Page MenuHomeFreeBSD
Differential D50449

tests: extend wireguard test to cover incremental allowed-ips updates
ClosedPublic
Actions

Authored by kevans on May 21 2025, 4:00 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Jul 14, 12:58 PM
Unknown Object (File)
Mon, Jul 14, 12:58 PM
Unknown Object (File)
Mon, Jul 14, 12:58 PM
Unknown Object (File)
Mon, Jul 14, 12:58 PM
Unknown Object (File)
Mon, Jul 14, 12:58 PM
Unknown Object (File)
Tue, Jul 8, 6:46 AM
Unknown Object (File)
Mon, Jul 7, 2:34 AM
Unknown Object (File)
Sat, Jul 5, 9:25 PM
View All 31 Files
Subscribers
ae
glebius
imp
melifaro

Details

Reviewers
ivy
jhb
markj
aly_aaronly.me
Commits
rG716b6667b65b: tests: extend wireguard test to cover incremental allowed-ips updates
Summary

New +/- syntax in wg(8) allows us to add or remove just a single
allowed-ip rather than forcing replacement or weird tricks to do an
atomic removal. Ensure that it works now that we've added kernel
support for it.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kevans created this revision.May 21 2025, 4:00 AM
Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptMay 21 2025, 4:00 AM
kevans requested review of this revision.May 21 2025, 4:00 AM
Harbormaster completed remote builds in B64335: Diff 155804.May 21 2025, 4:00 AM
kevans added a parent revision: D50448: kern: wg: add support for removing Allowed-IPs.May 21 2025, 4:00 AM
kevans added a child revision: D50450: wg: ipc: add allowed-ip flags support for FreeBSD.
ivy added a comment.May 23 2025, 7:39 PM

tests for adding an aip that already exists and removing an aip that doesn't exist would be nice.

ivy added inline comments.May 23 2025, 7:41 PM
tests/sys/net/if_wg.sh
442

as there are AF-specific branches in the kernel part, we should test both inet and inet6 addresses.

kevans marked an inline comment as done.Jun 12 2025, 1:26 PM
kevans added inline comments.
tests/sys/net/if_wg.sh
442

I'm adding a basic IPv6 test, but the parts that branch out for INET6 don't change the semantics of the functionality so I'm not sure I'll go as far as duplicating all of them.

kevans updated this revision to Diff 156876.Jun 12 2025, 1:33 PM
kevans marked an inline comment as done.

Add more tests:

  • Basic IPv6 tests
  • Removal of an IP that is not assigned at all
  • Removal of an IP that is assigned to another peer
  • Stealing an IP from another peer
  • Adding an IP that's already there
Harbormaster completed remote builds in B64794: Diff 156876.Jun 12 2025, 1:33 PM
ivy accepted this revision.Jun 17 2025, 3:44 PM
This revision is now accepted and ready to land.Jun 17 2025, 3:44 PM
Closed by commit rG716b6667b65b: tests: extend wireguard test to cover incremental allowed-ips updates (authored by kevans). · Explain WhyThu, Jun 26, 2:59 AM
This revision was automatically updated to reflect the committed changes.
kevans added a commit: rG716b6667b65b: tests: extend wireguard test to cover incremental allowed-ips updates.

Revision Contents
Changeset List

PathSize
tests/
sys/
net/
205 lines

Diff 157639

View Options

tests/sys/net/if_wg.sh

Loading...