1# 2# Copyright (c) 2014 Spectra Logic Corporation 3# All rights reserved. 4# 5# Redistribution and use in source and binary forms, with or without 6# modification, are permitted provided that the following conditions 7# are met: 8# 1. Redistributions of source code must retain the above copyright 9# notice, this list of conditions, and the following disclaimer, 10# without modification. 11# 2. Redistributions in binary form must reproduce at minimum a disclaimer 12# substantially similar to the "NO WARRANTY" disclaimer below 13# ("Disclaimer") and any redistribution must be conditioned upon 14# including a substantially similar Disclaimer requirement for further 15# binary redistribution. 16# 17# NO WARRANTY 18# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR 21# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22# HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 27# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28# POSSIBILITY OF SUCH DAMAGES. 29# 30# Authors: Alan Somers (Spectra Logic Corporation) 31# 32 33# arpresolve should check the interface fib for routes to a target when 34# creating an ARP table entry. This is a regression for kern/167947, where 35# arpresolve only checked the default route. 36# 37# Outline: 38# Create two connected epair(4) interfaces 39# Use nping (from security/nmap) to send an ICMP echo request from one 40# interface to the other, spoofing the source IP. The source IP must be 41# spoofed, or else it will already have an entry in the arp table. 42# Check whether an arp entry exists for the spoofed IP 43atf_test_case arpresolve_checks_interface_fib cleanup 44arpresolve_checks_interface_fib_head() 45{ 46 atf_set "descr" "arpresolve should check the interface fib, not the default fib, for routes" 47 atf_set "require.user" "root" 48 atf_set "require.progs" "nping" 49} 50arpresolve_checks_interface_fib_body() 51{ 52 # Configure the TAP interfaces to use a RFC5737 nonrouteable addresses 53 # and a non-default fib 54 ADDR0="192.0.2.2" 55 ADDR1="192.0.2.3" 56 SUBNET="192.0.2.0" 57 # Due to bug TBD (regressed by multiple_fibs_on_same_subnet) we need 58 # diffferent subnet masks, or FIB1 won't have a subnet route. 59 MASK0="24" 60 MASK1="25" 61 # Spoof a MAC that is reserved per RFC7042 62 SPOOF_ADDR="192.0.2.4" 63 SPOOF_MAC="00:00:5E:00:53:00" 64 65 # Check system configuration 66 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 67 atf_skip "This test requires net.add_addr_allfibs=0" 68 fi 69 get_fibs 2 70 71 # Configure epair interfaces 72 get_epair 73 setup_iface "$EPAIRA" "$FIB0" inet ${ADDR0} ${MASK0} 74 setup_iface "$EPAIRB" "$FIB1" inet ${ADDR1} ${MASK1} 75 76 # Send an ICMP echo request with a spoofed source IP 77 setfib "$FIB0" nping -c 1 -e ${EPAIRA} -S ${SPOOF_ADDR} \ 78 --source-mac ${SPOOF_MAC} --icmp --icmp-type "echo-request" \ 79 --icmp-code 0 --icmp-id 0xdead --icmp-seq 1 --data 0xbeef \ 80 ${ADDR1} 81 # For informational and debugging purposes only, look for the 82 # characteristic error message 83 dmesg | grep "llinfo.*${SPOOF_ADDR}" 84 # Check that the ARP entry exists 85 atf_check -o match:"${SPOOF_ADDR}.*expires" setfib "$FIB1" arp ${SPOOF_ADDR} 86} 87arpresolve_checks_interface_fib_cleanup() 88{ 89 cleanup_ifaces 90} 91 92 93# Regression test for kern/187549 94atf_test_case loopback_and_network_routes_on_nondefault_fib cleanup 95loopback_and_network_routes_on_nondefault_fib_head() 96{ 97 atf_set "descr" "When creating and deleting loopback IPv4 routes, use the interface's fib" 98 atf_set "require.user" "root" 99} 100 101loopback_and_network_routes_on_nondefault_fib_body() 102{ 103 # Configure the TAP interface to use an RFC5737 nonrouteable address 104 # and a non-default fib 105 ADDR="192.0.2.2" 106 SUBNET="192.0.2.0" 107 MASK="24" 108 109 # Check system configuration 110 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 111 atf_skip "This test requires net.add_addr_allfibs=0" 112 fi 113 get_fibs 1 114 115 # Configure a TAP interface 116 setup_tap ${FIB0} inet ${ADDR} ${MASK} 117 118 # Check whether the host route exists in only the correct FIB 119 setfib ${FIB0} netstat -rn -f inet | grep -q "^${ADDR}.*UHS.*lo0" 120 if [ 0 -ne $? ]; then 121 setfib ${FIB0} netstat -rn -f inet 122 atf_fail "Host route did not appear in the correct FIB" 123 fi 124 setfib 0 netstat -rn -f inet | grep -q "^${ADDR}.*UHS.*lo0" 125 if [ 0 -eq $? ]; then 126 setfib 0 netstat -rn -f inet 127 atf_fail "Host route appeared in the wrong FIB" 128 fi 129 130 # Check whether the network route exists in only the correct FIB 131 setfib ${FIB0} netstat -rn -f inet | \ 132 grep -q "^${SUBNET}/${MASK}.*${TAPD}" 133 if [ 0 -ne $? ]; then 134 setfib ${FIB0} netstat -rn -f inet 135 atf_fail "Network route did not appear in the correct FIB" 136 fi 137 setfib 0 netstat -rn -f inet | \ 138 grep -q "^${SUBNET}/${MASK}.*${TAPD}" 139 if [ 0 -eq $? ]; then 140 setfib 0 netstat -rn -f inet 141 atf_fail "Network route appeared in the wrong FIB" 142 fi 143} 144 145loopback_and_network_routes_on_nondefault_fib_cleanup() 146{ 147 cleanup_ifaces 148} 149 150atf_test_case loopback_and_network_routes_on_nondefault_fib_inet6 cleanup 151loopback_and_network_routes_on_nondefault_fib_inet6_head() 152{ 153 atf_set "descr" "When creating and deleting loopback IPv6 routes, use the interface's fib" 154 atf_set "require.user" "root" 155} 156 157loopback_and_network_routes_on_nondefault_fib_inet6_body() 158{ 159 # Configure the TAP interface to use a nonrouteable RFC3849 160 # address and a non-default fib 161 ADDR="2001:db8::2" 162 SUBNET="2001:db8::" 163 MASK="64" 164 165 # Check system configuration 166 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 167 atf_skip "This test requires net.add_addr_allfibs=0" 168 fi 169 get_fibs 1 170 171 # Configure a TAP interface 172 setup_tap ${FIB0} inet6 ${ADDR} ${MASK} 173 174 # Check whether the host route exists in only the correct FIB 175 setfib ${FIB0} netstat -rn -f inet6 | grep -q "^${ADDR}.*UHS.*lo0" 176 if [ 0 -ne $? ]; then 177 setfib ${FIB0} netstat -rn -f inet6 178 atf_fail "Host route did not appear in the correct FIB" 179 fi 180 setfib 0 netstat -rn -f inet6 | grep -q "^${ADDR}.*UHS.*lo0" 181 if [ 0 -eq $? ]; then 182 setfib 0 netstat -rn -f inet6 183 atf_fail "Host route appeared in the wrong FIB" 184 fi 185 186 # Check whether the network route exists in only the correct FIB 187 setfib ${FIB0} netstat -rn -f inet6 | \ 188 grep -q "^${SUBNET}/${MASK}.*${TAPD}" 189 if [ 0 -ne $? ]; then 190 setfib ${FIB0} netstat -rn -f inet6 191 atf_fail "Network route did not appear in the correct FIB" 192 fi 193 setfib 0 netstat -rn -f inet6 | \ 194 grep -q "^${SUBNET}/${MASK}.*${TAPD}" 195 if [ 0 -eq $? ]; then 196 setfib 0 netstat -rn -f inet6 197 atf_fail "Network route appeared in the wrong FIB" 198 fi 199} 200 201loopback_and_network_routes_on_nondefault_fib_inet6_cleanup() 202{ 203 cleanup_ifaces 204} 205 206 207# Regression test for kern/187552 208atf_test_case default_route_with_multiple_fibs_on_same_subnet cleanup 209default_route_with_multiple_fibs_on_same_subnet_head() 210{ 211 atf_set "descr" "Multiple interfaces on the same subnet but with different fibs can both have default IPv4 routes" 212 atf_set "require.user" "root" 213} 214 215default_route_with_multiple_fibs_on_same_subnet_body() 216{ 217 # Configure the TAP interfaces to use a RFC5737 nonrouteable addresses 218 # and a non-default fib 219 ADDR0="192.0.2.2" 220 ADDR1="192.0.2.3" 221 GATEWAY="192.0.2.1" 222 SUBNET="192.0.2.0" 223 MASK="24" 224 225 # Check system configuration 226 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 227 atf_skip "This test requires net.add_addr_allfibs=0" 228 fi 229 get_fibs 2 230 231 # Configure TAP interfaces 232 setup_tap "$FIB0" inet ${ADDR0} ${MASK} 233 TAP0=$TAP 234 setup_tap "$FIB1" inet ${ADDR1} ${MASK} 235 TAP1=$TAP 236 237 # Attempt to add default routes 238 setfib ${FIB0} route add default ${GATEWAY} 239 setfib ${FIB1} route add default ${GATEWAY} 240 241 # Verify that the default route exists for both fibs, with their 242 # respective interfaces. 243 atf_check -o match:"^default.*${TAP0}$" \ 244 setfib ${FIB0} netstat -rn -f inet 245 atf_check -o match:"^default.*${TAP1}$" \ 246 setfib ${FIB1} netstat -rn -f inet 247} 248 249default_route_with_multiple_fibs_on_same_subnet_cleanup() 250{ 251 cleanup_ifaces 252} 253 254atf_test_case default_route_with_multiple_fibs_on_same_subnet_inet6 cleanup 255default_route_with_multiple_fibs_on_same_subnet_inet6_head() 256{ 257 atf_set "descr" "Multiple interfaces on the same subnet but with different fibs can both have default IPv6 routes" 258 atf_set "require.user" "root" 259} 260 261default_route_with_multiple_fibs_on_same_subnet_inet6_body() 262{ 263 # Configure the TAP interfaces to use nonrouteable RFC3849 264 # addresses and non-default FIBs 265 ADDR0="2001:db8::2" 266 ADDR1="2001:db8::3" 267 GATEWAY="2001:db8::1" 268 SUBNET="2001:db8::" 269 MASK="64" 270 271 # Check system configuration 272 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 273 atf_skip "This test requires net.add_addr_allfibs=0" 274 fi 275 get_fibs 2 276 277 # Configure TAP interfaces 278 setup_tap "$FIB0" inet6 ${ADDR0} ${MASK} 279 TAP0=$TAP 280 setup_tap "$FIB1" inet6 ${ADDR1} ${MASK} 281 TAP1=$TAP 282 283 # Attempt to add default routes 284 setfib ${FIB0} route -6 add default ${GATEWAY} 285 setfib ${FIB1} route -6 add default ${GATEWAY} 286 287 # Verify that the default route exists for both fibs, with their 288 # respective interfaces. 289 atf_check -o match:"^default.*${TAP0}$" \ 290 setfib ${FIB0} netstat -rn -f inet6 291 atf_check -o match:"^default.*${TAP1}$" \ 292 setfib ${FIB1} netstat -rn -f inet6 293} 294 295default_route_with_multiple_fibs_on_same_subnet_inet6_cleanup() 296{ 297 cleanup_ifaces 298} 299 300 301# Regression test for PR kern/189089 302# Create two tap interfaces and assign them both the same IP address but with 303# different netmasks, and both on the default FIB. Then remove one's IP 304# address. Hopefully the machine won't panic. 305atf_test_case same_ip_multiple_ifaces_fib0 cleanup 306same_ip_multiple_ifaces_fib0_head() 307{ 308 atf_set "descr" "Can remove an IPv4 alias from an interface when the same IPv4 is also assigned to another interface." 309 atf_set "require.user" "root" 310} 311same_ip_multiple_ifaces_fib0_body() 312{ 313 ADDR="192.0.2.2" 314 MASK0="24" 315 MASK1="32" 316 317 # Unlike most of the tests in this file, this is applicable regardless 318 # of net.add_addr_allfibs 319 320 # Setup the interfaces, then remove one alias. It should not panic. 321 setup_tap 0 inet ${ADDR} ${MASK0} 322 TAP0=${TAP} 323 setup_tap 0 inet ${ADDR} ${MASK1} 324 TAP1=${TAP} 325 ifconfig ${TAP1} -alias ${ADDR} 326 327 # Do it again, in the opposite order. It should not panic. 328 setup_tap 0 inet ${ADDR} ${MASK0} 329 TAP0=${TAP} 330 setup_tap 0 inet ${ADDR} ${MASK1} 331 TAP1=${TAP} 332 ifconfig ${TAP0} -alias ${ADDR} 333} 334same_ip_multiple_ifaces_fib0_cleanup() 335{ 336 cleanup_ifaces 337} 338 339# Regression test for PR kern/189088 340# Test that removing an IP address works even if the same IP is assigned to a 341# different interface, on a different FIB. Tests the same code that whose 342# panic was regressed by same_ip_multiple_ifaces_fib0. 343# Create two tap interfaces and assign them both the same IP address but with 344# different netmasks, and on different FIBs. Then remove one's IP 345# address. Hopefully the machine won't panic. Also, the IP's hostroute should 346# dissappear from the correct fib. 347atf_test_case same_ip_multiple_ifaces cleanup 348same_ip_multiple_ifaces_head() 349{ 350 atf_set "descr" "Can remove an IPv4 alias from an interface when the same address is also assigned to another interface, on non-default FIBs." 351 atf_set "require.user" "root" 352} 353same_ip_multiple_ifaces_body() 354{ 355 ADDR="192.0.2.2" 356 MASK0="24" 357 MASK1="32" 358 359 # Unlike most of the tests in this file, this is applicable regardless 360 # of net.add_addr_allfibs 361 get_fibs 4 362 363 # Setup the interfaces, then remove one alias. It should not panic. 364 setup_tap ${FIB0} inet ${ADDR} ${MASK0} 365 TAP0=${TAP} 366 setup_tap ${FIB1} inet ${ADDR} ${MASK1} 367 TAP1=${TAP} 368 ifconfig ${TAP1} -alias ${ADDR} 369 atf_check -o not-match:"^${ADDR}[[:space:]]" \ 370 setfib ${FIB1} netstat -rn -f inet 371 372 # Do it again, in the opposite order. It should not panic. 373 setup_tap ${FIB2} inet ${ADDR} ${MASK0} 374 TAP0=${TAP} 375 setup_tap ${FIB3} inet ${ADDR} ${MASK1} 376 TAP1=${TAP} 377 ifconfig ${TAP0} -alias ${ADDR} 378 atf_check -o not-match:"^${ADDR}[[:space:]]" \ 379 setfib ${FIB2} netstat -rn -f inet 380} 381same_ip_multiple_ifaces_cleanup() 382{ 383 # Due to PR kern/189088, we must destroy the interfaces in LIFO order 384 # in order for the routes to be correctly cleaned up. 385 for TAPD in `tail -r "ifaces_to_cleanup"`; do 386 echo ifconfig ${TAPD} destroy 387 ifconfig ${TAPD} destroy 388 done 389} 390 391atf_test_case same_ip_multiple_ifaces_inet6 cleanup 392same_ip_multiple_ifaces_inet6_head() 393{ 394 atf_set "descr" "Can remove an IPv6 alias from an interface when the same address is also assigned to another interface, on non-default FIBs." 395 atf_set "require.user" "root" 396} 397same_ip_multiple_ifaces_inet6_body() 398{ 399 ADDR="2001:db8::2" 400 MASK0="64" 401 MASK1="128" 402 403 # Unlike most of the tests in this file, this is applicable regardless 404 # of net.add_addr_allfibs 405 get_fibs 2 406 407 # Setup the interfaces, then remove one alias. It should not panic. 408 setup_tap ${FIB0} inet6 ${ADDR} ${MASK0} 409 TAP0=${TAP} 410 setup_tap ${FIB1} inet6 ${ADDR} ${MASK1} 411 TAP1=${TAP} 412 atf_check -s exit:0 ifconfig ${TAP1} inet6 ${ADDR} -alias 413 atf_check -o not-match:"^${ADDR}[[:space:]]" \ 414 setfib ${FIB1} netstat -rn -f inet6 415 ifconfig ${TAP1} destroy 416 ifconfig ${TAP0} destroy 417 418 # Do it again, in the opposite order. It should not panic. 419 setup_tap ${FIB0} inet6 ${ADDR} ${MASK0} 420 TAP0=${TAP} 421 setup_tap ${FIB1} inet6 ${ADDR} ${MASK1} 422 TAP1=${TAP} 423 atf_check -s exit:0 ifconfig ${TAP0} inet6 ${ADDR} -alias 424 atf_check -o not-match:"^${ADDR}[[:space:]]" \ 425 setfib ${FIB0} netstat -rn -f inet6 426} 427same_ip_multiple_ifaces_inet6_cleanup() 428{ 429 cleanup_ifaces 430} 431 432atf_test_case slaac_on_nondefault_fib6 cleanup 433slaac_on_nondefault_fib6_head() 434{ 435 atf_set "descr" "SLAAC correctly installs routes on non-default FIBs" 436 atf_set "require.user" "root" 437 atf_set "require.config" "allow_sysctl_side_effects" 438} 439slaac_on_nondefault_fib6_body() 440{ 441 # Configure the epair interfaces to use nonrouteable RFC3849 442 # addresses and non-default FIBs 443 PREFIX="2001:db8:$(printf "%x" `jot -r 1 0 65535`):$(printf "%x" `jot -r 1 0 65535`)" 444 ADDR="$PREFIX::2" 445 GATEWAY="$PREFIX::1" 446 SUBNET="$PREFIX:" 447 MASK="64" 448 449 # Check system configuration 450 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 451 atf_skip "This test requires net.add_addr_allfibs=0" 452 fi 453 get_fibs 2 454 455 sysctl -n "net.inet6.ip6.rfc6204w3" >> "rfc6204w3.state" 456 sysctl -n "net.inet6.ip6.forwarding" >> "forwarding.state" 457 # Enable forwarding so the kernel will send RAs 458 sysctl net.inet6.ip6.forwarding=1 459 # Enable RFC6204W3 mode so the kernel will enable default router 460 # selection while also forwarding packets 461 sysctl net.inet6.ip6.rfc6204w3=1 462 463 # Configure epair interfaces 464 get_epair 465 setup_iface "$EPAIRA" "$FIB0" inet6 ${ADDR} ${MASK} 466 echo setfib $FIB1 ifconfig "$EPAIRB" inet6 -ifdisabled accept_rtadv fib $FIB1 up 467 setfib $FIB1 ifconfig "$EPAIRB" inet6 -ifdisabled accept_rtadv fib $FIB1 up 468 rtadvd -p rtadvd.pid -C rtadvd.sock -c /dev/null "$EPAIRA" 469 rtsol "$EPAIRB" 470 471 # Check SLAAC address 472 atf_check -o match:"inet6 ${SUBNET}.*prefixlen ${MASK}.*autoconf" \ 473 ifconfig "$EPAIRB" 474 # Check local route 475 atf_check -o match:"${SUBNET}.*\<UHS\>.*lo0" \ 476 netstat -rnf inet6 -F $FIB1 477 # Check subnet route 478 atf_check -o match:"${SUBNET}:/${MASK}.*\<U\>.*$EPAIRB" \ 479 netstat -rnf inet6 -F $FIB1 480 # Check default route 481 atf_check -o match:"default.*\<UG\>.*$EPAIRB" \ 482 netstat -rnf inet6 -F $FIB1 483 484 # Check that none of the above routes appeared on other routes 485 for fib in $( seq 0 $(($(sysctl -n net.fibs) - 1))); do 486 if [ "$fib" = "$FIB1" -o "$fib" = "$FIB0" ]; then 487 continue 488 fi 489 atf_check -o not-match:"${SUBNET}.*\<UHS\>.*lo0" \ 490 netstat -rnf inet6 -F $fib 491 atf_check -o not-match:"${SUBNET}:/${MASK}.*\<U\>.*$EPAIRB" \ 492 netstat -rnf inet6 -F $fib 493 atf_check -o not-match:"default.*\<UG\>.*$EPAIRB" \ 494 netstat -rnf inet6 -F $fib 495 done 496} 497slaac_on_nondefault_fib6_cleanup() 498{ 499 if [ -f "rtadvd.pid" ]; then 500 # rtadvd can take a long time to shutdown. Use SIGKILL to kill 501 # it right away. The downside to using SIGKILL is that it 502 # won't send final RAs to all interfaces, but we don't care 503 # because we're about to destroy its interface anyway. 504 pkill -kill -F rtadvd.pid 505 rm -f rtadvd.pid 506 fi 507 cleanup_ifaces 508 if [ -f "forwarding.state" ] ; then 509 sysctl "net.inet6.ip6.forwarding"=`cat "forwarding.state"` 510 rm "forwarding.state" 511 fi 512 if [ -f "rfc6204w3.state" ] ; then 513 sysctl "net.inet6.ip6.rfc6204w3"=`cat "rfc6204w3.state"` 514 rm "rfc6204w3.state" 515 fi 516} 517 518# Regression test for kern/187550 519atf_test_case subnet_route_with_multiple_fibs_on_same_subnet cleanup 520subnet_route_with_multiple_fibs_on_same_subnet_head() 521{ 522 atf_set "descr" "Multiple FIBs can have IPv4 subnet routes for the same subnet" 523 atf_set "require.user" "root" 524} 525 526subnet_route_with_multiple_fibs_on_same_subnet_body() 527{ 528 # Configure the TAP interfaces to use a RFC5737 nonrouteable addresses 529 # and a non-default fib 530 ADDR0="192.0.2.2" 531 ADDR1="192.0.2.3" 532 SUBNET="192.0.2.0" 533 MASK="24" 534 535 # Check system configuration 536 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 537 atf_skip "This test requires net.add_addr_allfibs=0" 538 fi 539 get_fibs 2 540 541 # Configure TAP interfaces 542 setup_tap "$FIB0" inet ${ADDR0} ${MASK} 543 setup_tap "$FIB1" inet ${ADDR1} ${MASK} 544 545 # Check that a subnet route exists on both fibs 546 atf_check -o ignore setfib "$FIB0" route get $ADDR1 547 atf_check -o ignore setfib "$FIB1" route get $ADDR0 548} 549 550subnet_route_with_multiple_fibs_on_same_subnet_cleanup() 551{ 552 cleanup_ifaces 553} 554 555atf_test_case subnet_route_with_multiple_fibs_on_same_subnet_inet6 cleanup 556subnet_route_with_multiple_fibs_on_same_subnet_inet6_head() 557{ 558 atf_set "descr" "Multiple FIBs can have IPv6 subnet routes for the same subnet" 559 atf_set "require.user" "root" 560} 561 562subnet_route_with_multiple_fibs_on_same_subnet_inet6_body() 563{ 564 # Configure the TAP interfaces to use a RFC3849 nonrouteable addresses 565 # and a non-default fib 566 ADDR0="2001:db8::2" 567 ADDR1="2001:db8::3" 568 SUBNET="2001:db8::" 569 MASK="64" 570 571 # Check system configuration 572 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 573 atf_skip "This test requires net.add_addr_allfibs=0" 574 fi 575 get_fibs 2 576 577 # Configure TAP interfaces 578 setup_tap "$FIB0" inet6 ${ADDR0} ${MASK} 579 setup_tap "$FIB1" inet6 ${ADDR1} ${MASK} 580 581 # Check that a subnet route exists on both fibs 582 atf_check -o ignore setfib "$FIB0" route -6 get $ADDR1 583 atf_check -o ignore setfib "$FIB1" route -6 get $ADDR0 584} 585 586subnet_route_with_multiple_fibs_on_same_subnet_inet6_cleanup() 587{ 588 cleanup_ifaces 589} 590 591# Test that source address selection works correctly for UDP packets with 592# SO_DONTROUTE set that are sent on non-default FIBs. 593# This bug was discovered with "setfib 1 netperf -t UDP_STREAM -H some_host" 594# Regression test for kern/187553 595# 596# The root cause was that ifa_ifwithnet() did not have a fib argument. It 597# would return an address from an interface on any FIB that had a subnet route 598# for the destination. If more than one were available, it would choose the 599# most specific. This is most easily tested by creating a FIB without a 600# default route, then trying to send a UDP packet with SO_DONTROUTE set to an 601# address which is not routable on that FIB. Absent the fix for this bug, 602# in_pcbladdr would choose an interface on any FIB with a default route. With 603# the fix, you will get EUNREACH or ENETUNREACH. 604atf_test_case udp_dontroute cleanup 605udp_dontroute_head() 606{ 607 atf_set "descr" "Source address selection for UDP packets with SO_DONTROUTE on non-default FIBs works" 608 atf_set "require.user" "root" 609} 610 611udp_dontroute_body() 612{ 613 # Configure the TAP interface to use an RFC5737 nonrouteable address 614 # and a non-default fib 615 ADDR0="192.0.2.2" 616 ADDR1="192.0.2.3" 617 SUBNET="192.0.2.0" 618 MASK="24" 619 # Use a different IP on the same subnet as the target 620 TARGET="192.0.2.100" 621 SRCDIR=`atf_get_srcdir` 622 623 # Check system configuration 624 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 625 atf_skip "This test requires net.add_addr_allfibs=0" 626 fi 627 get_fibs 2 628 629 # Configure the TAP interfaces 630 setup_tap ${FIB0} inet ${ADDR0} ${MASK} 631 TARGET_TAP=${TAP} 632 setup_tap ${FIB1} inet ${ADDR1} ${MASK} 633 634 # Send a UDP packet with SO_DONTROUTE. In the failure case, it will 635 # return ENETUNREACH, or send the packet to the wrong tap 636 atf_check -o ignore setfib ${FIB0} \ 637 ${SRCDIR}/udp_dontroute ${TARGET} /dev/${TARGET_TAP} 638 cleanup_ifaces 639 640 # Repeat, but this time target the other tap 641 setup_tap ${FIB0} inet ${ADDR0} ${MASK} 642 setup_tap ${FIB1} inet ${ADDR1} ${MASK} 643 TARGET_TAP=${TAP} 644 645 atf_check -o ignore setfib ${FIB1} \ 646 ${SRCDIR}/udp_dontroute ${TARGET} /dev/${TARGET_TAP} 647} 648 649udp_dontroute_cleanup() 650{ 651 cleanup_ifaces 652} 653 654atf_test_case udp_dontroute6 cleanup 655udp_dontroute6_head() 656{ 657 atf_set "descr" "Source address selection for UDP IPv6 packets with SO_DONTROUTE on non-default FIBs works" 658 atf_set "require.user" "root" 659} 660 661udp_dontroute6_body() 662{ 663 if [ "$(atf_config_get ci false)" = "true" ]; then 664 atf_skip "https://bugs.freebsd.org/244172" 665 fi 666 # Configure the TAP interface to use an RFC3849 nonrouteable address 667 # and a non-default fib 668 ADDR0="2001:db8::2" 669 ADDR1="2001:db8::3" 670 SUBNET="2001:db8::" 671 MASK="64" 672 # Use a different IP on the same subnet as the target 673 TARGET="2001:db8::100" 674 SRCDIR=`atf_get_srcdir` 675 676 # Check system configuration 677 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 678 atf_skip "This test requires net.add_addr_allfibs=0" 679 fi 680 get_fibs 2 681 682 # Configure the TAP interfaces. Use no_dad so the addresses will be 683 # ready right away and won't be marked as tentative until DAD 684 # completes. 685 setup_tap ${FIB0} inet6 ${ADDR0} ${MASK} no_dad 686 TARGET_TAP=${TAP} 687 setup_tap ${FIB1} inet6 ${ADDR1} ${MASK} no_dad 688 689 # Send a UDP packet with SO_DONTROUTE. In the failure case, it will 690 # return ENETUNREACH, or send the packet to the wrong tap 691 atf_check -o ignore setfib ${FIB0} \ 692 ${SRCDIR}/udp_dontroute -6 ${TARGET} /dev/${TARGET_TAP} 693 cleanup_ifaces 694 695 # Repeat, but this time target the other tap 696 setup_tap ${FIB0} inet6 ${ADDR0} ${MASK} no_dad 697 setup_tap ${FIB1} inet6 ${ADDR1} ${MASK} no_dad 698 TARGET_TAP=${TAP} 699 700 atf_check -o ignore setfib ${FIB1} \ 701 ${SRCDIR}/udp_dontroute -6 ${TARGET} /dev/${TARGET_TAP} 702} 703 704udp_dontroute6_cleanup() 705{ 706 cleanup_ifaces 707} 708 709 710atf_init_test_cases() 711{ 712 atf_add_test_case arpresolve_checks_interface_fib 713 atf_add_test_case loopback_and_network_routes_on_nondefault_fib 714 atf_add_test_case loopback_and_network_routes_on_nondefault_fib_inet6 715 atf_add_test_case default_route_with_multiple_fibs_on_same_subnet 716 atf_add_test_case default_route_with_multiple_fibs_on_same_subnet_inet6 717 atf_add_test_case same_ip_multiple_ifaces_fib0 718 atf_add_test_case same_ip_multiple_ifaces 719 atf_add_test_case same_ip_multiple_ifaces_inet6 720 atf_add_test_case slaac_on_nondefault_fib6 721 atf_add_test_case subnet_route_with_multiple_fibs_on_same_subnet 722 atf_add_test_case subnet_route_with_multiple_fibs_on_same_subnet_inet6 723 atf_add_test_case udp_dontroute 724 atf_add_test_case udp_dontroute6 725} 726 727# Looks up one or more fibs from the configuration data and validates them. 728# Returns the results in the env varilables FIB0, FIB1, etc. 729 730# parameter numfibs The number of fibs to lookup 731get_fibs() 732{ 733 NUMFIBS=$1 734 net_fibs=`sysctl -n net.fibs` 735 if [ $net_fibs -lt $(($NUMFIBS + 1)) ]; then 736 atf_check -o ignore sysctl net.fibs=$(($NUMFIBS + 1)) 737 net_fibs=`sysctl -n net.fibs` 738 fi 739 i=0 740 while [ $i -lt "$NUMFIBS" ]; do 741 eval FIB${i}=$(($i + 1)) 742 i=$(( $i + 1 )) 743 done 744} 745 746# Creates a new pair of connected epair(4) interface, registers them for 747# cleanup, and returns their namen via the environment variables EPAIRA and 748# EPAIRB 749get_epair() 750{ 751 local EPAIRD 752 753 if (which pfctl && pfctl -s info | grep -q 'Status: Enabled') || 754 [ `sysctl -n net.inet.ip.fw.enable` = "1" ] || 755 (which ipf && ipf -V); then 756 atf_skip "firewalls interfere with this test" 757 fi 758 759 if EPAIRD=`ifconfig epair create`; then 760 # Record the epair device so we can clean it up later 761 echo ${EPAIRD} >> "ifaces_to_cleanup" 762 EPAIRA=${EPAIRD} 763 EPAIRB=${EPAIRD%a}b 764 else 765 atf_skip "Could not create epair(4) interfaces" 766 fi 767} 768 769# Creates a new tap(4) interface, registers it for cleanup, and returns the 770# name via the environment variable TAP 771get_tap() 772{ 773 local TAPD 774 775 if TAPD=`ifconfig tap create`; then 776 # Record the TAP device so we can clean it up later 777 echo ${TAPD} >> "ifaces_to_cleanup" 778 TAP=${TAPD} 779 else 780 atf_skip "Could not create a tap(4) interface" 781 fi 782} 783 784# Configure an ethernet interface 785# parameters: 786# Interface name 787# fib 788# Protocol (inet or inet6) 789# IP address 790# Netmask in number of bits (eg 24 or 8) 791# Extra flags 792# Return: None 793setup_iface() 794{ 795 local IFACE=$1 796 local FIB=$2 797 local PROTO=$3 798 local ADDR=$4 799 local MASK=$5 800 local FLAGS=$6 801 atf_check setfib ${FIB} ifconfig $IFACE ${PROTO} ${ADDR}/${MASK} fib $FIB $FLAGS 802} 803 804# Create a tap(4) interface, configure it, and register it for cleanup. 805# parameters: 806# fib 807# Protocol (inet or inet6) 808# IP address 809# Netmask in number of bits (eg 24 or 8) 810# Extra flags 811# Return: the tap interface name as the env variable TAP 812setup_tap() 813{ 814 get_tap 815 setup_iface "$TAP" "$@" 816} 817 818cleanup_ifaces() 819{ 820 if [ -f ifaces_to_cleanup ]; then 821 for iface in $(cat ifaces_to_cleanup); do 822 echo ifconfig "${iface}" destroy 823 ifconfig "${iface}" destroy 2>/dev/null || true 824 done 825 rm -f ifaces_to_cleanup 826 fi 827} 828