pf tests: fix intermittent mld test failures

We can't reliably check for the absence of replies to our MLD queries (because
a host may announce its multicast subscriptions), so enable pf logging and check
for the relevant error message instead.

PR:		289821
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D52762
This commit is contained in:
Kristof Provost
2025-09-27 16:41:30 +02:00
parent 2213e15888
commit a57f6ce479
2 changed files with 16 additions and 21 deletions
+1 -1
View File
@@ -72,7 +72,7 @@ ATF_TESTS_PYTEST+= tcp.py
# Allow tests to run in parallel in their own jails
TEST_METADATA+= execenv="jail"
TEST_METADATA+= execenv_jail_params="vnet allow.raw_sockets"
TEST_METADATA+= execenv_jail_params="vnet allow.raw_sockets allow.read_msgbuf"
${PACKAGE}FILES+= \
bsnmpd.conf \
+15 -20
View File
@@ -32,23 +32,22 @@
class TestMLD(VnetTestTemplate):
REQUIRED_MODULES = [ "pf" ]
TOPOLOGY = {
"vnet1": {"ifaces": ["if1"]},
"vnet1": {"ifaces": ["if1"], "opts": ["allow.read_msgbuf"]},
"vnet2": {"ifaces": ["if1"]},
"if1": {"prefixes6": [("2001:db8::2/64", "2001:db8::1/64")]},
}
def vnet2_handler(self, vnet):
ifname = vnet.iface_alias_map["if1"].name
#ToolsHelper.print_output("/sbin/pfctl -e")
ToolsHelper.print_output("/sbin/pfctl -e")
ToolsHelper.pf_rules([
"pass",
])
ToolsHelper.print_output("/sbin/pfctl -x loud")
#ToolsHelper.print_output("echo \"j 230.0.0.1 %s\ns 3600\nq\" | /usr/sbin/mtest" % ifname)
def find_mld_reply(self, pkt, ifname):
pkt.show()
s = DelayedSend(pkt)
s = DelayedSend(pkt, ifname)
found = False
packets = self.sp.sniff(iface=ifname, timeout=5)
@@ -66,7 +65,6 @@ def find_mld_reply(self, pkt, ifname):
def test_router_alert(self):
"""Verify that we allow MLD packets with router alert extension header"""
ifname = self.vnet.iface_alias_map["if1"].name
#ToolsHelper.print_output("/sbin/ifconfig %s inet6 -ifdisable" % ifname)
ToolsHelper.print_output("/sbin/ifconfig")
# Import in the correct vnet, so at to not confuse Scapy
@@ -76,20 +74,17 @@ def test_router_alert(self):
self.sp = sp
self.sc = sc
# A correct MLD query gets a reply
pkt = sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=1) \
/ sp.RouterAlert(value=0) \
# MLD packets with an incorrect hop limit get dropped.
pkt = sp.Ether() \
/ sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=2) \
/ sp.IPv6ExtHdrHopByHop(options=[ \
sp.RouterAlert(value=0) \
]) \
/ sp.ICMPv6MLQuery2()
assert self.find_mld_reply(pkt, ifname)
# We can't reliably test this by checking for a reply, because
# the other jail may just send a spontaneous MLD reply.
self.find_mld_reply(pkt, ifname)
# The wrong extension header does not
pkt = sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=1) \
/ sp.IPv6ExtHdrRouting() \
/ sp.ICMPv6MLQuery2()
assert not self.find_mld_reply(pkt, ifname)
# Neither does an incorrect hop limit
pkt = sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=2) \
/ sp.RouterAlert(value=0) \
/ sp.ICMPv6MLQuery2()
assert not self.find_mld_reply(pkt, ifname)
# Check if we logged dropping the MLD paacket
dmesg = ToolsHelper.get_output("/sbin/dmesg")
assert dmesg.find("Invalid MLD") != -1