|
|
|
| |
The receiver is run as a background job, so we need a wait loop to
make sure it has been fully functional before launching sender.
Reported by: Siva Mahadevan <me svmhdvn.name>
PR: 290210
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This test implicitly depended on the order in which two threads
completed. If the test thread finished first, the test would pass. But
if the mock file system thread did, it would attempt to read from an
unmounted file system, and fail. As a result, the test would randomly
fail once out of every several thousand executions. Fix it by telling
the mock file system's event loop to exit without attempting to read any
more events.
Reported by: Siva Mahadevan <me@svmhdvn.name>
MFC after: 1 week
Reviewed by: Siva Mahadevan <me@svmhdvn.name>
Differential Revision: https://reviews.freebsd.org/D53080
|
| |
|
|
|
|
| |
Reviewed by: rrs, tuexen
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D52979
|
| |
|
|
|
|
| |
Sponsored by: Netflix
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D52735
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Disable epair's checksum offload on one interface in a nat test, to ensure
that pf does the right thing in scenarios where one interface offloads checksum
handling and one does not.
We trust the TCP (or ICMP) checksum verification code to drop the packet if pf
does it wrong, which will cause the test case to fail.
Suggested by: tuexen
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
| |
The lack of these lines means we don't call the cleanup function.
That's not as bad as it could be, because these tests are nested in a jail by
Kyua, so most of the cleanup work (destroying jails and interfaces) is done when
the parent jail goes away, but it's still better to have these lines.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
| |
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
| |
Give inetd time to start rather than immediately trying to connect to it.
Make the tests a little more robust.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
| |
Give the background nc process a bit of time to start before we attempt to
connect to it.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
|
|
| |
While here, use 'required_kmods' instead of ad-hoc
checks.
Signed-off-by: Siva Mahadevan <me@svmhdvn.name>
Reviewed by: markj
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Pull request: https://github.com/freebsd/freebsd-src/pull/1856
|
| |
|
|
|
|
|
|
|
|
|
|
| |
While here, use 'required_kmods' instead of ad-hoc
checks.
Signed-off-by: Siva Mahadevan <me@svmhdvn.name>
Reviewed by: markj
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/1855
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a test failure that occurs when max_buf_aio exceeds 31, as the
calculated buffer size exceeds the 16 KB memory disk device. Increase
the MD device size to 1 MB to prevent truncation.
Rename MD_LEN to DEVICE_IO_LEN for clarity and add a more
descriptive error message.
Reviewed by: asomers
Approved by: asomers
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D52914
|
| |
|
|
|
|
|
|
|
| |
Stop the threads before exiting test body. Otherwise there is a chance
threads would use the softc that is stored on the main thread stack after
it is destroyed and the test would fail. Stop the threads in the reverse
order, so that listener is stopped after all connectors are stopped.
Tested by: olivier
|
| |
|
|
|
|
| |
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D52928
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Use the recently-added fsetfl_lock/unlock API to synchronize direct
FIONBIO and FIOASYNC ioctls with fcntl(F_SETFL).
- While here, skip calling the underlying ioctl if the flag's current
state matches the requested state.
- Also while here, only update the flag state if the underlying ioctl
succeeds. This fixes a bug where the flags represented the new
state even if the underlying ioctl failed. A test is added for this
last case that a failing FIOASYNC on /dev/null doesn't result in
setting O_ASYNC in the file flags.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D52721
|
| |
|
|
|
| |
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D52720
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If an rdr (or nat) rule specifies 'pass' we don't run the filter rules, we just
pass the traffic. Or at least, we did until that got unintentionally broken.
Restore that behaviour and add a test case.
While here also fix nat:dummynet_mask, which relied on the broken behaviour.
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D52838
|
| |
|
|
|
|
|
|
| |
Also convert nearby ATF_REQUIRE_MSG to ATF_REQUIRE_INTEQ_MSG.
Reported by: GCC -Wint-in-bool-context
Reviewed by: asomers, des
Differential Revision: https://reviews.freebsd.org/D45893
|
| |
|
|
|
|
|
| |
Excercise the code introduced in 9e792f7ef729
("sys/netinet6: Fix SLAAC for interfaces with no /64 LL address").
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
| |
Fixes: d0c8a0b3e6fc5372428eb4fddcd4f8c65b5b0ee0
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Provide a helper program multicast-receive.c that joins arbitrary group on
arbitrary specified interface and receives a single datagram and prints it
out.
In multicast.sh provide a template with two jails connected by two
interface pairs, so that we can check sends/receives in presence of
multiple interfaces.
Compose a few basic tests to check legacy and new IP_ADD_MEMBERSHIP and
MCAST_JOIN_GROUP.
|
| |
|
|
|
|
| |
Rename this test helper app to multicast-send.c. Extend it to send
from/to arbitrary addresses and arbitrary payload so that it can be used
in more test scenarios.
|
| |
|
|
|
|
|
|
|
|
|
| |
We can't reliably check for the absence of replies to our MLD queries (because
a host may announce its multicast subscriptions), so enable pf logging and check
for the relevant error message instead.
PR: 289821
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D52762
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
An inbound af-to rule creates a state bypassing outbound pf_test().
In such case increase counters of the outbound interface directly in
pf_route() for post-af-to address family.
For outbound af-to rules ensure that post-af-to address family is used
to increase interface counters.
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D52448
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Increasing counters on "match" rules causes the 1st packet making a
connection to be double-counted, but only for rule counters, not rules'
tables, because those are not increased at all during rule parsing.
Remove "match" rule counter handling during rule parsing, do it only in
pf_counters_inc().
NAT can be performed either by "nat" rules in the NAT ruleset or by "match"
rules. Rules before the NAT rule, and the NAT rule itself match on pre-NAT
addresses, and later rules match on post-NAT addresses. When increasing
counters go over rules in the same order as a packet would and use
source and destination addresses for updating table counters from
appropriate state key, taking into consideration on which rule NAT
happens.
Use AF from state key, so that table counters can be properly updated for
af-to rules.
Synchronize match rule updating behaviour to that of OpenBSD: if rules
match, but state is not created, don't update counters.
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D52447
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The af-to rules on inbound direction create a single state spanning both
the inbound and the outbound interface. Calling pf_test() for the
outbound direction in pf_route() makes the packet pass through state
search, match the existing state, never evaluate the ruleset, and increase
state counters.
Check that the state comes from an af-to rule in inbound direction, and
if yes, skip outbound testing.
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D52446
|
| |
|
|
|
|
|
|
|
| |
The problem is that fullsocket() creates a socket that has both send and
receive buffers full and as we process messages from the receive buffer we
allow the kernel to continue processing of the send buffer and a new
message may arrive while the test expects that no new messages arrive.
Fix that by creating a socket that has several messages in the receive
buffer, but don't have any in the send buffer.
|
| |
|
|
| |
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
| |
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When we're NAT-ing give dummynet (via its struct ip_fw_args) the pre-NAT source
and destination addresses.
That's what we used to do, but that got unintentionally changed during the nat64
work.
The pre-NAT addresses make somewhat more sense, in that it enables limiting
based on specific LAN clients.
See also: https://redmine.pfsense.org/issues/15770
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A new version of pfsync packet is introduced: 1500. This version solves
the issues with data alignment introduced in version 1400 and adds syncing
of information needed to sync states created by rules with af-to (original
interface, af and proto separate for wire and stack keys), of rt_af
needed for prefer-ipv6-nexthop, and of tag names.
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D52176
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
States created by inbound af-to rules bypass outbound filtering and span
both the inbound and outbound interfaces. When the first packet for such rule
creates a state, this state has st->orig_kif set the original inbound interface
and kif set to V_pfi_all. When the outbound interface is eventually
known st->kif is updated to that interface. When not using route-to,
the outbound route and its interface are determined for the new address family
and st->kif is set to that interface. However when using route-to, ifp
is explicitely given and the code for updating st->kif is not run for
the first packet. When the returning packet matches the state, the code is
run but updates st->kif to the original inbound interface, which is now
the outbound interface. The state ends up with st->kif == st->orig_kif
and won't forward any more returning packets.
There is another block of code performing such update, but only for reply-to.
Perform the update of st->kif in a single place no matter if ifp was
explicitely given or found by routing lookup. For checks using pings
check if really all pings have been replied to, because a single reply
is enough to have ping exit with a successful exit code.
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D52445
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the last copy of an open file resides within the socket buffer of a
unix-domain socket, then VOP_CLOSE will be called with no thread
information. Fix fusefs to handle that case, and add a regression test.
Also add a test case for writes to a file that lies within a sockbuf.
Along with close, a write from the writeback cache is the only other
operation I can think of that might apply to a file residing in a
sockbuf.
PR: 289686
Reported by: iron.udjin@gmail.com
MFC after: 1 week
Sponsored by: ConnectWise
Reviewed by: glebius, markj
Differential Revision: https://reviews.freebsd.org/D52625
|
| |
|
|
|
|
| |
Verify that 'set limit anchors' now has the expected effect.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
| |
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
| |
These tests use pft_ping.py, which requires python3 and Scapy.
Reviewed by: ngie
Approved by: emaste (mentor)
Fixes: 65c318630123 ("pf: Add prefer-ipv6-nexthop option for route-to pools")
MFC after: 10 days
Differential Revision: https://reviews.freebsd.org/D52589
|
| |
|
|
| |
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
| |
Ensure that the fragmentation counters work as expected.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The LastLocalModify tests were originally written to simulate a race
condition between VOP_SETATTR and VOP_LOOKUP. They were later extended
to cover some other VOPs that can affect file size, including VOP_WRITE.
However, the test never correctly simulated the race with VOP_WRITE. So
that test only ever passed by accident. Fix it by always opening the
file with O_DIRECT.
PR: 289237
Reported by: Siva Mahadevan <me@svmhdvn.name>
MFC after: 1 week
|
| |
|
|
| |
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
| |
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
| |
Ensure that we always populate pcksum, not just for TCP/UDP/SCTP/ICMP.
We may end up using it (through pf_change_ap()) if we're doing NAT, so
ensure it's available even if it's sometimes just a dummy variable.
Reported-by: syzbot+3e73a7cba8cb6cd46f90@syzkaller.appspotmail.com
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
