Commit Graph

1073 Commits

Author SHA1 Message Date
Kristof Provost
4a7d84058d pf tests: Explicitly ask for python3
If we install the scapy package (which we do list as a dependency) we
don't automatically install python (but we do have python3).

MFC after:      1 week
Sponsored by:   Rubicon Communications, LLC (“Netgate”’)
2021-02-17 14:04:33 +01:00
Alexander V. Chernikov
2fe5a79425 Fix dst/netmask handling in routing socket code.
Traditionally routing socket code did almost zero checks on
 the input message except for the most basic size checks.

This resulted in the unclear KPI boundary for the routing system code
 (`rtrequest*` and now `rib_action()`) w.r.t message validness.

Multiple potential problems and nuances exists:
* Host bits in RTAX_DST sockaddr. Existing applications do send prefixes
 with hostbits uncleared. Even `route(8)` does this, as they hope the kernel
 would do the job of fixing it. Code inside `rib_action()` needs to handle
 it on its own (see `rt_maskedcopy()` ugly hack).
* There are multiple way of adding the host route: it can be DST without
 netmask or DST with /32(/128) netmask. Also, RTF_HOST has to be set correspondingly.
 Currently, these 2 options create 2 DIFFERENT routes in the kernel.
* no sockaddr length/content checking for the "secondary" fields exists: nothing
 stops rtsock application to send sockaddr_in with length of 25 (instead of 16).
 Kernel will accept it, install to RIB as is and propagate to all rtsock consumers,
 potentially triggering bugs in their code. Same goes for sin_port, sin_zero, etc.

The goal of this change is to make rtsock verify all sockaddr and prefix consistency.
Said differently, `rib_action()` or internals should NOT require to change any of the
 sockaddrs supplied by `rt_addrinfo` structure due to incorrectness.

To be more specific, this change implements the following:
* sockaddr cleanup/validation check is added immediately after getting sockaddrs from rtm.
* Per-family dst/netmask checks clears host bits in dst and zeros all dst/netmask "secondary" fields.
* The same netmask checking code converts /32(/128) netmasks to "host" route case
 (NULL netmask, RTF_HOST), removing the dualism.
* Instead of allowing ANY "known" sockaddr families (0<..<AF_MAX), allow only actually
 supported ones (inet, inet6, link).
* Automatically convert `sockaddr_sdl` (AF_LINK) gateways to
  `sockaddr_sdl_short`.

Reported by:	Guy Yur <guyyur at gmail.com>
Reviewed By:	donner
Differential Revision: https://reviews.freebsd.org/D28668
MFC after:	3 days
2021-02-16 20:30:04 +00:00
Kristof Provost
6b52139eb8 pf tests: Test unicast reverse path forwarding check
Ensure that pf's urpf-failed keyword works as expected.

PR:		253479
MFC after:	1 week
Reviewed by:	melifaro@
Differential Revision:	https://reviews.freebsd.org/D28694
2021-02-16 10:48:58 +01:00
Alan Somers
71befc3506 fusefs: set d_off during VOP_READDIR
This allows d_off to be used with lseek to position the file so that
getdirentries(2) will return the next entry.  It is not used by
readdir(3).

PR:		253411
Reported by:	John Millikin <jmillikin@gmail.com>
Reviewed by:	cem
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D28605
2021-02-12 21:50:52 -07:00
Alex Richardson
1eec5861d5 tests/sys/vfs/lookup_cap_dotdot: No longer aborts after ATF update
It appears this test no longer fails after c203bd70b5.

PR:		215690
2021-02-04 17:57:27 +00:00
Alex Richardson
8b820df156 Fix build with read-only source dir after 83c20b8a2d
I changed the Makefile to use SRCS instead of LDADD, but since there is
still and absolute path to the source the .o file was created inside the
source directory instead of the build directory.
It would be nice if this was an error/warning by default, but for now just
fix this issue by using .PATH and the base name of the file.

Reported by:	cy, peterj
2021-02-03 09:30:53 +00:00
Neel Chauhan
a08cdb6cfb Allow setting alias port ranges in libalias and ipfw. This will allow a system
to be a true RFC 6598 NAT444 setup, where each network segment (e.g. user,
subnet) can have their own dedicated port aliasing ranges.

Reviewed by:		donner, kp
Approved by:		0mp (mentor), donner, kp
Differential Revision:	https://reviews.freebsd.org/D23450
2021-02-02 13:24:17 -08:00
Alex Richardson
40407d3998 tests/sys/audit: Skip extattr tests if extattrs are not supported
In the CheriBSD CI, we run the testsuite with /tmp as tmpfs. This causes
the extattr audit tests to fail since tmpfs does not (yet) support
extattrs. Skip those tests if the target path is on a file system that
does not support extended file attributes.

While touching these two files also convert the ATF_REQUIRE_EQ(-1, ...)
checks to use ATF_REQURIE_ERRNO().

Reviewed By:	asomers
Differential Revision: https://reviews.freebsd.org/D28392
2021-02-02 09:55:19 +00:00
Alex Richardson
83c20b8a2d tests/sys/kern/crc32: Check for SSE4.2 before using it
This avoids a SIGILL when running these tests on QEMU (which
defaults to a basic amd64 CPU without SSE4.2).

This commit also tests the table-based implementations in addition to
testing the hw-accelerated crc32 versions.

Reviewed By:	cem, kib, markj
Differential Revision: https://reviews.freebsd.org/D28395
2021-02-02 09:53:39 +00:00
Alex Richardson
869cc06480 tests/sys/audit: fix timeout calculation
This changes the behaviour to a 30s total timeout (needed when running
on slow emulated uniprocessor systems) and timing out after 10s without
any input. This also uses timespecsub() instead of ignoring the
nanoseconds field.

After this change the tests runs more reliably on QEMU and time out less
frequently.

Reviewed By:	asomers
Differential Revision: https://reviews.freebsd.org/D28391
2021-01-28 17:24:24 +00:00
Kristof Provost
cd579b6fba pf tests: Test that dup-to doesn't produce extra duplicate packets 2021-01-28 16:46:44 +01:00
Kristof Provost
16b3833344 altq tests: Basic ALTQ test
Activate ALTQ_HFSC, crudely check if it really limits bandwidth as we'd expect.

Reviewed by:		donner@
Differential Revision:	https://reviews.freebsd.org/D28303
2021-01-25 19:58:22 +01:00
Alexander V. Chernikov
81728a538d Split rtinit() into multiple functions.
rtinit[1]() is a function used to add or remove interface address prefix routes,
  similar to ifa_maintain_loopback_route().
It was intended to be family-agnostic. There is a problem with this approach
 in reality.

1) IPv6 code does not use it for the ifa routes. There is a separate layer,
  nd6_prelist_(), providing interface for maintaining interface routes. Its part,
  responsible for the actual route table interaction, mimics rtenty() code.

2) rtinit tries to combine multiple actions in the same function: constructing
  proper route attributes and handling iterations over multiple fibs, for the
  non-zero net.add_addr_allfibs use case. It notably increases the code complexity.

3) dstaddr handling. flags parameter re-uses RTF_ flags. As there is no special flag
 for p2p connections, host routes and p2p routes are handled in the same way.
 Additionally, mapping IFA flags to RTF flags makes the interface pretty messy.
 It make rtinit() to clash with ifa_mainain_loopback_route() for IPV4 interface
 aliases.

4) rtinit() is the last customer passing non-masked prefixes to rib_action(),
 complicating rib_action() implementation.

5) rtinit() coupled ifa announce/withdrawal notifications, producing "false positive"
 ifa messages in certain corner cases.

To address all these points, the following has been done:

* rtinit() has been split into multiple functions:
- Route attribute construction were moved to the per-address-family functions,
 dealing with (2), (3) and (4).
- funnction providing net.add_addr_allfibs handling and route rtsock notificaions
 is the new routing table inteface.
- rtsock ifa notificaion has been moved out as well. resulting set of funcion are only
 responsible for the actual route notifications.

Side effects:
* /32 alias does not result in interface routes (/32 route and "host" route)
* RTF_PINNED is now set for IPv6 prefixes corresponding to the interface addresses

Differential revision:	https://reviews.freebsd.org/D28186
2021-01-16 22:42:41 +00:00
Kristof Provost
44117554b1 pf tests: pass NULL buffer to DIOCRCLRTSTATS
As discovered by syzcaller this used to provoke panics.

MFC after:	1 week
2021-01-13 19:49:45 +01:00
Alan Somers
ff1a307801 lio_listio: validate aio_lio_opcode
Previously, we would accept any kind of LIO_* opcode, including ones
that were intended for in-kernel use only like LIO_SYNC (which is not
defined in userland).  The situation became more serious with
022ca2fc7f.  After that revision, setting
aio_lio_opcode to LIO_WRITEV or LIO_READV would trigger an assertion.

Note that POSIX does not specify what should happen if aio_lio_opcode is
invalid.

MFC-with:	022ca2fc7f
Reviewed by:	jhb, tmunro, 0mp
Differential Revision:	<https://reviews.freebsd.org/D28078
2021-01-11 19:53:01 -07:00
Alan Somers
19cca0b961 aio: fix the tests when ZFS is not available
Don't try to cleanup the zpool if we couldn't create a zpool in the
first place.

Submitted by:	tmunro
MFC-with:	022ca2fc7f
2021-01-09 17:16:38 -07:00
Thomas Munro
801ac943ea aio_fsync(2): Support O_DSYNC.
aio_fsync(O_DSYNC, ...) is the asynchronous version of fdatasync(2).

Reviewed by: kib, asomers, jhb
Differential Review: https://reviews.freebsd.org/D25071
2021-01-08 13:15:56 +13:00
Alan Somers
022ca2fc7f Add aio_writev and aio_readv
POSIX AIO is great, but it lacks vectored I/O functions. This commit
fixes that shortcoming by adding aio_writev and aio_readv. They aren't
part of the standard, but they're an obvious extension. They work just
like their synchronous equivalents pwritev and preadv.

It isn't yet possible to use vectored aiocbs with lio_listio, but that
could be added in the future.

Reviewed by:    jhb, kib, bcr
Relnotes:       yes
Differential Revision: https://reviews.freebsd.org/D27743
2021-01-02 19:57:58 -07:00
Alan Somers
92bbfe1f0d fusefs: implement FUSE_COPY_FILE_RANGE.
This updates the FUSE protocol to 7.28, though most of the new features
are optional and are not yet implemented.

MFC after:	2 weeks
Relnotes:	yes
Reviewed by:	cem
Differential Revision:	https://reviews.freebsd.org/D27818
2021-01-01 10:18:23 -07:00
Alan Somers
ae39db7406 fusefs: fix an expectation in one of the tests
An order-of-operations problem caused an expectation intended for
FUSE_READ to instead match FUSE_ACCESS.  Surprisingly, only one test
case was affected.

MFC after:	2 weeks
Reviewed by:	cem
Differential Revision:	https://reviews.freebsd.org/D27818
2021-01-01 10:18:22 -07:00
Cy Schubert
1d010cd31c Fix i386 build following 37df9d3bba.
MFC after:	2 weeks
X-MFC with:	37df9d3bba
2021-01-01 08:48:14 -08:00
Alan Somers
37df9d3bba fusefs: update FUSE protocol to 7.24 and implement FUSE_LSEEK
FUSE_LSEEK reports holes on fuse file systems, and is used for example
by bsdtar.

MFC after:	2 weeks
Relnotes:	yes
Reviewed by:	cem
Differential Revision: https://reviews.freebsd.org/D27804
2020-12-31 08:51:47 -07:00
Alan Somers
f928dbcb16 fusefs: fix the tests for a wider range of maxphys
maxphys is now a tunable, ever since r368124.  The default value is also
larger than it used to be.  That broke several fusefs tests that made
assumptions about maxphys.

* WriteCluster.clustering used the MAXPHYS compile-time constant.

* WriteBackAsync.direct_io_partially_overlaps_cached_block implicitly
  depended on the default value of maxphys.  Fix it by making the
  dependency explicit.

* Write.write_large implicitly assumed that maxphys would be no more
  than twice maxbcachebuf.  Fix it by explicitly setting m_max_write.

* WriteCluster.clustering and several others failed because the MockFS
  module did not work for max_write > 128KB (which most tests would set
  when maxphys > 256KB).  Limit max_write accordingly.  This is the same
  as fusefs-libs's behavior.

* Bmap's tests were originally written for MAXPHYS=128KB.  With larger
  values, the simulated file size was too small.

PR:		252096
Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D27769
2020-12-28 18:56:17 +00:00
Kristof Provost
2d3fda5fa1 pf tests: Verify (tcp) checksum modification on unaligned options
It turns out pf incorrectly updates the TCP checksum if the TCP option
we're modifying is not 2-byte algined with respect to the start of the
packet.

Create a TCP packet with such an option and throw it through a scrub
rule, which will update timestamps and modify the packet.

PR:		240416
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D27688
2020-12-23 12:03:20 +01:00
Kristof Provost
e1f6571a12 pf tests: Sort Makefile entries
MFC after:	1 week
2020-12-23 12:03:20 +01:00
Kristof Provost
03ffa25695 net tests: Re-enable most if_clone tests
All but one of these (tap_ipv6_up_stress) currently pass, so we should enable
them so we don't regress.
2020-12-17 21:54:25 +00:00
Ryan Libby
c821ba35b6 posixshm_test.c: remove tautological checks
Reviewed by:	kib, markj
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D27564
2020-12-11 22:52:20 +00:00
Ryan Libby
6d759051d3 fdgrowtable_test.c: appease gcc
Work around bogus gcc -Wreturn-type.

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=44511

Reviewed by:	kevans, rew
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D27563
2020-12-11 22:52:16 +00:00
Nick Hibma
e8db04c389 New Netgraph module ng_macfilter:
Macfilter to route packets through different hooks based on sender MAC address.

Based on ng_macfilter written by Pekka Nikander

Sponsered by Retina b.v.

Reviewed by:	afedorov
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D27268
2020-12-08 15:09:42 +00:00
Mitchell Horne
22bd0c9731 ossl: port to arm64
Enable in-kernel acceleration of SHA1 and SHA2 operations on arm64 by adding
support for the ossl(4) crypto driver. This uses OpenSSL's assembly routines
under the hood, which will detect and use SHA intrinsics if they are
supported by the CPU.

Reviewed by:	jhb
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D27390
2020-12-04 21:12:17 +00:00
Kristof Provost
e997614fd2 pf tests: Test case for bug #251414
Changing a table from not having counters to having counters (or vice versa)
may trigger panics.

PR:		251414
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D27441
2020-12-02 16:33:23 +00:00
Alan Somers
23693bd8f3 AIO tests: update expected failure messages after r368265
PR:		220398, 251515
MFC after:	1 week
MFC-With:	r368265
2020-12-02 00:53:03 +00:00
Kristof Provost
c49747eaf2 pf tests: Re-enable panicing tests
We've fixed the vnet/epair cleanup race, so it is now safe to re-enable these
tests.

MFC after:	2 weeks
Sponsored by:	Modirum MDPay
2020-12-01 16:44:36 +00:00
Alan Somers
01f3f35447 ping: fix some man pages and tests after r368045
MFC-with:	r368045
2020-11-26 04:55:02 +00:00
John Baldwin
a4a23d2137 Remove uses of CRIOGET in OCF tests after r368005.
Pointy hat to:	jhb
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D27367
2020-11-25 01:31:00 +00:00
Kristof Provost
d5325f2f3c pf tests: provoke tag hashing panic
Attempt to provoke the panic fixed in r367987.

MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D27350
2020-11-24 17:32:49 +00:00
Robert Wing
3c85ca21d1 fd: free old file descriptor tables when not shared
During the life of a process, new file descriptor tables may be allocated. When
a new table is allocated, the old table is placed in a free list and held onto
until all processes referencing them exit.

When a new file descriptor table is allocated, the old file descriptor table
can be freed when the current process has a single-thread and the file
descriptor table is not being shared with any other processes.

Reviewed by:    kevans
Approved by:    kevans (mentor)
Differential Revision:  https://reviews.freebsd.org/D18617
2020-11-22 05:00:28 +00:00
Kristof Provost
d8f541d9a3 pf tests: Basic source tracking test
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D27255
2020-11-20 10:11:03 +00:00
Jonathan T. Looney
36c52a52ee Add a regression test for the port-selection behavior fixed in r367680.
Reviewed by:	markj, olivier, tuexen
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D27173
2020-11-14 15:44:28 +00:00
Adrian Chadd
07a605f427 [tests] Fix unused variable warning in gcc
Reviewed by:	markj, imp, cem,
Approved by:	markj
Differential Revision:	https://reviews.freebsd.org/D26792
2020-11-13 18:50:24 +00:00
Mark Johnston
870d4ba3ff cryptotest: Add qat(4) coverage
MFC after:	3 days
Sponsored by:	Rubicon Communications, LLC (Netgate)
2020-11-05 16:00:57 +00:00
Jung-uk Kim
8f02e2ac27 Make the tests work without COMPAT_FREEBSD12 in kernel.
sysctl 'kern.cryptodevallowsoft' was renamed to 'kern.crypto.allow_soft' in
r359374 and the prevous one is only available in kernel built with
"options COMPAT_FREEBSD12".
2020-11-04 22:41:54 +00:00
Jung-uk Kim
ac61934942 Add ossl(4) to cryptotest. 2020-10-30 19:53:16 +00:00
Edward Tomasz Napierala
bce7ee9d41 Drop "All rights reserved" from all my stuff. This includes
Foundation copyrights, approved by emaste@.  It does not include
files which carry other people's copyrights; if you're one
of those people, feel free to make similar change.

Reviewed by:	emaste, imp, gbe (manpages)
Differential Revision:	https://reviews.freebsd.org/D26980
2020-10-28 13:46:11 +00:00
Mateusz Piotrowski
7b39bef2cf Do not recommend to install kyua with pkg in the tests README
Kyua is now available in the base system.

While here, reword the usage section a bit.
2020-10-27 09:53:49 +00:00
Alexander V. Chernikov
c7cffd65c5 Add support for stacked VLANs (IEEE 802.1ad, AKA Q-in-Q).
802.1ad interfaces are created with ifconfig using the "vlanproto" parameter.
Eg., the following creates a 802.1Q VLAN (id #42) over a 802.1ad S-VLAN
(id #5) over a physical Ethernet interface (em0).

ifconfig vlan5 create vlandev em0 vlan 5 vlanproto 802.1ad up
ifconfig vlan42 create vlandev vlan5 vlan 42 inet 10.5.42.1/24

VLAN_MTU, VLAN_HWCSUM and VLAN_TSO capabilities should be properly
supported. VLAN_HWTAGGING is only partially supported, as there is
currently no IFCAP_VLAN_* denoting the possibility to set the VLAN
EtherType to anything else than 0x8100 (802.1ad uses 0x88A8).

Submitted by:	Olivier Piras
Sponsored by:	RG Nets
Differential Revision:	https://reviews.freebsd.org/D26436
2020-10-21 21:28:20 +00:00
Alexander V. Chernikov
a3525bd166 Try to enable multipath routing in flowid tests. 2020-10-16 21:51:17 +00:00
Andrew Turner
f56a08c810 Fix write only mappings on arm64
When trapping on a wrote access to a buffer the kernel has mapped as write
only we should only pass the VM_PROT_WRITE flag. Previously the call to
vm_fault_trap as the VM_PROT_READ flag was unexpected.

Reported by:	manu
Sponsored by:	Innovate UK
2020-10-13 10:26:15 +00:00
Kristof Provost
e6f9af16bc pf tests: Test that 'set skip on <group>' works on new group members
There's a know issue where new group members don't get the 'set skip on'
applied until the rules are re-loaded.

Do this by setting rules that block all traffic, but skip members of the
'epair' group. If we can communicate over the epair interface we know the set
skip rule took effect, even if the rule was set before the interface was
created.

MFC after:	2 weeks
2020-10-12 12:41:10 +00:00
Li-Wen Hsu
2c39128feb Temporarily skip failing test cases in CI:
sys.capsicum.functional.Capability__NoBypassDAC
sys.capsicum.functional.Pdfork__OtherUserForked

PR:		250178, 250179
Sponsored by:	The FreeBSD Foundation
2020-10-07 09:53:24 +00:00