| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These use atf_python to create a number of hosts linked to a router.
The router runs pimd (for IPv4) or ip6_mrouter (simplistic IPv6
multicast router that I wrote since I couldn't find one in the ports
tree). The vnet_host*_handler() methods are invoked in different VNET
jails connected to the router; they register the connected epair with a
multicast group and verify that they can send messages to each other.
The tests are synchronized by sending messages over a unix domain
socket. The flow is something like:
1) test startup_method() is called, the unix socket is created,
2) the superclass creates jails and links them together using the
declared topology,
3) we wait for all child jails to start up and send a message on the
unix socket indicating that they are ready
4) we start the routing daemon in the main jail,
5) the test actually starts; starttest() kicks off the
vnet_host*_handlers(), which mostly just verify that they can send
messages to each other using multicast packets
6) once they finish running, they signal their completion, and
waittest() returns once they're all done
There are two tests, repeated for v4 and v6. One just exchanges packets
between two hosts, and the other has four hosts divided across two FIBs.
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55244
|
| |
|
|
|
| |
Stack it into existing file that exercises an other corner case of our
TCP and rename the file to a more generic name.
|
| |
|
|
|
|
| |
The test creates differently bound SOCK_RAW sockets and sends different
probe packets. There is expected results matrix that every probe is
checked against.
|
| |
|
|
|
|
|
| |
The tests themselves create identically named jails, resulting in
spurious failures when the tests are run in parallel.
MFC after: 1 week
|
| |
|
|
|
|
| |
Reviewed by: rrs, tuexen
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D52979
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Provide a helper program multicast-receive.c that joins arbitrary group on
arbitrary specified interface and receives a single datagram and prints it
out.
In multicast.sh provide a template with two jails connected by two
interface pairs, so that we can check sends/receives in presence of
multiple interfaces.
Compose a few basic tests to check legacy and new IP_ADD_MEMBERSHIP and
MCAST_JOIN_GROUP.
|
| |
|
|
|
|
| |
Rename this test helper app to multicast-send.c. Extend it to send
from/to arbitrary addresses and arbitrary payload so that it can be used
in more test scenarios.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1) Set SO_BROADCAST and send to INADDR_BROADCAST.
2) Set SO_BROADCAST, set IP_ONESBCAST and cycle through broadcast capable
interfaces sending a datagram on each.
3) Set SO_BROADCAST and send to local broadcast address.
For each test we bind a second socket to check whether the broadcast
is actually received.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D49040
|
| |
|
|
|
|
|
|
| |
1) Test that getsockname() on a socket that experienced a sendto(2)
returns allocated port.
2) Same as 1), but jailed. Make sure IP address was also selected.
3) Test that IP_SENDSRCADDR/IP_RECVDSTADDR work.
4) Regression test for bug 274009.
|
| |
|
|
|
|
|
|
| |
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D48665
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Suppose a thread is adds a socket to an existing TCP lbgroup that is
actively accepting connections. It has to do the following operations:
1. set SO_REUSEPORT_LB on the socket
2. bind() the socket to the shared address/port
3. call listen()
Step 2 makes the inpcb visible to incoming connection requests.
However, at this point the inpcb cannot accept new connections. If
in_pcblookup() matches it, the remote end will see ECONNREFUSED even
when other listening sockets are present in the lbgroup. This means
that dynamically adding inpcbs to an lbgroup (e.g., by starting up new
workers) can trigger spurious connection failures for no good reason.
(A similar problem exists when removing inpcbs from an lbgroup, but that
is harder to fix and is not addressed by this patch; see the review for
a bit more commentary.)
Fix this by augmenting each lbgroup with a linked list of inpcbs that
are pending a listen() call. When adding an inpcb to an lbgroup, keep
the inpcb on this list if listen() hasn't been called, so it is not yet
visible to the lookup path. Then, add a new in_pcblisten() routine which
makes the inpcb visible within the lbgroup now that it's safe to let it
handle new connections.
Add a regression test which verifies that we don't get spurious
connection errors while adding sockets to an LB group.
Reviewed by: glebius
MFC after: 1 month
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D48544
|
| |
|
|
| |
Fixes: ae5c3dfd3e75bb287984947359d4f958aea505ec
|
| |
|
|
|
|
|
|
|
| |
These tests assume exclusive use of one or more FIBs and so can't be run
in parallel. Running them in a VNET jail sidesteps this problem.
MFC after: 1 week
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many of the modified tests add epair interfaces to the host, though most
of the tests themselves run in a VNET jail. scapy in particular becomes
unhappy when the list of interfaces changes as it is running, so, to
improve reliability of parallel test runs, isolate tests which add
epairs to the host.
Also serialize arp tests, as they examine the dmesg as part of the test.
The list of modified tests is not exhaustive, it was determined by
running the test suite with parallelization enabled and looking at
failures. It may be easier to just automatically enable VNET jailing of
all netinet tests, but let's be more particular for now.
Reviewed by: kp
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D46606
|
| |
|
|
|
|
|
| |
This is a residual of the $FreeBSD$ removal.
MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix
|
| |
|
|
|
|
|
|
| |
Start a file that would collect tests for I/O functionality of a UDP
socket, targeted on how a socket interacts with userland rather than with
wire side of the protocol.
First version tests that MSG_TRUNC and MSG_PEEK are working correctly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The TCP implied connect is an artifact left after T/TCP. To my surprise
it still works, hence the existence of this test. Please read this email
first:
https://lists.freebsd.org/pipermail/freebsd-net/2010-August/026311.html
An interesting fact that this test takes 220 - 240 milliseconds to
execute on my Threadripper PRO. Flipping the '#if 0' to '#if 1' in the
test, thus bringing it back to normal connect(2), would speed the test up
a hundred times and I guess all this time is fork+exec of the test.
|
| |
|
|
| |
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This provides a regression test for commit abca3ae7734f.
Add it to the existing v4-mapped address test file, and rename
accordingly.
Reviewed by: tuexen, karels, rrs
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39216
|
| |
|
|
| |
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
| |
|
|
|
|
|
|
|
| |
Ensure that (multicast) CARP packets are sent with the expected source
MAC address.
Reviewed by: melifaro
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D39454
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This makes diffs when adding or removing tests easier to read.
While here, sort the list of tests.
Reviewed by: kevans, melifaro, asomers, markj, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36908
|
| |
|
|
|
|
|
|
|
|
|
| |
Test fix in 637f317c6d9c, verifying that when ports run out, we get
an EADDRNOTAVAIL error from bind() rather than an EADDRINUSE error
from connect(). Use small port range to exhaust ports and see which
error happens.
Reviewed by: tuexen, glebius, melifaro
Differential Revision: https://reviews.freebsd.org/D36056
MFC after: 3 days (with 637f317c6d9c)
|
| |
|
|
|
|
|
|
|
|
|
| |
Add tests for TCP_MD5 getsockopt for ipv6 and ipv4. These will only run
when the kernel module is loaded, but will be in place if further
regressions are found.
Reviewed by: rscheff
MFC after: 3 days
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D35532
|
| |
|
|
|
|
|
|
|
| |
In order to modify libalias for performance, the existing
functionality must not change. Enforce this.
Reviewed by: kp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30307
|
| |
|
|
|
|
|
|
|
|
|
|
| |
After length decisions, we've decided that the if_wg(4) driver and
related work is not yet ready to live in the tree. This driver has
larger security implications than many, and thus will be held to
more scrutiny than other drivers.
Please also see the related message sent to the freebsd-hackers@
and freebsd-arch@ lists by Kyle Evans <kevans@FreeBSD.org> on
2021/03/16, with the subject line "Removing WireGuard Support From Base"
for additional context.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the culmination of about a week of work from three developers to
fix a number of functional and security issues. This patch consists of
work done by the following folks:
- Jason A. Donenfeld <Jason@zx2c4.com>
- Matt Dunwoodie <ncon@noconroy.net>
- Kyle Evans <kevans@FreeBSD.org>
Notable changes include:
- Packets are now correctly staged for processing once the handshake has
completed, resulting in less packet loss in the interim.
- Various race conditions have been resolved, particularly w.r.t. socket
and packet lifetime (panics)
- Various tests have been added to assure correct functionality and
tooling conformance
- Many security issues have been addressed
- if_wg now maintains jail-friendly semantics: sockets are created in
the interface's home vnet so that it can act as the sole network
connection for a jail
- if_wg no longer fails to remove peer allowed-ips of 0.0.0.0/0
- if_wg now exports via ioctl a format that is future proof and
complete. It is additionally supported by the upstream
wireguard-tools (which we plan to merge in to base soon)
- if_wg now conforms to the WireGuard protocol and is more closely
aligned with security auditing guidelines
Note that the driver has been rebased away from using iflib. iflib
poses a number of challenges for a cloned device trying to operate in a
vnet that are non-trivial to solve and adds complexity to the
implementation for little gain.
The crypto implementation that was previously added to the tree was a
super complex integration of what previously appeared in an old out of
tree Linux module, which has been reduced to crypto.c containing simple
boring reference implementations. This is part of a near-to-mid term
goal to work with FreeBSD kernel crypto folks and take advantage of or
improve accelerated crypto already offered elsewhere.
There's additional test suite effort underway out-of-tree taking
advantage of the aforementioned jail-friendly semantics to test a number
of real-world topologies, based on netns.sh.
Also note that this is still a work in progress; work going further will
be much smaller in nature.
MFC after: 1 month (maybe)
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Reviewed by: markj, olivier, tuexen
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D27173
Notes:
svn path=/head/; revision=367685
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Repeating the default WARNS here makes it slightly more difficult to
experiment with default WARNS changes, e.g. if we did something absolutely
bananas and introduced a WARNS=7 and wanted to try lifting the default to
that.
Drop most of them; there is one in the blake2 kernel module, but I suspect
it should be dropped -- the default WARNS in the rest of the build doesn't
currently apply to kernel modules, and I haven't put too much thought into
whether it makes sense to make it so.
Notes:
svn path=/head/; revision=366304
|
| |
|
|
|
|
|
|
| |
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D26382
Notes:
svn path=/head/; revision=365609
|
| |
|
|
|
|
|
|
|
|
| |
they need to be able to run net_receiver.py.
MFC after: 2 weeks
Sponsored by: DARPA
Notes:
svn path=/head/; revision=361267
|
| |
|
|
|
|
|
| |
Differential Revision: https://reviews.freebsd.org/D24684
Notes:
svn path=/head/; revision=360685
|
| |
|
|
|
|
|
|
|
|
|
| |
Set up three vnet jails, bridged together. Run carp between two of them.
Attempt to provoke locking / epoch issues.
Reviewed by: mav (previous version), melifaro, asomers
Differential Revision: https://reviews.freebsd.org/D24303
Notes:
svn path=/head/; revision=359828
|
| |
|
|
|
|
|
|
|
| |
Reviewed by: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D24138
Notes:
svn path=/head/; revision=359235
|
| |
|
|
|
|
|
|
| |
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D24002
Notes:
svn path=/head/; revision=358853
|
| |
|
|
|
|
|
|
| |
Reviewed by: lwhsu,kp
Differential Revision: https://reviews.freebsd.org/D23316
Notes:
svn path=/head/; revision=357905
|
| |
|
|
|
|
|
|
|
| |
MFC after: 3 weeks
MFC with: r356984
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=357126
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Redirect (and temporal) route expiration was broken a while ago.
This change brings route expiration back, with unified IPv4/IPv6 handling code.
It introduces net.inet.icmp.redirtimeout sysctl, allowing to set
an expiration time for redirected routes. It defaults to 10 minutes,
analogues with net.inet6.icmp6.redirtimeout.
Implementation uses separate file, route_temporal.c, as route.c is already
bloated with tons of different functions.
Internally, expiration is implemented as an per-rnh callout scheduled when
route with non-zero rt_expire time is added or rt_expire is changed.
It does not add any overhead when no temporal routes are present.
Callout traverses entire routing tree under wlock, scheduling expired routes
for deletion and calculating the next time it needs to be run. The rationale
for such implemention is the following: typically workloads requiring large
amount of routes have redirects turned off already, while the systems with
small amount of routes will not inhibit large overhead during tree traversal.
This changes also fixes netstat -rn display of route expiration time, which
has been broken since the conversion from kread() to sysctl.
Reviewed by: bz
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D23075
Notes:
svn path=/head/; revision=356984
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to then try to reproduce a kernel panic, which turned out to be a
race condition and hard to test from here.
Commit the changes anywhere as the "bind zero" case was a surprise
to me and we should try to maintain this status.
Also it is easy examples someone can build upon.
With help from: markj
Event: Waterloo Hackathon 2019
Notes:
svn path=/head/; revision=348063
|
| |
|
|
|
|
|
|
|
|
| |
Reviewed by: emaste
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17926
Notes:
svn path=/head/; revision=340485
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Notes:
svn path=/head/; revision=340484
|
| |
|
|
|
|
|
|
|
|
| |
Reviewed by: asomers
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D17110
Notes:
svn path=/head/; revision=338601
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
setting a 32 bit value on each socket. This can be used by applications
and DTrace as a rendezvous point so that an applicaton's data can
more easily be captured at run time. Expose the user cookie via
DTrace by updating the translator in tcp.d and add a quick test
program, a TCP server, that sets the cookie on each connection
accepted.
Reviewed by: hiren
MFC after: 1 week
Sponsored by: Limelight Networks
Differential Revision: https://reviews.freebsd.org/D7152
Notes:
svn path=/head/; revision=302474
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
after r298107
Summary of changes:
- Replace all instances of FILES/TESTS with ${PACKAGE}FILES. This ensures that
namespacing is kept with FILES appropriately, and that this shouldn't need
to be repeated if the namespace changes -- only the definition of PACKAGE
needs to be changed
- Allow PACKAGE to be overridden by callers instead of forcing it to always be
`tests`. In the event we get to the point where things can be split up
enough in the base system, it would make more sense to group the tests
with the blocks they're a part of, e.g. byacc with byacc-tests, etc
- Remove PACKAGE definitions where possible, i.e. where FILES wasn't used
previously.
- Remove unnecessary TESTSPACKAGE definitions; this has been elided into
bsd.tests.mk
- Remove unnecessary BINDIRs used previously with ${PACKAGE}FILES;
${PACKAGE}FILESDIR is now automatically defined in bsd.test.mk.
- Fix installation of files under data/ subdirectories in lib/libc/tests/hash
and lib/libc/tests/net/getaddrinfo
- Remove unnecessary .include <bsd.own.mk>s (some opportunistic cleanup)
Document the proposed changes in share/examples/tests/tests/... via examples
so it's clear that ${PACKAGES}FILES is the suggested way forward in terms of
replacing FILES. share/mk/bsd.README didn't seem like the appropriate method
of communicating that info.
MFC after: never probably
X-MFC with: r298107
PR: 209114
Relnotes: yes
Tested with: buildworld, installworld, checkworld; buildworld, packageworld
Sponsored by: EMC / Isilon Storage Division
Notes:
svn path=/head/; revision=299094
|
| |
|
|
|
|
|
| |
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/projects/release-pkg/; revision=295179
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using PROG instead of PROGS will in cases of high -j with -DNO_ROOT cause
the PROG to show up more than once as it's handling the SCRIPTS install case
in a recursive manner, separate from the non-recursive case
After the recent batch of commits to bsd.progs.mk to fix behavior with how
variables are defaulted to, explicitly setting SRCS for a PROG is no longer
required
MFC after: 1 week
Reviewed by: asomers
Phabric: D1130
Sponsored by: EMC / Isilon Storage Division
Notes:
svn path=/head/; revision=274267
|
| |
|
|
|
|
|
| |
what is needed.
Notes:
svn path=/head/; revision=265836
|
