aboutsummaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* ktls_test: Add a require_toe option similar to require_ifnet.John Baldwin2022-08-081-0/+12
| | | | | | This skips tests that send and receive records that do not use TOE TLS. Sponsored by: Chelsio Communications
* tests: add routing tests for switching between same prefixesAlexander V. Chernikov2022-08-074-3/+102
| | | | | Differential Revision: https://reviews.freebsd.org/D36055 MFC after: 2 weeks
* bridge tests: Tests using pft_ping.py require scapyMark Johnston2022-08-041-0/+1
| | | | | MFC after: 1 week Sponsored by: The FreeBSD Foundation
* tests: fix unix_passfd_dgram:rights_creds_payload after be1f485d7d6bAlexander V. Chernikov2022-08-011-5/+3
| | | | | | | | | | | | | | | | | | | | The test was failing due to the assert on lack of MSG_TRUNC flag in the output flags of recvmsg(). The code passed MSG_TRUNC, along with sufficient-size buffer to hold the message to-be-received to the recvmsg(), and expected MSG_TRUNC to be returned as well. This is not exactly correct as a) MSG_TRUNC was not even a supported recvmsg() flag before be1f485d7d6b and b) it violates POSIX, as POSIX states it should be set only "If a message is too long to fit in the supplied buffers,". The test was working before as the kernel copied input flags to the output flags. be1f485d7d6b changed that behaviour to clear MSG_TRUNC if it was present on the input. Fix the test by checking POSIX-defined behaviour. Discussed with: glebius
* sockets: add MSG_TRUNC flag handling for recvfrom()/recvmsg().Alexander V. Chernikov2022-07-302-0/+170
| | | | | | | | | | | | | | | | | | Implement Linux-variant of MSG_TRUNC input flag used in recv(), recvfrom() and recvmsg(). Posix defines MSG_TRUNC as an output flag, indicating packet/datagram truncation. Linux extended it a while (~15+ years) ago to act as input flag, resulting in returning the full packet size regarless of the input buffer size. It's a (relatively) popular pattern to do recvmsg( MSG_PEEK | MSG_TRUNC) to get the packet size, allocate the buffer and issue another call to fetch the packet. In particular, it's popular in userland netlink code, which is the primary driving factor of this change. This commit implements the MSG_TRUNC support for SOCK_DGRAM sockets (udp, unix and all soreceive_generic() users). PR: kern/176322 Reviewed by: pauamma(doc) Differential Revision: https://reviews.freebsd.org/D35909 MFC after: 1 month
* Reap dead code in lio_kqueue_test and aio_kqueue_testAlan Somers2022-07-242-8/+4
| | | | | MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D35358
* Add more aio testsAlan Somers2022-07-241-3/+151
| | | | | | | | | * Add tests for kqueue completion with all file types. * Add a test for kqueue completion with EV_ONESHOT. * Cleanup an unused variable. MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D35359
* if_vlan tests: Test changing vlan IDKristof Provost2022-07-211-0/+11
| | | | | | | | | | We can now change the vlan ID of an if_vlan interface without disassociating it from the parent interface. Test that this works. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D35847
* Implement shared page address randomizationKornel Dulęba2022-07-181-25/+33
| | | | | | | | | | | | | | | | | | | | | It used to be mapped at the top of the UVA. If the randomization is enabled any address above .data section will be randomly chosen and a guard page will be inserted in the shared page default location. The shared page is now mapped in exec_map_stack, instead of exec_new_vmspace. The latter function is called before image activator has a chance to parse ASLR related flags. The KERN_PROC_VM_LAYOUT sysctl was extended to provide shared page address. The feature is enabled by default for 64 bit applications on all architectures. It can be toggled kern.elf64.aslr.shared_page sysctl. Approved by: mw(mentor) Sponsored by: Stormshield Obtained from: Semihalf Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D35349
* Merge fix for zfs readmmap test from CheriBSDDimitry Andric2022-07-151-0/+1
| | | | | | | | | | | | | Merge commit 1737d8397a0 by Brooks Davis: time() is declared in time.h This fixes a -Werror warning from clang 15: tests/sys/cddl/zfs/bin/readmmap.c:97:9: error: call to undeclared function 'time'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration] Obtained from: https://github.com/CTSRD-CHERI/cheribsd/commit/1737d8397a0 MFC after: 3 days
* pf tests: support packet size range in pft_ether.pyKristof Provost2022-07-112-8/+10
| | | | | | | | | | | | | Teach pft_ether.py to send a range of packet sizes. Use this to move the size sweep into Python, removing the repeated Python startup overhead and greatly speeding up the pf.ether.short_pkt test. This should fix test timeouts seen on ci.freebsd.org. While here also extend the range of packet sizes tested, because it adds very little runtime now. Sponsored by: Rubicon Communications, LLC ("Netgate")
* netinet6: fix interface handling for loopback trafficAlexander V. Chernikov2022-07-101-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Currently, processing of IPv6 local traffic is partially broken: link-local connection fails and global unicast connect() takes 3 seconds to complete. This happens due to the combination of multiple factors. IPv6 code passes original interface "origifp" when passing traffic via loopack to retain the scope that is mandatory for the correct hadling of link-local traffic. First problem is that the logic of passing source interface is not working correcly for TCP connections, resulting in passing "origifp" on the first 2 connection attempts and lo0 on the subsequent ones. Second problem is that source address validation logic skips its checks iff the source interface is loopback, which doesn't cover "origifp" case. More detailed description is available at https://reviews.freebsd.org/D35732 Fix the first problem by untangling&simplifying ifp/origifp logic. Fix the second problem by switching source address validation check to using M_LOOP mbuf flag instead of interface type. PR: 265089 Reviewed by: ae, bz(previous version) Differential Revision: https://reviews.freebsd.org/D35732 MFC after: 2 weeks
* netinet6: factor out cached route lookups from selectroute().Alexander V. Chernikov2022-07-081-1/+0
| | | | | | | | | | | | | Currently selectroute() contains two nearly-identical versions of the route lookup logic - one for original destination and another for the case when IPV6_NEXTHOP option was set on the socket. Factor out handling these route lookups in a separation function to improve readability. This change also fixes handling of link-local IPV6_NEXTHOPs. Differential Revision: https://reviews.freebsd.org/D35710 MFC after: 2 weeks
* netinet6: add ip6_output() scope testsAlexander V. Chernikov2022-07-081-0/+106
| | | | Differential Revision: https://reviews.freebsd.org/D35742
* netinet6: add ip6_output() tests.Alexander V. Chernikov2022-07-072-0/+436
| | | | Differential Revision: https://reviews.freebsd.org/D35708
* testing: add ability to specify multi-vnet topologies in the pytest framework.Alexander V. Chernikov2022-07-072-100/+397
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Notable amount of tests related to the packet IO require two VNET jails for proper testing and avoiding side effects for the host system. Additionally, it is often required to run actions in the jails seme-sequentially - waiting for the listener initialisation can be an example of such dependency. This change extends pytest vnet framework to allow defining multi-vnet multi-epair topologies in declarative style, without any need to bother about jail or repair names. All jail creation/teardown, interface creation/teardown and address assignments are handled automatically. Example: TOPOLOGY = { "vnet1": {"ifaces": ["if1", "if2", "if3"]}, "vnet2": {"ifaces": ["if1", "if2", "if3"]}, "if1": {"prefixes6": [("2001:db8:a::1/64", "2001:db8:a::2/64")]}, "if2": {"prefixes6": [("2001:db8:b::1/64", "2001:db8:b::2/64")]}, "if3": {"prefixes6": [("2001:db8:c::1/64", "2001:db8:c::2/64")]}, } def vnet2_handler(self, vnet, obj_map, pipe): ss = VerboseSocketServer("::", self.DEFAULT_PORT) pipe.send("READY") def test_output6_base(self): self.wait_object(second_vnet.pipe) The definitions above will create 2 vnets ("jail_test_output6_base", "jail_test_output6_base_2"), 3 epairs, attached to both first and second jails, set up the IP addresses for each epair, spawn another process for vnet2_handler and pass control to vnet2_handler and test_output6_base. Both processes can pass objects between each other using pre-created pipes. Differential Revision: https://reviews.freebsd.org/D35708
* if_ovpn: deal with short packetsKristof Provost2022-07-051-0/+1
| | | | | | | | | | | | | | | If we receive a UDP packet (directed towards an active OpenVPN socket) which is too short to contain an OpenVPN header ('struct ovpn_wire_header') we wound up making m_copydata() read outside the mbuf, and panicking the machine. Explicitly check that the packet is long enough to copy the data we're interested in. If it's not we will pass the packet to userspace, just like we'd do for an unknown peer. Extend a test case to provoke this situation. Sponsored by: Rubicon Communications, LLC ("Netgate")
* pf: handle dummynet for non-IP packetsKristof Provost2022-07-011-0/+3
| | | | | | | Do not panic if we try to dummynet an Ethernet packet that's not IPv4 or IPv6. Simply give it to dummynet. Sponsored by: Rubicon Communications, LLC ("Netgate")
* if_ovpn tests: IPv4-mapped IPv6 address testKristof Provost2022-07-011-0/+73
| | | | | | | OpenVPN uses IPv4-mapped IPv6 addresses by default (if we don't specify 'proto udp4', or an IPv4 address to bind to). Test that this works. Sponsored by: Rubicon Communications, LLC ("Netgate")
* unix: change error code for recvmsg() failed due to RLIMIT_NOFILEGleb Smirnoff2022-06-291-2/+2
| | | | | | | | | | | | | | | Instead of returning EMSGSIZE pass the error code from fdallocn() directly to userland. That would be EMFILE, which makes much more sense. This error code is not listed in the specification[1], but the specification doesn't cover such edge case at all. Meanwhile the specification lists EMSGSIZE as the error code for invalid value of msg_iovlen, and FreeBSD follows that, see sys_recmsg(). Differentiating these two cases will make a developer/admin life much easier when debugging. [1] https://pubs.opengroup.org/onlinepubs/9699919799/functions/recvmsg.html Reviewed by: markj Differential revision: https://reviews.freebsd.org/D35640
* testing: pass ATF vars to pytest via env instead of arguments.Alexander V. Chernikov2022-06-282-1/+12
| | | | | | | | | | | | | | This change is a continuation of 9c42645a1e4d workaround. Apparently pytest argument parser is not happy when parsing values with spaces or just more than one --atf-var argument. Switch wrapper to send these kv pairs as env variables. Specifically, use _ATF_VAR_key=value format to distinguish from the other vars. Add the `atf_vars` fixture returning all passed kv pairs as a dict. Reviewed by: lwhsu Differential Revision: https://reviews.freebsd.org/D35625 MFC after: 2 weeks
* if_ovpn tests: extend multi_client test with an iroute testKristof Provost2022-06-286-2/+109
| | | | | | | OpenVPN allows us to push routes for client networks with the 'iroute' directive. Test that this works as expected. Sponsored by: Rubicon Communications, LLC ("Netgate")
* if_ovpn tests: test multiple simultaneous clientsKristof Provost2022-06-281-0/+112
| | | | Sponsored by: Rubicon Communications, LLC ("Netgate")
* if_ovpn tests: Test if_ovpn when there's no routeKristof Provost2022-06-281-0/+7
| | | | | | | In client mode (i.e. if there's only one peer) we should be able to route to the correct peer even if the routing table is incorrect. Sponsored by: Rubicon Communications, LLC ("Netgate")
* if_ovpn tests: tunnel with CHACHA20-POLY1305Kristof Provost2022-06-281-0/+74
| | | | Sponsored by: Rubicon Communications, LLC ("Netgate")
* if_ovpn tests: test pf's route-toKristof Provost2022-06-281-0/+90
| | | | | | Ensure that pf's route-to works with if_ovpn. Sponsored by: Rubicon Communications, LLC ("Netgate")
* if_ovpn tests: IPv6 in IPv4 and IPv4 in IPv6 tunnelsKristof Provost2022-06-281-0/+147
| | | | Sponsored by: Rubicon Communications, LLC ("Netgate")
* if_ovpn tests: tunnel over IPv6Kristof Provost2022-06-281-0/+74
| | | | | | Set up a tunnel over IPv6 carrying IPv6 traffic. Sponsored by: Rubicon Communications, LLC ("Netgate")
* if_ovpn tests: timeout on clientsKristof Provost2022-06-281-0/+85
| | | | | | | Test that openvpn (DCO) clients are notified and handle timeout events. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D35091
* if_ovpn tests: basic test caseKristof Provost2022-06-2812-0/+637
| | | | | | | | Set up an OpenVPN tunnel between two jails, send traffic through them to confirm basic function. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D35067
* pf tests: test short packetsKristof Provost2022-06-283-0/+115
| | | | | | | Test sending very short packets (i.e. too short for an IP header) packets in the Ethernet filtering code. Sponsored by: Rubicon Communications, LLC ("Netgate")
* if_bridge tests: test adding interfaces with different MTUKristof Provost2022-06-271-3/+11
| | | | | | | | We now allow new bridge members to be added with a different MTU from the bridge. We change the interface MTU to match the bridge. Test this. PR: 264883
* testing: move atf-pytest-wrapper to /usr/libexecAlexander V. Chernikov2022-06-263-206/+0
| | | | | | | | | | | Move pytest wrapper to the collection of the other atf wrappers in libexec. It solves the problem of combining bits & pieces from bsd.test.mk and bgs.prog.mk to address "test binary, but not the suite binary". Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D35604 MFC after: 2 weeks
* routing: add multipath pytest testsAlexander V. Chernikov2022-06-252-0/+272
| | | | Differential Revision: https://reviews.freebsd.org/D31084
* testing: Add basic atf support to pytest.Alexander V. Chernikov2022-06-2515-1/+1424
| | | | | | | | | | | | | | | | | | | | Implementation consists of the pytest plugin implementing ATF format and a simple C++ wrapper, which reorders the provided arguments from ATF format to the format understandable by pytest. Each test has this wrapper specified after the shebang. When kyua executes the test, wrapper calls pytest, which loads atf plugin, does the work and returns the result. Additionally, a separate python "package", `/usr/tests/atf_python` has been added to collect code that may be useful across different tests. Current limitations: * Opaque metadata passing via X-Name properties. Require some fixtures to write * `-s srcdir` parameter passed by the runner is ignored. * No `atf-c-api(3)` or similar - relying on pytest framework & existing python libraries * No support for `atf_tc_<get|has>_config_var()` & `atf_tc_set_md_var()`. Can be probably implemented with env variables & autoload fixtures Differential Revision: https://reviews.freebsd.org/D31084 Reviewed by: kp, ngie
* tests/unix_passfd: compile SOCK_STREAM and SOCK_DGRAM versionsGleb Smirnoff2022-06-244-13/+53
| | | | | | | | Most test pass identically on different kinds of sockets. However, few edge cases work differently on stream and datagram sockets. We want to exercise this and document. Differential revision: https://reviews.freebsd.org/D35420
* unix/dgram: smart socket buffers for one-to-many socketsGleb Smirnoff2022-06-241-14/+71
| | | | | | | | | | | | | | | | | | | A one-to-many unix/dgram socket is a socket that has been bound with bind(2) and can get multiple connections. A typical example is /var/run/log bound by syslogd(8) and receiving multiple connections from libc syslog(3) API. Until now all of these connections shared the same receive socket buffer of the bound socket. This made the socket vulnerable to overflow attack. See 240d5a9b1ce for a historical attempt to workaround the problem. This commit creates a per-connection socket buffer for every single connected socket and eliminates the problem. The new behavior will optimize seldom writers over frequent writers. See added test case scenarios and code comments for more detailed description of the new behavior. Reviewed by: markj Differential revision: https://reviews.freebsd.org/D35303
* Add tests for TCP_MD5 getsockoptClaudio Jeker2022-06-232-1/+137
| | | | | | | | | | | Add tests for TCP_MD5 getsockopt for ipv6 and ipv4. These will only run when the kernel module is loaded, but will be in place if further regressions are found. Reviewed by: rscheff MFC after: 3 days Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D35532
* Temporarily skip flaky test case: sys.netpfil.common.dummynet.ipfw_queueLi-Wen Hsu2022-06-211-0/+5
| | | | | PR: 264805 Sponsored by: The FreeBSD Foundation
* pf tests: basic 'tagged' test for Ethernet rulesKristof Provost2022-06-201-0/+41
| | | | | Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D35364
* pf tests: basic 'tagged' test for Ethernet rulesKristof Provost2022-06-201-0/+42
| | | | | Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D35363
* Remove PAGE_SIZE from the kcov testsAndrew Turner2022-06-171-33/+106
| | | | | | | To allow for a dynamic page size on arm64 remove the static valud from the kcov tests Sponsored by: The FreeBSD Foundation
* ktls_test: Permit an option to skip tests not using ifnet TLS.John Baldwin2022-06-141-0/+20
| | | | | | | | | | | | | | | | If ktls.require_ifnet is set to true, then check the TLS offload mode for tests sending and receiving records and skip the test if the offload mode is not ifnet mode. This can be used along with ktls.host to run KTLS tests against a NIC supporting ifnet TLS and verify that expected cipher suites and directions used ifnet TLS rather than software TLS. Receive tests may result in a false positive as receive ifnet TLS can use software as a fallback. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D35427
* ktls_test: Permit connecting to a remote echo server for tests.John Baldwin2022-06-141-24/+92
| | | | | | | | | | | | | | | | | | Previously ktls tests always executed over a local socket pair. ktls.host can be set to a host to connect to with a single socket instead. The remote end is expected to echo back any data received (such as the echo service). The port can be set with ktls.port which defaults to "echo". This is primarily useful to permit testing NIC TLS offload use cases where the traffic needs to transit the NIC. Note that the variables must be set via 'kyua -v test_suites.FreeBSD.ktls.host=host'. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D35426
* ktls_test: Add a helper function to close sockets.John Baldwin2022-06-141-15/+15
| | | | | | Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D35425
* unix/*: rewrite unp_internalize() cmsg parsing cycleGleb Smirnoff2022-06-061-9/+28
| | | | | | | | | | | | | | Make it a complex, but a single for(;;) statement. The previous cycle with some loop logic in the beginning and some loop logic at the end was confusing. Both me and markj@ were misleaded to a conclusion that some checks are unnecessary, while they actually were necessary. While here, handle an edge case found by Mark, when on 64-bit platform an incorrect message from userland would underflow length counter, but return without any error. Provide a test case for such message. Reviewed by: markj Differential revision: https://reviews.freebsd.org/D35375
* pf tests: pfsync and route_to test caseThomas Pasqualini2022-06-041-0/+374
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Test pfsync in a more realistic scenario with carp and route_to rules. Build this topology and initiate a single ping session from client to server: ┌──────┐ │client│ └───┬──┘ │ ┌───┴───┐ │bridge0│ └┬─────┬┘ │ │ ┌────────────────┴─┐ ┌─┴────────────────┐ │gw_route_to_master├─┤gw_route_to_backup│ └────────────────┬─┘ └─┬────────────────┘ │ │ ┌┴─────┴┐ │bridge1│ └┬─────┬┘ │ │ ┌────────────────┴─┐ ┌─┴────────────────┐ │gw_reply_to_master├─┤gw_reply_to_backup│ └────────────────┬─┘ └─┬────────────────┘ │ │ ┌┴─────┴┐ │bridge2│ └───┬───┘ │ ┌───┴──┐ │server│ └──────┘ gw* jails forward traffic through pf route-to rules, not fib lookups. If backup_promotion arg is given (as in the pfsync_pbr test case), a carp failover event occurs during the ping session on both gateways. Verify that ping messages still go where we expect them to go. MFC after: 2 weeks Sponsored by: Orange Business Services
* tests/unix_dgram: add test for event dispatchersGleb Smirnoff2022-06-031-6/+98
| | | | | | | | | | | | Put some data into a socket and check that: o select(2) sees readable data o kevent(2) sees data, and correctly sees data size o ioctl(FIONREAD) sees correct size o aio(4) successfully reads the data Repeat the test twice for a connected socket and not-connected. With future implementation these two cases would exercise different code.
* netinet6: fix ndp proxyingKUROSAWA Takahiro2022-05-302-1/+224
| | | | | | | | | | | | | | We could insert proxy NDP entries by the ndp command, but the host with proxy ndp entries had not responded to Neighbor Solicitations. Change the following points for proxy NDP to work as expected: * join solicited-node multicast addresses for proxy NDP entries in order to receive Neighbor Solicitations. * look up proxy NDP entries not on the routing table but on the link-level address table when receiving Neighbor Solicitations. Reviewed By: melifaro Differential Revision: https://reviews.freebsd.org/D35307 MFC after: 2 weeks
* tests: Fix i386 and powerpc buildCy Schubert2022-05-271-1/+1
| | | | | | | | | | | | | | | Fix: tests/sys/kern/unix_passfd_test.c:414:24: error: comparison of integers of different signs: 'int' and 'unsigned int' [-Werror,-Wsign-compare] ATF_REQUIRE(getnfds() == nfds + MAXFDS); ~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~ powerpc.powerpc/tmp/usr/include/atf-c/macros.h:144:15: note: expanded from macro 'ATF_REQUIRE' if (!(expression)) \ ^~~~~~~~~~ 1 error generated. --- unix_passfd_test.o ---
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 15:15:49 +0000