aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/sys/geom/class/Makefile1
-rw-r--r--tests/sys/geom/class/label/Makefile7
-rwxr-xr-xtests/sys/geom/class/label/basic.sh59
-rw-r--r--tests/sys/netinet/so_reuseport_lb_test.c148
-rw-r--r--tests/sys/netpfil/pf/rdr.sh51
-rw-r--r--tests/sys/netpfil/pf/sctp.sh18
6 files changed, 277 insertions, 7 deletions
diff --git a/tests/sys/geom/class/Makefile b/tests/sys/geom/class/Makefile
index 3cf3a15273ac..c58ebc0f72a0 100644
--- a/tests/sys/geom/class/Makefile
+++ b/tests/sys/geom/class/Makefile
@@ -9,6 +9,7 @@ TESTS_SUBDIRS+= concat
TESTS_SUBDIRS+= eli
.endif
TESTS_SUBDIRS+= gate
+TESTS_SUBDIRS+= label
TESTS_SUBDIRS+= mirror
TESTS_SUBDIRS+= multipath
TESTS_SUBDIRS+= nop
diff --git a/tests/sys/geom/class/label/Makefile b/tests/sys/geom/class/label/Makefile
new file mode 100644
index 000000000000..d0072a52c47c
--- /dev/null
+++ b/tests/sys/geom/class/label/Makefile
@@ -0,0 +1,7 @@
+PACKAGE= tests
+
+TESTSDIR= ${TESTSBASE}/sys/geom/class/${.CURDIR:T}
+
+ATF_TESTS_SH+= basic
+
+.include <bsd.test.mk>
diff --git a/tests/sys/geom/class/label/basic.sh b/tests/sys/geom/class/label/basic.sh
new file mode 100755
index 000000000000..b67b41567c02
--- /dev/null
+++ b/tests/sys/geom/class/label/basic.sh
@@ -0,0 +1,59 @@
+#!/bin/sh
+#
+# SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+#
+# Copyright (c) 2025 Brad Davis
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+class=label
+. $(atf_get_srcdir)/../geom_subr.sh
+
+atf_test_case create cleanup
+create_head()
+{
+ atf_set "descr" "Create and verify GEOM labels"
+ atf_set "require.user" "root"
+}
+create_body()
+{
+ geom_atf_test_setup
+
+ f1=$(mktemp ${class}.XXXXXX)
+ atf_check truncate -s 32M "$f1"
+ attach_md md -t vnode -f "$f1"
+
+ atf_check -s exit:0 -o match:"^Done." glabel create -v test "/dev/$md"
+ atf_check -s exit:0 -o match:"^label/test N/A $md$" glabel status "/dev/$md"
+ atf_check -s exit:0 -o match:"^/dev/label/test$" ls /dev/label/test
+ atf_check -s exit:0 glabel stop test
+}
+create_cleanup()
+{
+ geom_test_cleanup
+}
+
+atf_init_test_cases()
+{
+ atf_add_test_case create
+}
diff --git a/tests/sys/netinet/so_reuseport_lb_test.c b/tests/sys/netinet/so_reuseport_lb_test.c
index 0479bd070ca6..393a626af5a4 100644
--- a/tests/sys/netinet/so_reuseport_lb_test.c
+++ b/tests/sys/netinet/so_reuseport_lb_test.c
@@ -29,6 +29,8 @@
#include <sys/param.h>
#include <sys/event.h>
+#include <sys/filio.h>
+#include <sys/ioccom.h>
#include <sys/socket.h>
#include <netinet/in.h>
@@ -556,6 +558,150 @@ ATF_TC_BODY(connect_bound, tc)
close(s);
}
+/*
+ * The kernel erroneously permits calling connect() on a UDP socket with
+ * SO_REUSEPORT_LB set. Verify that packets sent to the bound address are
+ * dropped unless they come from the connected address.
+ */
+ATF_TC_WITHOUT_HEAD(connect_udp);
+ATF_TC_BODY(connect_udp, tc)
+{
+ struct sockaddr_in sin = {
+ .sin_family = AF_INET,
+ .sin_len = sizeof(sin),
+ .sin_addr = { htonl(INADDR_LOOPBACK) },
+ };
+ ssize_t n;
+ int error, len, s1, s2, s3;
+ char ch;
+
+ s1 = socket(PF_INET, SOCK_DGRAM, 0);
+ ATF_REQUIRE(s1 >= 0);
+ s2 = socket(PF_INET, SOCK_DGRAM, 0);
+ ATF_REQUIRE(s2 >= 0);
+ s3 = socket(PF_INET, SOCK_DGRAM, 0);
+ ATF_REQUIRE(s3 >= 0);
+
+ error = setsockopt(s1, SOL_SOCKET, SO_REUSEPORT_LB, (int[]){1},
+ sizeof(int));
+ ATF_REQUIRE_MSG(error == 0,
+ "setsockopt(SO_REUSEPORT_LB) failed: %s", strerror(errno));
+ error = bind(s1, (struct sockaddr *)&sin, sizeof(sin));
+ ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno));
+
+ error = bind(s2, (struct sockaddr *)&sin, sizeof(sin));
+ ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno));
+
+ error = bind(s3, (struct sockaddr *)&sin, sizeof(sin));
+ ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno));
+
+ /* Connect to an address not owned by s2. */
+ error = getsockname(s3, (struct sockaddr *)&sin,
+ (socklen_t[]){sizeof(sin)});
+ ATF_REQUIRE(error == 0);
+ error = connect(s1, (struct sockaddr *)&sin, sizeof(sin));
+ ATF_REQUIRE_MSG(error == 0, "connect() failed: %s", strerror(errno));
+
+ /* Try to send a packet to s1 from s2. */
+ error = getsockname(s1, (struct sockaddr *)&sin,
+ (socklen_t[]){sizeof(sin)});
+ ATF_REQUIRE(error == 0);
+
+ ch = 42;
+ n = sendto(s2, &ch, sizeof(ch), 0, (struct sockaddr *)&sin,
+ sizeof(sin));
+ ATF_REQUIRE(n == 1);
+
+ /* Give the packet some time to arrive. */
+ usleep(100000);
+
+ /* s1 is connected to s3 and shouldn't receive from s2. */
+ error = ioctl(s1, FIONREAD, &len);
+ ATF_REQUIRE(error == 0);
+ ATF_REQUIRE_MSG(len == 0, "unexpected data available");
+
+ /* ... but s3 can of course send to s1. */
+ n = sendto(s3, &ch, sizeof(ch), 0, (struct sockaddr *)&sin,
+ sizeof(sin));
+ ATF_REQUIRE(n == 1);
+ usleep(100000);
+ error = ioctl(s1, FIONREAD, &len);
+ ATF_REQUIRE(error == 0);
+ ATF_REQUIRE_MSG(len == 1, "expected data available");
+}
+
+/*
+ * The kernel erroneously permits calling connect() on a UDP socket with
+ * SO_REUSEPORT_LB set. Verify that packets sent to the bound address are
+ * dropped unless they come from the connected address.
+ */
+ATF_TC_WITHOUT_HEAD(connect_udp6);
+ATF_TC_BODY(connect_udp6, tc)
+{
+ struct sockaddr_in6 sin6 = {
+ .sin6_family = AF_INET6,
+ .sin6_len = sizeof(sin6),
+ .sin6_addr = IN6ADDR_LOOPBACK_INIT,
+ };
+ ssize_t n;
+ int error, len, s1, s2, s3;
+ char ch;
+
+ s1 = socket(PF_INET6, SOCK_DGRAM, 0);
+ ATF_REQUIRE(s1 >= 0);
+ s2 = socket(PF_INET6, SOCK_DGRAM, 0);
+ ATF_REQUIRE(s2 >= 0);
+ s3 = socket(PF_INET6, SOCK_DGRAM, 0);
+ ATF_REQUIRE(s3 >= 0);
+
+ error = setsockopt(s1, SOL_SOCKET, SO_REUSEPORT_LB, (int[]){1},
+ sizeof(int));
+ ATF_REQUIRE_MSG(error == 0,
+ "setsockopt(SO_REUSEPORT_LB) failed: %s", strerror(errno));
+ error = bind(s1, (struct sockaddr *)&sin6, sizeof(sin6));
+ ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno));
+
+ error = bind(s2, (struct sockaddr *)&sin6, sizeof(sin6));
+ ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno));
+
+ error = bind(s3, (struct sockaddr *)&sin6, sizeof(sin6));
+ ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno));
+
+ /* Connect to an address not owned by s2. */
+ error = getsockname(s3, (struct sockaddr *)&sin6,
+ (socklen_t[]){sizeof(sin6)});
+ ATF_REQUIRE(error == 0);
+ error = connect(s1, (struct sockaddr *)&sin6, sizeof(sin6));
+ ATF_REQUIRE_MSG(error == 0, "connect() failed: %s", strerror(errno));
+
+ /* Try to send a packet to s1 from s2. */
+ error = getsockname(s1, (struct sockaddr *)&sin6,
+ (socklen_t[]){sizeof(sin6)});
+ ATF_REQUIRE(error == 0);
+
+ ch = 42;
+ n = sendto(s2, &ch, sizeof(ch), 0, (struct sockaddr *)&sin6,
+ sizeof(sin6));
+ ATF_REQUIRE(n == 1);
+
+ /* Give the packet some time to arrive. */
+ usleep(100000);
+
+ /* s1 is connected to s3 and shouldn't receive from s2. */
+ error = ioctl(s1, FIONREAD, &len);
+ ATF_REQUIRE(error == 0);
+ ATF_REQUIRE_MSG(len == 0, "unexpected data available");
+
+ /* ... but s3 can of course send to s1. */
+ n = sendto(s3, &ch, sizeof(ch), 0, (struct sockaddr *)&sin6,
+ sizeof(sin6));
+ ATF_REQUIRE(n == 1);
+ usleep(100000);
+ error = ioctl(s1, FIONREAD, &len);
+ ATF_REQUIRE(error == 0);
+ ATF_REQUIRE_MSG(len == 1, "expected data available");
+}
+
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, basic_ipv4);
@@ -566,6 +712,8 @@ ATF_TP_ADD_TCS(tp)
ATF_TP_ADD_TC(tp, bind_without_listen);
ATF_TP_ADD_TC(tp, connect_not_bound);
ATF_TP_ADD_TC(tp, connect_bound);
+ ATF_TP_ADD_TC(tp, connect_udp);
+ ATF_TP_ADD_TC(tp, connect_udp6);
return (atf_no_error());
}
diff --git a/tests/sys/netpfil/pf/rdr.sh b/tests/sys/netpfil/pf/rdr.sh
index 24b95b2047f4..b0f0e6d13d0f 100644
--- a/tests/sys/netpfil/pf/rdr.sh
+++ b/tests/sys/netpfil/pf/rdr.sh
@@ -338,6 +338,56 @@ natpass_cleanup()
pft_cleanup
}
+atf_test_case "pr290177" "cleanup"
+pr290177_head()
+{
+ atf_set descr 'Test PR290177'
+ atf_set require.user root
+}
+
+pr290177_body()
+{
+ pft_init
+
+ epair=$(vnet_mkepair)
+
+ ifconfig ${epair}a 192.0.2.2/24 up
+ ifconfig ${epair}a inet alias 192.0.2.3/24 up
+
+ vnet_mkjail alcatraz ${epair}b
+ jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up
+ jexec alcatraz ifconfig lo0 127.0.0.1/8 up
+
+ # Sanity check
+ atf_check -s exit:0 -o ignore \
+ ping -c 1 192.0.2.1
+
+ jexec alcatraz pfctl -e
+ pft_set_rules alcatraz \
+ "table <white> { 192.0.2.2 }" \
+ "no rdr inet proto tcp from <white> to any port 25" \
+ "rdr pass inet proto tcp from any to any port 25 -> 127.0.0.1 port 2500"
+
+ echo foo | jexec alcatraz nc -N -l 2500 &
+ sleep 1
+
+ reply=$(nc -w 3 -s 192.0.2.2 192.0.2.1 25)
+ if [ "${reply}" == "foo" ]
+ then
+ atf_fail "no rdr rule failed"
+ fi
+ reply=$(nc -w 3 -s 192.0.2.3 192.0.2.1 25)
+ if [ "${reply}" != "foo" ]
+ then
+ atf_fail "rdr rule failed"
+ fi
+}
+
+pr290177_cleanup()
+{
+ pft_cleanup
+}
+
atf_init_test_cases()
{
atf_add_test_case "natpass"
@@ -345,4 +395,5 @@ atf_init_test_cases()
atf_add_test_case "tcp_v6_pass"
atf_add_test_case "srcport_compat"
atf_add_test_case "srcport_pass"
+ atf_add_test_case "pr290177"
}
diff --git a/tests/sys/netpfil/pf/sctp.sh b/tests/sys/netpfil/pf/sctp.sh
index 78055f5a9dd2..47bf40181b1b 100644
--- a/tests/sys/netpfil/pf/sctp.sh
+++ b/tests/sys/netpfil/pf/sctp.sh
@@ -29,9 +29,6 @@
sctp_init()
{
pft_init
- if ! kldstat -q -m sctp; then
- atf_skip "This test requires SCTP"
- fi
}
atf_test_case "basic_v4" "cleanup"
@@ -39,6 +36,7 @@ basic_v4_head()
{
atf_set descr 'Basic SCTP connection over IPv4 passthrough'
atf_set require.user root
+ atf_set require.kmods sctp
}
basic_v4_body()
@@ -112,6 +110,7 @@ basic_v6_head()
{
atf_set descr 'Basic SCTP connection over IPv6'
atf_set require.user root
+ atf_set require.kmods sctp
}
basic_v6_body()
@@ -186,6 +185,7 @@ reuse_head()
{
atf_set descr 'Test handling dumb clients that reuse source ports'
atf_set require.user root
+ atf_set require.kmods sctp
}
reuse_body()
@@ -244,6 +244,7 @@ abort_v4_head()
{
atf_set descr 'Test sending ABORT messages'
atf_set require.user root
+ atf_set require.kmods sctp
}
abort_v4_body()
@@ -302,6 +303,7 @@ abort_v6_head()
{
atf_set descr 'Test sending ABORT messages over IPv6'
atf_set require.user root
+ atf_set require.kmods sctp
}
abort_v6_body()
@@ -360,6 +362,7 @@ nat_v4_head()
{
atf_set descr 'Test NAT-ing SCTP over IPv4'
atf_set require.user root
+ atf_set require.kmods sctp
}
nat_v4_body()
@@ -412,6 +415,7 @@ nat_v6_head()
{
atf_set descr 'Test NAT-ing SCTP over IPv6'
atf_set require.user root
+ atf_set require.kmods sctp
}
nat_v6_body()
@@ -464,6 +468,7 @@ rdr_v4_head()
{
atf_set descr 'Test rdr SCTP over IPv4'
atf_set require.user root
+ atf_set require.kmods sctp
}
rdr_v4_body()
@@ -531,6 +536,7 @@ pfsync_head()
{
atf_set descr 'Test pfsync-ing SCTP connections'
atf_set require.user root
+ atf_set require.kmods carp sctp
}
pfsync_body()
@@ -563,10 +569,6 @@ pfsync_body()
sctp_init
pfsynct_init
vnet_init_bridge
- if ! kldstat -q -m carp
- then
- atf_skip "This test requires carp"
- fi
j="sctp:pfsync"
@@ -722,6 +724,7 @@ timeout_head()
{
atf_set descr 'Test setting and retrieving timeout values'
atf_set require.user root
+ atf_set require.kmods sctp
}
timeout_body()
@@ -753,6 +756,7 @@ related_icmp_head()
{
atf_set descr 'Verify that ICMP messages related to an SCTP connection are allowed'
atf_set require.user root
+ atf_set require.kmods sctp
}
related_icmp_body()