This test case catches both of the bugs reported there.
PR: 271766
Reviewed by: imp
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40469
Ensure that 'fragment reassemble' works as expected, even in the IP
stack's slow forwarding path. (So not via ip_tryforward())
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D40396
Summary:
Three of the pf dummynet tests were using filter rules which matched
both the intended epair interface as well as lo0 which now receives
PFIL_OUT events for messages delivered to the local network stack (if
enabled). This commit changes the rules to match only for the expected
epair interface.
PR: 268717
Reviewed-by: kp
MFC-after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D40393
Continue D40356 and switch the remaining parts of mbuf-related
code to the Netlink mbufs.
Reviewed By: gallatin
Differential Revision: https://reviews.freebsd.org/D40368
MFC after: 2 weeks
Having it configurable adds more flexibility, especially
for the systems with low amount of memory.
Additionally, it allows to speedup frag6/ tests execution.
Reviewed by: kp, markj, bz
Differential Revision: https://reviews.freebsd.org/D35755
MFC after: 2 weeks
Redirect rules use PFIL_IN and PFIL_OUT events to allow packet filter
rules to change the destination address and port for a connection.
Typically, the rule triggers on an input event when a packet is received
by a router and the destination address and/or port is changed to
implement the redirect. When a reply packet on this connection is output
to the network, the rule triggers again, reversing the modification.
When the connection is initiated on the same host as the packet filter,
it is initially output via lo0 which queues it for input processing.
This causes an input event on the lo0 interface, allowing redirect
processing to rewrite the destination and create state for the
connection. However, when the reply is received, no corresponding output
event is generated; instead, the packet is delivered to the higher level
protocol (e.g. tcp or udp) without reversing the redirect, the reply is
not matched to the connection and the packet is dropped (for tcp, a
connection reset is also sent).
This commit fixes the problem by adding a second packet filter call in
the input path. The second call happens right before the handoff to
higher level processing and provides the missing output event to allow
the redirect's reply processing to perform its rewrite. This extra
processing is disabled by default and can be enabled using pfilctl:
pfilctl link -o pf:default-out inet-local
pfilctl link -o pf:default-out6 inet6-local
PR: 268717
Reviewed-by: kp, melifaro
MFC-after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D40256
Rename the jails used in the unicast_ll_v6 test, to ensure the jail
names are unique to this test.
That is one of the requirements for running these tests in parallel.
When checking if the state synced over we should look for
198.51.100.254, not 198.51.100.2. The test worked because the incorrect
address is a substring of the correct one, but we should fix it anyway.
Reported by: Naman Sood <naman@freebsdfoundation.org>
MFC after: 1 week
* Allow vnet object to be directly referenced
(self.vnet1 vs self.vnet_map["vnet1"])
* Allow iface object to be directly reference
(vnet.bridge vs vnet.iface_alias_map["bridge"])
* Allow arbitrary interface alias names insted of ifX
* Add wait_objects_any() method for waiting object from
multiple vnets
* Add wait() method for indefinite sleep on vnet handlers
MFC after: 2 weeks
Stubbing out the whole file means it has no targets, so recursive makes
fail with "don't know how to make X". We could fix that, but because the
level above is adding it to TESTS_SUBDIRS it'll generate an include line
for the subdirectory in its Kyuafile, which won't work (the problem that
was previously seen on non-aarch64 in CI). Thus we really need to not
even add it to TESTS_SUBDIRS in the first place.
Reported by: Dan Mack <mack@macktronics.com>
Fixes: 28f66935d4 ("tests: Disable sys/compat32 and sys/compat32/aarch64 tests")
The former has build system issues, with missing Kyuafiles, presumably
due to not using TESTS_SUBDIRS and bsd.test.mk (and possibly some issues
on top of that around TESTSDIR and related variables). The latter has
issues with GCC and cut-down LLVM builds.
Requested by: kevans
Fixes: ccb59683b9 ("arm64: add tests for swp/swpb emulation")
One test is suitable to be hooked up to the build, so I've done this
here. The other test lives in tools/regression because failure is a
bit more subjective -- generally, one runs it for some unbounded amount
of time and observe if it eventually exits because two threads acquired
the same mutex.
Reviewed by: imp, mmel
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D39668
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
Setting vlan flags needlessly takes the exclusive VLAN_XLOCK().
If we have stacked vlan devices (i.e. QinQ) and we set vlan flags (e.g.
IFF_PROMISC) we call rtnl_handle_ifevent() to send a notification about
the interface.
This ends up calling SIOCGIFMEDIA, which requires the VLAN_SLOCK().
Trying to take that one with the VLAN_XLOCK() held deadlocks us.
There's no need for the exclusive lock though, as we're only accessing
parent/trunk information, not modifying it, so a shared lock is
sufficient.
While here also add a test case for this issue.
Backtrace:
shared lock of (sx) vlan_sx @ /usr/src/sys/net/if_vlan.c:2192
while exclusively locked from /usr/src/sys/net/if_vlan.c:2307
panic: excl->share
cpuid = 29
time = 1683873033
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe015d4ad4b0
vpanic() at vpanic+0x152/frame 0xfffffe015d4ad500
panic() at panic+0x43/frame 0xfffffe015d4ad560
witness_checkorder() at witness_checkorder+0xcb5/frame 0xfffffe015d4ad720
_sx_slock_int() at _sx_slock_int+0x67/frame 0xfffffe015d4ad760
vlan_ioctl() at vlan_ioctl+0xf8/frame 0xfffffe015d4ad7c0
dump_iface() at dump_iface+0x12f/frame 0xfffffe015d4ad840
rtnl_handle_ifevent() at rtnl_handle_ifevent+0xab/frame 0xfffffe015d4ad8c0
if_setflag() at if_setflag+0xf6/frame 0xfffffe015d4ad930
ifpromisc() at ifpromisc+0x2a/frame 0xfffffe015d4ad960
vlan_setflags() at vlan_setflags+0x60/frame 0xfffffe015d4ad990
vlan_ioctl() at vlan_ioctl+0x216/frame 0xfffffe015d4ad9f0
if_setflag() at if_setflag+0xe4/frame 0xfffffe015d4ada60
ifpromisc() at ifpromisc+0x2a/frame 0xfffffe015d4ada90
bridge_ioctl_add() at bridge_ioctl_add+0x499/frame 0xfffffe015d4adb10
bridge_ioctl() at bridge_ioctl+0x328/frame 0xfffffe015d4adbc0
ifioctl() at ifioctl+0x972/frame 0xfffffe015d4adcc0
kern_ioctl() at kern_ioctl+0x1fe/frame 0xfffffe015d4add30
sys_ioctl() at sys_ioctl+0x154/frame 0xfffffe015d4ade00
amd64_syscall() at amd64_syscall+0x140/frame 0xfffffe015d4adf30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe015d4adf30
--- syscall (54, FreeBSD ELF64, ioctl), rip = 0x22b0f0ef8d8a, rsp = 0x22b0ec63f2c8, rbp = 0x22b0ec63f380 ---
KDB: enter: panic
[ thread pid 5715 tid 101132 ]
Sponsored by: Rubicon Communications, LLC ("Netgate")
* Move the .254 address to the tunnel device so we reply through the
tunnel.
* Remove the network route to 'break' routing, which we then 'fix' with
pf's route-to, which is the functionality we wanted to test in the
first place.
Reported by: markj
Sponsored by: Rubicon Communications, LLC ("Netgate")
Add a regression test for a718431c30 ("lookup(): ensure that
openat("/", "..", O_RESOLVE_BENEATH) fails").
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
This change adds netlink create/modify/dump interfaces to the `if_clone.c`.
The previous attempt with storing the logic inside `netlink/route/iface_drivers.c`
did not quite work, as, for example, dumping interface-specific state
(like vlan id or vlan parent) required some peeking into the private interfaces.
The new interfaces are added in a compatible way - callers don't have to do anything
unless they are extended with Netlink.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D39032
MFC after: 1 month
This changes intends to reduce the bar to the kernel unit-testing by
introducing a new kernel-testing framework ("ktest") based on Netlink,
loadable test modules and python test suite integration.
This framework provides the following features:
* Integration to the FreeBSD test suite
* Automatic test discovery
* Automatic test module loading
* Minimal boiler-plate code in both kernel and userland
* Passing any metadata to the test
* Convenient environment pre-setup using python testing framework
* Streaming messages from the kernel to the userland
* Running tests in the dedicated taskqueues
* Skipping or parametrizing tests
Differential Revision: https://reviews.freebsd.org/D39385
MFC after: 2 weeks
Add functions for testing new scrub option syntax and for packet
fragmentation and route tables, because this was modified too. When
testing of both the new and the compatible syntax is necessary, move
original tests into _compat.sh file.
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D38129
Ensure that (multicast) CARP packets are sent with the expected source
MAC address.
Reviewed by: melifaro
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D39454
If you remove an unused spare and then reinsert it, zfsd will now online
it in all pools.
Do not MFC without 2a58b312b6 (but it's ok to MFC that one without this
one).
Submitted by: Ameer Hamza <ahamza@ixsystems.com> (zfsd), Me (tests)
MFC after: 2 weeks
MFC with: 2a58b312b6
Sponsored by: iX Systems, Axcient
Pull Request: https://github.com/freebsd/freebsd-src/pull/697
* Move more logic from conftest.py to the actual atf_pytest handler
* Move nodeid_to_method_name() to the utils.py so it can be shared
MFC after: 2 weeks
This diff does not contain any functional changes.
Its sole purpose is splitting netlink.py into smaller chunks.
The new code simplifies the upcoming generic netlink support
introduction.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D39365
These tests reuse jail names and cannot run in parallel. Until this is
fixed - which is desirable since these takes take a while to run - tell
kyua to serialize them.
MFC after: 1 week
