Use dhclient with its 'vlan-pcp' option to set a VLAN PCP value and
verify that it actually gets set.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31276
(cherry picked from commit 3e87f800f0)
Fairly basic test case for using gif(4)'s ability to tunnel Ethernet
traffic between bridges.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 4b765ab4cd)
The new match keyword can currently only assign queues, so we can only
test it with ALTQ.
Set up a basic scenario where we use 'match' to assign ICMP traffic to a
slow queue, and confirm that it's really getting slowed down.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31116
(cherry picked from commit d363ebc78c)
Only lists the states relevant to the connection we're killing.
Sometimes there are IPv6 related states (due to the usual IPv6
background traffic of router solicitations, DAD, ...) that causes us to
think we failed to kill the state, which in turn caused the test to fail
intermittently.
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 4e860bd5da)
One is allowed to use LIO_NOWAIT without specifying a sigevent. In this
case, lj->lioj_signal is left uninitialized, but several code paths
examine liov_signal.sigev_notify to figure out which notification to
post. Unconditionally initialize that field to SIGEV_NONE.
Add a dumb test case which triggers the bug.
Reported by: KMSAN+syzkaller
Reviewed by: asomers
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 2e5f615295)
During FUSE_SETLK, the owner field should uniquely identify the calling
process. The fusefs module now sets it to the process's pid.
Previously, it expected the calling process to set it directly, which
was wrong.
libfuse also apparently expects the owner field to be set during
FUSE_GETLK, though I'm not sure why.
PR: 256005
Reported by: Agata <chogata@moosefs.pro>
Reviewed by: pfg
Differential Revision: https://reviews.freebsd.org/D30622
(cherry picked from commit 18b19f8c6e)
Test that with syncookies enabled pf does not create state for
connections before the remote peer has replied to the SYN|ACK message.
MFC after: 1 week
Sponsored by: Modirum MDPay
Differential Revision: https://reviews.freebsd.org/D31142
(cherry picked from commit 27ab791a55)
Test syncookies on a forwarding host. That is, in a setup where the
machine (or vnet) running pf is not the same as the machine (or vnet)
running the server it's protecting.
MFC after: 1 week
Sponsored by: Modirum MDPay
Differential Revision: https://reviews.freebsd.org/D31141
(cherry picked from commit 3be9301a7e)
Test dummynet pipes (i.e. bandwidth limitation) with ipfw. This is put
in the common tests because we hope to add dummynet support to pf in the
near future.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30380
(cherry picked from commit ea3eca5cb6)
Create and retrieve 20.000 states. There have been issues with nvlists
causing very slow state retrieval. We don't impose a specific limit on
the time required to retrieve the states, but do log it. In excessive
cases the Kyua timeout will fail this test.
Reviewed by: donner
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30943
(cherry picked from commit d8d43b2de1)
Every FUSE operation has a unique value in its header. As the name
implies, these values are supposed to be unique among all outstanding
operations. And since FUSE_INTERRUPT is asynchronous and racy, it is
desirable that the unique values be unique among all operations that are
"close in time".
Ensure that they are actually unique by incrementing them whenever we
reuse a fuse_dispatcher object, for example during fsync, write, and
listextattr.
PR: 244686
Reviewed by: pfg
Differential Revision: https://reviews.freebsd.org/D30810
(cherry picked from commit 5403f2c163)
/dev/fuse is always ready for writing, so it's kind of dumb to poll it.
But some applications do it anyway. Better to return ready than EINVAL.
Reviewed by: emaste, pfg
Differential Revision: https://reviews.freebsd.org/D30784
(cherry picked from commit 7b8622fa22)
Simplify fuse_device_filt_write
It always returns 1, so why bother having a variable.
Pull Request: https://github.com/freebsd/freebsd-src/pull/478
(cherry picked from commit 9b876fbd50)
Add a regression test for a scenario where a shadow vm object is shared
by multiple mappings. If a page COW occurs through one of the mappings,
then the virtual-to-physical mapping may become invalidated.
This tests the scenario from CVE-2021-29626 which was fixed by
982693bb72.
Reviewed by: markj
Sponsored by: Dell EMC Isilon
(cherry picked from commit 13d4f96130)
zfsd uses a device's physical path attribute to automatically replace a
missing ZFS disk when a blank disk is inserted into the same physical
slot. Currently gmultipath passes through its underlying providers'
physical path attribute. That may cause zfsd to replace a missing
gmultipath provider with a newly arrived, single-path disk. That would
be bad.
This commit fixes that problem by simply appending "/mp" to the
underlying providers' physical path, in a manner similar to what geli
already does.
Sponsored by: Axcient
Differential Revision: https://reviews.freebsd.org/D29941
(cherry picked from commit 420dbe763f)
Test functionality of ng_vlan_rotate(4):
- Rotate 1 to 9 stagged vlans in any possible direction and length
- Rotate random combinations of ethertypes (8100, 88a8, 9100)
- Automatic reverse rotating for backward data flow
- Test too many and too few vlans
Reviewed by: kp (earlier version)
Differential Revision: https://reviews.freebsd.org/D30670
(cherry picked from commit 6b08e68be1)
Test functionality of ng_hub(4):
- replicting traffic to anything but the sending hook
- persistence
- an unrestricted loop
- implementation limits with many hooks.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D30633
(cherry picked from commit 7863faa78a)
Test functionality of ng_bridge(4):
- replicating traffic to anything but the sending hook
- persistence
- detect loops
- unicast to only one link of many
- stretch to implementation limits on broadcast
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D30647
Differential Revision: https://reviews.freebsd.org/D30699
(cherry picked from commit 6181470239)
(cherry picked from commit 5554abd9cc)
The killstate:match test starts nc as a background process. There was no
guarantee that the nc process would have connected by the time we check
for states, so this test occasionally failed without good reason.
Teach the test to wait for at least some states to turn up before
executing the critical checks.
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 70dd30d49c)
See a26e895f3d. Silence these new tests as
well.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 9d0bc96ef8)
Rework the tests to check the correct layer in a single test. Factor
out tests for reuse in other modules. Extend the test suite for
libalias(3) to incoming connections. Test the various types of
redirections.
gettimeofday(3) is almost as expensive as the calls to libalias.
So the call frequency for this call is reduced by a factor of 1000 in
order to neglect it's influence.
Using NAT entries became more realistic: A communication of a random
length of up to 150 packets (10% outgoing, 90% incoming) is applied
for each entry.
Add port forwardings to the performance tests. This will cause random
incoming packets to match the random port forwardings opends beforehand.
After a long test run, a lot of ressouces have been allocated.
Measure the time tot free them.
Reviewed by: kp (partially)
Differential Revision: https://reviews.freebsd.org/D30412
Differential Revision: https://reviews.freebsd.org/D30408
Differential Revision: https://reviews.freebsd.org/D30405
Differential Revision: https://reviews.freebsd.org/D30443
(cherry picked from commit f1462ab051)
(cherry picked from commit 755bab6d55)
(cherry picked from commit 6e87898a2c)
(cherry picked from commit d62e1ecba0)
(cherry picked from commit 5434ebd256)
Fix various bugs:
(cherry picked from commit ccac04cae5)
(cherry picked from commit 7b8696bf12)
(cherry picked from commit fef99da69f)
(cherry picked from commit f4c460dacd)
Due to the new, external performance test utility, the regular test
suite can reduce the stress test to a fair amount of activity.
(cherry picked from commit a660948b7b)
In order to modify libalias for performance, the existing
functionality must not change. Enforce this.
Testing LibAliasOut functionality. This concentrates the typical use
case of initiating data transfers from the inside. Provide a
exhaustive test for the data structure in order to check for
performance improvements.
In order to compare upcoming changes for their effectivness, measure
performance by counting opertions and the runtime of each operation
over the time. Accumulate all tests in a single instance, so make it
complicated over the time. If you wait long enough, you will notice
the expiry of old flows.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D30307
Differential Revision: https://reviews.freebsd.org/D30335
Differential Revision: https://reviews.freebsd.org/D30379
(cherry picked from commit 7fd8baee75)
(cherry picked from commit c1fbb54f4b)
(cherry picked from commit 33c1bdfc3e)
Test the specific case reported in PR 255852. Clearing the skip flag
on groups was broken because pfctl couldn't work out if a kif was a
group or not, because the kernel no longer set the pfik_group pointer.
PR: 255852
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30285
(cherry picked from commit 45db385545)
Since 2.4.5 scapy started issuing warnings about a few different
configurations during our tests. These are harmless, but they generate
stderr output, which upsets atf_check.
Configure scapy to only log critical errors (and thus not warnings) to
fix these tests.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit a26e895f3d)
Python 3.8 warns about line 112:
'SyntaxWarning: "is" with a literal. Did you mean "=="?'
Use '==' as Python suggests.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 80430c15ca)
MAP-E (RFC 7597) requires special care for selecting source ports
in NAT operation on the Customer Edge because a part of bits of the port
numbers are used by the Border Relay to distinguish another side of the
IPv4-over-IPv6 tunnel.
PR: 254577
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D29468
(cherry picked from commit 2aa21096c7)
Now that we support having multiple labels on a rule ensure that we can
use each rule label to kill states.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29938
(cherry picked from commit 5632f58535)
Add a test case where the pfctl optimizer will generate a table
automatically. These tables have long names, which we accidentally broke
in the nvlist ADDRULE ioctl.
Reviewed by: melifaro
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29989
(cherry picked from commit 08d7730821)
There's a problem with pf's reassembly code where it produces incorrect
checksums when reassembling across interfaces with different MTUs.
Test this.
PR: 255432
Reviewed by: donner
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30013
(cherry picked from commit 388c0cde10)
This was briefly broken, so ensure that we can read and clear rules
counters.
MFC after: 4 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29728
(cherry picked from commit 112f007e12)
Most of the routing tests create per-test VNET, making
it harder to repeat the failure with CLI tools.
Provide an additional route/nexthop data on failure.
Differential Revision: https://reviews.freebsd.org/D29957
Reviewed by: kp
MFC after: 2 weeks
(cherry picked from commit bddae5c8a6)
