1# 2# Copyright (c) 2014 Spectra Logic Corporation 3# All rights reserved. 4# 5# Redistribution and use in source and binary forms, with or without 6# modification, are permitted provided that the following conditions 7# are met: 8# 1. Redistributions of source code must retain the above copyright 9# notice, this list of conditions, and the following disclaimer, 10# without modification. 11# 2. Redistributions in binary form must reproduce at minimum a disclaimer 12# substantially similar to the "NO WARRANTY" disclaimer below 13# ("Disclaimer") and any redistribution must be conditioned upon 14# including a substantially similar Disclaimer requirement for further 15# binary redistribution. 16# 17# NO WARRANTY 18# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR 21# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22# HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 27# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28# POSSIBILITY OF SUCH DAMAGES. 29# 30# Authors: Alan Somers (Spectra Logic Corporation) 31# 32# $FreeBSD$ 33 34# All of the tests in this file requires the test-suite config variable "fibs" 35# to be defined to a space-delimited list of FIBs that may be used for testing. 36 37# arpresolve should check the interface fib for routes to a target when 38# creating an ARP table entry. This is a regression for kern/167947, where 39# arpresolve only checked the default route. 40# 41# Outline: 42# Create two connected epair(4) interfaces 43# Use nping (from security/nmap) to send an ICMP echo request from one 44# interface to the other, spoofing the source IP. The source IP must be 45# spoofed, or else it will already have an entry in the arp table. 46# Check whether an arp entry exists for the spoofed IP 47atf_test_case arpresolve_checks_interface_fib cleanup 48arpresolve_checks_interface_fib_head() 49{ 50 atf_set "descr" "arpresolve should check the interface fib, not the default fib, for routes" 51 atf_set "require.user" "root" 52 atf_set "require.config" "fibs" 53 atf_set "require.progs" "nping" 54} 55arpresolve_checks_interface_fib_body() 56{ 57 # Configure the TAP interfaces to use a RFC5737 nonrouteable addresses 58 # and a non-default fib 59 ADDR0="192.0.2.2" 60 ADDR1="192.0.2.3" 61 SUBNET="192.0.2.0" 62 # Due to bug TBD (regressed by multiple_fibs_on_same_subnet) we need 63 # diffferent subnet masks, or FIB1 won't have a subnet route. 64 MASK0="24" 65 MASK1="25" 66 # Spoof a MAC that is reserved per RFC7042 67 SPOOF_ADDR="192.0.2.4" 68 SPOOF_MAC="00:00:5E:00:53:00" 69 70 # Check system configuration 71 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 72 atf_skip "This test requires net.add_addr_allfibs=0" 73 fi 74 get_fibs 2 75 76 # Configure epair interfaces 77 get_epair 78 setup_iface "$EPAIRA" "$FIB0" inet ${ADDR0} ${MASK0} 79 setup_iface "$EPAIRB" "$FIB1" inet ${ADDR1} ${MASK1} 80 81 # Send an ICMP echo request with a spoofed source IP 82 setfib "$FIB0" nping -c 1 -e ${EPAIRA} -S ${SPOOF_ADDR} \ 83 --source-mac ${SPOOF_MAC} --icmp --icmp-type "echo-request" \ 84 --icmp-code 0 --icmp-id 0xdead --icmp-seq 1 --data 0xbeef \ 85 ${ADDR1} 86 # For informational and debugging purposes only, look for the 87 # characteristic error message 88 dmesg | grep "llinfo.*${SPOOF_ADDR}" 89 # Check that the ARP entry exists 90 atf_check -o match:"${SPOOF_ADDR}.*expires" setfib "$FIB1" arp ${SPOOF_ADDR} 91} 92arpresolve_checks_interface_fib_cleanup() 93{ 94 cleanup_ifaces 95} 96 97 98# Regression test for kern/187549 99atf_test_case loopback_and_network_routes_on_nondefault_fib cleanup 100loopback_and_network_routes_on_nondefault_fib_head() 101{ 102 atf_set "descr" "When creating and deleting loopback IPv4 routes, use the interface's fib" 103 atf_set "require.user" "root" 104 atf_set "require.config" "fibs" 105} 106 107loopback_and_network_routes_on_nondefault_fib_body() 108{ 109 # Configure the TAP interface to use an RFC5737 nonrouteable address 110 # and a non-default fib 111 ADDR="192.0.2.2" 112 SUBNET="192.0.2.0" 113 MASK="24" 114 115 # Check system configuration 116 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 117 atf_skip "This test requires net.add_addr_allfibs=0" 118 fi 119 get_fibs 1 120 121 # Configure a TAP interface 122 setup_tap ${FIB0} inet ${ADDR} ${MASK} 123 124 # Check whether the host route exists in only the correct FIB 125 setfib ${FIB0} netstat -rn -f inet | grep -q "^${ADDR}.*UHS.*lo0" 126 if [ 0 -ne $? ]; then 127 setfib ${FIB0} netstat -rn -f inet 128 atf_fail "Host route did not appear in the correct FIB" 129 fi 130 setfib 0 netstat -rn -f inet | grep -q "^${ADDR}.*UHS.*lo0" 131 if [ 0 -eq $? ]; then 132 setfib 0 netstat -rn -f inet 133 atf_fail "Host route appeared in the wrong FIB" 134 fi 135 136 # Check whether the network route exists in only the correct FIB 137 setfib ${FIB0} netstat -rn -f inet | \ 138 grep -q "^${SUBNET}/${MASK}.*${TAPD}" 139 if [ 0 -ne $? ]; then 140 setfib ${FIB0} netstat -rn -f inet 141 atf_fail "Network route did not appear in the correct FIB" 142 fi 143 setfib 0 netstat -rn -f inet | \ 144 grep -q "^${SUBNET}/${MASK}.*${TAPD}" 145 if [ 0 -eq $? ]; then 146 setfib 0 netstat -rn -f inet 147 atf_fail "Network route appeared in the wrong FIB" 148 fi 149} 150 151loopback_and_network_routes_on_nondefault_fib_cleanup() 152{ 153 cleanup_ifaces 154} 155 156atf_test_case loopback_and_network_routes_on_nondefault_fib_inet6 cleanup 157loopback_and_network_routes_on_nondefault_fib_inet6_head() 158{ 159 atf_set "descr" "When creating and deleting loopback IPv6 routes, use the interface's fib" 160 atf_set "require.user" "root" 161 atf_set "require.config" "fibs" 162} 163 164loopback_and_network_routes_on_nondefault_fib_inet6_body() 165{ 166 # Configure the TAP interface to use a nonrouteable RFC3849 167 # address and a non-default fib 168 ADDR="2001:db8::2" 169 SUBNET="2001:db8::" 170 MASK="64" 171 172 # Check system configuration 173 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 174 atf_skip "This test requires net.add_addr_allfibs=0" 175 fi 176 get_fibs 1 177 178 # Configure a TAP interface 179 setup_tap ${FIB0} inet6 ${ADDR} ${MASK} 180 181 # Check whether the host route exists in only the correct FIB 182 setfib ${FIB0} netstat -rn -f inet6 | grep -q "^${ADDR}.*UHS.*lo0" 183 if [ 0 -ne $? ]; then 184 setfib ${FIB0} netstat -rn -f inet6 185 atf_fail "Host route did not appear in the correct FIB" 186 fi 187 setfib 0 netstat -rn -f inet6 | grep -q "^${ADDR}.*UHS.*lo0" 188 if [ 0 -eq $? ]; then 189 setfib 0 netstat -rn -f inet6 190 atf_fail "Host route appeared in the wrong FIB" 191 fi 192 193 # Check whether the network route exists in only the correct FIB 194 setfib ${FIB0} netstat -rn -f inet6 | \ 195 grep -q "^${SUBNET}/${MASK}.*${TAPD}" 196 if [ 0 -ne $? ]; then 197 setfib ${FIB0} netstat -rn -f inet6 198 atf_fail "Network route did not appear in the correct FIB" 199 fi 200 setfib 0 netstat -rn -f inet6 | \ 201 grep -q "^${SUBNET}/${MASK}.*${TAPD}" 202 if [ 0 -eq $? ]; then 203 setfib 0 netstat -rn -f inet6 204 atf_fail "Network route appeared in the wrong FIB" 205 fi 206} 207 208loopback_and_network_routes_on_nondefault_fib_inet6_cleanup() 209{ 210 cleanup_ifaces 211} 212 213 214# Regression test for kern/187552 215atf_test_case default_route_with_multiple_fibs_on_same_subnet cleanup 216default_route_with_multiple_fibs_on_same_subnet_head() 217{ 218 atf_set "descr" "Multiple interfaces on the same subnet but with different fibs can both have default IPv4 routes" 219 atf_set "require.user" "root" 220 atf_set "require.config" "fibs" 221} 222 223default_route_with_multiple_fibs_on_same_subnet_body() 224{ 225 # Configure the TAP interfaces to use a RFC5737 nonrouteable addresses 226 # and a non-default fib 227 ADDR0="192.0.2.2" 228 ADDR1="192.0.2.3" 229 GATEWAY="192.0.2.1" 230 SUBNET="192.0.2.0" 231 MASK="24" 232 233 # Check system configuration 234 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 235 atf_skip "This test requires net.add_addr_allfibs=0" 236 fi 237 get_fibs 2 238 239 # Configure TAP interfaces 240 setup_tap "$FIB0" inet ${ADDR0} ${MASK} 241 TAP0=$TAP 242 setup_tap "$FIB1" inet ${ADDR1} ${MASK} 243 TAP1=$TAP 244 245 # Attempt to add default routes 246 setfib ${FIB0} route add default ${GATEWAY} 247 setfib ${FIB1} route add default ${GATEWAY} 248 249 # Verify that the default route exists for both fibs, with their 250 # respective interfaces. 251 atf_check -o match:"^default.*${TAP0}$" \ 252 setfib ${FIB0} netstat -rn -f inet 253 atf_check -o match:"^default.*${TAP1}$" \ 254 setfib ${FIB1} netstat -rn -f inet 255} 256 257default_route_with_multiple_fibs_on_same_subnet_cleanup() 258{ 259 cleanup_ifaces 260} 261 262atf_test_case default_route_with_multiple_fibs_on_same_subnet_inet6 cleanup 263default_route_with_multiple_fibs_on_same_subnet_inet6_head() 264{ 265 atf_set "descr" "Multiple interfaces on the same subnet but with different fibs can both have default IPv6 routes" 266 atf_set "require.user" "root" 267 atf_set "require.config" "fibs" 268} 269 270default_route_with_multiple_fibs_on_same_subnet_inet6_body() 271{ 272 # Configure the TAP interfaces to use nonrouteable RFC3849 273 # addresses and non-default FIBs 274 ADDR0="2001:db8::2" 275 ADDR1="2001:db8::3" 276 GATEWAY="2001:db8::1" 277 SUBNET="2001:db8::" 278 MASK="64" 279 280 # Check system configuration 281 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 282 atf_skip "This test requires net.add_addr_allfibs=0" 283 fi 284 get_fibs 2 285 286 # Configure TAP interfaces 287 setup_tap "$FIB0" inet6 ${ADDR0} ${MASK} 288 TAP0=$TAP 289 setup_tap "$FIB1" inet6 ${ADDR1} ${MASK} 290 TAP1=$TAP 291 292 # Attempt to add default routes 293 setfib ${FIB0} route -6 add default ${GATEWAY} 294 setfib ${FIB1} route -6 add default ${GATEWAY} 295 296 # Verify that the default route exists for both fibs, with their 297 # respective interfaces. 298 atf_check -o match:"^default.*${TAP0}$" \ 299 setfib ${FIB0} netstat -rn -f inet6 300 atf_check -o match:"^default.*${TAP1}$" \ 301 setfib ${FIB1} netstat -rn -f inet6 302} 303 304default_route_with_multiple_fibs_on_same_subnet_inet6_cleanup() 305{ 306 cleanup_ifaces 307} 308 309 310# Regression test for PR kern/189089 311# Create two tap interfaces and assign them both the same IP address but with 312# different netmasks, and both on the default FIB. Then remove one's IP 313# address. Hopefully the machine won't panic. 314atf_test_case same_ip_multiple_ifaces_fib0 cleanup 315same_ip_multiple_ifaces_fib0_head() 316{ 317 atf_set "descr" "Can remove an IPv4 alias from an interface when the same IPv4 is also assigned to another interface." 318 atf_set "require.user" "root" 319 atf_set "require.config" "fibs" 320} 321same_ip_multiple_ifaces_fib0_body() 322{ 323 ADDR="192.0.2.2" 324 MASK0="24" 325 MASK1="32" 326 327 # Unlike most of the tests in this file, this is applicable regardless 328 # of net.add_addr_allfibs 329 330 # Setup the interfaces, then remove one alias. It should not panic. 331 setup_tap 0 inet ${ADDR} ${MASK0} 332 TAP0=${TAP} 333 setup_tap 0 inet ${ADDR} ${MASK1} 334 TAP1=${TAP} 335 ifconfig ${TAP1} -alias ${ADDR} 336 337 # Do it again, in the opposite order. It should not panic. 338 setup_tap 0 inet ${ADDR} ${MASK0} 339 TAP0=${TAP} 340 setup_tap 0 inet ${ADDR} ${MASK1} 341 TAP1=${TAP} 342 ifconfig ${TAP0} -alias ${ADDR} 343} 344same_ip_multiple_ifaces_fib0_cleanup() 345{ 346 cleanup_ifaces 347} 348 349# Regression test for PR kern/189088 350# Test that removing an IP address works even if the same IP is assigned to a 351# different interface, on a different FIB. Tests the same code that whose 352# panic was regressed by same_ip_multiple_ifaces_fib0. 353# Create two tap interfaces and assign them both the same IP address but with 354# different netmasks, and on different FIBs. Then remove one's IP 355# address. Hopefully the machine won't panic. Also, the IP's hostroute should 356# dissappear from the correct fib. 357atf_test_case same_ip_multiple_ifaces cleanup 358same_ip_multiple_ifaces_head() 359{ 360 atf_set "descr" "Can remove an IPv4 alias from an interface when the same address is also assigned to another interface, on non-default FIBs." 361 atf_set "require.user" "root" 362 atf_set "require.config" "fibs" 363} 364same_ip_multiple_ifaces_body() 365{ 366 atf_expect_fail "kern/189088 Assigning the same IP to multiple interfaces in different FIBs creates a host route for only one" 367 ADDR="192.0.2.2" 368 MASK0="24" 369 MASK1="32" 370 371 # Unlike most of the tests in this file, this is applicable regardless 372 # of net.add_addr_allfibs 373 get_fibs 2 374 375 # Setup the interfaces, then remove one alias. It should not panic. 376 setup_tap ${FIB0} inet ${ADDR} ${MASK0} 377 TAP0=${TAP} 378 setup_tap ${FIB1} inet ${ADDR} ${MASK1} 379 TAP1=${TAP} 380 ifconfig ${TAP1} -alias ${ADDR} 381 atf_check -o not-match:"^${ADDR}[[:space:]]" \ 382 setfib ${FIB1} netstat -rn -f inet 383 384 # Do it again, in the opposite order. It should not panic. 385 setup_tap ${FIB0} inet ${ADDR} ${MASK0} 386 TAP0=${TAP} 387 setup_tap ${FIB1} inet ${ADDR} ${MASK1} 388 TAP1=${TAP} 389 ifconfig ${TAP0} -alias ${ADDR} 390 atf_check -o not-match:"^${ADDR}[[:space:]]" \ 391 setfib ${FIB0} netstat -rn -f inet 392} 393same_ip_multiple_ifaces_cleanup() 394{ 395 # Due to PR kern/189088, we must destroy the interfaces in LIFO order 396 # in order for the routes to be correctly cleaned up. 397 for TAPD in `tail -r "ifaces_to_cleanup"`; do 398 echo ifconfig ${TAPD} destroy 399 ifconfig ${TAPD} destroy 400 done 401} 402 403atf_test_case same_ip_multiple_ifaces_inet6 cleanup 404same_ip_multiple_ifaces_inet6_head() 405{ 406 atf_set "descr" "Can remove an IPv6 alias from an interface when the same address is also assigned to another interface, on non-default FIBs." 407 atf_set "require.user" "root" 408 atf_set "require.config" "fibs" 409} 410same_ip_multiple_ifaces_inet6_body() 411{ 412 ADDR="2001:db8::2" 413 MASK0="64" 414 MASK1="128" 415 416 # Unlike most of the tests in this file, this is applicable regardless 417 # of net.add_addr_allfibs 418 get_fibs 2 419 420 # Setup the interfaces, then remove one alias. It should not panic. 421 setup_tap ${FIB0} inet6 ${ADDR} ${MASK0} 422 TAP0=${TAP} 423 setup_tap ${FIB1} inet6 ${ADDR} ${MASK1} 424 TAP1=${TAP} 425 atf_check -s exit:0 ifconfig ${TAP1} inet6 ${ADDR} -alias 426 atf_check -o not-match:"^${ADDR}[[:space:]]" \ 427 setfib ${FIB1} netstat -rn -f inet6 428 ifconfig ${TAP1} destroy 429 ifconfig ${TAP0} destroy 430 431 # Do it again, in the opposite order. It should not panic. 432 setup_tap ${FIB0} inet6 ${ADDR} ${MASK0} 433 TAP0=${TAP} 434 setup_tap ${FIB1} inet6 ${ADDR} ${MASK1} 435 TAP1=${TAP} 436 atf_check -s exit:0 ifconfig ${TAP0} inet6 ${ADDR} -alias 437 atf_check -o not-match:"^${ADDR}[[:space:]]" \ 438 setfib ${FIB0} netstat -rn -f inet6 439} 440same_ip_multiple_ifaces_inet6_cleanup() 441{ 442 cleanup_ifaces 443} 444 445atf_test_case slaac_on_nondefault_fib6 cleanup 446slaac_on_nondefault_fib6_head() 447{ 448 atf_set "descr" "SLAAC correctly installs routes on non-default FIBs" 449 atf_set "require.user" "root" 450 atf_set "require.config" "fibs" "allow_sysctl_side_effects" 451} 452slaac_on_nondefault_fib6_body() 453{ 454 # Configure the epair interfaces to use nonrouteable RFC3849 455 # addresses and non-default FIBs 456 PREFIX="2001:db8:$(printf "%x" `jot -r 1 0 65535`):$(printf "%x" `jot -r 1 0 65535`)" 457 ADDR="$PREFIX::2" 458 GATEWAY="$PREFIX::1" 459 SUBNET="$PREFIX:" 460 MASK="64" 461 462 # Check system configuration 463 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 464 atf_skip "This test requires net.add_addr_allfibs=0" 465 fi 466 get_fibs 2 467 468 sysctl -n "net.inet6.ip6.rfc6204w3" >> "rfc6204w3.state" 469 sysctl -n "net.inet6.ip6.forwarding" >> "forwarding.state" 470 # Enable forwarding so the kernel will send RAs 471 sysctl net.inet6.ip6.forwarding=1 472 # Enable RFC6204W3 mode so the kernel will enable default router 473 # selection while also forwarding packets 474 sysctl net.inet6.ip6.rfc6204w3=1 475 476 # Configure epair interfaces 477 get_epair 478 setup_iface "$EPAIRA" "$FIB0" inet6 ${ADDR} ${MASK} 479 echo setfib $FIB1 ifconfig "$EPAIRB" inet6 -ifdisabled accept_rtadv fib $FIB1 up 480 setfib $FIB1 ifconfig "$EPAIRB" inet6 -ifdisabled accept_rtadv fib $FIB1 up 481 rtadvd -p rtadvd.pid -C rtadvd.sock -c /dev/null "$EPAIRA" 482 rtsol "$EPAIRB" 483 484 # Check SLAAC address 485 atf_check -o match:"inet6 ${SUBNET}.*prefixlen ${MASK}.*autoconf" \ 486 ifconfig "$EPAIRB" 487 # Check local route 488 atf_check -o match:"${SUBNET}.*\<UHS\>.*lo0" \ 489 netstat -rnf inet6 -F $FIB1 490 # Check subnet route 491 atf_check -o match:"${SUBNET}:/${MASK}.*\<U\>.*$EPAIRB" \ 492 netstat -rnf inet6 -F $FIB1 493 # Check default route 494 atf_check -o match:"default.*\<UG\>.*$EPAIRB" \ 495 netstat -rnf inet6 -F $FIB1 496 497 # Check that none of the above routes appeared on other routes 498 for fib in $( seq 0 $(($(sysctl -n net.fibs) - 1))); do 499 if [ "$fib" = "$FIB1" -o "$fib" = "$FIB0" ]; then 500 continue 501 fi 502 atf_check -o not-match:"${SUBNET}.*\<UHS\>.*lo0" \ 503 netstat -rnf inet6 -F $fib 504 atf_check -o not-match:"${SUBNET}:/${MASK}.*\<U\>.*$EPAIRB" \ 505 netstat -rnf inet6 -F $fib 506 atf_check -o not-match:"default.*\<UG\>.*$EPAIRB" \ 507 netstat -rnf inet6 -F $fib 508 done 509} 510slaac_on_nondefault_fib6_cleanup() 511{ 512 if [ -f "rtadvd.pid" ]; then 513 # rtadvd can take a long time to shutdown. Use SIGKILL to kill 514 # it right away. The downside to using SIGKILL is that it 515 # won't send final RAs to all interfaces, but we don't care 516 # because we're about to destroy its interface anyway. 517 pkill -kill -F rtadvd.pid 518 rm -f rtadvd.pid 519 fi 520 cleanup_ifaces 521 if [ -f "forwarding.state" ] ; then 522 sysctl "net.inet6.ip6.forwarding"=`cat "forwarding.state"` 523 rm "forwarding.state" 524 fi 525 if [ -f "rfc6204w3.state" ] ; then 526 sysctl "net.inet6.ip6.rfc6204w3"=`cat "rfc6204w3.state"` 527 rm "rfc6204w3.state" 528 fi 529} 530 531# Regression test for kern/187550 532atf_test_case subnet_route_with_multiple_fibs_on_same_subnet cleanup 533subnet_route_with_multiple_fibs_on_same_subnet_head() 534{ 535 atf_set "descr" "Multiple FIBs can have IPv4 subnet routes for the same subnet" 536 atf_set "require.user" "root" 537 atf_set "require.config" "fibs" 538} 539 540subnet_route_with_multiple_fibs_on_same_subnet_body() 541{ 542 # Configure the TAP interfaces to use a RFC5737 nonrouteable addresses 543 # and a non-default fib 544 ADDR0="192.0.2.2" 545 ADDR1="192.0.2.3" 546 SUBNET="192.0.2.0" 547 MASK="24" 548 549 # Check system configuration 550 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 551 atf_skip "This test requires net.add_addr_allfibs=0" 552 fi 553 get_fibs 2 554 555 # Configure TAP interfaces 556 setup_tap "$FIB0" inet ${ADDR0} ${MASK} 557 setup_tap "$FIB1" inet ${ADDR1} ${MASK} 558 559 # Check that a subnet route exists on both fibs 560 atf_check -o ignore setfib "$FIB0" route get $ADDR1 561 atf_check -o ignore setfib "$FIB1" route get $ADDR0 562} 563 564subnet_route_with_multiple_fibs_on_same_subnet_cleanup() 565{ 566 cleanup_ifaces 567} 568 569atf_test_case subnet_route_with_multiple_fibs_on_same_subnet_inet6 cleanup 570subnet_route_with_multiple_fibs_on_same_subnet_inet6_head() 571{ 572 atf_set "descr" "Multiple FIBs can have IPv6 subnet routes for the same subnet" 573 atf_set "require.user" "root" 574 atf_set "require.config" "fibs" 575} 576 577subnet_route_with_multiple_fibs_on_same_subnet_inet6_body() 578{ 579 # Configure the TAP interfaces to use a RFC3849 nonrouteable addresses 580 # and a non-default fib 581 ADDR0="2001:db8::2" 582 ADDR1="2001:db8::3" 583 SUBNET="2001:db8::" 584 MASK="64" 585 586 # Check system configuration 587 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 588 atf_skip "This test requires net.add_addr_allfibs=0" 589 fi 590 get_fibs 2 591 592 # Configure TAP interfaces 593 setup_tap "$FIB0" inet6 ${ADDR0} ${MASK} 594 setup_tap "$FIB1" inet6 ${ADDR1} ${MASK} 595 596 # Check that a subnet route exists on both fibs 597 atf_check -o ignore setfib "$FIB0" route -6 get $ADDR1 598 atf_check -o ignore setfib "$FIB1" route -6 get $ADDR0 599} 600 601subnet_route_with_multiple_fibs_on_same_subnet_inet6_cleanup() 602{ 603 cleanup_ifaces 604} 605 606# Test that source address selection works correctly for UDP packets with 607# SO_DONTROUTE set that are sent on non-default FIBs. 608# This bug was discovered with "setfib 1 netperf -t UDP_STREAM -H some_host" 609# Regression test for kern/187553 610# 611# The root cause was that ifa_ifwithnet() did not have a fib argument. It 612# would return an address from an interface on any FIB that had a subnet route 613# for the destination. If more than one were available, it would choose the 614# most specific. This is most easily tested by creating a FIB without a 615# default route, then trying to send a UDP packet with SO_DONTROUTE set to an 616# address which is not routable on that FIB. Absent the fix for this bug, 617# in_pcbladdr would choose an interface on any FIB with a default route. With 618# the fix, you will get EUNREACH or ENETUNREACH. 619atf_test_case udp_dontroute cleanup 620udp_dontroute_head() 621{ 622 atf_set "descr" "Source address selection for UDP packets with SO_DONTROUTE on non-default FIBs works" 623 atf_set "require.user" "root" 624 atf_set "require.config" "fibs" 625} 626 627udp_dontroute_body() 628{ 629 # Configure the TAP interface to use an RFC5737 nonrouteable address 630 # and a non-default fib 631 ADDR0="192.0.2.2" 632 ADDR1="192.0.2.3" 633 SUBNET="192.0.2.0" 634 MASK="24" 635 # Use a different IP on the same subnet as the target 636 TARGET="192.0.2.100" 637 SRCDIR=`atf_get_srcdir` 638 639 # Check system configuration 640 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 641 atf_skip "This test requires net.add_addr_allfibs=0" 642 fi 643 get_fibs 2 644 645 # Configure the TAP interfaces 646 setup_tap ${FIB0} inet ${ADDR0} ${MASK} 647 TARGET_TAP=${TAP} 648 setup_tap ${FIB1} inet ${ADDR1} ${MASK} 649 650 # Send a UDP packet with SO_DONTROUTE. In the failure case, it will 651 # return ENETUNREACH, or send the packet to the wrong tap 652 atf_check -o ignore setfib ${FIB0} \ 653 ${SRCDIR}/udp_dontroute ${TARGET} /dev/${TARGET_TAP} 654 cleanup_ifaces 655 656 # Repeat, but this time target the other tap 657 setup_tap ${FIB0} inet ${ADDR0} ${MASK} 658 setup_tap ${FIB1} inet ${ADDR1} ${MASK} 659 TARGET_TAP=${TAP} 660 661 atf_check -o ignore setfib ${FIB1} \ 662 ${SRCDIR}/udp_dontroute ${TARGET} /dev/${TARGET_TAP} 663} 664 665udp_dontroute_cleanup() 666{ 667 cleanup_ifaces 668} 669 670atf_test_case udp_dontroute6 cleanup 671udp_dontroute6_head() 672{ 673 atf_set "descr" "Source address selection for UDP IPv6 packets with SO_DONTROUTE on non-default FIBs works" 674 atf_set "require.user" "root" 675 atf_set "require.config" "fibs" 676} 677 678udp_dontroute6_body() 679{ 680 # Configure the TAP interface to use an RFC3849 nonrouteable address 681 # and a non-default fib 682 ADDR0="2001:db8::2" 683 ADDR1="2001:db8::3" 684 SUBNET="2001:db8::" 685 MASK="64" 686 # Use a different IP on the same subnet as the target 687 TARGET="2001:db8::100" 688 SRCDIR=`atf_get_srcdir` 689 690 # Check system configuration 691 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 692 atf_skip "This test requires net.add_addr_allfibs=0" 693 fi 694 get_fibs 2 695 696 # Configure the TAP interfaces. Use no_dad so the addresses will be 697 # ready right away and won't be marked as tentative until DAD 698 # completes. 699 setup_tap ${FIB0} inet6 ${ADDR0} ${MASK} no_dad 700 TARGET_TAP=${TAP} 701 setup_tap ${FIB1} inet6 ${ADDR1} ${MASK} no_dad 702 703 # Send a UDP packet with SO_DONTROUTE. In the failure case, it will 704 # return ENETUNREACH, or send the packet to the wrong tap 705 atf_check -o ignore setfib ${FIB0} \ 706 ${SRCDIR}/udp_dontroute -6 ${TARGET} /dev/${TARGET_TAP} 707 cleanup_ifaces 708 709 # Repeat, but this time target the other tap 710 setup_tap ${FIB0} inet6 ${ADDR0} ${MASK} no_dad 711 setup_tap ${FIB1} inet6 ${ADDR1} ${MASK} no_dad 712 TARGET_TAP=${TAP} 713 714 atf_check -o ignore setfib ${FIB1} \ 715 ${SRCDIR}/udp_dontroute -6 ${TARGET} /dev/${TARGET_TAP} 716} 717 718udp_dontroute6_cleanup() 719{ 720 cleanup_ifaces 721} 722 723 724atf_init_test_cases() 725{ 726 atf_add_test_case arpresolve_checks_interface_fib 727 atf_add_test_case loopback_and_network_routes_on_nondefault_fib 728 atf_add_test_case loopback_and_network_routes_on_nondefault_fib_inet6 729 atf_add_test_case default_route_with_multiple_fibs_on_same_subnet 730 atf_add_test_case default_route_with_multiple_fibs_on_same_subnet_inet6 731 atf_add_test_case same_ip_multiple_ifaces_fib0 732 atf_add_test_case same_ip_multiple_ifaces 733 atf_add_test_case same_ip_multiple_ifaces_inet6 734 atf_add_test_case slaac_on_nondefault_fib6 735 atf_add_test_case subnet_route_with_multiple_fibs_on_same_subnet 736 atf_add_test_case subnet_route_with_multiple_fibs_on_same_subnet_inet6 737 atf_add_test_case udp_dontroute 738 atf_add_test_case udp_dontroute6 739} 740 741# Looks up one or more fibs from the configuration data and validates them. 742# Returns the results in the env varilables FIB0, FIB1, etc. 743 744# parameter numfibs The number of fibs to lookup 745get_fibs() 746{ 747 NUMFIBS=$1 748 net_fibs=`sysctl -n net.fibs` 749 i=0 750 while [ $i -lt "$NUMFIBS" ]; do 751 fib=`atf_config_get "fibs" | \ 752 awk -v i=$(( i + 1 )) '{print $i}'` 753 echo "fib is ${fib}" 754 eval FIB${i}=${fib} 755 if [ "$fib" -ge "$net_fibs" ]; then 756 atf_skip "The ${i}th configured fib is ${fib}, which is not less than net.fibs, which is ${net_fibs}" 757 fi 758 i=$(( $i + 1 )) 759 done 760} 761 762# Creates a new pair of connected epair(4) interface, registers them for 763# cleanup, and returns their namen via the environment variables EPAIRA and 764# EPAIRB 765get_epair() 766{ 767 local EPAIRD 768 769 if (which pfctl && pfctl -s info | grep -q 'Status: Enabled') || 770 [ `sysctl -n net.inet.ip.fw.enable` = "1" ] || 771 (which ipf && ipf -V); then 772 atf_skip "firewalls interfere with this test" 773 fi 774 775 if EPAIRD=`ifconfig epair create`; then 776 # Record the epair device so we can clean it up later 777 echo ${EPAIRD} >> "ifaces_to_cleanup" 778 EPAIRA=${EPAIRD} 779 EPAIRB=${EPAIRD%a}b 780 else 781 atf_skip "Could not create epair(4) interfaces" 782 fi 783} 784 785# Creates a new tap(4) interface, registers it for cleanup, and returns the 786# name via the environment variable TAP 787get_tap() 788{ 789 local TAPD 790 791 if TAPD=`ifconfig tap create`; then 792 # Record the TAP device so we can clean it up later 793 echo ${TAPD} >> "ifaces_to_cleanup" 794 TAP=${TAPD} 795 else 796 atf_skip "Could not create a tap(4) interface" 797 fi 798} 799 800# Configure an ethernet interface 801# parameters: 802# Interface name 803# fib 804# Protocol (inet or inet6) 805# IP address 806# Netmask in number of bits (eg 24 or 8) 807# Extra flags 808# Return: None 809setup_iface() 810{ 811 local IFACE=$1 812 local FIB=$2 813 local PROTO=$3 814 local ADDR=$4 815 local MASK=$5 816 local FLAGS=$6 817 echo setfib ${FIB} \ 818 ifconfig $IFACE ${PROTO} ${ADDR}/${MASK} fib $FIB $FLAGS 819 setfib ${FIB} ifconfig $IFACE ${PROTO} ${ADDR}/${MASK} fib $FIB $FLAGS 820} 821 822# Create a tap(4) interface, configure it, and register it for cleanup. 823# parameters: 824# fib 825# Protocol (inet or inet6) 826# IP address 827# Netmask in number of bits (eg 24 or 8) 828# Extra flags 829# Return: the tap interface name as the env variable TAP 830setup_tap() 831{ 832 get_tap 833 setup_iface "$TAP" "$@" 834} 835 836cleanup_ifaces() 837{ 838 if [ -f ifaces_to_cleanup ]; then 839 for iface in $(cat ifaces_to_cleanup); do 840 echo ifconfig "${iface}" destroy 841 ifconfig "${iface}" destroy 2>/dev/null || true 842 done 843 rm -f ifaces_to_cleanup 844 fi 845} 846