aboutsummaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* netinet6: Don't return non-IPv6 enabled interfaces from in6_getlinkifnet()Kristof Provost27 hours1-1/+40
| | | | | | | | | | | | | | | | | There are scenarios where we can end up looking up an interface by its scope and turn up an interface that doesn't have IPv6 enabled on it. If that happens we could end up dereferencing a NULL pointer accessing ifp->if_afdata[AF_INET6]. Check for this. One such scenario is if a firewall rewrites a destination address to a link-local address, with an embedded scope for such an interface. Attach a test case which provokes this. PR: 288263 Reported by: Robert Morris <rtm@lcs.mit.edu> Reviewed by: zlei Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D51500
* bridge: do not allow a bridge SVI in a bridgeLexi Winter47 hours2-0/+51
| | | | | | | | | | | | | | | | | | | | | Disallow this: ifconfig bridge0 create ifconfig bridge0.1 create ifconfig bridge0 addm bridge0.1 Also disallow this: ifconfig vlan1 create ifconfig bridge0 create ifconfig bridge0 addm vlan1 ifconfig vlan1 vlan 1 vlandev bridge0 Firstly, this panics due to trying to take BRIDGE_LOCK recursively. Secondly, even if it worked, it could cause packet forwarding loops. Reviewed by: des Differential Revision: https://reviews.freebsd.org/D51310
* if_ovpn tests: basic float test caseKristof Provost2 days1-0/+91
| | | | | | | Reviewed by: markj MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D51469
* tests/sys/net/if_bridge_test: fix MTU testLexi Winter5 days1-2/+2
| | | | | | | | "ifconfig gif0 ether" doesn't return any output, so this wasn't correctly checking the MTU on the gif interface. Remove "ether". Reviewed by: zlei, kp Differential Revision: https://reviews.freebsd.org/D51245
* tests/ci: Use QEMU blockdev declaration for all platformsSiva Mahadevan5 days6-8/+7
| | | | | | | | | | | | | This patch uses the QEMU manpage-recommended '-blockdev' option instead of '-drive' to declare block devices. This also makes the mandatory '-device' declarations constant across all platforms, which fixes the missing QEMU_DEVICES tarfs device declarations on all Makefile.<arch> files. Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Reviewed by: imp, lwhsu Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D51479
* tests/mac_portacl: enable is_exclusive for nowSiva Mahadevan5 days1-0/+1
| | | | | | | | | | | | | | Both tests rely on ports 77 and 7777 to be available and thus cannot be run concurrently. This is a temporary measure to ensure that they don't conflict with each other. In the future, these should be rewritten to wait until the necessary ports are available, or deterministically select a free port instead. Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Sponsored by: The FreeBSD Foundation Pull Request: https://github.com/freebsd/freebsd-src/pull/1790
* if_ovpn tests: Exercise the multihome optionMark Johnston5 days1-0/+167
| | | | | | | | | | | | These test cases are variants of the 4in4 and 6in6 tests wherein the server interface has an alias assigned and the client is configured to connect to the alias rather than the primary address. Reviewed by: kp MFC after: 1 month Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D51499
* tests/ci: Fix wrong chflags target path in 'beforeclean' targetSiva Mahadevan6 days1-2/+3
| | | | | | | Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D51304
* tests/ci: Fix race condition with ci-extractmetaSiva Mahadevan6 days1-1/+2
| | | | | | | | | | | | | This solves an issue where 'ci-extractmeta' runs in parallel with 'ci-runtest', which would extract an empty test result into the final test reports output dir. This also cleans up the intermediate temporary files created along the way. Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Reviewed by: emaste, lwhsu Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D51363
* tests/sys/netpfil: unskip tests that no longer need to be skippedSiva Mahadevan7 days4-16/+0
| | | | | | | | | | | All of these are passing consistently in the latest CI environment in 15 back-to-back test runs. Signed-off-by: Siva Mahadevan <me@svmhdvn.name> PR: 260458, 260459, 260460, 264805 Sponsored by: The FreeBSD Foundation Pull Request: https://github.com/freebsd/freebsd-src/pull/1788
* mac_bsdextended: report that all tests require the kernel moduleAlan Somers7 days2-3/+1
| | | | | | | | | | Use the standard required_kmods reporting mechanism to notify Kyua of which kernel modules are required. MFC after: 2 weeks Sponsored by: ConnectWise Reviewed by: Siva Mahadevan <me@svmhdvn.name> Pull Request: https://github.com/freebsd/freebsd-src/pull/1783
* pf tests: test truncated IP options in ICMP payloadKristof Provost7 days1-0/+16
| | | | Sponsored by: Rubicon Communications, LLC ("Netgate")
* pf tests: verify we now allow MLD packets with the Router Alert extention headerKristof Provost7 days2-0/+96
| | | | Sponsored by: Rubicon Communications, LLC ("Netgate")
* pf tests: verify we now allow IGMP packets with the Router Alert IP optionKristof Provost7 days2-0/+96
| | | | Sponsored by: Rubicon Communications, LLC ("Netgate")
* pf tests: don't set interface on scapy's sr1()Kristof Provost7 days1-2/+1
| | | | | | | That's not supported: > /usr/local/lib/python3.11/site-packages/scapy/sendrecv.py:726: SyntaxWarning: 'iface' has no effect on L3 I/O sr1(). Sponsored by: Rubicon Communications, LLC ("Netgate")
* libpfctl: fix reporting of flush address countKristof Provost7 days1-0/+29
| | | | | | | | | | | The PFNL_CMD_CLR_ADDRS command returns a PF_T_NBR_DELETED, not a PF_TS_NZEO. Handle this correctly. While here add a test case to verify we return the expected counts when adding or flushing addresses to/from a table. PR: 288353 Sponsored by: Rubicon Communications, LLC ("Netgate")
* ctl: delete dead code in the testsAlan Somers8 days1-9/+0
| | | | | | | | This function has always been dead. It isn't needed, since ctladm will automatically load the module, if needed. MFC after: 2 weeks Sponsored by: ConnectWise
* fusefs: report that all tests require the fusefs kernel moduleAlan Somers8 days1-1/+2
| | | | | | | | | | | | | | | | | Previously the googletest tests would skip themselves if /dev/fuse could not be found. But that information would not be passed to Kyua. Instead it would think that they had passed. Also, the atf-sh test would previously fail if the fusefs module weren't loaded. Now both tests will correctly report their requirements to Kyua. Note that fusefs's googletest tests still require that the mac_bsdextended(4) module _not_ be loaded, but Kyua has no way to report such a requirement. MFC after: 2 weeks Sponsored by: ConnectWise Reviewed by: Siva Mahadevan <me@svmhdvn.name> Pull Request: https://github.com/freebsd/freebsd-src/pull/1782
* tests/ci: Indent Makefile properlyMuhammad Moinur Rahman8 days1-14/+14
| | | | | | Approved by: imp, lwhsu Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D51445
* tests/ci: Fix missing qemu devicesMuhammad Moinur Rahman8 days1-1/+1
| | | | | | | | Fix missing QEMU_DEVICES which in turn is the META_TAR device Approved by: imp, lwhsu Sponsored by: The FreeBSD Foundation Pull Request: https://reviews.freebsd.org/D51445
* pf tests: make mbuf:inet6_in_mbuf_len more robustKristof Provost12 days1-0/+6
| | | | | | | | | | | The mbuf:inet6_in_mbuf_len test sometimes fails because it encountered unexpected extra packets. These turn out to be MLD packets, so block these packets on the host with pf so they don't disturb what we're actually trying to test. Reviewed by: igoro Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D51408
* tests/ci: fix missing /usr/local/{sbin,bin} in freebsdci rc PATHSiva Mahadevan14 days1-4/+5
| | | | | | | | | | | | | | | | | | Currently, a lot of tests report 'skipped' due to missing binaries in the PATH. The real issue is that /etc/rc forcibly restricts the PATH to the base system only. This patch re-enables a large chunk of skipped tests by adding the missing LOCALBASE directories to the PATH so that Kyua can discover third-party packages. It also fixes some minor rc scripting style as per the official freebsd scripting guide[0]. [0] https://docs.freebsd.org/en/articles/rc-scripting Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Sponsored by: The FreeBSD Foundation Approved by: lwhsu Differential Revision: https://reviews.freebsd.org/D51303
* pf: add missing IPv6 length checkKristof Provost2025-07-161-0/+15
| | | | | | | | | | | | We failed to verify that the packet was long enough for the provided IPv6 packet length. This could result in us walking off the end of the mbuf and panicing. PR: 288224 Reported by: Robert Morris <rtm@lcs.mit.edu> Tested by: Robert Morris <rtm@lcs.mit.edu> Reviewed by: emaste Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D51324
* uexterr_gettext: add testsAlan Somers2025-07-152-0/+109
| | | | | | | | | Add tests for the new extended errno feature. Sponsored by: ConnectWise MFC after: 2 weeks Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D51184
* netinet6: allow binding a raw socket to an anycast addressLexi Winter2025-07-151-0/+25
| | | | | | | | | | | Raw sockets have a separate check for this in rip6_bind() that was missed in the previous change. This fixes e.g. 'ping -S' using an anycast address. Fixes: ca4b046105f6 ("netinet6: allow binding to anycast addresses") Reviewed by: tuexen, kevans, des (previous version) Approved by: kevans (mentor) Differential Revision: https://reviews.freebsd.org/D50438
* pf tests: Fix rdr pass test to really use 'pass … rdr-to' syntaxKajetan Staszkiewicz2025-07-131-1/+1
| | | | | | Reviewed by: kp Event: Berlin Hackathon 202507 Sponsored by: InnoGames GmbH
* pf: Prevent infinite looping over tables in round-robin poolsKajetan Staszkiewicz2025-07-131-0/+82
| | | | | | | | | | | | | | | | | | In FreeBSD each redirection pool (struct pf_kpool) consists of multiple hosts (struct pf_addr_wrap). In OpenBSD that is not the case, and a round-robin pool having a table as a host loops infinitely only over that single table. In FreeBSD once all addresses from a table are returned the pool must iterate to the next host. Add a custom flag to have pfr_pool_get() break its loop once it reaches the last index. Use this flag in round-robin pools. When changing pool's host set index to 0 to always start iterating each table from beginning. Reviewed by: kp Approved by: kp Sponsored by: InnoGames GmbH Differential Revision: https://reviews.freebsd.org/D50779
* pf tests: Add jail configuration for route_to and ipv6-nexthop testsKajetan Staszkiewicz2025-07-131-0/+101
| | | | | | | | | Maybe it could later replace previous IPv4 and IPv6 jail configurations. Reviewed by: kp Approved by: kp Sponsored by: InnoGames GmbH Differential Revision: https://reviews.freebsd.org/D50764
* pf: Fix error handling when pf_map_addr() failsKajetan Staszkiewicz2025-07-132-0/+68
| | | | | | | | | | | | | | | | | When pf_map_addr() fails, for example for a NAT pool, we expect packet will not be forwarded. The error returned by pf_map_addr() has been ignored in pf_map_addr_sn(), though, causing packets being forwarded without NAT applied. Catch the error, return the error to caller, let the caller handle error counters for route-to pools just like it does for NAT pools. Add tests for NAT and route-to rules. Improve logging by not hardcoding function name and use __func__ instead. Reviewed by: kp Approved by: kp Sponsored by: InnoGames GmbH Differential Revision: https://reviews.freebsd.org/D50763
* pf tests: fix anchor:nat testKristof Provost2025-07-121-2/+2
| | | | | | Don't assume that the epair we created is epair0. Event: Berlin 2025 Hackathon
* getdirentries: Return ENOTDIR if not a directory.Dag-Erling Smørgrav2025-07-092-0/+173
| | | | | | | | | | | | | | | This is both more logical and more useful than EINVAL. While here, also check for VBAD and return EBADF in that case. This can happen if the underlying filesystem got forcibly unmounted after the directory was opened. Previously, this would also have returned EINVAL, which wasn't right but wasn't wrong either; however, ENOTDIR would not be appropriate. MFC after: never Sponsored by: Klara, Inc. Reviewed by: kevans, kib Differential Revision: https://reviews.freebsd.org/D51209
* tests: Get the MAC from the epairs.Ronald Klop2025-07-093-19/+22
| | | | | | | | This removes knowledge of the implementation of if_epair. Makes it easier to modify if_epair in future commits. Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D51205
* pf tests: sync a state with an rtableid that doesn't existKristof Provost2025-07-091-0/+85
| | | | | | | | | | Create a state with an rtableid (i.e. fib) that doesn't exist on the receiving side. This used to not be handled, and could provoke panics. Create such a situation to ensure we still don't panic. PR: 287981 MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate")
* pfctl tests: recursive flush test caseKristof Provost2025-07-091-0/+57
| | | | Sponsored by: Rubicon Communications, LLC ("Netgate")
* pf tests: test DIOCNATLOOK validationKristof Provost2025-07-091-0/+35
| | | | Sponsored by: Rubicon Communications, LLC ("Netgate")
* tests/ci: fix race condition in bhyveload bootSiva Mahadevan2025-07-081-1/+5
| | | | | | | | | | | | | | | | | Currently, there is a race condition where the Makefile sh invocation of 'bhyveload -c stdio' exits before receiving any user input in the bootloader (e.g. in the form of a user typically pressing <enter>), causing the 'expect' script to wrongly spawn the 'bhyve' invocation while still in the bootloader. This patch wraps bhyveload in expect(1) to ensure that stdio is correctly consumed before the process exits. Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Sponsored by: The FreeBSD Foundation Pull Request: https://github.com/freebsd/freebsd-src/pull/1757
* tests/ci: Use suitable variable for qemu-user-static existence checkSiva Mahadevan2025-07-071-2/+2
| | | | | | | | | | And simplify a qemu-system existence check. Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Reviewed by: imp Sponsored by: The FreeBSD Foundation Pull Request: https://github.com/freebsd/freebsd-src/pull/1751
* inotify tests: Use unsigned integers for event masksMark Johnston2025-07-071-2/+4
| | | | | Reported by: gcc Fixes: 739fc14938d5 ("tests: Add some regression tests for inotify")
* pf tests: verify the new reset functionalityKristof Provost2025-07-071-0/+50
| | | | | | | We can now reset state limit, debug level and others. Verify reset for at least some of these. Sponsored by: Rubicon Communications, LLC ("Netgate")
* tests: Adapt oclo tests to FreeBSDRicardo Branco2025-07-062-0/+16
| | | | | MFC after: 1 month Pull Request: https://github.com/freebsd/freebsd-src/pull/1698
* tests: Adapt existing tests for O_CLOEXEC to O_CLOFORKRicardo Branco2025-07-063-2/+156
| | | | | MFC after: 1 month Pull Request: https://github.com/freebsd/freebsd-src/pull/1698
* if_bridge_test: add a test for QinQ (802.1ad)Lexi Winter2025-07-051-0/+58
| | | | | | Reviewed by: kp, des Approved by: des (mentor) Differential Revision: https://reviews.freebsd.org/D50577
* bridge: allow vlan(4) interfaces on a bridgeLexi Winter2025-07-051-0/+41
| | | | | | | | | | | A vlan interface on top of a bridge will act as a layer 3 port for bridge traffic on that vlan, sometimes called an "SVI". This allows the host to send/receive traffic on that vlan without having to create a separate epair(4) and vlan(4) to tag and untag the traffic. Reviewed by: zlei, kp, des Approved by: des (mentor) Differential Revision: https://reviews.freebsd.org/D50504
* bridge: add per-interface vlan access listLexi Winter2025-07-051-0/+129
| | | | | | | | | | | | | | | | | | | | The new ifconfig options 'tagged', '+tagged' and '-tagged' allow the vlan access list of a bridge interface to be configured: - Incoming tagged frames will be dropped if the vlan tag isn't in the interface's access list. - Outgoing frames will be dropped if the vlan tag isn't in the interface's access list (e.g., for BUM traffic). This has no effect if vlan filtering is not enabled on the interface. Since we now add a tag to untagged frames at ingress, remove the vlan argument from bridge_vfilter_out() and use VLANTAGOF instead. Reviewed by: des, kp, adrian Approved by: des (mentor) Differential Revision: https://reviews.freebsd.org/D50503
* bridge: transparently add and remove VLAN tagsLexi Winter2025-07-051-0/+46
| | | | | | | | | | | | | | | | | | | | | When vlan filtering is enabled, add or remove tags as required to allow ports with different configurations to communicate: - When receiving an untagged frame, insert a new tag based on the interface's configured untagged vlan. - When sending a tagged frame, and the frame's vlan id matches the outgoing interface's configured untagged vlan, strip the tag. Since we now set the vlan id in the mbuf, remove the vlan argument to bridge_forward() and bridge_broadcast() and take it from VLANTAGOF instead. Add tests for the new functionality. Reviewed by: kp, des Approved by: des (mentor) Differential Revision: https://reviews.freebsd.org/D50500
* bridge: allow member interface vlan to be configuredLexi Winter2025-07-051-0/+126
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add two new bridge(4) interface options, 'vlanfilter' and 'untagged': # ifconfig bridge0 vlanfilter ix0 # ifconfig bridge0 -vlanfilter ix0 # ifconfig bridge0 untagged ix0 20 # ifconfig bridge0 -untagged ix0 Setting 'vlanfilter' causes the bridge to filter ingress and egress traffic on that interface based on the frame's VLAN, rather than simply passing all frames. By default, an interface is not permitted on any VLANs, so all frames will be dropped. Setting 'untagged' allows the interface to send and receive untagged traffic in the given VLAN, allowing two (or more) interfaces in the same VLAN to communicate with each other, but not with any other interface. Setting 'untagged' on an interface automatically enables 'vlanfilter' as well. The untagged VLAN may be removed using the '-untagged' option, but this does not disable VLAN filtering automatically. Tagged frames may not be sent or received on a port with VLAN filtering enabled. Update bridge.4 to document this change, and also add an overview of the existing vlan/.1q support in if_bridge. Basic tests for the new functionality are included. Bump __FreeBSD_version for struct ibfreq ABI change. Reviewed by: kevans, kp Approved by: kevans (mentor) Differential Revision: https://reviews.freebsd.org/D49993
* tests/ci: run ci-full kyua tests in parallelSiva Mahadevan2025-07-041-1/+2
| | | | | | | | | By default, use all available cpus given to the VM. This can be controlled with the already available PARALLEL_JOBS make variable. Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Pull Request: https://github.com/freebsd/freebsd-src/pull/1754
* tests: Add some regression tests for inotifyMark Johnston2025-07-042-0/+864
| | | | | | | Reviewed by: kib MFC after: 3 months Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D50315
* fusefs: Upgrade FUSE protocol to version 7.35.Claudiu I. Palincas2025-07-031-0/+30
| | | | | | | | | | | | Upgrade the FUSE API from protocol 7.33 to 7.35. Add support for FOPEN_NOFLUSH, introduced in 7.35. Also, reduce diffs vis-a-vis upstream by factoring out an ioctl type, a change missed in d5e3cf41e89. Signed-off-by: Claudiu I. Palincas <mscotty@protonmail.ch> Reviewed by: asomers Pull Request: https://github.com/freebsd/freebsd-src/pull/1744
* pf tests: verify that 'quick' works on anchorsKristof Provost2025-07-031-0/+37
| | | | Sponsored by: Rubicon Communications, LLC ("Netgate")
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-30 16:32:28 +0000