diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/sys/geom/class/Makefile | 1 | ||||
-rw-r--r-- | tests/sys/geom/class/label/Makefile | 7 | ||||
-rwxr-xr-x | tests/sys/geom/class/label/basic.sh | 59 | ||||
-rw-r--r-- | tests/sys/netinet/so_reuseport_lb_test.c | 148 | ||||
-rw-r--r-- | tests/sys/netpfil/pf/rdr.sh | 51 | ||||
-rw-r--r-- | tests/sys/netpfil/pf/sctp.sh | 18 |
6 files changed, 277 insertions, 7 deletions
diff --git a/tests/sys/geom/class/Makefile b/tests/sys/geom/class/Makefile index 3cf3a15273ac..c58ebc0f72a0 100644 --- a/tests/sys/geom/class/Makefile +++ b/tests/sys/geom/class/Makefile @@ -9,6 +9,7 @@ TESTS_SUBDIRS+= concat TESTS_SUBDIRS+= eli .endif TESTS_SUBDIRS+= gate +TESTS_SUBDIRS+= label TESTS_SUBDIRS+= mirror TESTS_SUBDIRS+= multipath TESTS_SUBDIRS+= nop diff --git a/tests/sys/geom/class/label/Makefile b/tests/sys/geom/class/label/Makefile new file mode 100644 index 000000000000..d0072a52c47c --- /dev/null +++ b/tests/sys/geom/class/label/Makefile @@ -0,0 +1,7 @@ +PACKAGE= tests + +TESTSDIR= ${TESTSBASE}/sys/geom/class/${.CURDIR:T} + +ATF_TESTS_SH+= basic + +.include <bsd.test.mk> diff --git a/tests/sys/geom/class/label/basic.sh b/tests/sys/geom/class/label/basic.sh new file mode 100755 index 000000000000..b67b41567c02 --- /dev/null +++ b/tests/sys/geom/class/label/basic.sh @@ -0,0 +1,59 @@ +#!/bin/sh +# +# SPDX-License-Identifier: BSD-2-Clause-FreeBSD +# +# Copyright (c) 2025 Brad Davis +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# + +class=label +. $(atf_get_srcdir)/../geom_subr.sh + +atf_test_case create cleanup +create_head() +{ + atf_set "descr" "Create and verify GEOM labels" + atf_set "require.user" "root" +} +create_body() +{ + geom_atf_test_setup + + f1=$(mktemp ${class}.XXXXXX) + atf_check truncate -s 32M "$f1" + attach_md md -t vnode -f "$f1" + + atf_check -s exit:0 -o match:"^Done." glabel create -v test "/dev/$md" + atf_check -s exit:0 -o match:"^label/test N/A $md$" glabel status "/dev/$md" + atf_check -s exit:0 -o match:"^/dev/label/test$" ls /dev/label/test + atf_check -s exit:0 glabel stop test +} +create_cleanup() +{ + geom_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case create +} diff --git a/tests/sys/netinet/so_reuseport_lb_test.c b/tests/sys/netinet/so_reuseport_lb_test.c index 0479bd070ca6..393a626af5a4 100644 --- a/tests/sys/netinet/so_reuseport_lb_test.c +++ b/tests/sys/netinet/so_reuseport_lb_test.c @@ -29,6 +29,8 @@ #include <sys/param.h> #include <sys/event.h> +#include <sys/filio.h> +#include <sys/ioccom.h> #include <sys/socket.h> #include <netinet/in.h> @@ -556,6 +558,150 @@ ATF_TC_BODY(connect_bound, tc) close(s); } +/* + * The kernel erroneously permits calling connect() on a UDP socket with + * SO_REUSEPORT_LB set. Verify that packets sent to the bound address are + * dropped unless they come from the connected address. + */ +ATF_TC_WITHOUT_HEAD(connect_udp); +ATF_TC_BODY(connect_udp, tc) +{ + struct sockaddr_in sin = { + .sin_family = AF_INET, + .sin_len = sizeof(sin), + .sin_addr = { htonl(INADDR_LOOPBACK) }, + }; + ssize_t n; + int error, len, s1, s2, s3; + char ch; + + s1 = socket(PF_INET, SOCK_DGRAM, 0); + ATF_REQUIRE(s1 >= 0); + s2 = socket(PF_INET, SOCK_DGRAM, 0); + ATF_REQUIRE(s2 >= 0); + s3 = socket(PF_INET, SOCK_DGRAM, 0); + ATF_REQUIRE(s3 >= 0); + + error = setsockopt(s1, SOL_SOCKET, SO_REUSEPORT_LB, (int[]){1}, + sizeof(int)); + ATF_REQUIRE_MSG(error == 0, + "setsockopt(SO_REUSEPORT_LB) failed: %s", strerror(errno)); + error = bind(s1, (struct sockaddr *)&sin, sizeof(sin)); + ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno)); + + error = bind(s2, (struct sockaddr *)&sin, sizeof(sin)); + ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno)); + + error = bind(s3, (struct sockaddr *)&sin, sizeof(sin)); + ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno)); + + /* Connect to an address not owned by s2. */ + error = getsockname(s3, (struct sockaddr *)&sin, + (socklen_t[]){sizeof(sin)}); + ATF_REQUIRE(error == 0); + error = connect(s1, (struct sockaddr *)&sin, sizeof(sin)); + ATF_REQUIRE_MSG(error == 0, "connect() failed: %s", strerror(errno)); + + /* Try to send a packet to s1 from s2. */ + error = getsockname(s1, (struct sockaddr *)&sin, + (socklen_t[]){sizeof(sin)}); + ATF_REQUIRE(error == 0); + + ch = 42; + n = sendto(s2, &ch, sizeof(ch), 0, (struct sockaddr *)&sin, + sizeof(sin)); + ATF_REQUIRE(n == 1); + + /* Give the packet some time to arrive. */ + usleep(100000); + + /* s1 is connected to s3 and shouldn't receive from s2. */ + error = ioctl(s1, FIONREAD, &len); + ATF_REQUIRE(error == 0); + ATF_REQUIRE_MSG(len == 0, "unexpected data available"); + + /* ... but s3 can of course send to s1. */ + n = sendto(s3, &ch, sizeof(ch), 0, (struct sockaddr *)&sin, + sizeof(sin)); + ATF_REQUIRE(n == 1); + usleep(100000); + error = ioctl(s1, FIONREAD, &len); + ATF_REQUIRE(error == 0); + ATF_REQUIRE_MSG(len == 1, "expected data available"); +} + +/* + * The kernel erroneously permits calling connect() on a UDP socket with + * SO_REUSEPORT_LB set. Verify that packets sent to the bound address are + * dropped unless they come from the connected address. + */ +ATF_TC_WITHOUT_HEAD(connect_udp6); +ATF_TC_BODY(connect_udp6, tc) +{ + struct sockaddr_in6 sin6 = { + .sin6_family = AF_INET6, + .sin6_len = sizeof(sin6), + .sin6_addr = IN6ADDR_LOOPBACK_INIT, + }; + ssize_t n; + int error, len, s1, s2, s3; + char ch; + + s1 = socket(PF_INET6, SOCK_DGRAM, 0); + ATF_REQUIRE(s1 >= 0); + s2 = socket(PF_INET6, SOCK_DGRAM, 0); + ATF_REQUIRE(s2 >= 0); + s3 = socket(PF_INET6, SOCK_DGRAM, 0); + ATF_REQUIRE(s3 >= 0); + + error = setsockopt(s1, SOL_SOCKET, SO_REUSEPORT_LB, (int[]){1}, + sizeof(int)); + ATF_REQUIRE_MSG(error == 0, + "setsockopt(SO_REUSEPORT_LB) failed: %s", strerror(errno)); + error = bind(s1, (struct sockaddr *)&sin6, sizeof(sin6)); + ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno)); + + error = bind(s2, (struct sockaddr *)&sin6, sizeof(sin6)); + ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno)); + + error = bind(s3, (struct sockaddr *)&sin6, sizeof(sin6)); + ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno)); + + /* Connect to an address not owned by s2. */ + error = getsockname(s3, (struct sockaddr *)&sin6, + (socklen_t[]){sizeof(sin6)}); + ATF_REQUIRE(error == 0); + error = connect(s1, (struct sockaddr *)&sin6, sizeof(sin6)); + ATF_REQUIRE_MSG(error == 0, "connect() failed: %s", strerror(errno)); + + /* Try to send a packet to s1 from s2. */ + error = getsockname(s1, (struct sockaddr *)&sin6, + (socklen_t[]){sizeof(sin6)}); + ATF_REQUIRE(error == 0); + + ch = 42; + n = sendto(s2, &ch, sizeof(ch), 0, (struct sockaddr *)&sin6, + sizeof(sin6)); + ATF_REQUIRE(n == 1); + + /* Give the packet some time to arrive. */ + usleep(100000); + + /* s1 is connected to s3 and shouldn't receive from s2. */ + error = ioctl(s1, FIONREAD, &len); + ATF_REQUIRE(error == 0); + ATF_REQUIRE_MSG(len == 0, "unexpected data available"); + + /* ... but s3 can of course send to s1. */ + n = sendto(s3, &ch, sizeof(ch), 0, (struct sockaddr *)&sin6, + sizeof(sin6)); + ATF_REQUIRE(n == 1); + usleep(100000); + error = ioctl(s1, FIONREAD, &len); + ATF_REQUIRE(error == 0); + ATF_REQUIRE_MSG(len == 1, "expected data available"); +} + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, basic_ipv4); @@ -566,6 +712,8 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, bind_without_listen); ATF_TP_ADD_TC(tp, connect_not_bound); ATF_TP_ADD_TC(tp, connect_bound); + ATF_TP_ADD_TC(tp, connect_udp); + ATF_TP_ADD_TC(tp, connect_udp6); return (atf_no_error()); } diff --git a/tests/sys/netpfil/pf/rdr.sh b/tests/sys/netpfil/pf/rdr.sh index 24b95b2047f4..b0f0e6d13d0f 100644 --- a/tests/sys/netpfil/pf/rdr.sh +++ b/tests/sys/netpfil/pf/rdr.sh @@ -338,6 +338,56 @@ natpass_cleanup() pft_cleanup } +atf_test_case "pr290177" "cleanup" +pr290177_head() +{ + atf_set descr 'Test PR290177' + atf_set require.user root +} + +pr290177_body() +{ + pft_init + + epair=$(vnet_mkepair) + + ifconfig ${epair}a 192.0.2.2/24 up + ifconfig ${epair}a inet alias 192.0.2.3/24 up + + vnet_mkjail alcatraz ${epair}b + jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up + jexec alcatraz ifconfig lo0 127.0.0.1/8 up + + # Sanity check + atf_check -s exit:0 -o ignore \ + ping -c 1 192.0.2.1 + + jexec alcatraz pfctl -e + pft_set_rules alcatraz \ + "table <white> { 192.0.2.2 }" \ + "no rdr inet proto tcp from <white> to any port 25" \ + "rdr pass inet proto tcp from any to any port 25 -> 127.0.0.1 port 2500" + + echo foo | jexec alcatraz nc -N -l 2500 & + sleep 1 + + reply=$(nc -w 3 -s 192.0.2.2 192.0.2.1 25) + if [ "${reply}" == "foo" ] + then + atf_fail "no rdr rule failed" + fi + reply=$(nc -w 3 -s 192.0.2.3 192.0.2.1 25) + if [ "${reply}" != "foo" ] + then + atf_fail "rdr rule failed" + fi +} + +pr290177_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "natpass" @@ -345,4 +395,5 @@ atf_init_test_cases() atf_add_test_case "tcp_v6_pass" atf_add_test_case "srcport_compat" atf_add_test_case "srcport_pass" + atf_add_test_case "pr290177" } diff --git a/tests/sys/netpfil/pf/sctp.sh b/tests/sys/netpfil/pf/sctp.sh index 78055f5a9dd2..47bf40181b1b 100644 --- a/tests/sys/netpfil/pf/sctp.sh +++ b/tests/sys/netpfil/pf/sctp.sh @@ -29,9 +29,6 @@ sctp_init() { pft_init - if ! kldstat -q -m sctp; then - atf_skip "This test requires SCTP" - fi } atf_test_case "basic_v4" "cleanup" @@ -39,6 +36,7 @@ basic_v4_head() { atf_set descr 'Basic SCTP connection over IPv4 passthrough' atf_set require.user root + atf_set require.kmods sctp } basic_v4_body() @@ -112,6 +110,7 @@ basic_v6_head() { atf_set descr 'Basic SCTP connection over IPv6' atf_set require.user root + atf_set require.kmods sctp } basic_v6_body() @@ -186,6 +185,7 @@ reuse_head() { atf_set descr 'Test handling dumb clients that reuse source ports' atf_set require.user root + atf_set require.kmods sctp } reuse_body() @@ -244,6 +244,7 @@ abort_v4_head() { atf_set descr 'Test sending ABORT messages' atf_set require.user root + atf_set require.kmods sctp } abort_v4_body() @@ -302,6 +303,7 @@ abort_v6_head() { atf_set descr 'Test sending ABORT messages over IPv6' atf_set require.user root + atf_set require.kmods sctp } abort_v6_body() @@ -360,6 +362,7 @@ nat_v4_head() { atf_set descr 'Test NAT-ing SCTP over IPv4' atf_set require.user root + atf_set require.kmods sctp } nat_v4_body() @@ -412,6 +415,7 @@ nat_v6_head() { atf_set descr 'Test NAT-ing SCTP over IPv6' atf_set require.user root + atf_set require.kmods sctp } nat_v6_body() @@ -464,6 +468,7 @@ rdr_v4_head() { atf_set descr 'Test rdr SCTP over IPv4' atf_set require.user root + atf_set require.kmods sctp } rdr_v4_body() @@ -531,6 +536,7 @@ pfsync_head() { atf_set descr 'Test pfsync-ing SCTP connections' atf_set require.user root + atf_set require.kmods carp sctp } pfsync_body() @@ -563,10 +569,6 @@ pfsync_body() sctp_init pfsynct_init vnet_init_bridge - if ! kldstat -q -m carp - then - atf_skip "This test requires carp" - fi j="sctp:pfsync" @@ -722,6 +724,7 @@ timeout_head() { atf_set descr 'Test setting and retrieving timeout values' atf_set require.user root + atf_set require.kmods sctp } timeout_body() @@ -753,6 +756,7 @@ related_icmp_head() { atf_set descr 'Verify that ICMP messages related to an SCTP connection are allowed' atf_set require.user root + atf_set require.kmods sctp } related_icmp_body() |