Commit Graph

1362 Commits

Author SHA1 Message Date
John Baldwin
668770dc7d crypto: Test all of the AES-CCM KAT vectors.
Previously, only test vectors which used the default nonce and tag
sizes (12 and 16, respectively) were tested.  This now tests all of
the vectors.  This exposed some additional issues around requests with
an empty payload (which wasn't supported) and an empty AAD (which
falls back to CIOCCRYPT instead of CIOCCRYPTAEAD).

- Make use of the 'ivlen' and 'maclen' fields for CIOGSESSION2 to
  test AES-CCM vectors with non-default nonce and tag lengths.

- Permit requests with an empty payload.

- Permit an input MAC for requests without AAD.

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32121
2021-10-06 14:08:48 -07:00
Alan Somers
f44a448709 fusefs: fix intermittency in the dev_fuse_poll test
The DevFusePoll::access/select test would occasionally segfault.  The
cause was a file descriptor that was shared between two threads.  The
first thread would kill the second and close the file descriptor.  But
it was possible that the second would read the file descriptor before it
shut down.  That did not cause problems for kqueue, poll, or blocking
operation, but it triggered segfaults in select's macros.

MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D32142
2021-10-06 14:28:48 -06:00
Alan Somers
032a5bd55b fusefs: Fix a bug during VOP_STRATEGY when the server changes file size
If the FUSE server tells the kernel that a file's size has changed, then
the kernel must invalidate any portion of that file in cache.  But the
kernel can't do that during VOP_STRATEGY, because the file's buffers are
already locked.  Instead, proceed with the write.

PR:		256937
Reported by:	Agata <chogata@moosefs.pro>
Tested by:	Agata <chogata@moosefs.pro>
MFC after:	2 weeks
Reviewed by:	pfg
Differential Revision: https://reviews.freebsd.org/D32332
2021-10-06 14:07:33 -06:00
Alan Somers
7430017b99 fusefs: fix a recurse-on-non-recursive lockmgr panic
fuse_vnop_bmap needs to know the file's size in order to calculate the
optimum amount of readahead.  If the file's size is unknown, it must ask
the FUSE server.  But if the file's data was previously cached and the
server reports that its size has shrunk, fusefs must invalidate the
cached data.  That's not possible during VOP_BMAP because the buffer
object is already locked.

Fix the panic by not querying the FUSE server for the file's size during
VOP_BMAP if we don't need it.  That's also a a slight performance
optimization.

PR:		256937
Reported by:	Agata <chogata@moosefs.pro>
Tested by:	Agata <chogata@moosefs.pro>
MFC after:	2 weeks
2021-10-06 14:07:33 -06:00
Mark Johnston
69f7649b71 gmultipath tests: Re-enable the failloop test in CI
PR:		258763
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2021-10-04 12:28:27 -04:00
Kyle Evans
2f4dbe279f kqueue: fix recent assertion
NOTE_ABSTIME may also have a zero timeout, which indicates that we
should still fire immediately as an absolute time in the past.  A test
has been added for this one as well.

Fixes:	9c999a259f ("kqueue: don't arbitrarily restrict long-past...")
Point hat:	kevans
Reported by:	syzbot+1c8d1154f560b3930042@syzkaller.appspotmail.com
2021-10-01 13:17:30 -05:00
Kyle Evans
9c999a259f kqueue: don't arbitrarily restrict long-past values for NOTE_ABSTIME
NOTE_ABSTIME values are converted to values relative to boottime in
filt_timervalidate(), and negative values are currently rejected.  We
don't reject times in the past in general, so clamp this up to 0 as
needed such that the timer fires immediately rather than imposing what
looks like an arbitrary restriction.

Another possible scenario is that the system clock had to be adjusted
by ~minutes or ~hours and we have less than that in terms of uptime,
making a reasonable short-timeout suddenly invalid. Firing it is still
a valid choice in this scenario so that applications can at least
expect a consistent behavior.

Reviewed by:	kib, markj
Discussed with:	allanjude
Differential Revision:	https://reviews.freebsd.org/D32230
2021-09-30 21:31:24 -05:00
Kristof Provost
2f20d80692 pf tests: Basic adaptive mode syncookie test
MFC after:	1 week
Sponsored by:	Modirum MDPay
Differential Revision:	https://reviews.freebsd.org/D32139
2021-09-29 15:42:01 +02:00
Kristof Provost
dc0636636b pf tests: Basic syncookie test
MFC after:	1 week
Sponsored by:	Modirum MDPay
Differential Revision:	https://reviews.freebsd.org/D32138
2021-09-29 15:42:01 +02:00
Li-Wen Hsu
0b159faaca
Temporarily skip flaky tset cases under sys.aio.aio_test in CI
- sys.aio.aio_test.vectored_unaligned
- sys.aio.aio_test.vectored_zvol_poll

PR:		258766
Sponsored by:	The FreeBSD Foundation
2021-09-29 03:32:47 +08:00
Li-Wen Hsu
b9b5a4dd59
gmultipath failloop test: Put the dtrace sanity checker in right place
Check if dtrace excution is successful or not right after execution.

Sponsored by:	The FreeBSD Foundation
2021-09-29 02:38:34 +08:00
Li-Wen Hsu
38dac71d0a
Fix typo
Reported by:	swills
Sponsored by:	The FreeBSD Foundation
2021-09-29 02:28:01 +08:00
Li-Wen Hsu
819961c580
Temporarily skip sys.geom.class.multipath.failloop.failloop in CI
This test case uses `dtrace -c` but it has some issues at the moment

While here, add a checker for dtrace executes successfully or not to provide
a more informative error message.

PR:             258763
Sponsored by:   The FreeBSD Foundation
2021-09-29 02:02:27 +08:00
Alan Somers
7124d2bc3a fusefs: implement FUSE_NO_OPEN_SUPPORT and FUSE_NO_OPENDIR_SUPPORT
For file systems that allow it, fusefs will skip FUSE_OPEN,
FUSE_RELEASE, FUSE_OPENDIR, and FUSE_RELEASEDIR operations, a minor
optimization.

MFC after:	2 weeks
Reviewed by:	pfg
Differential Revision: https://reviews.freebsd.org/D32141
2021-09-26 21:57:29 -06:00
Mark Johnston
d7cf1b262f tests/sys/sys: Raise WARNS
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2021-09-24 11:31:53 -04:00
Kristof Provost
ab55fa11b3 netpfil tests: extend dummynet tests to pf
Now that pf can also use dummynet we should extend the existing dummynet
tests to also test it when used with pf.

Reviewed by:	donner
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31905
2021-09-24 11:41:25 +02:00
Nathaniel Wesley Filardo
0321a7990b kqueue: Add EV_KEEPUDATA flag
When this flag is set, operations that update an existing kevent will
not change the udata field.  This can be used to NOTE_TRIGGER or
EV_{EN,DIS}ABLE events without overwriting the stashed pointer.

Reviewed by:	Domagoj Stolfa <domagoj.stolfa@gmail.com>
Obtained from:	CheriBSD
Sponsored by:	Microsoft
Differential Revision:	https://reviews.freebsd.org/D30286
2021-09-23 17:31:39 -07:00
Konstantin Belousov
3fcbde5e88 tests/sys/fs/fusefs/read.cc: fix build on powerpc64
There sig_atomic_t is shorter than void *.
As result, it cannot keep pointer.

Assigning to void * is actually safe for us in a signal handler.

Reviewed by:	asomers
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Fixes:	4f917847c9
Differential revision:	https://reviews.freebsd.org/D32064
2021-09-23 03:51:10 +03:00
Alan Somers
4f917847c9 fusefs: don't panic if FUSE_GETATTR fails durint VOP_GETPAGES
During VOP_GETPAGES, fusefs needs to determine the file's length, which
could require a FUSE_GETATTR operation.  If that fails, it's better to
SIGBUS than panic.

MFC after:	1 week
Sponsored by:	Axcient
Reviewed by: 	markj, kib
Differential Revision: https://reviews.freebsd.org/D31994
2021-09-21 14:01:06 -06:00
Mark Johnston
2bd9826995 vfs: Permit unix sockets to be opened with O_PATH
As with FIFOs, a path descriptor for a unix socket cannot be used with
kevent().

In principle connectat(2) and bindat(2) could be modified to support an
AT_EMPTY_PATH-like mode which operates on the socket referenced by an
O_PATH fd referencing a unix socket.  That would eliminate the path
length limit imposed by sockaddr_un.

Update O_PATH tests.

Reviewed by:	kib
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31970
2021-09-17 14:19:06 -04:00
Mark Johnston
c13f6dd7d2 aio_test: Validate interactions between AIO on sockets and shutdown(2)
Reviewed by:	asomers, jhb
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31976
2021-09-17 14:19:06 -04:00
John Baldwin
cd16a848d1 posixshmtest: Fix various warnings raised by GCC.
- Remove unused format string arguments.

- Remove a set but unused variable.

Reviewed by:	khng, kib
Differential Revision:	https://reviews.freebsd.org/D31946
2021-09-15 09:03:18 -07:00
Alex Richardson
d7d962ead0 Add a test for https://reviews.freebsd.org/D31858 (PR 258310)
This test (based on https://github.com/jiixyj/epoll-shim/pull/32#issuecomment-891276654)
fails reproducibly on QEMU with KVM and `-smp 2` prior to D31858 (committed
as 98168a6e6c) and passes with the patch applied.

Reviewed By:	kib, imp
Differential Revision: https://reviews.freebsd.org/D31862
2021-09-13 10:16:05 +01:00
Mark Johnston
3a0976dea3 lio_test: Specify a mode with O_CREAT
Sponsored by:	The FreeBSD Foundation
2021-09-11 12:59:10 -04:00
Mark Johnston
141fe2dcee aio: Interlock with listen(2)
soo_aio_queue() did not handle the possibility that the provided socket
is a listening socket.  Up until recently, to fix this one would have to
acquire the socket lock first and check, since the socket buffer locks
were destroyed by listen(2).

Now that the socket buffer locks belong to the socket, simply check
SOLISTENING(so) after acquiring them, and make listen(2) return an error
if any AIO jobs are enqueued on the socket.

Add a couple of simple regression test cases.

Note that this fixes things only for the default AIO implementation;
cxgbe(4)'s TCP offload has a separate pru_aio_queue implementation which
requires its own solution.

Reported by:	syzbot+c8aa122fa2c6a4e2a28b@syzkaller.appspotmail.com
Reported by:	syzbot+39af117d43d4f0faf512@syzkaller.appspotmail.com
Reported by:	syzbot+60cceb9569145a0b993b@syzkaller.appspotmail.com
Reported by:	syzbot+2d522c5db87710277ca5@syzkaller.appspotmail.com
Reviewed by:	tuexen, gallatin, jhb
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31901
2021-09-10 17:21:11 -04:00
Kristof Provost
6598cababf pf tests: synproxy to localhost test
Test syn-proxying a connection to the local host.

Sponsored by:	Modirum MDPay
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D31854
2021-09-10 15:16:37 +02:00
Mark Johnston
c4c6615324 path_test: Fix test sorting
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2021-09-08 11:41:19 -04:00
Mark Johnston
8b83b656a5 path_test: Fix the unix socket test
The intent was to specify O_PATH to open(2).

MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2021-09-08 11:41:19 -04:00
Kristof Provost
12184311c1 netpfil tests: IPv6 dummynet queue test
Same as the v4 test, but with IPv6.

MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31789
2021-09-08 17:17:59 +02:00
Kristof Provost
cb6bfef9ca netpfil tests: dummynet queue test
Test prioritisation and dummynet queues.
We need to give the pipe sufficient bandwidth for dummynet to work.
Given that we can't rely on the TCP connection failing alltogether, but
we can measure the effect of dummynet by imposing a time limit on a
larger data transfer.

If TCP is prioritised it'll get most of the pipe bandwidth and easily
manage to transfer the data in 3 seconds or less. When not prioritised
this will not succeed.

MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31788
2021-09-08 17:17:59 +02:00
Kristof Provost
5fda5913e1 dummynet tests: pipe test for IPv6
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31787
2021-09-08 17:17:59 +02:00
Kristof Provost
d491b42535 pf tests: altq:codel_bridge requires if_bridge
Check that the bridge module is loaded before running this test.
It likely will be (as a result of running the bridge tests), but if it's
not we'll get spurious failures.

MFC after:	3 days
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-09-01 16:13:11 +02:00
Dimitry Andric
5a3a8cb01a Silence more gtest warnings, now in fusefs tests
Follow-up d396c67f26 by also silencing warnings about deprecated
implicit copy constructors in the fusefs tests, which use googletest.

Fixes:		d396c67f26
MFC after:	3 days
2021-08-27 23:39:36 +02:00
Alan Somers
f5c6c43d4c Add a regression test for ggatec remote code execution
Tests that ggatec appropriately handles unsupported BIO operations,
rather than overflowing a buffer.

Submitted by:	Johannes Bruelltuete <johannes@jo-t.de>
PR:		213479
Reviewed by:	asomers
Differential Revision: https://reviews.freebsd.org/D31318
2021-08-27 14:52:45 -06:00
Gleb Popov
f8b88be850 tests/sys/acl: Add ATF C test for newly added acl_* functions.
Reviewed by: kib, debdrup, gbe
Approved by: kib
Differential Revision: https://reviews.freebsd.org/D28255
2021-08-27 11:52:21 +03:00
Kristof Provost
062463698e pf tests: Test ALTQ on top of if_bridge
Reviewed by:	donner
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31676
2021-08-26 11:23:45 +02:00
Kristof Provost
cd46399b9c pf tests: ALTQ priority test
Test that ALTQ can prioritise one type of traffic over another. Do this
by establishing a slow link and saturating it with ICMP echos.
When prioritised TCP connections reliably go through. When not
prioritised TCP connections reliably fail.

MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-08-26 11:23:39 +02:00
Kristof Provost
e62175df4e pf tests: test ALTQ CBQ on top of if_vlan
The main purpose of this test is to verify that we can use ALTQ on top
of if_vlan, but while we're here we also exercise the CBQ code. There's
already a basis test for HFSC, so it makes sense to test another
algorithm while we test if_vlan.

Reviewed by:	donner
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31649
2021-08-25 08:57:10 +02:00
Kristof Provost
bbf832f344 pf tests: test killing states by ID
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-08-24 12:54:13 +02:00
Thomas Munro
3904e7966e Fix aio_readv(2), aio_writev(2) with SIGEV_THREAD.
Add missing wrapper code to librt for these new functions so that
SIGEV_THREAD works.  Without machinery to convert it to SIGEV_THREAD_ID,
you got EINVAL.

Reviewed by:    asomers
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D31618
2021-08-22 23:49:23 +12:00
Thomas Munro
f30a1ae8d5 lio_listio(2): Allow LIO_READV and LIO_WRITEV.
Allow multiple vector IOs to be started with one system call.
aio_readv() and aio_writev() already used these opcodes under the
covers.  This commit makes them available to user space.

Being non-standard extensions, they're only visible if __BSD_VISIBLE is
defined, like the functions.

Reviewed by:    asomers, kib
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D31627
2021-08-22 23:00:42 +12:00
Samuel Robinette
0a7d1fc6f6 pf: implement set-tos for IPv6
Extend the existing set-tos keyword to also be able to set traffic class
on IPv6 traffic.
Add tests for this as well.

Reviewed by:	kp
Differential Revision:	https://reviews.freebsd.org/D31564
2021-08-19 10:07:56 +02:00
Cyril Zhang
a85404906b vmm: Add credential to cdev object
Add a credential to the cdev object in sysctl_vmm_create(), then check
that we have the correct credentials in sysctl_vmm_destroy(). This
prevents a process in one jail from opening or destroying the /dev/vmm
file corresponding to a VM in a sibling jail.

Add regression tests.

Reviewed by:	jhb, markj
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31156
2021-08-18 13:41:33 -04:00
Kristof Provost
e86469075c netinet tests: delete an interface with pending lookups
This has been known to trigger panics. It currently doesn't, but we may
as well have a test for it.

MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-08-17 17:01:21 +02:00
Vladimir Kondratyev
14a4d6d013 bitstring(3): Add bitstring traversal macros.
The macro bit_foreach() traverses all set bits in the bitstring in the
forward direction, assigning each location in turn to variable.

The macro bit_foreach_at() traverses all set bits in the bitstring in
the forward direction at or after the zero-based bit index, assigning
each location in turn to variable.

The bit_foreach_unset() and bit_foreach_unset_at() macros which
traverses unset bits are implemented for completeness.

Reviewed by:	asomers, dougm
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D31469
2021-08-16 23:24:05 +03:00
Konstantin Belousov
b42df9dafb Add test for fstatat(pipefd, AT_EMPTY_PATH)
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2021-08-14 14:41:01 +03:00
Alan Somers
825fb07c55 aio: revert the workaround for bug 251828 in the tests
This bug is no longer reproducible in 14.0-CURRENT and 13.0-RELEASE

Do not MFC to stable/12 !

PR:		251828
Reported by:	markj
Reviewed by:	markj
MFC after:	2 weeks
Sponsored by:	Axcient
Differential Revision: https://reviews.freebsd.org/D31535
2021-08-13 18:01:18 -06:00
Ka Ho Ng
454bc887f2 uipc_shm: Implements fspacectl(2) support
This implements fspacectl(2) support on shared memory objects. The
semantic of SPACECTL_DEALLOC is equivalent to clearing the backing
store and free the pages within the affected range. If the call
succeeds, subsequent reads on the affected range return all zero.

tests/sys/posixshm/posixshm_tests.c is expanded to include a
fspacectl(2) functional test.

Sponsored by:	The FreeBSD Foundation
Reviewed by:	kevans, kib
Differential Revision:	https://reviews.freebsd.org/D31490
2021-08-12 23:04:18 +08:00
Ka Ho Ng
0dc332bff2 Add fspacectl(2), vn_deallocate(9) and VOP_DEALLOCATE(9).
fspacectl(2) is a system call to provide space management support to
userspace applications. VOP_DEALLOCATE(9) is a VOP call to perform the
deallocation. vn_deallocate(9) is a public KPI for kmods' use.

The purpose of proposing a new system call, a KPI and a VOP call is to
allow bhyve or other hypervisor monitors to emulate the behavior of SCSI
UNMAP/NVMe DEALLOCATE on a plain file.

fspacectl(2) comprises of cmd and flags parameters to specify the
space management operation to be performed. Currently cmd has to be
SPACECTL_DEALLOC, and flags has to be 0.

fo_fspacectl is added to fileops.
VOP_DEALLOCATE(9) is added as a new VOP call. A trivial implementation
of VOP_DEALLOCATE(9) is provided.

Sponsored by:	The FreeBSD Foundation
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D28347
2021-08-05 23:20:42 +08:00
Alex Richardson
c826e08841 Fix MK_TESTS build with MK_ASAN/MK_UBSAN
Reviewed By:	markj
Differential Revision: https://reviews.freebsd.org/D31049
2021-08-02 14:33:24 +01:00
Kristof Provost
441d15a482 bridge tests: verify that we can't change MTU of bridge member interfaces
Reviewed by:	donner
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31305
2021-07-28 22:03:38 +02:00
Kristof Provost
6e43950640 bridge tests: test changing the bridge MTU
Changing the bridge MTU will now also change all of the member interface
MTUs. Test this.

Reviewed by:	donner
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31289
2021-07-28 22:01:12 +02:00
Kristof Provost
4e860bd5da pf tests: make killstate:match more robust
Only lists the states relevant to the connection we're killing.
Sometimes there are IPv6 related states (due to the usual IPv6
background traffic of router solicitations, DAD, ...) that causes us to
think we failed to kill the state, which in turn caused the test to fail
intermittently.

MFC after:	3 days
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-07-27 15:32:48 +02:00
Kristof Provost
3e87f800f0 net tests: basic test case for bpf(4)'s ability to set vlan pcp
Use dhclient with its 'vlan-pcp' option to set a VLAN PCP value and
verify that it actually gets set.

MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31276
2021-07-26 23:13:31 +02:00
Kristof Provost
4b765ab4cd bridge tests: test linking bridges with a gif tunnel
Fairly basic test case for using gif(4)'s ability to tunnel Ethernet
traffic between bridges.

MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-07-26 23:13:31 +02:00
Eric van Gyzen
9666cda976 aio_md_test: label the md
Add a label to md devices created by this test.  The next time this
test leaks md devices, finding the culprit will be much easier.

Thanks to:	sobomax, for adding labels in r322969
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2021-07-23 09:19:29 -05:00
Eric van Gyzen
ea0e1b19f2 aio_md_test: NUL-terminate result of readlink
readlink does not NUL-terminate the output buffer.  This led to spurious
failures to destroy the md device because the unit number was garbage.
NUL-terminate the output buffer.

Reported by:	ASLR
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2021-07-23 09:19:29 -05:00
Eric van Gyzen
c6f92e64b6 aio_md_test: fix cleanup
ATF cleanup functions cannot use functions such as ATF_REQUIRE
and atf_tc_fail.  These functions assert that a test case is
currently running, which is not true during cleanup, so the
process aborts.  Change the cleanup function to simply print
to stderr and return.

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2021-07-23 09:19:28 -05:00
Kristof Provost
27ab791a55 pf tests: ensure syncookie does not create state
Test that with syncookies enabled pf does not create state for
connections before the remote peer has replied to the SYN|ACK message.

MFC after:	1 week
Sponsored by:	Modirum MDPay
Differential Revision:	https://reviews.freebsd.org/D31142
2021-07-20 10:36:14 +02:00
Kristof Provost
3be9301a7e pf tests: Forwarding syncookie test
Test syncookies on a forwarding host. That is, in a setup where the
machine (or vnet) running pf is not the same as the machine (or vnet)
running the server it's protecting.

MFC after:	1 week
Sponsored by:	Modirum MDPay
Differential Revision:	https://reviews.freebsd.org/D31141
2021-07-20 10:36:14 +02:00
Kristof Provost
f808bb9b7e pf tests: test locally originated connections with route-to
PR:		257106
Submitted by:	Mark Cammidge <mark@peralex.com>
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D31178
2021-07-17 14:28:08 +02:00
Kristof Provost
d363ebc78c pf tests: Test the match keyword
The new match keyword can currently only assign queues, so we can only
test it with ALTQ.
Set up a basic scenario where we use 'match' to assign ICMP traffic to a
slow queue, and confirm that it's really getting slowed down.

MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31116
2021-07-17 12:01:08 +02:00
Mark Johnston
2e5f615295 lio_listio: Don't post a completion notification if none was requested
One is allowed to use LIO_NOWAIT without specifying a sigevent.  In this
case, lj->lioj_signal is left uninitialized, but several code paths
examine liov_signal.sigev_notify to figure out which notification to
post.  Unconditionally initialize that field to SIGEV_NONE.

Add a dumb test case which triggers the bug.

Reported by:	KMSAN+syzkaller
Reviewed by:	asomers
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31197
2021-07-15 22:41:10 -04:00
Ed Maste
c9144ec14d Skip netgraph tests when WITHOUT_NETGRAPH is set
PR:		256986
Reported by:	John Marshall
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2021-07-06 09:45:34 -04:00
Lutz Donnerhacke
b3dc6f137b tests/libalias: Bugfix in used variables
Fix two copy and waste errors (referencing the wrong variable).

MFC after:	3 days
2021-07-03 00:31:54 +02:00
Kristof Provost
d8d43b2de1 pf tests: Stress state retrieval
Create and retrieve 20.000 states. There have been issues with nvlists
causing very slow state retrieval. We don't impose a specific limit on
the time required to retrieve the states, but do log it. In excessive
cases the Kyua timeout will fail this test.

Reviewed by:	donner
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30943
2021-07-02 14:46:32 +02:00
Kristof Provost
dd82fd3543 pf tests: ftp-proxy test
Basic test case for ftp-proxy

PR:		256917
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-07-01 21:34:40 +02:00
Alan Somers
18b19f8c6e fusefs: correctly set lock owner during FUSE_SETLK
During FUSE_SETLK, the owner field should uniquely identify the calling
process.  The fusefs module now sets it to the process's pid.
Previously, it expected the calling process to set it directly, which
was wrong.

libfuse also apparently expects the owner field to be set during
FUSE_GETLK, though I'm not sure why.

PR:		256005
Reported by:	Agata <chogata@moosefs.pro>
MFC after:	2 weeks
Reviewed by:	pfg
Differential Revision: https://reviews.freebsd.org/D30622
2021-06-25 20:40:08 -06:00
Alan Somers
5403f2c163 fusefs: ensure that FUSE ops' headers' unique values are actually unique
Every FUSE operation has a unique value in its header.  As the name
implies, these values are supposed to be unique among all outstanding
operations.  And since FUSE_INTERRUPT is asynchronous and racy, it is
desirable that the unique values be unique among all operations that are
"close in time".

Ensure that they are actually unique by incrementing them whenever we
reuse a fuse_dispatcher object, for example during fsync, write, and
listextattr.

PR:		244686
MFC after:	2 weeks
Reviewed by:	pfg
Differential Revision: https://reviews.freebsd.org/D30810
2021-06-19 14:45:29 -06:00
Alan Somers
77b040c993 fusefs: also debug INIT operations in the test suite
MFC after:	2 weeks
Reviewed by:	pfg
2021-06-19 14:45:21 -06:00
Alan Somers
7b8622fa22 fusefs: support EVFILT_WRITE on /dev/fuse
/dev/fuse is always ready for writing, so it's kind of dumb to poll it.
But some applications do it anyway.  Better to return ready than EINVAL.

MFC after:	2 weeks
Reviewed by:	emaste, pfg
Differential Revision: https://reviews.freebsd.org/D30784
2021-06-16 13:34:14 -06:00
Mark Johnston
86461b646d gconcat: Add some simple regression tests for the new append verb
Sponsored by:	The FreeBSD Foundation
2021-06-14 17:31:28 -04:00
Lutz Donnerhacke
43e4821315 tests/netgraph: Check for PR241954
Add tests to check for renaming issues reported in PR241954 and solved
in D30110.

MFC:	Together with D30629
Differential Revision: https://reviews.freebsd.org/D30713
2021-06-13 22:29:56 +02:00
Lutz Donnerhacke
0afa9be039 tests/netgraph: Missed fixup after D30699
During D30699 the existing basic tests were missed.  Furthermore
debugging output was still in the code, which is removed now.

MFC:	together with D30699
Differential Revision: https://reviews.freebsd.org/D30714
2021-06-13 22:16:52 +02:00
Brad Davis
ab6d05336c tests/sys/netpfil: Move common tests out from behind MK_PF.
Approved by:	kp
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-06-10 17:56:01 -06:00
Lutz Donnerhacke
6b08e68be1 tests/netgraph: Tests for ng_vlan_rotate
Test functionality of ng_vlan_rotate(4):
 - Rotate 1 to 9 stagged vlans in any possible direction and length
 - Rotate random combinations of ethertypes (8100, 88a8, 9100)
 - Automatic reverse rotating for backward data flow
 - Test too many and to few vlans

Reviewed by:	kp (earlier version)
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30670
2021-06-09 13:45:37 +02:00
Lutz Donnerhacke
7863faa78a tests/netgraph: Tests for ng_hub
Test functionality of ng_hub(4):
 - replicting traffic to anything but the sending hook
 - persistence
 - an unrestricted loop
 - implementation limits with many hooks.

Reviewed by:	kp
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30633
2021-06-09 13:36:23 +02:00
Lutz Donnerhacke
5554abd9cc tests/netgraph: Factor out univeral data counter functions
Factor out the data counter helpers for other tests to use.

Reviewed by:	kp
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30699
2021-06-09 13:32:22 +02:00
Lutz Donnerhacke
a664ade939 tests/netgraph: Fix style
Indent all files correctly

MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30692
2021-06-09 13:31:16 +02:00
Lutz Donnerhacke
9021c46603 tests/netgraph: Attribute errors to the caller
Errors raised in the common util functions should raise the location
of their caller to be useful and include the errno description.

Reviewed by:	kp
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30671
2021-06-08 19:23:50 +02:00
Lutz Donnerhacke
6181470239 tests/netgraph: Tests for ng_bridge
Test functionality of ng_bridge(4):
 - replicating traffic to anything but the sending hook
 - persistence
 - detect loops
 - unicast to only one link of many
 - stretch to implementation limits on broadcast

Reviewed by:	kp
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30647
2021-06-08 13:27:23 +02:00
Lutz Donnerhacke
09307dbfb8 tests/netgraph: Allow receiving answers to messages
Add msg_handler in order to receive messages from netgraph nodes to be
tested.

Reviewed by:	kp
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30657
2021-06-08 12:49:04 +02:00
Lutz Donnerhacke
24ea1dbf25 tests/netgraph: Inital framework for testing libnetgraph
Provide a framework of functions to test various netgraph modules.
Tests contain:
 - creating, renaming, and destroying nodes
 - connecting and removing hooks
 - sending and receiving data
 - sending ASCII messages
 - errors can be passed for indiviual inspection or fail the test

Reviewed by:	kp
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30629
2021-06-04 15:17:54 +02:00
Kristof Provost
70dd30d49c pf tests: Make killstate:match more robust
The killstate:match test starts nc as a background process. There was no
guarantee that the nc process would have connected by the time we check
for states, so this test occasionally failed without good reason.

Teach the test to wait for at least some states to turn up before
executing the critical checks.

MFC after:	3 days
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-06-03 15:22:19 +02:00
Kristof Provost
ea3eca5cb6 netpfil tests: Basic dummynet pipe test
Test dummynet pipes (i.e. bandwidth limitation) with ipfw. This is put
in the common tests because we hope to add dummynet support to pf in the
near future.

MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30380
2021-06-03 09:02:58 +02:00
Alan Somers
425bbe9e64 fusefs: reenable the WriteCluster.cluster_write_err test
The underlying panic was just fixed by
revision 27006229f7

PR:		238565
MFC after:	1 week
MFC with:	27006229f7
2021-05-30 16:51:56 -06:00
Lutz Donnerhacke
5434ebd256 tests/libalias: Measure cleanup time separatly
After long test runs, a lot of ressouces can be allocated.  Freeing
them takes a considerable amount of time.
2021-05-28 17:29:10 +02:00
Lutz Donnerhacke
f4c460dacd tests/libalias: Fix build error due to wrong prototype 2021-05-26 21:59:12 +02:00
Lutz Donnerhacke
fef99da69f tests/libalias: Add missing prototype to fix build error 2021-05-26 19:39:06 +02:00
Lutz Donnerhacke
d62e1ecba0 tests/libalias: Add port forwardings
Add port forwardings to the performance tests.  This will cause random
incoming packets to match the random port forwardings opends beforehand.

MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30443
2021-05-26 16:34:22 +02:00
Lutz Donnerhacke
6e87898a2c tests/libalias: Improve testing
gettimeofday(3) is almost as expensive as the calls to libalias.
So the call frequency for this call is reduced by a factor of 1000 in
order to neglect it's influence.

Using NAT entries became more realistic: A communication of a random
length of up to 150 packets (10% outgoing, 90% incoming) is applied
for each entry.

Precision of the execution time is raised to see the trends better.

Reviewed by:	kp
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30405
2021-05-26 16:26:44 +02:00
Lutz Donnerhacke
755bab6d55 tests/libalias: Test LibAliasIn on redirection
Extend the test suite for libalias(3) to incoming connections.
Test the various types of redirections.

MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30408
2021-05-26 16:19:24 +02:00
Lutz Donnerhacke
f1462ab051 tests/libalias: Factor out common primitives
Rework the tests to check the correct layer in a single test.
Factor out tests for reuse in other modules.

MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30412
2021-05-26 16:16:07 +02:00
Kristof Provost
9d0bc96ef8 pf tests: Only log critical errors from scapy
See a26e895f3d. Silence these new tests as
well.

MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-05-26 13:18:47 +02:00
Kristof Provost
d39d5ee2d6 pf tests: Test cases for fragment reassembly
Obtained from:	Alexander Bluhm, OpenBSD
2021-05-25 15:26:27 +02:00
Lutz Donnerhacke
7b8696bf12 tests/libalias: Add missing copyright statements 2021-05-24 21:56:05 +02:00
Lutz Donnerhacke
a660948b7b tests/libalias: Reduce stress
Due to the new, external performance test utility, the regular test
suite can reduce the stress test to a fair amount of activity.

MFC after:	1 week
2021-05-23 22:48:28 +02:00
Lutz Donnerhacke
ccac04cae5 test/libalias: Fix build errors on various platforms
struct timeval has an unspecified integral type, which needs to be
canonfied before beeing usable by printf(3).
2021-05-23 14:43:00 +02:00
Lutz Donnerhacke
33c1bdfc3e tests/libalias: Add perfomance test utility
In order to compare upcoming changes for their effectivness, measure
performance by counting opertions and the runtime of each operation
over the time.  Accumulate all tests in a single instance, so make it
complicated over the time.  If you wait long enough, you will notice
the expiry of old flows.

Reviewed by:	kp (earlier version)
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30379
2021-05-22 23:45:42 +02:00
Lutz Donnerhacke
c1fbb54f4b test/libalias: Tests for outgoing NAT
Testing LibAliasOut functionality. This concentrates the typical use
case of initiating data transfers from the inside.  Provide a
exhaustive test for the data structure in order to check for
performance improvements.

Reviewed by:	kp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D30335
2021-05-21 11:45:52 +02:00
Kristof Provost
7bd7933f9a pf tests: Test the ability to kill floating states by interface
Reviewed by:	eri
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30247
2021-05-20 12:49:27 +02:00
Lutz Donnerhacke
7fd8baee75 test/libalias: Tests for instantiation
In order to modify libalias for performance, the existing
functionality must not change.  Enforce this.

Reviewed by:	kp
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D30307
2021-05-18 22:15:39 +02:00
Kristof Provost
45db385545 pf tests: More set skip on <ifgroup> tests
Test the specific case reported in PR 255852. Clearing the skip flag
on groups was broken because pfctl couldn't work out if a kif was a
group or not, because the kernel no longer set the pfik_group pointer.

PR:		255852
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D30285
2021-05-17 13:48:06 +02:00
Kristof Provost
a26e895f3d tests: Only log critical errors from scapy
Since 2.4.5 scapy started issuing warnings about a few different
configurations during our tests. These are harmless, but they generate
stderr output, which upsets atf_check.

Configure scapy to only log critical errors (and thus not warnings) to
fix these tests.

MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-05-12 20:54:30 +02:00
Kristof Provost
80430c15ca netinet6 tests: Fix Python warning
Python 3.8 warns about line 112:
    'SyntaxWarning: "is" with a literal. Did you mean "=="?'

Use '==' as Python suggests.

MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-05-11 17:10:42 +02:00
Kristof Provost
ac200a9c38 pf tests: Test killing matching states
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30093
2021-05-07 22:13:31 +02:00
Kristof Provost
c2e11d81d2 pf tests: Test killing states by gateway
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30059
2021-05-07 22:13:31 +02:00
Warner Losh
42f3faa762 cdefs.h: Remove __GNUCLIKE___OFFSETOF, it's unused
__GNUCLIKE___OFFSETOF is unreferenced in the tree, remove it as long
obsolete.

Sponsored by:		Netflix
2021-05-06 16:34:55 -06:00
Alan Somers
420dbe763f gmultipath: make physpath distinct from the underlying providers'
zfsd uses a device's physical path attribute to automatically replace a
missing ZFS disk when a blank disk is inserted into the same physical
slot.  Currently gmultipath passes through its underlying providers'
physical path attribute.  That may cause zfsd to replace a missing
gmultipath provider with a newly arrived, single-path disk.  That would
be bad.

This commit fixes that problem by simply appending "/mp" to the
underlying providers' physical path, in a manner similar to what geli
already does.

Sponsored by:	Axcient
MFC after:	3 weeks
Differential Revision: https://reviews.freebsd.org/D29941
2021-05-06 12:32:27 -06:00
Mark Johnston
b59851e99c path_test: Add a few new test cases
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2021-05-04 08:56:31 -04:00
Kristof Provost
388c0cde10 pf tests: Test scrub fragment reassemble on interfaces with different MTU
There's a problem with pf's reassembly code where it produces incorrect
checksums when reassembling across interfaces with different MTUs.
Test this.

PR:		255432
Reviewed by:	donner
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30013
2021-04-30 08:19:47 +02:00
Thomas Munro
3aaaa2efde poll(2): Add POLLRDHUP.
Teach poll(2) to support Linux-style POLLRDHUP events for sockets, if
requested.  Triggered when the remote peer shuts down writing or closes
its end.

Reviewed by:	kib
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D29757
2021-04-28 23:00:31 +12:00
Kristof Provost
daa5350d0e pf tests: Test using '<ifgroup>:network' in tables
MFC after:	1 week
2021-04-27 09:05:14 +02:00
Kristof Provost
08d7730821 pf tests: Test automatically generated tables
Add a test case where the pfctl optimizer will generate a table
automatically. These tables have long names, which we accidentally broke
in the nvlist ADDRULE ioctl.

Reviewed by:	melifaro
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29989
2021-04-26 18:08:15 +02:00
Kristof Provost
5632f58535 pf tests: Test killing states with multiple labels
Now that we support having multiple labels on a rule ensure that we can
use each rule label to kill states.

MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29938
2021-04-26 14:14:21 +02:00
Alexander V. Chernikov
bddae5c8a6 Improve debugging output on routing tests failure.
Most of the routing tests create per-test VNET, making
 it harder to repeat the failure with CLI tools.
Provide an additional route/nexthop data on failure.

Differential Revision: https://reviews.freebsd.org/D29957
Reviewed by:	kp
MFC after:	2 weeks
2021-04-24 22:41:27 +00:00
Alex Richardson
694407528f Correctly skip rtsock_l3 test when if_epair is not available
This logic was accidentally changed in 67f2f67fc8

Reported By:	olivier
X-MFC-With:	67f2f67fc8
Tested By:	kp
Reviewed By:	kp, melifaro
Fixes:		67f2f67fc8 ("Update rtsock_l3 test after 2fe5a79425c7")
Differential Revision: https://reviews.freebsd.org/D29944
2021-04-23 11:28:26 +01:00
Alex Richardson
67f2f67fc8 Update rtsock_l3 test after 2fe5a79425
Two of these tests now pass. Looking at Jenkins to find the first commit
where this behaviour changed indicates that
2fe5a79425 is the most likely cause.

Reviewed By:	melifaro
Differential Revision: https://reviews.freebsd.org/D28886
2021-04-21 10:58:34 +01:00
Kristof Provost
9af2317423 pf tests: IPv6 test case for the 'kill state(s)' feature
Reviewed by:	donner
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29797
2021-04-20 09:30:39 +02:00
Kristof Provost
065b5c7fb2 pf tests: Test cases for the 'kill state(s)' feature
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29796
2021-04-20 09:30:27 +02:00
Alexander V. Chernikov
37c0f4a207 Fix typo in rtsock_common.h
MFC after:	3 days
2021-04-19 20:24:46 +00:00
Kristof Provost
e14d56f370 pf tests: Test set keepcounters
MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29781
2021-04-19 14:31:47 +02:00
Kristof Provost
4ae3a97e12 bridge tests: Test STP config BPDU validation
PR:		254924
Reviewed by:	donner
Differential Revision:	https://reviews.freebsd.org/D29783
2021-04-19 12:09:35 +02:00
Mark Johnston
3a248c8441 Add some regression tests for O_PATH and AT_EMPTY_PATH
Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29719
2021-04-15 09:40:57 -04:00
Kristof Provost
112f007e12 pf tests: Test clearing rules counters
This was briefly broken, so ensure that we can read and clear rules
counters.

MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29728
2021-04-14 13:33:02 +02:00
Kurosawa Takahiro
2aa21096c7 pf: Implement the NAT source port selection of MAP-E Customer Edge
MAP-E (RFC 7597) requires special care for selecting source ports
in NAT operation on the Customer Edge because a part of bits of the port
numbers are used by the Border Relay to distinguish another side of the
IPv4-over-IPv6 tunnel.

PR:		254577
Reviewed by:	kp
Differential Revision:	https://reviews.freebsd.org/D29468
2021-04-13 10:53:18 +02:00
Ryan Libby
13d4f96130 shared shadow vm object invalidation regression test
Add a regression test for a scenario where a shadow vm object is shared
by multiple mappings.  If a page COW occurs through one of the mappings,
then the virtual-to-physical mapping may become invalidated.

This tests the scenario from CVE-2021-29626 which was fixed by
982693bb72.

Reviewed by:	markj
Sponsored by:	Dell EMC Isilon
2021-04-07 12:39:05 -07:00
Kristof Provost
f37667e235 pf tests: Test multi-wan rdr
This replicates an issue observed on pfSense: https://redmine.pfsense.org/issues/11436

In essence, reply-to is needed to ensure that connections always leave
the WAN interface they came in on, but this confused the state tracking.

MFC after:	2 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-04-07 17:03:20 +02:00
Kurosawa Takahiro
5a5623397c pf tests: make synproxy and nat work correctly even if inetd is running
tests/sys/netfil/pf/synproxy fails if inetd has been running
outside of the jail because pidfile_open() fails with EEXIST.
tests/sys/netfil/pf/nat has the same problem but the test succeeds
because whether inetd is running is not so important.

Fix the problem by changing the pidfile path from the default
location.

Reviewed by:	kp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D29622
2021-04-07 13:05:23 +02:00
Alex Richardson
83532eb68c tests/sys/net/routing: XFAIL the two failing tests
They have been failing for 1.5 months and the patch to fix them is stuck
in review so mark them as XFAIL for now to get Jenkins back to green.

To be reverted when https://reviews.freebsd.org/D28886 (or similar) is
commited.

Reviewed By:	kp
MFC after:	3 days
Differential Revision: https://reviews.freebsd.org/D29528
2021-04-07 10:34:22 +01:00
Vincenzo Maffione
36d6e65722 netmap: update unit tests with libnetmap tests 2021-04-02 14:39:30 +00:00
Vincenzo Maffione
45c67e8f6b netmap: several typo fixes
No functional changes intended.
2021-04-02 07:01:20 +00:00
Alex Richardson
6f30d1c851 ng_macfilter_test: Skip rather than fail if there is no network
This should bring the number of Jenkins failures from 4 down to 3.
Locally kyua now prints `skipped: could not find a valid interface  [0.115s]`
when I run it in QEMU without a network device.

Reviewed By:	lwhsu
MFC after:	3 days
Differential Revision: https://reviews.freebsd.org/D29414
2021-03-25 11:16:12 +00:00
Alex Richardson
aa05775ef0 tests/sys/net/if_lagg_test: Fix syntax error
Fixes:	ee231b27ff ("Also skip sys/net/if_lagg_test:witness on non-i386")
2021-03-22 11:55:06 +00:00
Alex Richardson
ee231b27ff Also skip sys/net/if_lagg_test:witness on non-i386
The LOR also happens on amd64 and other architectures. Ideally we would
fix this. However, in order to get Jenkins green again to catch real
regressions, we should skip this test for now.

PR:		251726
Reviewed By:	lwhsu
Differential Revision: https://reviews.freebsd.org/D29341
2021-03-19 18:35:06 +00:00
Alex Richardson
7dd1f932c1 tests/sys/netgraph: Further CI fixes
I was trying to debug why this test is working locally but failing in CI.
While doing so I made some small changes to allow running it with set -e.

It turns out the problem is that find_iface does not return anything in
Jenkins, so all following tests fail with obscure error messages.
To handle this case exit early if $eth is empty.

Reviewed By:	lwhsu
Differential Revision: https://reviews.freebsd.org/D29340
2021-03-19 18:34:30 +00:00
Alan Somers
929acdb19a fusefs: fix two bugs regarding fcntl file locks
1) F_SETLKW (blocking) operations would be sent to the FUSE server as
   F_SETLK (non-blocking).

2) Release operations, F_SETLK with lk_type = F_UNLCK, would simply
   return EINVAL.

PR:		253500
Reported by:	John Millikin <jmillikin@gmail.com>
MFC after:	2 weeks
2021-03-18 17:09:10 -06:00
Alex Richardson
6ceacebdf5 Unbreak MSG_CMSG_CLOEXEC
MSG_CMSG_CLOEXEC has not been working since 2015 (SVN r284380) because
_finstall expects O_CLOEXEC and not UF_EXCLOSE as the flags argument.
This was probably not noticed because we don't have a test for this flag
so this commit adds one. I found this problem because one of the
libwayland tests was failing.

Fixes:		ea31808c3b ("fd: move out actual fp installation to _finstall")
MFC after:	3 days
Reviewed By:	mjg, kib
Differential Revision: https://reviews.freebsd.org/D29328
2021-03-18 20:52:20 +00:00
Kristof Provost
8ad7d25dfc pf tests: pfsync bulk update test
Test that pfsync works as expected with bulk updates. That is, create
some state before setting up the second firewall. Let that firewall
request a bulk update so it can catch up, and check that it got the
state which was created before it enable pfsync.

PR:		254236
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D29272
2021-03-17 19:18:14 +01:00
Kyle Evans
f187d6dfbf base: remove if_wg(4) and associated utilities, manpage
After length decisions, we've decided that the if_wg(4) driver and
related work is not yet ready to live in the tree.  This driver has
larger security implications than many, and thus will be held to
more scrutiny than other drivers.

Please also see the related message sent to the freebsd-hackers@
and freebsd-arch@ lists by Kyle Evans <kevans@FreeBSD.org> on
2021/03/16, with the subject line "Removing WireGuard Support From Base"
for additional context.
2021-03-17 09:14:48 -05:00
Kyle Evans
e277a507d8 tests: netinet: add missing up from local change 2021-03-15 00:24:54 -05:00
Kyle Evans
74ae3f3e33 if_wg: import latest fixup work from the wireguard-freebsd project
This is the culmination of about a week of work from three developers to
fix a number of functional and security issues.  This patch consists of
work done by the following folks:

- Jason A. Donenfeld <Jason@zx2c4.com>
- Matt Dunwoodie <ncon@noconroy.net>
- Kyle Evans <kevans@FreeBSD.org>

Notable changes include:
- Packets are now correctly staged for processing once the handshake has
  completed, resulting in less packet loss in the interim.
- Various race conditions have been resolved, particularly w.r.t. socket
  and packet lifetime (panics)
- Various tests have been added to assure correct functionality and
  tooling conformance
- Many security issues have been addressed
- if_wg now maintains jail-friendly semantics: sockets are created in
  the interface's home vnet so that it can act as the sole network
  connection for a jail
- if_wg no longer fails to remove peer allowed-ips of 0.0.0.0/0
- if_wg now exports via ioctl a format that is future proof and
  complete.  It is additionally supported by the upstream
  wireguard-tools (which we plan to merge in to base soon)
- if_wg now conforms to the WireGuard protocol and is more closely
  aligned with security auditing guidelines

Note that the driver has been rebased away from using iflib.  iflib
poses a number of challenges for a cloned device trying to operate in a
vnet that are non-trivial to solve and adds complexity to the
implementation for little gain.

The crypto implementation that was previously added to the tree was a
super complex integration of what previously appeared in an old out of
tree Linux module, which has been reduced to crypto.c containing simple
boring reference implementations.  This is part of a near-to-mid term
goal to work with FreeBSD kernel crypto folks and take advantage of or
improve accelerated crypto already offered elsewhere.

There's additional test suite effort underway out-of-tree taking
advantage of the aforementioned jail-friendly semantics to test a number
of real-world topologies, based on netns.sh.

Also note that this is still a work in progress; work going further will
be much smaller in nature.

MFC after:	1 month (maybe)
2021-03-14 23:52:04 -05:00
Alex Richardson
65f4ff4e68 tests/sys/netgraph/ng_macfilter_test: Fix invalid TAP output
This should allow the test to pass in Jenkins. Testing it locally now
reports "passed" instead of "invalid TAP data".

While touching this file also fix some shellcheck warnings that were
pointed out by my IDE.

Reviewed By:	lwhsu, afedorov
Differential Revision: https://reviews.freebsd.org/D29054
2021-03-12 17:35:26 +00:00
Alex Richardson
0b86424c31 tests/sys/cddl: correctly quote atf_set "require.progs"
The argument has to be a single whitespace-separate value. While touching
all these lines also add ksh93, since `atf_set "require.progs"` overrides
the default value specified in the Kyuafile. This then results in tests
being executed despite ksh93 not being installed.

Reviewed By:	asomers
Differential Revision: https://reviews.freebsd.org/D29066
2021-03-08 09:38:27 +00:00
Kristof Provost
9d3b2bcf76 pf tests: Test tos/dscp matching
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29078
2021-03-06 10:08:44 +01:00
Alex Richardson
1fcbddec14 Fix GCC build of ptrace_test after 96a9e50e63
It seems like GCC's -Wsign-compare is stricter and also warns for
constants. Appease GCC by adding the required casts.

Fixes:		96a9e50e63 ("ptrace_test: Add more debug output on test failures")
Reported by:	Jenkins CI
2021-03-03 11:22:43 +00:00
Alex Richardson
c97304110a tests/sys/audit: add missing comma delimiter between fields
This makes the `kyua report --verbose` output a lot easier to parse when
looking at failed tests. It also fixes the closefrom() test since I
tested my changes with this commit but forgot to push it together with
fa32350347.

Fixes:		fa32350347 ("close_range: add audit support")
2021-03-02 18:37:12 +00:00
Alex Richardson
53a535c1d8 Simplify the capsicum-test wrapper script
Instead of running tests one-by-one with the shell wrapper we now run
the full gtest testsuite twice (once as root, once as non root). This
significantly speeds up running tests despite running them twice.
This change also passes the missing -u flag to capsicum-test that caused
test failures (https://bugs.freebsd.org/250178)

Previously, running the testsuite with the wrapper script took ~3s per
test on aarch64 QEMU, i.e. a total of almost 5 minutes.
Now it takes 6 seconds to run all tests twice.

Before:
root@freebsd-aarch64:/usr/tests/sys/capsicum # /usr/bin/time kyua test functional
94/96 passed (2 failed)
      309.97 real        58.46 user       244.31 sys

After:
root@freebsd-aarch64:/usr/tests/sys/capsicum # /usr/bin/time kyua test functional
functional:test_root  ->  passed  [2.659s]
functional:test_unprivileged  ->  passed  [2.391s]
2/2 passed (0 failed)
        5.48 real         1.06 user         2.52 sys

This overhead is caused by kyua + atf-sh spawning lots of additional
processes and can be avoided by just running the googletest test binary.
syscall                     seconds   calls  errors
fork                   39.810229456    1275       0
sigprocmask            13.546928736     572       0

i.e. 1275 processes spawned to run a single test.

Test Plan:	All tests pass with D28907.
PR:		250178
Reviewed By:	lwhsu
Differential Revision: https://reviews.freebsd.org/D29014
2021-03-02 18:27:36 +00:00
Alex Richardson
955a3f9ad5 Update capsicum-test to git commit f4d97414d48b8f8356b971ab9f45dc5c70d53c40
This includes various fixes that I submitted recently such as updating the
pdkill() tests for the actual implemented behaviour
(https://github.com/google/capsicum-test/pull/53) and lots of changes to
avoid calling sleep() and replacing it with reliable synchronization
(pull requests 49,51,52,53,54). This should make the testsuite more reliable
when running on Jenkins. Additionally, process status is now retrieved using
libprocstat instead of running `ps` and parsing the output
(https://github.com/google/capsicum-test/pull/50). This fixes one previously
failing test and speeds up execution.

Overall, this update reduces the total runtime from ~60s to about 4-5 seconds.
2021-03-02 16:38:05 +00:00
Alex Richardson
17cc20092c Fix ptrace_test:ptrace__syscall_args after ATF upgrade
ATF now opens the results file (without CLOEXEC), so the child actually
has a valid file descriptor 3. To fix this simply use a large number that
will definitely not be a valid file descriptor.

Reviewed by:	jhb, cem, lwhsu
Differential Revision: https://reviews.freebsd.org/D28889
2021-03-01 19:56:05 +00:00
Alex Richardson
1032131464 Remove atf_tc_skip calls from ptrace_test
I've run these tests many times in a loop on multiple architectures and
it works reliably for me, maybe it's time to retire these skips?
This also adds an additional waitpid to one of the tests to avoid
a potential race condition (suggested by markj@).

PR:		239397, 244056, 239425, 240510, 220841, 243605
Reviewed By:	markj
Differential Revision: https://reviews.freebsd.org/D28888
2021-03-01 19:56:05 +00:00
Alex Richardson
96a9e50e63 ptrace_test: Add more debug output on test failures
Mostly automatic, using
`CHILD_REQUIRE\(([^|&\n]*) ==` -> `CHILD_REQUIRE_EQ_INT($1,`
`ATF_REQUIRE\(([^|&\n]*) ==` -> `REQUIRE_EQ_INT($1,` followed by
git-clang-format -f and then manually checking ones that contain ||/&&.

Test Plan:
Still getting the same failure but now it prints
`psr.sr_error (0) == EBADF (9) not met` instead of just failing
without printing the values.

PR:		243605
Reviewed By:	jhb
Differential Revision: https://reviews.freebsd.org/D28887
2021-03-01 19:55:43 +00:00
Alex Richardson
98202829d1 tests/sys/netpfil/pf: Add missing python3 requirements
This also fixes a typo in the dup test that caused the head function to
not be called. On my test system without python3 the tests are now
skipped instead of failing.

Reviewed By:	kp
Differential Revision: https://reviews.freebsd.org/D28903
2021-03-01 12:53:45 +00:00
Kristof Provost
7a4dbffa42 bridge tests: Test that we also forward on some interfaces
Ensure that we not only block on some interfaces, but also forward on
some. Without the previous commit we wound up discarding on all ports,
rather than only on the ports needed to break the loop.

MFC after:	1 week
Sponsored by:	Orange Business Services
Differential Revision:	https://reviews.freebsd.org/D28917
2021-02-25 10:17:03 +01:00
Konstantin Belousov
3ae8d83d04 Remove __NO_TLS.
All supported platforms support thread-local vars and __thread.

Reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D28796
2021-02-23 20:08:10 +02:00
Alex Richardson
fa32350347 close_range: add audit support
This fixes the closefrom test in sys/audit.

Includes cherry-picks of the following commits from openbsm:

4dfc628aaf
99ff6fe32a
da48a0399e

Reviewed By:	kevans
Differential Revision: https://reviews.freebsd.org/D28388
2021-02-23 17:47:07 +00:00
Alex Richardson
3775ddcf5a tests/sys/netgraph: Tell kyua that perl is required
Otherwise these tests fail with incomprehensible error messages.

Reviewed By:	kp
Differential Revision: https://reviews.freebsd.org/D28894
2021-02-23 17:43:31 +00:00
Kristof Provost
26492ba271 bridge tests: Test STP on top of VLAN devices
This is basically the same test as the existing STP test, but now on top
of VLAN interfaces instead of directly using the epair devices.

MFC after:	1 week
Sponsored by:	Orange Business Services
Differential Revision:	https://reviews.freebsd.org/D28861
2021-02-23 13:54:07 +01:00
Alexander V. Chernikov
f17f94cd1b Add arp/ndp tests in addition to rtsock ll tests. 2021-02-20 18:26:36 +00:00
Ed Maste
4621c4f2fd tests/sys/audit: force PIE off
df093aa946 linked against libprivateauditd.a, but that is currently
(and incorrectly) built as position-dependent.  For now just force PIE
off for this test to fix the WITH_PIE build.

Sponsored by:	The FreeBSD Foundation
2021-02-18 20:45:36 -05:00
Alex Richardson
df093aa946 tests/sys/audit: Avoid race caused by starting auditd(8) for testing
In the CheriBSD CI we reproducibly see the first test in sys/audit
(administrative:acct_failure) fail due to a missing startup message.
It appears this is caused by a race condition when starting auditd:
`service auditd onestart` returns as soon as the initial auditd() parent
exits (after the daemon(3) call).
We can avoid this problem by setting up the auditd infrastructure
in-process: libauditd contains audit_quick_{start,stop}() functions that
look like they are ideally suited to this task.
This patch also avoids forking lots of shell processes for each of the 418
tests by using `auditon(A_SENDTRIGGER, &trigger, sizeof(trigger))` to check
for a running auditd(8) instead of using `service auditd onestatus`.

With these two changes (and D28388 to fix the XFAIL'd test) I can now
boot and run `cd /usr/tests/sys/audit && kyua test` without any failures
in a single-core QEMU instance. Before there would always be at least one
failed test.

Besides making the tests more reliable in CI, a nice side-effect of this
change is that it also significantly speeds up running them by avoiding
lots of fork()/execve() caused by shell scripts:
Running kyua test on an AArch64 QEMU took 315s before and now takes 68s,
so it's roughly 3.5 times faster. This effect is even larger when running
on a CHERI-RISC-V QEMU since emulating CHERI instructions on an x86 host
is noticeably slower than emulating AArch64.

Test Plan: aarch64+amd64 QEMU no longer fail.

Reviewed By:	asomers
Differential Revision: https://reviews.freebsd.org/D28451
2021-02-18 14:02:48 +00:00
Kristof Provost
4a7d84058d pf tests: Explicitly ask for python3
If we install the scapy package (which we do list as a dependency) we
don't automatically install python (but we do have python3).

MFC after:      1 week
Sponsored by:   Rubicon Communications, LLC (“Netgate”’)
2021-02-17 14:04:33 +01:00
Alexander V. Chernikov
2fe5a79425 Fix dst/netmask handling in routing socket code.
Traditionally routing socket code did almost zero checks on
 the input message except for the most basic size checks.

This resulted in the unclear KPI boundary for the routing system code
 (`rtrequest*` and now `rib_action()`) w.r.t message validness.

Multiple potential problems and nuances exists:
* Host bits in RTAX_DST sockaddr. Existing applications do send prefixes
 with hostbits uncleared. Even `route(8)` does this, as they hope the kernel
 would do the job of fixing it. Code inside `rib_action()` needs to handle
 it on its own (see `rt_maskedcopy()` ugly hack).
* There are multiple way of adding the host route: it can be DST without
 netmask or DST with /32(/128) netmask. Also, RTF_HOST has to be set correspondingly.
 Currently, these 2 options create 2 DIFFERENT routes in the kernel.
* no sockaddr length/content checking for the "secondary" fields exists: nothing
 stops rtsock application to send sockaddr_in with length of 25 (instead of 16).
 Kernel will accept it, install to RIB as is and propagate to all rtsock consumers,
 potentially triggering bugs in their code. Same goes for sin_port, sin_zero, etc.

The goal of this change is to make rtsock verify all sockaddr and prefix consistency.
Said differently, `rib_action()` or internals should NOT require to change any of the
 sockaddrs supplied by `rt_addrinfo` structure due to incorrectness.

To be more specific, this change implements the following:
* sockaddr cleanup/validation check is added immediately after getting sockaddrs from rtm.
* Per-family dst/netmask checks clears host bits in dst and zeros all dst/netmask "secondary" fields.
* The same netmask checking code converts /32(/128) netmasks to "host" route case
 (NULL netmask, RTF_HOST), removing the dualism.
* Instead of allowing ANY "known" sockaddr families (0<..<AF_MAX), allow only actually
 supported ones (inet, inet6, link).
* Automatically convert `sockaddr_sdl` (AF_LINK) gateways to
  `sockaddr_sdl_short`.

Reported by:	Guy Yur <guyyur at gmail.com>
Reviewed By:	donner
Differential Revision: https://reviews.freebsd.org/D28668
MFC after:	3 days
2021-02-16 20:30:04 +00:00
Kristof Provost
6b52139eb8 pf tests: Test unicast reverse path forwarding check
Ensure that pf's urpf-failed keyword works as expected.

PR:		253479
MFC after:	1 week
Reviewed by:	melifaro@
Differential Revision:	https://reviews.freebsd.org/D28694
2021-02-16 10:48:58 +01:00
Alan Somers
71befc3506 fusefs: set d_off during VOP_READDIR
This allows d_off to be used with lseek to position the file so that
getdirentries(2) will return the next entry.  It is not used by
readdir(3).

PR:		253411
Reported by:	John Millikin <jmillikin@gmail.com>
Reviewed by:	cem
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D28605
2021-02-12 21:50:52 -07:00
Alex Richardson
1eec5861d5 tests/sys/vfs/lookup_cap_dotdot: No longer aborts after ATF update
It appears this test no longer fails after c203bd70b5.

PR:		215690
2021-02-04 17:57:27 +00:00
Alex Richardson
8b820df156 Fix build with read-only source dir after 83c20b8a2d
I changed the Makefile to use SRCS instead of LDADD, but since there is
still and absolute path to the source the .o file was created inside the
source directory instead of the build directory.
It would be nice if this was an error/warning by default, but for now just
fix this issue by using .PATH and the base name of the file.

Reported by:	cy, peterj
2021-02-03 09:30:53 +00:00
Neel Chauhan
a08cdb6cfb Allow setting alias port ranges in libalias and ipfw. This will allow a system
to be a true RFC 6598 NAT444 setup, where each network segment (e.g. user,
subnet) can have their own dedicated port aliasing ranges.

Reviewed by:		donner, kp
Approved by:		0mp (mentor), donner, kp
Differential Revision:	https://reviews.freebsd.org/D23450
2021-02-02 13:24:17 -08:00
Alex Richardson
40407d3998 tests/sys/audit: Skip extattr tests if extattrs are not supported
In the CheriBSD CI, we run the testsuite with /tmp as tmpfs. This causes
the extattr audit tests to fail since tmpfs does not (yet) support
extattrs. Skip those tests if the target path is on a file system that
does not support extended file attributes.

While touching these two files also convert the ATF_REQUIRE_EQ(-1, ...)
checks to use ATF_REQURIE_ERRNO().

Reviewed By:	asomers
Differential Revision: https://reviews.freebsd.org/D28392
2021-02-02 09:55:19 +00:00
Alex Richardson
83c20b8a2d tests/sys/kern/crc32: Check for SSE4.2 before using it
This avoids a SIGILL when running these tests on QEMU (which
defaults to a basic amd64 CPU without SSE4.2).

This commit also tests the table-based implementations in addition to
testing the hw-accelerated crc32 versions.

Reviewed By:	cem, kib, markj
Differential Revision: https://reviews.freebsd.org/D28395
2021-02-02 09:53:39 +00:00
Alex Richardson
869cc06480 tests/sys/audit: fix timeout calculation
This changes the behaviour to a 30s total timeout (needed when running
on slow emulated uniprocessor systems) and timing out after 10s without
any input. This also uses timespecsub() instead of ignoring the
nanoseconds field.

After this change the tests runs more reliably on QEMU and time out less
frequently.

Reviewed By:	asomers
Differential Revision: https://reviews.freebsd.org/D28391
2021-01-28 17:24:24 +00:00
Kristof Provost
cd579b6fba pf tests: Test that dup-to doesn't produce extra duplicate packets 2021-01-28 16:46:44 +01:00
Kristof Provost
16b3833344 altq tests: Basic ALTQ test
Activate ALTQ_HFSC, crudely check if it really limits bandwidth as we'd expect.

Reviewed by:		donner@
Differential Revision:	https://reviews.freebsd.org/D28303
2021-01-25 19:58:22 +01:00
Alexander V. Chernikov
81728a538d Split rtinit() into multiple functions.
rtinit[1]() is a function used to add or remove interface address prefix routes,
  similar to ifa_maintain_loopback_route().
It was intended to be family-agnostic. There is a problem with this approach
 in reality.

1) IPv6 code does not use it for the ifa routes. There is a separate layer,
  nd6_prelist_(), providing interface for maintaining interface routes. Its part,
  responsible for the actual route table interaction, mimics rtenty() code.

2) rtinit tries to combine multiple actions in the same function: constructing
  proper route attributes and handling iterations over multiple fibs, for the
  non-zero net.add_addr_allfibs use case. It notably increases the code complexity.

3) dstaddr handling. flags parameter re-uses RTF_ flags. As there is no special flag
 for p2p connections, host routes and p2p routes are handled in the same way.
 Additionally, mapping IFA flags to RTF flags makes the interface pretty messy.
 It make rtinit() to clash with ifa_mainain_loopback_route() for IPV4 interface
 aliases.

4) rtinit() is the last customer passing non-masked prefixes to rib_action(),
 complicating rib_action() implementation.

5) rtinit() coupled ifa announce/withdrawal notifications, producing "false positive"
 ifa messages in certain corner cases.

To address all these points, the following has been done:

* rtinit() has been split into multiple functions:
- Route attribute construction were moved to the per-address-family functions,
 dealing with (2), (3) and (4).
- funnction providing net.add_addr_allfibs handling and route rtsock notificaions
 is the new routing table inteface.
- rtsock ifa notificaion has been moved out as well. resulting set of funcion are only
 responsible for the actual route notifications.

Side effects:
* /32 alias does not result in interface routes (/32 route and "host" route)
* RTF_PINNED is now set for IPv6 prefixes corresponding to the interface addresses

Differential revision:	https://reviews.freebsd.org/D28186
2021-01-16 22:42:41 +00:00
Kristof Provost
44117554b1 pf tests: pass NULL buffer to DIOCRCLRTSTATS
As discovered by syzcaller this used to provoke panics.

MFC after:	1 week
2021-01-13 19:49:45 +01:00
Alan Somers
ff1a307801 lio_listio: validate aio_lio_opcode
Previously, we would accept any kind of LIO_* opcode, including ones
that were intended for in-kernel use only like LIO_SYNC (which is not
defined in userland).  The situation became more serious with
022ca2fc7f.  After that revision, setting
aio_lio_opcode to LIO_WRITEV or LIO_READV would trigger an assertion.

Note that POSIX does not specify what should happen if aio_lio_opcode is
invalid.

MFC-with:	022ca2fc7f
Reviewed by:	jhb, tmunro, 0mp
Differential Revision:	<https://reviews.freebsd.org/D28078
2021-01-11 19:53:01 -07:00
Alan Somers
19cca0b961 aio: fix the tests when ZFS is not available
Don't try to cleanup the zpool if we couldn't create a zpool in the
first place.

Submitted by:	tmunro
MFC-with:	022ca2fc7f
2021-01-09 17:16:38 -07:00
Thomas Munro
801ac943ea aio_fsync(2): Support O_DSYNC.
aio_fsync(O_DSYNC, ...) is the asynchronous version of fdatasync(2).

Reviewed by: kib, asomers, jhb
Differential Review: https://reviews.freebsd.org/D25071
2021-01-08 13:15:56 +13:00
Alan Somers
022ca2fc7f Add aio_writev and aio_readv
POSIX AIO is great, but it lacks vectored I/O functions. This commit
fixes that shortcoming by adding aio_writev and aio_readv. They aren't
part of the standard, but they're an obvious extension. They work just
like their synchronous equivalents pwritev and preadv.

It isn't yet possible to use vectored aiocbs with lio_listio, but that
could be added in the future.

Reviewed by:    jhb, kib, bcr
Relnotes:       yes
Differential Revision: https://reviews.freebsd.org/D27743
2021-01-02 19:57:58 -07:00
Alan Somers
92bbfe1f0d fusefs: implement FUSE_COPY_FILE_RANGE.
This updates the FUSE protocol to 7.28, though most of the new features
are optional and are not yet implemented.

MFC after:	2 weeks
Relnotes:	yes
Reviewed by:	cem
Differential Revision:	https://reviews.freebsd.org/D27818
2021-01-01 10:18:23 -07:00
Alan Somers
ae39db7406 fusefs: fix an expectation in one of the tests
An order-of-operations problem caused an expectation intended for
FUSE_READ to instead match FUSE_ACCESS.  Surprisingly, only one test
case was affected.

MFC after:	2 weeks
Reviewed by:	cem
Differential Revision:	https://reviews.freebsd.org/D27818
2021-01-01 10:18:22 -07:00
Cy Schubert
1d010cd31c Fix i386 build following 37df9d3bba.
MFC after:	2 weeks
X-MFC with:	37df9d3bba
2021-01-01 08:48:14 -08:00
Alan Somers
37df9d3bba fusefs: update FUSE protocol to 7.24 and implement FUSE_LSEEK
FUSE_LSEEK reports holes on fuse file systems, and is used for example
by bsdtar.

MFC after:	2 weeks
Relnotes:	yes
Reviewed by:	cem
Differential Revision: https://reviews.freebsd.org/D27804
2020-12-31 08:51:47 -07:00
Alan Somers
f928dbcb16 fusefs: fix the tests for a wider range of maxphys
maxphys is now a tunable, ever since r368124.  The default value is also
larger than it used to be.  That broke several fusefs tests that made
assumptions about maxphys.

* WriteCluster.clustering used the MAXPHYS compile-time constant.

* WriteBackAsync.direct_io_partially_overlaps_cached_block implicitly
  depended on the default value of maxphys.  Fix it by making the
  dependency explicit.

* Write.write_large implicitly assumed that maxphys would be no more
  than twice maxbcachebuf.  Fix it by explicitly setting m_max_write.

* WriteCluster.clustering and several others failed because the MockFS
  module did not work for max_write > 128KB (which most tests would set
  when maxphys > 256KB).  Limit max_write accordingly.  This is the same
  as fusefs-libs's behavior.

* Bmap's tests were originally written for MAXPHYS=128KB.  With larger
  values, the simulated file size was too small.

PR:		252096
Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D27769
2020-12-28 18:56:17 +00:00
Kristof Provost
2d3fda5fa1 pf tests: Verify (tcp) checksum modification on unaligned options
It turns out pf incorrectly updates the TCP checksum if the TCP option
we're modifying is not 2-byte algined with respect to the start of the
packet.

Create a TCP packet with such an option and throw it through a scrub
rule, which will update timestamps and modify the packet.

PR:		240416
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D27688
2020-12-23 12:03:20 +01:00
Kristof Provost
e1f6571a12 pf tests: Sort Makefile entries
MFC after:	1 week
2020-12-23 12:03:20 +01:00
Kristof Provost
03ffa25695 net tests: Re-enable most if_clone tests
All but one of these (tap_ipv6_up_stress) currently pass, so we should enable
them so we don't regress.
2020-12-17 21:54:25 +00:00
Ryan Libby
c821ba35b6 posixshm_test.c: remove tautological checks
Reviewed by:	kib, markj
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D27564
2020-12-11 22:52:20 +00:00
Ryan Libby
6d759051d3 fdgrowtable_test.c: appease gcc
Work around bogus gcc -Wreturn-type.

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=44511

Reviewed by:	kevans, rew
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D27563
2020-12-11 22:52:16 +00:00
Nick Hibma
e8db04c389 New Netgraph module ng_macfilter:
Macfilter to route packets through different hooks based on sender MAC address.

Based on ng_macfilter written by Pekka Nikander

Sponsered by Retina b.v.

Reviewed by:	afedorov
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D27268
2020-12-08 15:09:42 +00:00
Mitchell Horne
22bd0c9731 ossl: port to arm64
Enable in-kernel acceleration of SHA1 and SHA2 operations on arm64 by adding
support for the ossl(4) crypto driver. This uses OpenSSL's assembly routines
under the hood, which will detect and use SHA intrinsics if they are
supported by the CPU.

Reviewed by:	jhb
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D27390
2020-12-04 21:12:17 +00:00
Kristof Provost
e997614fd2 pf tests: Test case for bug #251414
Changing a table from not having counters to having counters (or vice versa)
may trigger panics.

PR:		251414
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D27441
2020-12-02 16:33:23 +00:00
Alan Somers
23693bd8f3 AIO tests: update expected failure messages after r368265
PR:		220398, 251515
MFC after:	1 week
MFC-With:	r368265
2020-12-02 00:53:03 +00:00
Kristof Provost
c49747eaf2 pf tests: Re-enable panicing tests
We've fixed the vnet/epair cleanup race, so it is now safe to re-enable these
tests.

MFC after:	2 weeks
Sponsored by:	Modirum MDPay
2020-12-01 16:44:36 +00:00
Alan Somers
01f3f35447 ping: fix some man pages and tests after r368045
MFC-with:	r368045
2020-11-26 04:55:02 +00:00
John Baldwin
a4a23d2137 Remove uses of CRIOGET in OCF tests after r368005.
Pointy hat to:	jhb
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D27367
2020-11-25 01:31:00 +00:00
Kristof Provost
d5325f2f3c pf tests: provoke tag hashing panic
Attempt to provoke the panic fixed in r367987.

MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D27350
2020-11-24 17:32:49 +00:00
Robert Wing
3c85ca21d1 fd: free old file descriptor tables when not shared
During the life of a process, new file descriptor tables may be allocated. When
a new table is allocated, the old table is placed in a free list and held onto
until all processes referencing them exit.

When a new file descriptor table is allocated, the old file descriptor table
can be freed when the current process has a single-thread and the file
descriptor table is not being shared with any other processes.

Reviewed by:    kevans
Approved by:    kevans (mentor)
Differential Revision:  https://reviews.freebsd.org/D18617
2020-11-22 05:00:28 +00:00
Kristof Provost
d8f541d9a3 pf tests: Basic source tracking test
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D27255
2020-11-20 10:11:03 +00:00
Jonathan T. Looney
36c52a52ee Add a regression test for the port-selection behavior fixed in r367680.
Reviewed by:	markj, olivier, tuexen
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D27173
2020-11-14 15:44:28 +00:00