Page MenuHomeFreeBSD
Files F108642631

D24002.id69313.diff
No OneTemporary
Actions

D24002.id69313.diff
View Options

Index: tests/sys/common/Makefile
===================================================================
--- tests/sys/common/Makefile
+++ tests/sys/common/Makefile
@@ -4,7 +4,9 @@
TESTSDIR= ${TESTSBASE}/sys/common
${PACKAGE}FILES+= vnet.subr
${PACKAGE}FILES+= divert.py
+${PACKAGE}FILES+= sender.py
${PACKAGE}FILESMODE_divert.py=0555
+${PACKAGE}FILESMODE_sender.py=0555
.include <bsd.test.mk>
Index: tests/sys/common/sender.py
===================================================================
--- /dev/null
+++ tests/sys/common/sender.py
@@ -0,0 +1,201 @@
+#!/usr/bin/env python
+# -
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2020 Alexander V. Chernikov
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+
+from functools import partial
+import socket
+import scapy.all as sc
+import argparse
+import time
+
+
+def parse_args():
+ parser = argparse.ArgumentParser(description='divert socket tester')
+ parser.add_argument('--dip', type=str, help='destination packet IP')
+ parser.add_argument('--sip', type=str, help='source packet IP')
+ parser.add_argument('--dmac', type=str, help='packet dst mac')
+ parser.add_argument('--smac', type=str, help='packet src mac')
+ parser.add_argument('--iface', type=str, help='interface to use')
+ parser.add_argument('--test_name', type=str, required=True,
+ help='test name to run')
+ return parser.parse_args()
+
+
+def send_packet(args, pkt):
+ sc.sendp(pkt, iface=args.iface, verbose=False)
+
+
+def is_icmp6_echo_request(pkt):
+ return pkt.type == 0x86DD and pkt.payload.nh == 58 and \
+ pkt.payload.payload.type == 128
+
+
+def check_forwarded_ip_packet(orig_pkt, fwd_pkt):
+ """
+ Checks that forwarded ICMP packet @fwd_ptk is the same as
+ @orig_pkt. Assumes router-on-the-stick forwarding behaviour:
+ * src/dst macs are swapped
+ * TTL is decremented
+ """
+ # Check ether fields
+ assert orig_pkt.src == fwd_pkt.dst
+ assert orig_pkt.dst == fwd_pkt.src
+ assert len(orig_pkt) == len(fwd_pkt)
+ # Check IP
+ fwd_ip = fwd_pkt[sc.IP]
+ orig_ip = orig_pkt[sc.IP]
+ assert orig_ip.src == orig_ip.src
+ assert orig_ip.dst == fwd_ip.dst
+ assert orig_ip.ttl == fwd_ip.ttl + 1
+ # Check ICMP
+ fwd_icmp = fwd_ip[sc.ICMP]
+ orig_icmp = orig_ip[sc.ICMP]
+ assert bytes(orig_ip.payload) == bytes(fwd_ip.payload)
+
+
+def fwd_ip_icmp_fast(args):
+ """
+ Sends ICMP packet via args.iface interface.
+ Receives and checks the forwarded packet.
+ Assumes forwarding router decrements TTL
+ """
+
+ def filter_f(x):
+ return x.src == args.dmac and x.type == 0x0800
+
+ e = sc.Ether(src=args.smac, dst=args.dmac)
+ ip = sc.IP(src=args.sip, dst=args.dip)
+ icmp = sc.ICMP(type='echo-request')
+ pkt = e / ip / icmp
+
+ send_cb = partial(send_packet, args, pkt)
+ packets = sc.sniff(iface=args.iface, started_callback=send_cb,
+ stop_filter=filter_f, lfilter=filter_f, timeout=5)
+ assert len(packets) > 0
+ fwd_pkt = packets[-1]
+ try:
+ check_forwarded_ip_packet(pkt, fwd_pkt)
+ except Exception as e:
+ print('Original packet:')
+ pkt.show()
+ print('Forwarded packet:')
+ fwd_pkt.show()
+ for a_packet in packets:
+ a_packet.summary()
+ raise Exception from e
+
+
+def fwd_ip_icmp_slow(args):
+ """
+ Sends ICMP packet via args.iface interface.
+ Forces slow path processing by introducing IP option.
+ Receives and checks the forwarded packet.
+ Assumes forwarding router decrements TTL
+ """
+
+ def filter_f(x):
+ return x.src == args.dmac and x.type == 0x0800
+
+ e = sc.Ether(src=args.smac, dst=args.dmac)
+ # Add IP option to switch to 'normal' IP processing
+ stream_id = sc.IPOption_Stream_Id(security=0xFFFF)
+ ip = sc.IP(src=args.sip, dst=args.dip,
+ options=[sc.IPOption_Stream_Id(security=0xFFFF)])
+ icmp = sc.ICMP(type='echo-request')
+ pkt = e / ip / icmp
+
+ send_cb = partial(send_packet, args, pkt)
+ packets = sc.sniff(iface=args.iface, started_callback=send_cb,
+ stop_filter=filter_f, lfilter=filter_f, timeout=5)
+ assert len(packets) > 0
+ check_forwarded_ip_packet(pkt, packets[-1])
+
+
+def check_forwarded_ip6_packet(orig_pkt, fwd_pkt):
+ """
+ Checks that forwarded ICMP packet @fwd_ptk is the same as
+ @orig_pkt. Assumes router-on-the-stick forwarding behaviour:
+ * src/dst macs are swapped
+ * TTL is decremented
+ """
+ # Check ether fields
+ assert orig_pkt.src == fwd_pkt.dst
+ assert orig_pkt.dst == fwd_pkt.src
+ assert len(orig_pkt) == len(fwd_pkt)
+ # Check IP
+ fwd_ip = fwd_pkt[sc.IPv6]
+ orig_ip = orig_pkt[sc.IPv6]
+ assert orig_ip.src == orig_ip.src
+ assert orig_ip.dst == fwd_ip.dst
+ assert orig_ip.hlim == fwd_ip.hlim + 1
+ # Check ICMPv6
+ assert bytes(orig_ip.payload) == bytes(fwd_ip.payload)
+
+
+def fwd_ip6_icmp(args):
+ """
+ Sends ICMPv6 packet via args.iface interface.
+ Receives and checks the forwarded packet.
+ Assumes forwarding router decrements TTL
+ """
+
+ def filter_f(x):
+ return x.src == args.dmac and is_icmp6_echo_request(x)
+
+ e = sc.Ether(src=args.smac, dst=args.dmac)
+ ip = sc.IPv6(src=args.sip, dst=args.dip)
+ icmp = sc.ICMPv6EchoRequest()
+ pkt = e / ip / icmp
+
+ send_cb = partial(send_packet, args, pkt)
+ packets = sc.sniff(iface=args.iface, started_callback=send_cb,
+ stop_filter=filter_f, lfilter=filter_f, timeout=5)
+ assert len(packets) > 0
+ fwd_pkt = packets[-1]
+ try:
+ check_forwarded_ip6_packet(pkt, fwd_pkt)
+ except Exception as e:
+ print('Original packet:')
+ pkt.show()
+ print('Forwarded packet:')
+ fwd_pkt.show()
+ for idx, a_packet in enumerate(packets):
+ print('{}: {}'.format(idx, a_packet.summary()))
+ raise Exception from e
+
+
+def main():
+ args = parse_args()
+ test_ptr = globals()[args.test_name]
+ test_ptr(args)
+
+
+if __name__ == '__main__':
+ main()
Index: tests/sys/netinet/Makefile
===================================================================
--- tests/sys/netinet/Makefile
+++ tests/sys/netinet/Makefile
@@ -9,7 +9,7 @@
so_reuseport_lb_test \
socket_afinet
-ATF_TESTS_SH= fibs_test redirect divert
+ATF_TESTS_SH= fibs_test redirect divert forward
PROGS= udp_dontroute tcp_user_cookie
Index: tests/sys/netinet/forward.sh
===================================================================
--- /dev/null
+++ tests/sys/netinet/forward.sh
@@ -0,0 +1,273 @@
+#!/usr/bin/env atf-sh
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2020 Alexander V. Chernikov
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+. $(atf_get_srcdir)/../common/vnet.subr
+
+atf_test_case "fwd_ip_icmp_iface_fast_success" "cleanup"
+fwd_ip_icmp_iface_fast_success_head() {
+
+ atf_set descr 'Test valid IPv4 on-stick fastforwarding to iface'
+ atf_set require.user root
+ atf_set require.progs scapy
+}
+
+fwd_ip_icmp_iface_fast_success_body() {
+
+ vnet_init
+
+ ip4a="192.0.2.1"
+ ip4b="192.0.2.2"
+ plen=29
+ src_ip="192.0.2.3"
+
+ script_name="../common/sender.py"
+
+ epair=$(vnet_mkepair)
+ ifconfig ${epair}a up
+ ifconfig ${epair}a inet ${ip4a}/${plen}
+
+ jname="v4t-fwd_ip_icmp_iface_fast_success"
+ vnet_mkjail ${jname} ${epair}b
+ jexec ${jname} ifconfig ${epair}b up
+ jexec ${jname} ifconfig ${epair}b inet ${ip4b}/${plen}
+
+ # Get router ip/mac
+ jail_ip=${ip4b}
+ jail_mac=`jexec ${jname} ifconfig ${epair}b ether | awk '$1~/ether/{print$2}'`
+
+ our_mac=`ifconfig ${epair}a ether | awk '$1~/ether/{print$2}'`
+
+ jexec ${jname} sysctl net.inet.ip.forwarding=1
+ # As we're doing router-on-the-stick, turn sending IP redirects off:
+ jexec ${jname} sysctl net.inet.ip.redirect=0
+
+ # echo "LOCAL: ${local_ip} ${local_mac}"
+ # echo "REMOTE: ${remote_rtr_ip} ${remote_rtr_mac}"
+
+ atf_check -s exit:0 $(atf_get_srcdir)/${script_name} \
+ --test_name fwd_ip_icmp_fast \
+ --smac ${our_mac} --dmac ${jail_mac} \
+ --sip ${src_ip} --dip ${ip4a} \
+ --iface ${epair}a
+
+ # check counters are valid
+ atf_check -o match:'1 packet forwarded \(1 packet fast forwarded\)' jexec ${jname} netstat -sp ip
+}
+
+fwd_ip_icmp_iface_fast_success_cleanup() {
+
+ vnet_cleanup
+}
+
+atf_test_case "fwd_ip_icmp_gw_fast_success" "cleanup"
+fwd_ip_icmp_gw_fast_success_head() {
+
+ atf_set descr 'Test valid IPv4 on-stick fastforwarding to gw'
+ atf_set require.user root
+ atf_set require.progs scapy
+}
+
+fwd_ip_icmp_gw_fast_success_body() {
+
+ vnet_init
+
+ ip4a="192.0.2.1"
+ ip4b="192.0.2.2"
+ plen=29
+ src_ip="192.0.2.3"
+ dst_ip="192.0.2.4"
+
+ script_name="../common/sender.py"
+
+ epair=$(vnet_mkepair)
+ ifconfig ${epair}a up
+ ifconfig ${epair}a inet ${ip4a}/${plen}
+
+ jname="v4t-fwd_ip_icmp_gw_fast_success"
+ vnet_mkjail ${jname} ${epair}b
+ jexec ${jname} ifconfig ${epair}b up
+ jexec ${jname} ifconfig ${epair}b inet ${ip4b}/${plen}
+
+ # Get router ip/mac
+ jail_ip=${ip4b}
+ jail_mac=`jexec ${jname} ifconfig ${epair}b ether | awk '$1~/ether/{print$2}'`
+
+ our_mac=`ifconfig ${epair}a ether | awk '$1~/ether/{print$2}'`
+
+ jexec ${jname} sysctl net.inet.ip.forwarding=1
+ # As we're doing router-on-the-stick, turn sending IP redirects off:
+ jexec ${jname} sysctl net.inet.ip.redirect=0
+
+ # Add host route
+ jexec ${jname} route -4 add -host ${dst_ip} ${ip4a}
+
+ # echo "LOCAL: ${local_ip} ${local_mac}"
+ # echo "REMOTE: ${remote_rtr_ip} ${remote_rtr_mac}"
+
+ atf_check -s exit:0 $(atf_get_srcdir)/${script_name} \
+ --test_name fwd_ip_icmp_fast \
+ --smac ${our_mac} --dmac ${jail_mac} \
+ --sip ${src_ip} --dip ${dst_ip} \
+ --iface ${epair}a
+
+ # check counters are valid
+ atf_check -o match:'1 packet forwarded \(1 packet fast forwarded\)' jexec ${jname} netstat -sp ip
+}
+
+fwd_ip_icmp_gw_fast_success_cleanup() {
+
+ vnet_cleanup
+}
+
+atf_test_case "fwd_ip_icmp_iface_slow_success" "cleanup"
+fwd_ip_icmp_iface_slow_success_head() {
+
+ atf_set descr 'Test valid IPv4 on-stick "slow" forwarding to iface'
+ atf_set require.user root
+ atf_set require.progs scapy
+}
+
+fwd_ip_icmp_iface_slow_success_body() {
+
+ vnet_init
+
+ ip4a="192.0.2.1"
+ ip4b="192.0.2.2"
+ plen=29
+ src_ip="192.0.2.3"
+
+ script_name="../common/sender.py"
+
+ epair=$(vnet_mkepair)
+ ifconfig ${epair}a up
+ ifconfig ${epair}a inet ${ip4a}/${plen}
+
+ jname="v4t-fwd_ip_icmp_iface_slow_success"
+ vnet_mkjail ${jname} ${epair}b
+ jexec ${jname} ifconfig ${epair}b up
+ jexec ${jname} ifconfig ${epair}b inet ${ip4b}/${plen}
+
+ # Get router ip/mac
+ jail_ip=${ip4b}
+ jail_mac=`jexec ${jname} ifconfig ${epair}b ether | awk '$1~/ether/{print$2}'`
+
+ our_mac=`ifconfig ${epair}a ether | awk '$1~/ether/{print$2}'`
+
+ jexec ${jname} sysctl net.inet.ip.forwarding=1
+ # As we're doing router-on-the-stick, turn sending IP redirects off:
+ jexec ${jname} sysctl net.inet.ip.redirect=0
+
+ # Generate packet with options to force slow-path
+ atf_check -s exit:0 $(atf_get_srcdir)/${script_name} \
+ --test_name fwd_ip_icmp_slow \
+ --smac ${our_mac} --dmac ${jail_mac} \
+ --sip ${src_ip} --dip ${ip4a} \
+ --iface ${epair}a
+
+ # check counters are valid
+ atf_check -o match:'1 packet forwarded \(0 packets fast forwarded\)' jexec ${jname} netstat -sp ip
+}
+
+fwd_ip_icmp_iface_slow_success_cleanup() {
+
+ vnet_cleanup
+}
+
+atf_test_case "fwd_ip_icmp_gw_slow_success" "cleanup"
+fwd_ip_icmp_gw_slow_success_head() {
+
+ atf_set descr 'Test valid IPv4 on-stick "slow" forwarding to gw'
+ atf_set require.user root
+ atf_set require.progs scapy
+}
+
+fwd_ip_icmp_gw_slow_success_body() {
+
+ vnet_init
+
+ ip4a="192.0.2.1"
+ ip4b="192.0.2.2"
+ plen=29
+ src_ip="192.0.2.3"
+ dst_ip="192.0.2.4"
+
+ script_name="../common/sender.py"
+
+ epair=$(vnet_mkepair)
+ ifconfig ${epair}a up
+ ifconfig ${epair}a inet ${ip4a}/${plen}
+
+ jname="v4t-fwd_ip_icmp_gw_slow_success"
+ vnet_mkjail ${jname} ${epair}b
+ jexec ${jname} ifconfig ${epair}b up
+ jexec ${jname} ifconfig ${epair}b inet ${ip4b}/${plen}
+
+ # Get router ip/mac
+ jail_ip=${ip4b}
+ jail_mac=`jexec ${jname} ifconfig ${epair}b ether | awk '$1~/ether/{print$2}'`
+
+ our_mac=`ifconfig ${epair}a ether | awk '$1~/ether/{print$2}'`
+
+ jexec ${jname} sysctl net.inet.ip.forwarding=1
+ # As we're doing router-on-the-stick, turn sending IP redirects off:
+ jexec ${jname} sysctl net.inet.ip.redirect=0
+
+ # Add host route
+ jexec ${jname} route -4 add -host ${dst_ip} ${ip4a}
+
+ # echo "LOCAL: ${local_ip} ${local_mac}"
+ # echo "REMOTE: ${remote_rtr_ip} ${remote_rtr_mac}"
+
+ atf_check -s exit:0 $(atf_get_srcdir)/${script_name} \
+ --test_name fwd_ip_icmp_fast \
+ --smac ${our_mac} --dmac ${jail_mac} \
+ --sip ${src_ip} --dip ${dst_ip} \
+ --iface ${epair}a
+
+ # check counters are valid
+ atf_check -o match:'1 packet forwarded \(1 packet fast forwarded\)' jexec ${jname} netstat -sp ip
+}
+
+fwd_ip_icmp_gw_slow_success_cleanup() {
+
+ vnet_cleanup
+}
+
+atf_init_test_cases()
+{
+
+ atf_add_test_case "fwd_ip_icmp_iface_fast_success"
+ atf_add_test_case "fwd_ip_icmp_gw_fast_success"
+ atf_add_test_case "fwd_ip_icmp_iface_slow_success"
+ atf_add_test_case "fwd_ip_icmp_gw_slow_success"
+}
+
+# end
+
Index: tests/sys/netinet6/Makefile
===================================================================
--- tests/sys/netinet6/Makefile
+++ tests/sys/netinet6/Makefile
@@ -10,7 +10,8 @@
mld \
scapyi386 \
redirect \
- divert
+ divert \
+ forward6
${PACKAGE}FILES+= exthdr.py
${PACKAGE}FILES+= mld.py
Index: tests/sys/netinet6/forward6.sh
===================================================================
--- /dev/null
+++ tests/sys/netinet6/forward6.sh
@@ -0,0 +1,482 @@
+#!/usr/bin/env atf-sh
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2020 Alexander V. Chernikov
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+. $(atf_get_srcdir)/../common/vnet.subr
+
+atf_test_case "fwd_ip6_gu_icmp_iface_fast_success" "cleanup"
+fwd_ip6_gu_icmp_iface_fast_success_head() {
+
+ atf_set descr 'Test valid IPv6 global unicast fast-forwarding to interface'
+ atf_set require.user root
+ atf_set require.progs scapy
+}
+
+fwd_ip6_gu_icmp_iface_fast_success_body() {
+
+ ids=65529
+ id=`printf "%x" ${ids}`
+ if [ $$ -gt 65535 ]; then
+ xl=`printf "%x" $(($$ - 65535))`
+ yl="1"
+ else
+ xl=`printf "%x" $$`
+ yl=""
+ fi
+
+ vnet_init
+
+ ip6a="2001:db8:6666:0000:${yl}:${id}:1:${xl}"
+ ip6b="2001:db8:6666:0000:${yl}:${id}:2:${xl}"
+ plen=96
+
+ src_ip="2001:db8:6666:0000:${yl}:${id}:3:${xl}"
+
+ script_name="../common/sender.py"
+
+ epair=$(vnet_mkepair)
+ ifconfig ${epair}a up
+ ifconfig ${epair}a inet6 ${ip6a}/${plen}
+
+ jname="v6t-${id}-${yl}-${xl}"
+ vnet_mkjail ${jname} ${epair}b
+ jexec ${jname} ifconfig ${epair}b up
+ jexec ${jname} ifconfig ${epair}b inet6 ${ip6b}/${plen}
+
+ jail_mac=`jexec ${jname} ifconfig ${epair}b ether | awk '$1~/ether/{print$2}'`
+
+ our_mac=`ifconfig ${epair}a ether | awk '$1~/ether/{print$2}'`
+
+ # wait for DAD to complete
+ while [ `jexec ${jname} ifconfig ${epair}b inet6 | grep -c tentative` != "0" ]; do
+ sleep 0.1
+ done
+ while [ `ifconfig ${epair}a inet6 | grep -c tentative` != "0" ]; do
+ sleep 0.1
+ done
+
+ jexec ${jname} sysctl net.inet6.ip6.forwarding=1
+ # As we're doing router-on-the-stick, turn sending IP redirects off:
+ jexec ${jname} sysctl net.inet6.ip6.redirect=0
+
+ atf_check -s exit:0 $(atf_get_srcdir)/${script_name} \
+ --test_name fwd_ip6_icmp \
+ --smac ${our_mac} --dmac ${jail_mac} \
+ --sip ${src_ip} --dip ${ip6a} \
+ --iface ${epair}a
+
+ # check counters are valid
+ atf_check -o match:'1 packet forwarded' jexec ${jname} netstat -sp ip6
+}
+
+fwd_ip6_gu_icmp_iface_fast_success_cleanup() {
+
+ vnet_cleanup
+}
+
+atf_test_case "fwd_ip6_gu_icmp_gw_gu_fast_success" "cleanup"
+fwd_ip6_gu_icmp_gw_gu_fast_success_head() {
+
+ atf_set descr 'Test valid IPv6 global unicast fast-forwarding to GU gw'
+ atf_set require.user root
+ atf_set require.progs scapy
+}
+
+fwd_ip6_gu_icmp_gw_gu_fast_success_body() {
+
+ ids=65528
+ id=`printf "%x" ${ids}`
+ if [ $$ -gt 65535 ]; then
+ xl=`printf "%x" $(($$ - 65535))`
+ yl="1"
+ else
+ xl=`printf "%x" $$`
+ yl=""
+ fi
+
+ vnet_init
+
+ ip6a="2001:db8:6666:0000:${yl}:${id}:1:${xl}"
+ ip6b="2001:db8:6666:0000:${yl}:${id}:2:${xl}"
+ plen=96
+
+ src_ip="2001:db8:6666:0000:${yl}:${id}:3:${xl}"
+ dst_ip="2001:db8:6666:0000:${yl}:${id}:4:${xl}"
+
+ script_name="../common/sender.py"
+
+ epair=$(vnet_mkepair)
+ ifconfig ${epair}a up
+ ifconfig ${epair}a inet6 ${ip6a}/${plen}
+
+ jname="v6t-${id}-${yl}-${xl}"
+ vnet_mkjail ${jname} ${epair}b
+ jexec ${jname} ifconfig ${epair}b up
+ jexec ${jname} ifconfig ${epair}b inet6 ${ip6b}/${plen}
+
+ jail_mac=`jexec ${jname} ifconfig ${epair}b ether | awk '$1~/ether/{print$2}'`
+
+ our_mac=`ifconfig ${epair}a ether | awk '$1~/ether/{print$2}'`
+
+ # wait for DAD to complete
+ while [ `jexec ${jname} ifconfig ${epair}b inet6 | grep -c tentative` != "0" ]; do
+ sleep 0.1
+ done
+ while [ `ifconfig ${epair}a inet6 | grep -c tentative` != "0" ]; do
+ sleep 0.1
+ done
+
+ # Add static route back to us
+ jexec ${jname} route add -6 -host ${dst_ip} ${ip6a}
+
+ jexec ${jname} sysctl net.inet6.ip6.forwarding=1
+ # As we're doing router-on-the-stick, turn sending IP redirects off:
+ jexec ${jname} sysctl net.inet6.ip6.redirect=0
+
+ atf_check -s exit:0 $(atf_get_srcdir)/${script_name} \
+ --test_name fwd_ip6_icmp \
+ --smac ${our_mac} --dmac ${jail_mac} \
+ --sip ${src_ip} --dip ${dst_ip} \
+ --iface ${epair}a
+
+ # check counters are valid
+ atf_check -o match:'1 packet forwarded' jexec ${jname} netstat -sp ip6
+}
+
+fwd_ip6_gu_icmp_gw_gu_fast_success_cleanup() {
+
+ vnet_cleanup
+}
+
+atf_test_case "fwd_ip6_gu_icmp_gw_ll_fast_success" "cleanup"
+fwd_ip6_gu_icmp_gw_ll_fast_success_head() {
+
+ atf_set descr 'Test valid IPv6 global unicast fast-forwarding to LL gw'
+ atf_set require.user root
+ atf_set require.progs scapy
+}
+
+fwd_ip6_gu_icmp_gw_ll_fast_success_body() {
+
+ ids=65527
+ id=`printf "%x" ${ids}`
+ if [ $$ -gt 65535 ]; then
+ xl=`printf "%x" $(($$ - 65535))`
+ yl="1"
+ else
+ xl=`printf "%x" $$`
+ yl=""
+ fi
+
+ vnet_init
+
+ ip6a="2001:db8:6666:0000:${yl}:${id}:1:${xl}"
+ ip6b="2001:db8:6666:0000:${yl}:${id}:2:${xl}"
+ plen=96
+
+ src_ip="2001:db8:6666:0000:${yl}:${id}:3:${xl}"
+ dst_ip="2001:db8:6666:0000:${yl}:${id}:4:${xl}"
+
+ script_name="../common/sender.py"
+
+ epair=$(vnet_mkepair)
+ ifconfig ${epair}a up
+ ifconfig ${epair}a inet6 ${ip6a}/${plen}
+
+ jname="v6t-${id}-${yl}-${xl}"
+ vnet_mkjail ${jname} ${epair}b
+ jexec ${jname} ifconfig ${epair}b up
+ jexec ${jname} ifconfig ${epair}b inet6 ${ip6b}/${plen}
+
+ jail_mac=`jexec ${jname} ifconfig ${epair}b ether | awk '$1~/ether/{print$2}'`
+
+ our_mac=`ifconfig ${epair}a ether | awk '$1~/ether/{print$2}'`
+ our_ll_ip=`ifconfig ${epair}a inet6 | awk '$1~/inet6/&& $2~/^fe80:/{print$2}' | awk -F% '{print$1}'`
+
+ # wait for DAD to complete
+ while [ `jexec ${jname} ifconfig ${epair}b inet6 | grep -c tentative` != "0" ]; do
+ sleep 0.1
+ done
+ while [ `ifconfig ${epair}a inet6 | grep -c tentative` != "0" ]; do
+ sleep 0.1
+ done
+
+ # Add static route back to us
+ atf_check -s exit:0 -o ignore jexec ${jname} route add -6 -host ${dst_ip} ${our_ll_ip}%${epair}b
+
+ jexec ${jname} sysctl net.inet6.ip6.forwarding=1
+ # As we're doing router-on-the-stick, turn sending IP redirects off:
+ jexec ${jname} sysctl net.inet6.ip6.redirect=0
+
+ atf_check -s exit:0 $(atf_get_srcdir)/${script_name} \
+ --test_name fwd_ip6_icmp \
+ --smac ${our_mac} --dmac ${jail_mac} \
+ --sip ${src_ip} --dip ${dst_ip} \
+ --iface ${epair}a
+
+ # check counters are valid
+ atf_check -o match:'1 packet forwarded' jexec ${jname} netstat -sp ip6
+}
+
+fwd_ip6_gu_icmp_gw_ll_fast_success_cleanup() {
+
+ vnet_cleanup
+}
+
+atf_test_case "fwd_ip6_gu_icmp_iface_slow_success" "cleanup"
+fwd_ip6_gu_icmp_iface_slow_success_head() {
+
+ atf_set descr 'Test valid IPv6 global unicast fast-forwarding to interface'
+ atf_set require.user root
+ atf_set require.progs scapy
+}
+
+fwd_ip6_gu_icmp_iface_slow_success_body() {
+
+ ids=65526
+ id=`printf "%x" ${ids}`
+ if [ $$ -gt 65535 ]; then
+ xl=`printf "%x" $(($$ - 65535))`
+ yl="1"
+ else
+ xl=`printf "%x" $$`
+ yl=""
+ fi
+
+ vnet_init
+
+ ip6a="2001:db8:6666:0000:${yl}:${id}:1:${xl}"
+ ip6b="2001:db8:6666:0000:${yl}:${id}:2:${xl}"
+ plen=96
+
+ src_ip="2001:db8:6666:0000:${yl}:${id}:3:${xl}"
+
+ script_name="../common/sender.py"
+
+ epair=$(vnet_mkepair)
+ ifconfig ${epair}a up
+ ifconfig ${epair}a inet6 ${ip6a}/${plen}
+
+ jname="v6t-${id}-${yl}-${xl}"
+ vnet_mkjail ${jname} ${epair}b
+ jexec ${jname} ifconfig ${epair}b up
+ jexec ${jname} ifconfig ${epair}b inet6 ${ip6b}/${plen}
+
+ jail_mac=`jexec ${jname} ifconfig ${epair}b ether | awk '$1~/ether/{print$2}'`
+
+ our_mac=`ifconfig ${epair}a ether | awk '$1~/ether/{print$2}'`
+
+ # wait for DAD to complete
+ while [ `jexec ${jname} ifconfig ${epair}b inet6 | grep -c tentative` != "0" ]; do
+ sleep 0.1
+ done
+ while [ `ifconfig ${epair}a inet6 | grep -c tentative` != "0" ]; do
+ sleep 0.1
+ done
+
+ jexec ${jname} sysctl net.inet6.ip6.forwarding=1
+ # Do not turn off route redirects to ensure slow path is on
+
+ atf_check -s exit:0 $(atf_get_srcdir)/${script_name} \
+ --test_name fwd_ip6_icmp \
+ --smac ${our_mac} --dmac ${jail_mac} \
+ --sip ${src_ip} --dip ${ip6a} \
+ --iface ${epair}a
+
+ # check counters are valid
+ atf_check -o match:'1 packet forwarded' jexec ${jname} netstat -sp ip6
+}
+
+fwd_ip6_gu_icmp_iface_slow_success_cleanup() {
+
+ vnet_cleanup
+}
+
+atf_test_case "fwd_ip6_gu_icmp_gw_gu_slow_success" "cleanup"
+fwd_ip6_gu_icmp_gw_gu_slow_success_head() {
+
+ atf_set descr 'Test valid IPv6 global unicast fast-forwarding to GU gw'
+ atf_set require.user root
+ atf_set require.progs scapy
+}
+
+fwd_ip6_gu_icmp_gw_gu_slow_success_body() {
+
+ ids=65525
+ id=`printf "%x" ${ids}`
+ if [ $$ -gt 65535 ]; then
+ xl=`printf "%x" $(($$ - 65535))`
+ yl="1"
+ else
+ xl=`printf "%x" $$`
+ yl=""
+ fi
+
+ vnet_init
+
+ ip6a="2001:db8:6666:0000:${yl}:${id}:1:${xl}"
+ ip6b="2001:db8:6666:0000:${yl}:${id}:2:${xl}"
+ plen=96
+
+ src_ip="2001:db8:6666:0000:${yl}:${id}:3:${xl}"
+ dst_ip="2001:db8:6666:0000:${yl}:${id}:4:${xl}"
+
+ script_name="../common/sender.py"
+
+ epair=$(vnet_mkepair)
+ ifconfig ${epair}a up
+ ifconfig ${epair}a inet6 ${ip6a}/${plen}
+
+ jname="v6t-${id}-${yl}-${xl}"
+ vnet_mkjail ${jname} ${epair}b
+ jexec ${jname} ifconfig ${epair}b up
+ jexec ${jname} ifconfig ${epair}b inet6 ${ip6b}/${plen}
+
+ jail_mac=`jexec ${jname} ifconfig ${epair}b ether | awk '$1~/ether/{print$2}'`
+
+ our_mac=`ifconfig ${epair}a ether | awk '$1~/ether/{print$2}'`
+
+ # wait for DAD to complete
+ while [ `jexec ${jname} ifconfig ${epair}b inet6 | grep -c tentative` != "0" ]; do
+ sleep 0.1
+ done
+ while [ `ifconfig ${epair}a inet6 | grep -c tentative` != "0" ]; do
+ sleep 0.1
+ done
+
+ # Add static route back to us
+ jexec ${jname} route add -6 -host ${dst_ip} ${ip6a}
+
+ jexec ${jname} sysctl net.inet6.ip6.forwarding=1
+ # Do not turn off route redirects to ensure slow path is on
+
+ # atf_check -s exit:0
+ $(atf_get_srcdir)/${script_name} \
+ --test_name fwd_ip6_icmp \
+ --smac ${our_mac} --dmac ${jail_mac} \
+ --sip ${src_ip} --dip ${dst_ip} \
+ --iface ${epair}a
+ jexec ${jname} netstat -sp ip6
+
+ # check counters are valid
+ atf_check -o match:'1 packet forwarded' jexec ${jname} netstat -sp ip6
+}
+
+fwd_ip6_gu_icmp_gw_gu_slow_success_cleanup() {
+
+ vnet_cleanup
+}
+
+atf_test_case "fwd_ip6_gu_icmp_gw_ll_slow_success" "cleanup"
+fwd_ip6_gu_icmp_gw_ll_slow_success_head() {
+
+ atf_set descr 'Test valid IPv6 global unicast fast-forwarding to LL gw'
+ atf_set require.user root
+ atf_set require.progs scapy
+}
+
+fwd_ip6_gu_icmp_gw_ll_slow_success_body() {
+
+ ids=65524
+ id=`printf "%x" ${ids}`
+ if [ $$ -gt 65535 ]; then
+ xl=`printf "%x" $(($$ - 65535))`
+ yl="1"
+ else
+ xl=`printf "%x" $$`
+ yl=""
+ fi
+
+ vnet_init
+
+ ip6a="2001:db8:6666:0000:${yl}:${id}:1:${xl}"
+ ip6b="2001:db8:6666:0000:${yl}:${id}:2:${xl}"
+ plen=96
+
+ src_ip="2001:db8:6666:0000:${yl}:${id}:3:${xl}"
+ dst_ip="2001:db8:6666:0000:${yl}:${id}:4:${xl}"
+
+ script_name="../common/sender.py"
+
+ epair=$(vnet_mkepair)
+ ifconfig ${epair}a up
+ ifconfig ${epair}a inet6 ${ip6a}/${plen}
+
+ jname="v6t-${id}-${yl}-${xl}"
+ vnet_mkjail ${jname} ${epair}b
+ jexec ${jname} ifconfig ${epair}b up
+ jexec ${jname} ifconfig ${epair}b inet6 ${ip6b}/${plen}
+
+ jail_mac=`jexec ${jname} ifconfig ${epair}b ether | awk '$1~/ether/{print$2}'`
+
+ our_mac=`ifconfig ${epair}a ether | awk '$1~/ether/{print$2}'`
+ our_ll_ip=`ifconfig ${epair}a inet6 | awk '$1~/inet6/&& $2~/^fe80:/{print$2}' | awk -F% '{print$1}'`
+
+ # wait for DAD to complete
+ while [ `jexec ${jname} ifconfig ${epair}b inet6 | grep -c tentative` != "0" ]; do
+ sleep 0.1
+ done
+ while [ `ifconfig ${epair}a inet6 | grep -c tentative` != "0" ]; do
+ sleep 0.1
+ done
+
+ # Add static route back to us
+ atf_check -s exit:0 -o ignore jexec ${jname} route add -6 -host ${dst_ip} ${our_ll_ip}%${epair}b
+
+ jexec ${jname} sysctl net.inet6.ip6.forwarding=1
+ # Do not turn off route redirects to ensure slow path is on
+
+ atf_check -s exit:0 $(atf_get_srcdir)/${script_name} \
+ --test_name fwd_ip6_icmp \
+ --smac ${our_mac} --dmac ${jail_mac} \
+ --sip ${src_ip} --dip ${dst_ip} \
+ --iface ${epair}a
+
+ # check counters are valid
+ atf_check -o match:'1 packet forwarded' jexec ${jname} netstat -sp ip6
+}
+
+fwd_ip6_gu_icmp_gw_ll_slow_success_cleanup() {
+
+ vnet_cleanup
+}
+
+atf_init_test_cases()
+{
+
+ atf_add_test_case "fwd_ip6_gu_icmp_iface_fast_success"
+ atf_add_test_case "fwd_ip6_gu_icmp_gw_gu_fast_success"
+ atf_add_test_case "fwd_ip6_gu_icmp_gw_ll_fast_success"
+ atf_add_test_case "fwd_ip6_gu_icmp_iface_slow_success"
+ atf_add_test_case "fwd_ip6_gu_icmp_gw_gu_slow_success"
+ atf_add_test_case "fwd_ip6_gu_icmp_gw_ll_slow_success"
+}
+
+# end
+

File Metadata

Mime Type
text/plain
Expires
Tue, Jan 28, 1:20 AM (10 h, 25 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
16232866
Default Alt Text
D24002.id69313.diff (29 KB)

Event Timeline