Commit Graph

57 Commits

Author SHA1 Message Date
Andrey V. Elsukov 2872268c7f ipfw: treat ipv6 address with zero mask as 'any'
Make the behaviour similar for both IPv4 and IPv6. Also add
the corresponding tests.

PR:             294733
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D56618
2026-05-17 13:12:20 +03:00
Boris Lytochkin 32cd3ee590 ipfw: add support for masked ip-address lookups
Current radix-based implementation of lookup tables in ipfw does
not support non-contiguous prefixes while this type of lookup is
needed to write CPU-effective firewall configurations.

For some of the cases we can reach the goal using a masked table
lookup by adding masked (e.g. zero non-significant bits) records
into a table and then zero non-significant bits in lookup key
prior to making a table lookup.

Obtained from:  Yandex LLC
MFC after:      3 weeks
Relnotes:       yes
Sponsored by:   Yandex LLC
Differential Revision:  https://reviews.freebsd.org/D53694
2026-03-01 22:04:58 +03:00
Mark Johnston a8b8feced9 atf_python/vnet: Make it possible to set the FIB of vnet interfaces
Reviewed by:	zlei, ngie
MFC after:	1 week
Sponsored by:	Stormshield
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D54972
2026-02-13 16:02:09 +00:00
Mark Johnston 07940d1d85 atf_python: Run vnet handlers in $HOME
When kyua runs a test, it creates a temp directory and sets $HOME to
point to it.  Tests are run with the cwd set to that temp directory.

When a process attaches to a jail, its cwd is set to the root of the
jail.  Modify atf_python to cd to $HOME instead, so that it's easier for
tests to share files.

Reviewed by:	zlei, ngie
MFC after:	2 weeks
Sponsored by:	Stormshield
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D54971
2026-02-02 16:54:54 +00:00
Mark Johnston ef389b7f58 atf_python: Fix a typo in a type annotation
No functional change intended.

MFC after:	1 week
Sponsored by:	Stormshield
Sponsored by:	Klara, Inc.
2026-01-27 14:57:31 +00:00
Kristof Provost 4f35a84b32 atf_python: support setting interface mtu
Teach the vnet support code to set interface MTU. Some tests make use of
this, so have the framework handle it.

Adapt a few pf tests to use this.

Reviewed by:	melifaro
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D54333
2025-12-22 17:28:33 +01:00
Nick Banks be1ad90e6b tcp: Initial ktest for HPTS
Reviewed by:		rrs, tuexen
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D52979
2025-10-13 21:47:31 +02:00
Olivier Cochard 01d5a6f30c tests/ipfw: Update regression tests to match new 32-bit size rule numbers
Commit 4a77657cbc increased the size of several opcodes to ipfw_insn_u32.

Approved by:	ae
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D52876
2025-10-03 13:06:49 +02:00
Kristof Provost 2213e15888 atf_python: allow test scripts to pass jail options
Test scripts based on atf_python can now pass jail command options via the
'opts' key in the 'vnetX' key of TOPOLOGY.

Reviewed by:	melifaro
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D52761
2025-09-30 14:53:17 +02:00
Siva Mahadevan df997faca8 atf_pytest: fix xfail detection from pytest report
The location of the 'wasxfail' attribute was moved from
the 'reason' attribute back to the parent 'report'. This
fixes an issue where xfails are wrongly reported to ATF
as skipped tests.

Signed-off-by: Siva Mahadevan <me@svmhdvn.name>
Pull-request: https://github.com/freebsd/freebsd-src/pull/1849
Sponsored by: The FreeBSD Foundation
2025-09-18 09:01:14 -04:00
Michael Tuexen bd8296e717 tests: disable transmit checksum offloading for epair interfaces
When transmit checksum offloading is enabled, if_epair does not
compute checksums, it just marks packets that this computation still
needs to be done. However, some test cases verify the checksum.
Therefore disable this for IPv4 and IPv6.

Reviewed by:		kp
MFC after:		1 week
Differential Revision:	https://reviews.freebsd.org/D52379
2025-09-04 13:52:37 +02:00
Ronald Klop 9c95fcb7cd tests: Get the MAC from the epairs.
This removes knowledge of the implementation of if_epair.
Makes it easier to modify if_epair in future commits.

Reviewed by:	kp
Differential Revision:	https://reviews.freebsd.org/D51205
2025-07-09 17:38:08 +02:00
Kristof Provost 7659d0fa2b pf tests: skip TestHeader6::test_too_many if ipfilter is loaded
IPFilter interferes with the header.py:TestHeader6::test_too_many test, so skip
it if the module is loaded.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D50661
2025-06-06 13:16:00 +02:00
Kristof Provost 6ae89b2f15 aft_python: fix incorrect ndp use
If we want to clear a flag we have to include '--' before the flag we clear,
otherwise ndp will misparse our command (the getopt call will interpret it as
another option, and reject it).

This caused spurious errors at the end of every atf_python test case such as:

	============================== 1 passed in 7.26s ===============================
	usage: ndp [-nt] hostname
	       ndp [-nt] -a | -c | -p | -r | -H | -P | -R
	       ndp [-nt] -A wait
	       ndp [-nt] -d hostname
	       ndp [-nt] -f filename
	       ndp [-nt] -i interface [flags...]
	       ndp [-nt] -I [interface|delete]
	       ndp [-nt] -s nodename etheraddr [temp] [proxy]

Sponsored by:	Rubicon Communications, LLC ("Netgate")
2025-05-08 15:10:26 +02:00
Kristof Provost ae8d588140 vnet tests: verify that we can load if_epair and if_bridge
We're going to start running many of the vnet tests in nested jails (so they
can run in parallel). That means the tests won't be able to load kernel modules,
which we commonly do for if_epair and if_bridge.

Just assume that all vnet tests need this, because so many of them do that we
don't want to manually annotate all of them.
This is essentially a no-op on non-nested tests.

Do the same for the python test framework.

While here also have pflog_init actually call pft_init. While having pflog
loaded implies we have pf too pft_init also checks for vimage support, and now
for if_epair.

Reviewed by:	markj
MFC after:	1 month
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D46039
2024-07-23 15:57:25 +02:00
Lexi Winter e1e636193d tests: move atf_python/sys/ into the tests package
Reviewed by:	markj
MFC after:	1 week
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1174
2024-04-19 14:48:37 -04:00
Jose Luis Duran d4a5d4952e atf_python: Standardize custom sections
To be replaced with pytest's section/add_report_section.

Reviewed by:	markj
MFC after:	1 week
Pull Request:	https://github.com/freebsd/freebsd-src/pull/865
2023-10-13 15:31:30 -04:00
Jose Luis Duran 8a30ab5369 atf_python: Set verbosity for commands in a vnet
Reviewed by:	markj
MFC after:	1 week
Pull Request:	https://github.com/freebsd/freebsd-src/pull/865
2023-10-13 15:31:30 -04:00
Jose Luis Duran a1eb150ce2 atf_python: vnet: Use absolute paths within helpers
Usually tests are run in sterile environments; however, there is a
slight chance that the PATH overrides the utilities used for testing.

Pedantically use absolute paths, even inside VNETs, to avoid ambiguity.

Chiefly, jexec -> /usr/sbin/jexec, and ifconfig -> /sbin/ifconfig.

Reviewed by:	markj
MFC after:	1 week
Pull Request:	https://github.com/freebsd/freebsd-src/pull/865
2023-10-13 15:31:30 -04:00
Jose Luis Duran 7964a28ccf atf_python: Actually implement verbosity for run_cmd
Reviewed by:	markj
MFC after:	1 week
Pull Request:	https://github.com/freebsd/freebsd-src/pull/865
2023-10-13 15:31:30 -04:00
Jose Luis Duran 2e620256bd atf_python: Do not attempt to automatically delete lo0
Else `ifconfig lo0 destroy` will throw an:

    ifconfig: SIOCIFDESTROY: Invalid argument

Reviewed by:	markj
MFC after:	1 week
Pull Request:	https://github.com/freebsd/freebsd-src/pull/865
2023-10-13 15:31:30 -04:00
Emmanuel Vadot 944223076f pkgbase: Put atf_python files in FreeBSD-tests
Sponsored by:	Beckhoff Automation GmbH & Co. KG
2023-10-12 20:15:03 +02:00
Kristof Provost b23dbabb7f pf: test rules evaluation in the face of multiple IPv6 fragment headers
Send an ICMPv6 echo request packet with multiple IPv6 fragment headers.
Set rules to pass all packets, except for ICMPv6 echo requests.

pf ought to drop the echo request, but doesn't because it reassembles
the packet, and then doesn't handle the second fragment header. In other
words: it fails to detect the ICMPv6 echo header.

Reported by:	Enrico Bassetti bassetti@di.uniroma1.it (NetSecurityLab @ Sapienza University of Rome)
MFC after:	instant
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2023-08-04 15:24:16 +02:00
Alexander V. Chernikov 84b41342da ipfw: add eaction tests
MFC after:	2 weeks
2023-06-15 06:36:16 +00:00
Alexander V. Chernikov 9f44a47fd0 ipfw(8): add ioctl/instruction generation tests
Differential Revision: https://reviews.freebsd.org/D40488
MFC after:	2 weeks
2023-06-13 11:55:37 +00:00
Alexander V. Chernikov 0eb0d23335 ktest: make ktest work with Netlink loaded as a module.
MFC after:	2 weeks
2023-06-13 06:04:14 +00:00
Alexander V. Chernikov 54b955f4df netlink: add support for decoding genl ops/groups in pytest
MFC after:	2 weeks
2023-06-01 10:45:29 +00:00
Alexander V. Chernikov 10b94e4064 netlink: add support for adding/deleting interface addresses
Differential Revision: https://reviews.freebsd.org/D40103
MFC after:	2 weeks
2023-05-16 19:39:13 +00:00
Alexander V. Chernikov 584ad4126c testing: improve vnet support in pytest
* Allow vnet object to be directly referenced
 (self.vnet1 vs self.vnet_map["vnet1"])
* Allow iface object to be directly reference
 (vnet.bridge vs vnet.iface_alias_map["bridge"])
* Allow arbitrary interface alias names insted of ifX
* Add wait_objects_any() method for waiting object from
 multiple vnets
* Add wait() method for indefinite sleep on vnet handlers

MFC after:	2 weeks
2023-05-16 15:00:45 +00:00
Alexander V. Chernikov d91f8db5f1 testing: rename IfattrType to IfaAttrType for consistency
All other attribute classes are named as 'type'AttrType and 'type'
 int this case is ifa (interface address).

MFC after:	2 weeks
2023-05-15 11:47:07 +00:00
Alexander V. Chernikov 97760572a0 testing: add public method for requiring module presense in pytest
MFC after:	2 weeks
2023-05-15 10:50:55 +00:00
Alexander V. Chernikov f0ffe1ce0f testing: add support for handling Netlink carp messages
MFC after:	2 weeks
2023-05-15 10:48:45 +00:00
Alexander V. Chernikov f3065e767d testing: add support for using custom interfaces in pytest framework.
MFC after:	2 weeks
2023-05-15 10:44:20 +00:00
Alexander V. Chernikov 04a036601e tests: fix netlink type parsing.
Netlink attribute type field is 2 bytes, not one.

MFC after:	2 weeks
2023-04-18 14:09:47 +00:00
Alexander V. Chernikov 3e5d0784b9 Testing: add framework for the kernel unit tests.
This changes intends to reduce the bar to the kernel unit-testing by
 introducing a new kernel-testing framework ("ktest") based on Netlink,
 loadable test modules and python test suite integration.

This framework provides the following features:
* Integration to the FreeBSD test suite
* Automatic test discovery
* Automatic test module loading
* Minimal boiler-plate code in both kernel and userland
* Passing any metadata to the test
* Convenient environment pre-setup using python testing framework
* Streaming messages from the kernel to the userland
* Running tests in the dedicated taskqueues
* Skipping or parametrizing tests

Differential Revision: https://reviews.freebsd.org/D39385
MFC after:	2 weeks
2023-04-14 15:47:55 +00:00
Alexander V. Chernikov 388420e613 tests: fix utils import in netlink tests
MFC after:	2 weeks
2023-04-02 10:17:37 +00:00
Alexander V. Chernikov d9af4219d6 tests: refactor atf_python a bit
* Move more logic from conftest.py to the actual atf_pytest handler
* Move nodeid_to_method_name() to the utils.py so it can be shared

MFC after:	2 weeks
2023-04-01 19:44:37 +00:00
Alexander V. Chernikov fc2538cb7b tests: add support for parsing generic netlink families.
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D39370
2023-04-01 19:33:47 +00:00
Alexander V. Chernikov fee65b7e21 tests: split netlink.py into multiple files to impove maintainability.
This diff does not contain any functional changes.
Its sole purpose is splitting netlink.py into smaller chunks.
The new code simplifies the upcoming generic netlink support
introduction.

MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D39365
2023-04-01 19:31:38 +00:00
Alexander V. Chernikov 90bc2120b5 tests: fix python parsing of netlink nested attributes
MFC after:	2 weeks
2023-03-13 10:17:36 +00:00
Alexander V. Chernikov c57dfd92c8 tests: add more netlink tests for neighbors/routes
Differential Revision: https://reviews.freebsd.org/D38912
MFC after:	2 weeks
2023-03-07 17:31:26 +00:00
Alexander V. Chernikov 828d3c6c4c tests: add netlink large dump buffer check
Differential Revision: https://reviews.freebsd.org/D38665
MFC after:	2 weeks
2023-02-20 10:20:54 +00:00
Alexander V. Chernikov ff8da9b2ba netlink: improve attribute decoding in python tests
MFC after:	2 weeks
2023-02-17 18:16:08 +00:00
Alexander V. Chernikov 25c2dd2f2c netlink: return optional metadata with the operation result.
Some operations like interface creation may need to return metadata
 - in this case, interface name - back to the caller if the operation
 is successful.
This change implements attaching an `NLMSGERR_ATTR_COOKIE` nla to the
operation reply message via `nlmsg_report_cookie()`.
Additionally, on successful interface creation, interface index and
 interface name are returned in the `IFLA_NEW_IFINDEX` and `IFLA_IFNAME
 TLVs, encapsulated in the `NLMSGERR_ATTR_COOKIE`.

Reviewed By: pauamma
Differential Revision: https://reviews.freebsd.org/D38283
MFC after:	1 week
2023-02-09 15:30:00 +00:00
Alexander V. Chernikov 6332ef8941 testing: handling non-root users with VNETs in pytest-based tests.
Currently isolation and resource requirements are handled directly
 by the kyua runner, based on the requirements specified by the test.
It works well for simple tests, but may cause discrepancy with tests
 doing complex pre-setups. For example, all tests that perform
 VNET setups require root access to properly function.

This change adds additional handling of the "require_user" property
 within the python testing framework. Specifically, it requests
 root access if the test class signals its root requirements and
 drops privileges to the desired user after performing the pre-setup.

Differential Revision: https://reviews.freebsd.org/D37923
MFC after:	2 weeks
2023-02-09 14:49:27 +00:00
Alexander V. Chernikov 20ea7f26e4 pytest: delete interfaces from inside the jail.
This change follows the approach used in 80fc25025f, to
 minimise the impact of the delayed interface migration.

MFC after:	2 weeks
2023-01-25 16:34:17 +00:00
Jose Luis Duran 4856aeaaed tests: Add an IPv4 loopback address of 127.0.0.1/8 to the lo0
interface by default when creating VNETSs using pytest.

Reviewed By: asomers
Differential Revision: https://reviews.freebsd.org/D38021
2023-01-11 14:34:41 +00:00
Alexander V. Chernikov c1871a3372 netlink: improve RTM_GETADDR handling.
* Allow filtering by ifa_family & ifa_index.
* Add common RTM_<NEW|DEL|GET>ADDR parser
* Add tests verifying RTM_GETADDR filtering behaviour & output
* Factor out common netlink socket test methods into NetlinkTestTemplate
* Add NLMSG_DONE message handler

Reviewed By: pauamma
Differential Revision: https://reviews.freebsd.org/D37970
2023-01-08 15:06:34 +00:00
Alexander V. Chernikov bb60d265c9 testing: fix tests without cleanup in pytest.
It was broken by 89ffac3b01,
which added "cleanup" method to the base test class,
 resulting in reporting cleanup for all of the tests.
2023-01-01 14:11:18 +00:00
Alexander V. Chernikov 89ffac3b01 testing: allow custom test cleanup handlers in pytest
In order to provide more flexibility for the test writers,
add per-test-method cleanups in addition to the per-class cleanups.

Now the test 'test_one' can perform cleanup by either defining
per-class 'cleanup' method (typically used in VNET classes) and
per-test method 'cleanup_test_one'. The latter has preference.
In order to handle paramatrization, testid is passed as a single
 argument to both of the methods.

MFC after:	2 weeks
2022-12-31 16:27:27 +00:00