Make the behaviour similar for both IPv4 and IPv6. Also add
the corresponding tests.
PR: 294733
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56618
Current radix-based implementation of lookup tables in ipfw does
not support non-contiguous prefixes while this type of lookup is
needed to write CPU-effective firewall configurations.
For some of the cases we can reach the goal using a masked table
lookup by adding masked (e.g. zero non-significant bits) records
into a table and then zero non-significant bits in lookup key
prior to making a table lookup.
Obtained from: Yandex LLC
MFC after: 3 weeks
Relnotes: yes
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D53694
When kyua runs a test, it creates a temp directory and sets $HOME to
point to it. Tests are run with the cwd set to that temp directory.
When a process attaches to a jail, its cwd is set to the root of the
jail. Modify atf_python to cd to $HOME instead, so that it's easier for
tests to share files.
Reviewed by: zlei, ngie
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54971
Teach the vnet support code to set interface MTU. Some tests make use of
this, so have the framework handle it.
Adapt a few pf tests to use this.
Reviewed by: melifaro
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D54333
Test scripts based on atf_python can now pass jail command options via the
'opts' key in the 'vnetX' key of TOPOLOGY.
Reviewed by: melifaro
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D52761
The location of the 'wasxfail' attribute was moved from
the 'reason' attribute back to the parent 'report'. This
fixes an issue where xfails are wrongly reported to ATF
as skipped tests.
Signed-off-by: Siva Mahadevan <me@svmhdvn.name>
Pull-request: https://github.com/freebsd/freebsd-src/pull/1849
Sponsored by: The FreeBSD Foundation
When transmit checksum offloading is enabled, if_epair does not
compute checksums, it just marks packets that this computation still
needs to be done. However, some test cases verify the checksum.
Therefore disable this for IPv4 and IPv6.
Reviewed by: kp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52379
This removes knowledge of the implementation of if_epair.
Makes it easier to modify if_epair in future commits.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D51205
IPFilter interferes with the header.py:TestHeader6::test_too_many test, so skip
it if the module is loaded.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D50661
If we want to clear a flag we have to include '--' before the flag we clear,
otherwise ndp will misparse our command (the getopt call will interpret it as
another option, and reject it).
This caused spurious errors at the end of every atf_python test case such as:
============================== 1 passed in 7.26s ===============================
usage: ndp [-nt] hostname
ndp [-nt] -a | -c | -p | -r | -H | -P | -R
ndp [-nt] -A wait
ndp [-nt] -d hostname
ndp [-nt] -f filename
ndp [-nt] -i interface [flags...]
ndp [-nt] -I [interface|delete]
ndp [-nt] -s nodename etheraddr [temp] [proxy]
Sponsored by: Rubicon Communications, LLC ("Netgate")
We're going to start running many of the vnet tests in nested jails (so they
can run in parallel). That means the tests won't be able to load kernel modules,
which we commonly do for if_epair and if_bridge.
Just assume that all vnet tests need this, because so many of them do that we
don't want to manually annotate all of them.
This is essentially a no-op on non-nested tests.
Do the same for the python test framework.
While here also have pflog_init actually call pft_init. While having pflog
loaded implies we have pf too pft_init also checks for vimage support, and now
for if_epair.
Reviewed by: markj
MFC after: 1 month
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46039
Usually tests are run in sterile environments; however, there is a
slight chance that the PATH overrides the utilities used for testing.
Pedantically use absolute paths, even inside VNETs, to avoid ambiguity.
Chiefly, jexec -> /usr/sbin/jexec, and ifconfig -> /sbin/ifconfig.
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/865
Send an ICMPv6 echo request packet with multiple IPv6 fragment headers.
Set rules to pass all packets, except for ICMPv6 echo requests.
pf ought to drop the echo request, but doesn't because it reassembles
the packet, and then doesn't handle the second fragment header. In other
words: it fails to detect the ICMPv6 echo header.
Reported by: Enrico Bassetti bassetti@di.uniroma1.it (NetSecurityLab @ Sapienza University of Rome)
MFC after: instant
Sponsored by: Rubicon Communications, LLC ("Netgate")
* Allow vnet object to be directly referenced
(self.vnet1 vs self.vnet_map["vnet1"])
* Allow iface object to be directly reference
(vnet.bridge vs vnet.iface_alias_map["bridge"])
* Allow arbitrary interface alias names insted of ifX
* Add wait_objects_any() method for waiting object from
multiple vnets
* Add wait() method for indefinite sleep on vnet handlers
MFC after: 2 weeks
This changes intends to reduce the bar to the kernel unit-testing by
introducing a new kernel-testing framework ("ktest") based on Netlink,
loadable test modules and python test suite integration.
This framework provides the following features:
* Integration to the FreeBSD test suite
* Automatic test discovery
* Automatic test module loading
* Minimal boiler-plate code in both kernel and userland
* Passing any metadata to the test
* Convenient environment pre-setup using python testing framework
* Streaming messages from the kernel to the userland
* Running tests in the dedicated taskqueues
* Skipping or parametrizing tests
Differential Revision: https://reviews.freebsd.org/D39385
MFC after: 2 weeks
* Move more logic from conftest.py to the actual atf_pytest handler
* Move nodeid_to_method_name() to the utils.py so it can be shared
MFC after: 2 weeks
This diff does not contain any functional changes.
Its sole purpose is splitting netlink.py into smaller chunks.
The new code simplifies the upcoming generic netlink support
introduction.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D39365
Some operations like interface creation may need to return metadata
- in this case, interface name - back to the caller if the operation
is successful.
This change implements attaching an `NLMSGERR_ATTR_COOKIE` nla to the
operation reply message via `nlmsg_report_cookie()`.
Additionally, on successful interface creation, interface index and
interface name are returned in the `IFLA_NEW_IFINDEX` and `IFLA_IFNAME
TLVs, encapsulated in the `NLMSGERR_ATTR_COOKIE`.
Reviewed By: pauamma
Differential Revision: https://reviews.freebsd.org/D38283
MFC after: 1 week
Currently isolation and resource requirements are handled directly
by the kyua runner, based on the requirements specified by the test.
It works well for simple tests, but may cause discrepancy with tests
doing complex pre-setups. For example, all tests that perform
VNET setups require root access to properly function.
This change adds additional handling of the "require_user" property
within the python testing framework. Specifically, it requests
root access if the test class signals its root requirements and
drops privileges to the desired user after performing the pre-setup.
Differential Revision: https://reviews.freebsd.org/D37923
MFC after: 2 weeks
In order to provide more flexibility for the test writers,
add per-test-method cleanups in addition to the per-class cleanups.
Now the test 'test_one' can perform cleanup by either defining
per-class 'cleanup' method (typically used in VNET classes) and
per-test method 'cleanup_test_one'. The latter has preference.
In order to handle paramatrization, testid is passed as a single
argument to both of the methods.
MFC after: 2 weeks