diff --git a/tests/sys/fs/fusefs/Makefile b/tests/sys/fs/fusefs/Makefile index a21512798597..6366676b6fc5 100644 --- a/tests/sys/fs/fusefs/Makefile +++ b/tests/sys/fs/fusefs/Makefile @@ -1,100 +1,100 @@ .include PACKAGE= tests TESTSDIR= ${TESTSBASE}/sys/fs/fusefs ATF_TESTS_SH+= ctl # We could simply link all of these files into a single executable. But since # Kyua treats googletest programs as plain tests, it's better to separate them # out, so we get more granular reporting. GTESTS+= access GTESTS+= allow_other GTESTS+= bad_server GTESTS+= bmap GTESTS+= cache GTESTS+= copy_file_range GTESTS+= create GTESTS+= default_permissions GTESTS+= default_permissions_privileged GTESTS+= destroy GTESTS+= dev_fuse_poll GTESTS+= fallocate GTESTS+= fifo GTESTS+= flush GTESTS+= forget GTESTS+= fsync GTESTS+= fsyncdir GTESTS+= getattr GTESTS+= interrupt GTESTS+= io GTESTS+= last_local_modify GTESTS+= link GTESTS+= locks GTESTS+= lookup GTESTS+= lseek GTESTS+= mkdir GTESTS+= mknod GTESTS+= mount GTESTS+= nfs GTESTS+= notify GTESTS+= open GTESTS+= opendir GTESTS+= pre-init GTESTS+= read GTESTS+= readdir GTESTS+= readlink GTESTS+= release GTESTS+= releasedir GTESTS+= rename GTESTS+= rmdir GTESTS+= setattr GTESTS+= statfs GTESTS+= symlink GTESTS+= unlink GTESTS+= write GTESTS+= xattr .for p in ${GTESTS} SRCS.$p+= ${p}.cc SRCS.$p+= mockfs.cc SRCS.$p+= utils.cc .endfor TEST_METADATA.default_permissions+= required_user="unprivileged" TEST_METADATA.default_permissions_privileged+= required_user="root" TEST_METADATA.mknod+= required_user="root" TEST_METADATA.nfs+= required_user="root" # ctl must be exclusive because it disables/enables camsim TEST_METADATA.ctl+= is_exclusive="true" TEST_METADATA.ctl+= required_user="root" -TEST_METADATA+= timeout=10 +TEST_METADATA+= timeout=20 TEST_METADATA+= required_kmods="fusefs" FUSEFS= ${SRCTOP}/sys/fs/fuse # Suppress warnings that GCC generates for the libc++ and gtest headers. CXXWARNFLAGS.gcc+= -Wno-placement-new -Wno-attributes # Suppress Wcast-align for readdir.cc, because it is unavoidable when using # getdirentries. CXXWARNFLAGS.readdir.cc+= -Wno-cast-align .if ${COMPILER_TYPE} == "gcc" && ${COMPILER_VERSION} >= 80000 CXXWARNFLAGS+= -Wno-class-memaccess .endif # Suppress false warning about set but unused DNAME in inval_entry_below_root CXXWARNFLAGS.gcc+= -Wno-unused-but-set-variable # Suppress warnings about deprecated implicit copy constructors in gtest. CXXWARNFLAGS+= -Wno-deprecated-copy .if ${COMPILER_TYPE} == "clang" && ${COMPILER_VERSION} >= 180000 # clang 18.0.0 introduces a new warning about variable length arrays in C++. CXXWARNFLAGS+= -Wno-vla-cxx-extension .endif CXXFLAGS+= -I${SRCTOP}/tests CXXFLAGS+= -I${FUSEFS} LIBADD+= pthread LIBADD+= gmock gtest LIBADD+= util .include diff --git a/tests/sys/fs/tarfs/tarfs_test.sh b/tests/sys/fs/tarfs/tarfs_test.sh index 505bfc5325f0..3a95263aeda9 100644 --- a/tests/sys/fs/tarfs/tarfs_test.sh +++ b/tests/sys/fs/tarfs/tarfs_test.sh @@ -1,444 +1,444 @@ #!/bin/sh #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2023-2024 Klara, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # mnt="$(realpath ${TMPDIR:-/tmp})/mnt" # expected SHA256 checksum of file contained in test tarball sum=4da2143234486307bb44eaa610375301781a577d1172f362b88bb4b1643dee62 tar() { if [ -n "${TARFS_USE_GNU_TAR}" ] ; then gtar --posix --absolute-names "$@" else bsdtar "$@" fi } mktar() { "$(atf_get_srcdir)"/mktar ${TARFS_USE_GNU_TAR+-g} "$@" } tarsum() { "$(atf_get_srcdir)"/tarsum } tarfs_setup() { mkdir "${mnt}" } tarfs_cleanup() { umount -f "${mnt}" 2>/dev/null || true } atf_test_case tarfs_basic cleanup tarfs_basic_head() { atf_set "descr" "Basic function test" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" } tarfs_basic_body() { tarfs_setup local tarball="${PWD}/tarfs_test.tar.zst" mktar "${tarball}" atf_check mount -rt tarfs "${tarball}" "${mnt}" atf_check -o match:"^${tarball} on ${mnt} \(tarfs," mount atf_check test "${mnt}"/sparse_file -ef "${mnt}"/hard_link atf_check test "${mnt}"/sparse_file -ef "${mnt}"/short_link atf_check test "${mnt}"/sparse_file -ef "${mnt}"/long_link atf_check -o inline:"${sum}\n" sha256 -q "${mnt}"/sparse_file atf_check -o inline:"2,40755\n" stat -f%l,%p "${mnt}"/directory atf_check -o inline:"1,100644\n" stat -f%l,%p "${mnt}"/file atf_check -o inline:"2,100644\n" stat -f%l,%p "${mnt}"/hard_link atf_check -o inline:"1,120755\n" stat -f%l,%p "${mnt}"/long_link atf_check -o inline:"1,120755\n" stat -f%l,%p "${mnt}"/short_link atf_check -o inline:"2,100644\n" stat -f%l,%p "${mnt}"/sparse_file atf_check -o inline:"3,40755\n" stat -f%l,%p "${mnt}" } tarfs_basic_cleanup() { tarfs_cleanup } atf_test_case tarfs_basic_gnu cleanup tarfs_basic_gnu_head() { atf_set "descr" "Basic function test using GNU tar" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" atf_set "require.progs" "gtar" } tarfs_basic_gnu_body() { TARFS_USE_GNU_TAR=true tarfs_basic_body } tarfs_basic_gnu_cleanup() { tarfs_basic_cleanup } atf_test_case tarfs_notdir_device cleanup tarfs_notdir_device_head() { atf_set "descr" "Regression test for PR 269519 and 269561" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" } tarfs_notdir_device_body() { tarfs_setup atf_check mknod d b 0xdead 0xbeef tar -cf tarfs_notdir.tar d rm d mkdir d echo "boom" >d/f tar -rf tarfs_notdir.tar d/f atf_check -s not-exit:0 -e match:"Invalid" \ mount -rt tarfs tarfs_notdir.tar "${mnt}" } tarfs_notdir_device_cleanup() { tarfs_cleanup } atf_test_case tarfs_notdir_device_gnu cleanup tarfs_notdir_device_gnu_head() { atf_set "descr" "Regression test for PR 269519 and 269561 using GNU tar" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" atf_set "require.progs" "gtar" } tarfs_notdir_device_gnu_body() { TARFS_USE_GNU_TAR=true tarfs_notdir_device_body } tarfs_notdir_device_gnu_cleanup() { tarfs_notdir_device_cleanup } atf_test_case tarfs_notdir_dot cleanup tarfs_notdir_dot_head() { atf_set "descr" "Regression test for PR 269519 and 269561" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" } tarfs_notdir_dot_body() { tarfs_setup echo "hello" >d tar -cf tarfs_notdir.tar d rm d mkdir d echo "world" >d/f tar -rf tarfs_notdir.tar d/./f atf_check -s not-exit:0 -e match:"Invalid" \ mount -rt tarfs tarfs_notdir.tar "${mnt}" } tarfs_notdir_dot_cleanup() { tarfs_cleanup } atf_test_case tarfs_notdir_dot_gnu cleanup tarfs_notdir_dot_gnu_head() { atf_set "descr" "Regression test for PR 269519 and 269561 using GNU tar" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" atf_set "require.progs" "gtar" } tarfs_notdir_dot_gnu_body() { TARFS_USE_GNU_TAR=true tarfs_notdir_dot_body } tarfs_notdir_dot_gnu_cleanup() { tarfs_notdir_dot_cleanup } atf_test_case tarfs_notdir_dotdot cleanup tarfs_notdir_dotdot_head() { atf_set "descr" "Regression test for PR 269519 and 269561" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" } tarfs_notdir_dotdot_body() { tarfs_setup echo "hello" >d tar -cf tarfs_notdir.tar d rm d mkdir d echo "world" >f tar -rf tarfs_notdir.tar d/../f atf_check -s not-exit:0 -e match:"Invalid" \ mount -rt tarfs tarfs_notdir.tar "${mnt}" } tarfs_notdir_dotdot_cleanup() { tarfs_cleanup } atf_test_case tarfs_notdir_dotdot_gnu cleanup tarfs_notdir_dotdot_gnu_head() { atf_set "descr" "Regression test for PR 269519 and 269561 using GNU tar" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" atf_set "require.progs" "gtar" } tarfs_notdir_dotdot_gnu_body() { TARFS_USE_GNU_TAR=true tarfs_notdir_dotdot_body } tarfs_notdir_dotdot_gnu_cleanup() { tarfs_notdir_dotdot_cleanup } atf_test_case tarfs_notdir_file cleanup tarfs_notdir_file_head() { atf_set "descr" "Regression test for PR 269519 and 269561" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" } tarfs_notdir_file_body() { tarfs_setup echo "hello" >d tar -cf tarfs_notdir.tar d rm d mkdir d echo "world" >d/f tar -rf tarfs_notdir.tar d/f atf_check -s not-exit:0 -e match:"Invalid" \ mount -rt tarfs tarfs_notdir.tar "${mnt}" } tarfs_notdir_file_cleanup() { tarfs_cleanup } atf_test_case tarfs_notdir_file_gnu cleanup tarfs_notdir_file_gnu_head() { atf_set "descr" "Regression test for PR 269519 and 269561 using GNU tar" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" atf_set "require.progs" "gtar" } tarfs_notdir_file_gnu_body() { TARFS_USE_GNU_TAR=true tarfs_notdir_file_body } tarfs_notdir_file_gnu_cleanup() { tarfs_notdir_file_cleanup } atf_test_case tarfs_emptylink cleanup tarfs_emptylink_head() { atf_set "descr" "Regression test for PR 277360: empty link target" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" } tarfs_emptylink_body() { tarfs_setup touch z ln -f z hard ln -fs z soft tar -cf - z hard soft | dd bs=512 skip=1 | tr z '\0' | \ tarsum >> tarfs_emptylink.tar atf_check -s not-exit:0 -e match:"Invalid" \ mount -rt tarfs tarfs_emptylink.tar "${mnt}" } tarfs_emptylink_cleanup() { tarfs_cleanup } atf_test_case tarfs_linktodir cleanup tarfs_linktodir_head() { atf_set "descr" "Regression test for PR 277360: link to directory" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" } tarfs_linktodir_body() { tarfs_setup mkdir d tar -cf - d | dd bs=512 count=1 > tarfs_linktodir.tar rmdir d touch d ln -f d link tar -cf - d link | dd bs=512 skip=1 >> tarfs_linktodir.tar atf_check -s not-exit:0 -e match:"Invalid" \ mount -rt tarfs tarfs_linktodir.tar "${mnt}" } tarfs_linktodir_cleanup() { tarfs_cleanup } atf_test_case tarfs_linktononexistent cleanup tarfs_linktononexistent_head() { atf_set "descr" "Regression test for PR 277360: link to nonexistent target" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" } tarfs_linktononexistent_body() { tarfs_setup touch f ln -f f link tar -cf - f link | dd bs=512 skip=1 >> tarfs_linktononexistent.tar atf_check -s not-exit:0 -e match:"Invalid" \ mount -rt tarfs tarfs_linktononexistent.tar "${mnt}" } tarfs_linktononexistent_cleanup() { tarfs_cleanup } atf_test_case tarfs_checksum cleanup tarfs_checksum_head() { atf_set "descr" "Verify that the checksum covers header padding" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" } tarfs_checksum_body() { tarfs_setup touch f tar -cf tarfs_checksum.tar f truncate -s 500 tarfs_checksum.tar printf "\1\1\1\1\1\1\1\1\1\1\1\1" >> tarfs_checksum.tar dd if=/dev/zero bs=512 count=2 >> tarfs_checksum.tar hexdump -C tarfs_checksum.tar atf_check -s not-exit:0 -e match:"Invalid" \ mount -rt tarfs tarfs_checksum.tar "${mnt}" } tarfs_checksum_cleanup() { tarfs_cleanup } atf_test_case tarfs_long_names cleanup tarfs_long_names_head() { atf_set "descr" "Verify that tarfs supports long file names" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" } tarfs_long_names_body() { tarfs_setup local a b c d e a="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" b="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" c="cccccccccccccccccccccccccccccccccccccccc" d="dddddddddddddddddddddddddddddddddddddddd" e="eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" mkdir -p "${a}" touch "${a}/${b}_${c}_${d}_${e}_foo" ln "${a}/${b}_${c}_${d}_${e}_foo" "${a}/${b}_${c}_${d}_${e}_bar" ln -s "${b}_${c}_${d}_${e}_bar" "${a}/${b}_${c}_${d}_${e}_baz" tar -cf tarfs_long_names.tar "${a}" atf_check mount -rt tarfs tarfs_long_names.tar "${mnt}" } tarfs_long_names_cleanup() { tarfs_cleanup } atf_test_case tarfs_long_paths cleanup tarfs_long_paths_head() { atf_set "descr" "Verify that tarfs supports long paths" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" } tarfs_long_paths_body() { tarfs_setup local a b c d e a="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" b="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" c="cccccccccccccccccccccccccccccccccccccccc" d="dddddddddddddddddddddddddddddddddddddddd" e="eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" mkdir -p "${a}/${b}/${c}/${d}/${e}" touch "${a}/${b}/${c}/${d}/${e}/foo" ln "${a}/${b}/${c}/${d}/${e}/foo" "${a}/${b}/${c}/${d}/${e}/bar" ln -s "${b}/${c}/${d}/${e}/bar" "${a}/baz" tar -cf tarfs_long_paths.tar "${a}" atf_check mount -rt tarfs tarfs_long_paths.tar "${mnt}" } tarfs_long_paths_cleanup() { tarfs_cleanup } atf_test_case tarfs_git_archive cleanup tarfs_git_archive_head() { atf_set "descr" "Verify that tarfs supports archives created by git" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" atf_set "require.progs" "git" } tarfs_git_archive_body() { tarfs_setup mkdir foo echo "Hello, world!" >foo/bar git -C foo init --initial-branch=tarfs git -C foo config user.name "File System" git -C foo config user.email fs@freebsd.org git -C foo add bar git -C foo commit -m bar git -C foo archive --output=../tarfs_git_archive.tar HEAD atf_check mount -rt tarfs tarfs_git_archive.tar "${mnt}" atf_check -o file:foo/bar cat "${mnt}"/bar } tarfs_git_archive_cleanup() { tarfs_cleanup } atf_test_case tarfs_large cleanup tarfs_large_head() { atf_set "descr" "Test support for large files" atf_set "require.user" "root" atf_set "require.kmods" "tarfs" - atf_set "timeout" "600" + atf_set "timeout" "900" } tarfs_large_body() { tarfs_setup local tarball="${PWD}/tarfs_test.tar.zst" local exp off for exp in 31 32 33 34 35 36 ; do for off in 1 0 ; do local size=$(((1<tmp.key atf_check geli init ${aalgo} -s ${sector} -Bnone -PKtmp.key ${md}p1 # Autoresize is set by default. atf_check -s exit:0 -o match:"flags: ${eflags}$" geli dump ${md}p1 atf_check geli configure -R ${md}p1 atf_check -s exit:0 -o match:"flags: ${dflags}$" geli dump ${md}p1 atf_check geli configure -r ${md}p1 atf_check -s exit:0 -o match:"flags: ${eflags}$" geli dump ${md}p1 atf_check geli init -R ${aalgo} -s ${sector} -Bnone -PKtmp.key ${md}p1 atf_check -s exit:0 -o match:"flags: ${dflags}$" geli dump ${md}p1 atf_check geli configure -r ${md}p1 atf_check -s exit:0 -o match:"flags: ${eflags}$" geli dump ${md}p1 atf_check geli configure -R ${md}p1 atf_check -s exit:0 -o match:"flags: ${dflags}$" geli dump ${md}p1 atf_check geli init ${aalgo} -s ${sector} -Bnone -PKtmp.key ${md}p1 atf_check geli attach -pk tmp.key ${md}p1 atf_check -s exit:0 -o match:'^Flags: .*AUTORESIZE' geli list ${md}p1.eli atf_check geli configure -R ${md}p1 atf_check -s exit:0 -o match:"flags: ${dflags}$" geli dump ${md}p1 atf_check -o not-match:'^Flags: .*AUTORESIZE' geli list ${md}p1.eli atf_check geli configure -r ${md}p1 atf_check -s exit:0 -o match:"flags: ${eflags}$" geli dump ${md}p1 atf_check -s exit:0 -o match:'^Flags: .*AUTORESIZE' geli list ${md}p1.eli atf_check geli configure -R ${md}p1 atf_check -s exit:0 -o match:"provsize: ${psize10}$" geli dump ${md}p1 atf_check -s exit:0 -o match:resized gpart resize -i 1 -s 20${prefix} ${md} # Autoresize turned off - we lose metadata. atf_check -s exit:1 -o empty -e ignore geli dump ${md}p1 atf_check geli detach ${md}p1.eli # When we recover previous size, the metadata should be there. atf_check -s exit:0 -o match:resized gpart resize -i 1 -s 10${prefix} ${md} atf_check -s exit:0 -o match:"flags: ${dflags}$" geli dump ${md}p1 atf_check geli configure -r ${md}p1 atf_check geli attach -pk tmp.key ${md}p1 atf_check -s exit:0 -o match:"^[[:space:]]${esize10}[[:space:]]+# mediasize in bytes" diskinfo -v ${md}p1.eli atf_check -s exit:0 -o match:"^KeysAllocated: ${ka10}$" geli list ${md}p1.eli atf_check -s exit:0 -o match:"^KeysTotal: ${kt10}$" geli list ${md}p1.eli atf_check -s exit:0 -o match:resized gpart resize -i 1 -s 20${prefix} ${md} atf_check -s exit:0 -o match:"provsize: ${psize20}$" geli dump ${md}p1 atf_check -s exit:0 -o match:"^[[:space:]]${esize20}[[:space:]]+# mediasize in bytes" diskinfo -v ${md}p1.eli atf_check -s exit:0 -o match:"^KeysAllocated: ${ka20}$" geli list ${md}p1.eli atf_check -s exit:0 -o match:"^KeysTotal: ${kt20}$" geli list ${md}p1.eli atf_check -s exit:0 -o match:"flags: ${eflags}$" geli dump ${md}p1 atf_check -s exit:0 -o match:'^Flags: .*AUTORESIZE' geli list ${md}p1.eli if [ "${prefix}" = "m" ]; then atf_check -s exit:1 -o empty -e match:"^${esize20} bytes transferred " dd if=/dev/random of=/dev/${md}p1.eli bs=1m atf_check -s exit:0 -o empty -e match:"^${esize20} bytes transferred " dd if=/dev/${md}p1.eli of=/dev/null bs=1m fi atf_check -s exit:0 -o match:resized gpart resize -i 1 -s 30${prefix} ${md} atf_check -s exit:0 -o match:"provsize: ${psize30}$" geli dump ${md}p1 atf_check -s exit:0 -o match:"^[[:space:]]${esize30}[[:space:]]+# mediasize in bytes" diskinfo -v ${md}p1.eli atf_check -s exit:0 -o match:"^KeysAllocated: ${ka30}$" geli list ${md}p1.eli atf_check -s exit:0 -o match:"^KeysTotal: ${kt30}$" geli list ${md}p1.eli atf_check -s exit:0 -o match:"flags: ${eflags}$" geli dump ${md}p1 atf_check -s exit:0 -o match:'^Flags: .*AUTORESIZE' geli list ${md}p1.eli if [ "${prefix}" = "m" ]; then atf_check -s exit:1 -o empty -e match:"^${esize30} bytes transferred " dd if=/dev/random of=/dev/${md}p1.eli bs=1m atf_check -s exit:0 -o empty -e match:"^${esize30} bytes transferred " dd if=/dev/${md}p1.eli of=/dev/null bs=1m fi atf_check geli detach ${md}p1.eli # Make sure that the old metadata is removed. atf_check -s exit:0 -o match:resized gpart resize -i 1 -s 20${prefix} ${md} atf_check -s exit:1 -o empty -e ignore geli dump ${md}p1 atf_check -s exit:0 -o match:resized gpart resize -i 1 -s 10${prefix} ${md} atf_check -s exit:1 -o empty -e ignore geli dump ${md}p1 # Test geli with onetime keys. if [ "${auth}" = "none" ]; then osize10="${psize10}" osize20="${psize20}" osize30="${psize30}" else osize10="${esize10}" osize20="${esize20}" osize30="${esize30}" if [ "${sector}" -eq 512 ]; then osize10=$((osize10+sector)) osize20=$((osize20+sector)) osize30=$((osize30+sector)) fi fi atf_check geli onetime ${aalgo} -s ${sector} ${md}p1 atf_check -s exit:0 -o match:"^[[:space:]]${osize10}[[:space:]]+# mediasize in bytes" diskinfo -v ${md}p1.eli atf_check -s exit:0 -o match:'^Flags: .*AUTORESIZE' geli list ${md}p1.eli atf_check -s exit:0 -o match:resized gpart resize -i 1 -s 20${prefix} ${md} atf_check -s exit:0 -o match:"^[[:space:]]${osize20}[[:space:]]+# mediasize in bytes" diskinfo -v ${md}p1.eli atf_check -s exit:0 -o match:resized gpart resize -i 1 -s 30${prefix} ${md} atf_check -s exit:0 -o match:"^[[:space:]]${osize30}[[:space:]]+# mediasize in bytes" diskinfo -v ${md}p1.eli atf_check geli detach ${md}p1.eli atf_check -s exit:0 -o match:resized gpart resize -i 1 -s 10${prefix} ${md} atf_check geli onetime -R ${aalgo} -s ${sector} ${md}p1 atf_check -s exit:0 -o match:"^[[:space:]]${osize10}[[:space:]]+# mediasize in bytes" diskinfo -v ${md}p1.eli atf_check -o not-match:'^Flags: .*AUTORESIZE' geli list ${md}p1.eli atf_check -s exit:0 -o match:resized gpart resize -i 1 -s 20${prefix} ${md} atf_check -s exit:0 -o match:"^[[:space:]]${osize10}[[:space:]]+# mediasize in bytes" diskinfo -v ${md}p1.eli atf_check -s exit:0 -o match:resized gpart resize -i 1 -s 30${prefix} ${md} atf_check -s exit:0 -o match:"^[[:space:]]${osize10}[[:space:]]+# mediasize in bytes" diskinfo -v ${md}p1.eli atf_check geli detach ${md}p1.eli atf_check -s exit:0 -o match:resized gpart resize -i 1 -s 10${prefix} ${md} atf_check geli onetime ${aalgo} -s ${sector} ${md}p1 atf_check -s exit:0 -o match:"^[[:space:]]${osize10}[[:space:]]+# mediasize in bytes" diskinfo -v ${md}p1.eli atf_check -s exit:0 -o match:'^Flags: .*AUTORESIZE' geli list ${md}p1.eli atf_check geli configure -R ${md}p1 atf_check -o not-match:'^Flags: .*AUTORESIZE' geli list ${md}p1.eli atf_check -s exit:0 -o match:resized gpart resize -i 1 -s 20${prefix} ${md} atf_check -s exit:0 -o match:"^[[:space:]]${osize10}[[:space:]]+# mediasize in bytes" diskinfo -v ${md}p1.eli atf_check geli configure -r ${md}p1 atf_check -s exit:0 -o match:'^Flags: .*AUTORESIZE' geli list ${md}p1.eli atf_check -s exit:0 -o match:resized gpart resize -i 1 -s 30${prefix} ${md} atf_check -s exit:0 -o match:"^[[:space:]]${osize30}[[:space:]]+# mediasize in bytes" diskinfo -v ${md}p1.eli done } online_resize_cleanup() { if [ -f "$TEST_MDS_FILE" ]; then while read md; do atf_check -s ignore -e ignore -o ignore geli detach ${md}p1.eli atf_check -s ignore -e ignore -o ignore gpart delete -i 1 ${md} atf_check -s ignore -e ignore -o ignore gpart destroy ${md} done < $TEST_MDS_FILE fi geli_test_cleanup } atf_init_test_cases() { atf_add_test_case online_resize } diff --git a/tests/sys/geom/class/eli/reentrancy_test.sh b/tests/sys/geom/class/eli/reentrancy_test.sh index 92a85d4df10a..f70c574d5965 100755 --- a/tests/sys/geom/class/eli/reentrancy_test.sh +++ b/tests/sys/geom/class/eli/reentrancy_test.sh @@ -1,68 +1,68 @@ # Test various operations for geli-on-geli providers, to ensure that geli is # reentrant. . $(atf_get_srcdir)/conf.sh init_test() { cipher=$1 aalgo=$2 secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} atf_check dd if=/dev/random of=testdata bs=$secsize count=1 status=none atf_check dd if=/dev/random of=keyfile bs=$secsize count=16 status=none # Create the lower geli device atf_check -s exit:0 -e ignore \ geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ -s $secsize ${md} atf_check geli attach -p -k keyfile ${md} # Create the upper geli device atf_check -s exit:0 -e ignore \ geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ -s $secsize ${md}.eli atf_check geli attach -p -k keyfile ${md}.eli echo ${md} > layered_md_device # Ensure we can read and write. atf_check dd if=testdata of=/dev/${md}.eli.eli bs=$secsize count=1 \ status=none atf_check dd if=/dev/${md}.eli.eli of=cmpdata bs=$secsize count=1 \ status=none atf_check cmp -s testdata cmpdata geli detach ${md}.eli 2>/dev/null } atf_test_case init cleanup init_head() { atf_set "descr" "Initialize a geli provider on top of another" atf_set "require.user" "root" - atf_set "timeout" 600 + atf_set "timeout" 900 } init_body() { sectors=2 geli_test_setup for_each_geli_config init_test } init_cleanup() { if [ -f layered_md_device ]; then while read provider; do [ -c /dev/${md}.eli.eli ] && \ geli detach $md.eli.eli 2>/dev/null done < layered_md_device fi geli_test_cleanup } atf_init_test_cases() { atf_add_test_case init } diff --git a/tests/sys/kern/jailmeta.sh b/tests/sys/kern/jailmeta.sh index 9a63f958231f..f030e44b14c3 100644 --- a/tests/sys/kern/jailmeta.sh +++ b/tests/sys/kern/jailmeta.sh @@ -1,588 +1,588 @@ # # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2024 SkunkWerks GmbH # # This software was developed by Igor Ostapenko # under sponsorship from SkunkWerks GmbH. # setup() { # Check if we have enough buffer space for testing if [ $(sysctl -n security.jail.meta_maxbufsize) -lt 128 ]; then atf_skip "sysctl security.jail.meta_maxbufsize must be 128+ for testing." fi } atf_test_case "jail_create" "cleanup" jail_create_head() { atf_set descr 'Test that metadata can be set upon jail creation with jail(8)' atf_set require.user root atf_set execenv jail } jail_create_body() { setup atf_check -s not-exit:0 -e match:"not found" -o ignore \ jls -jj atf_check -s exit:0 \ jail -c name=j persist meta="a b c" env="C B A" atf_check -s exit:0 -o inline:"a b c\n" \ jls -jj meta atf_check -s exit:0 -o inline:"C B A\n" \ jls -jj env } jail_create_cleanup() { jail -r j return 0 } atf_test_case "jail_modify" "cleanup" jail_modify_head() { atf_set descr 'Test that metadata can be modified after jail creation with jail(8)' atf_set require.user root atf_set execenv jail } jail_modify_body() { setup atf_check -s not-exit:0 -e match:"not found" -o ignore \ jls -jj atf_check -s exit:0 \ jail -c name=j persist meta="a b c" env="CAB" atf_check -s exit:0 -o inline:"a b c\n" \ jls -jj meta atf_check -s exit:0 -o inline:"CAB\n" \ jls -jj env atf_check -s exit:0 \ jail -m name=j meta="t1=A t2=B" env="CAB2" atf_check -s exit:0 -o inline:"t1=A t2=B\n" \ jls -jj meta atf_check -s exit:0 -o inline:"CAB2\n" \ jls -jj env } jail_modify_cleanup() { jail -r j return 0 } atf_test_case "jail_add" "cleanup" jail_add_head() { atf_set descr 'Test that metadata can be added to an existing jail with jail(8)' atf_set require.user root atf_set execenv jail } jail_add_body() { setup atf_check -s not-exit:0 -e match:"not found" -o ignore \ jls -jj atf_check -s exit:0 \ jail -c name=j persist host.hostname=jail1 atf_check -s exit:0 -o inline:'""\n' \ jls -jj meta atf_check -s exit:0 -o inline:'""\n' \ jls -jj env atf_check -s exit:0 \ jail -m name=j meta="$(jot 3 1 3)" env="$(jot 2 11 12)" atf_check -s exit:0 -o inline:"1\n2\n3\n" \ jls -jj meta atf_check -s exit:0 -o inline:"11\n12\n" \ jls -jj env } jail_add_cleanup() { jail -r j return 0 } atf_test_case "jail_reset" "cleanup" jail_reset_head() { atf_set descr 'Test that metadata can be reset to an empty string with jail(8)' atf_set require.user root atf_set execenv jail } jail_reset_body() { setup atf_check -s not-exit:0 -e match:"not found" -o ignore \ jls -jj atf_check -s exit:0 \ jail -c name=j persist meta="123" env="456" atf_check -s exit:0 -o inline:"123\n" \ jls -jj meta atf_check -s exit:0 -o inline:"456\n" \ jls -jj env atf_check -s exit:0 \ jail -m name=j meta= env= atf_check -s exit:0 -o inline:'""\n' \ jls -jj meta atf_check -s exit:0 -o inline:'""\n' \ jls -jj env } jail_reset_cleanup() { jail -r j return 0 } atf_test_case "jls_libxo_json" "cleanup" jls_libxo_json_head() { atf_set descr 'Test that metadata can be read with jls(8) using libxo JSON' atf_set require.user root atf_set execenv jail } jls_libxo_json_body() { setup atf_check -s not-exit:0 -e match:"not found" -o ignore \ jls -jj atf_check -s exit:0 \ jail -c name=j persist meta="a b c" env="1 2 3" atf_check -s exit:0 -o inline:'{"__version": "2", "jail-information": {"jail": [{"name":"j","meta":"a b c"}]}}\n' \ jls -jj --libxo json name meta atf_check -s exit:0 -o inline:'{"__version": "2", "jail-information": {"jail": [{"env":"1 2 3"}]}}\n' \ jls -jj --libxo json env } jls_libxo_json_cleanup() { jail -r j return 0 } atf_test_case "flua_create" "cleanup" flua_create_head() { atf_set descr 'Test that metadata can be set upon jail creation with flua' atf_set require.user root atf_set execenv jail } flua_create_body() { setup atf_check -s not-exit:0 -e match:"not found" -o ignore \ jls -jj atf_check -s exit:0 \ /usr/libexec/flua -ljail -e 'jail.setparams("j", {["meta"]="t1 t2=v2", ["env"]="BAC", ["persist"]="true"}, jail.CREATE)' atf_check -s exit:0 -o inline:"t1 t2=v2\n" \ /usr/libexec/flua -ljail -e 'jid, res = jail.getparams("j", {"meta"}); print(res["meta"])' atf_check -s exit:0 -o inline:"BAC\n" \ /usr/libexec/flua -ljail -e 'jid, res = jail.getparams("j", {"env"}); print(res["env"])' } flua_create_cleanup() { jail -r j return 0 } atf_test_case "flua_modify" "cleanup" flua_modify_head() { atf_set descr 'Test that metadata can be changed with flua after jail creation' atf_set require.user root atf_set execenv jail } flua_modify_body() { setup atf_check -s not-exit:0 -e match:"not found" -o ignore \ jls -jj atf_check -s exit:0 \ jail -c name=j persist meta="ABC" env="123" atf_check -s exit:0 -o inline:"ABC\n" \ jls -jj meta atf_check -s exit:0 -o inline:"123\n" \ jls -jj env atf_check -s exit:0 \ /usr/libexec/flua -ljail -e 'jail.setparams("j", {["meta"]="t1 t2=v", ["env"]="4"}, jail.UPDATE)' atf_check -s exit:0 -o inline:"t1 t2=v\n" \ jls -jj meta atf_check -s exit:0 -o inline:"4\n" \ jls -jj env } flua_modify_cleanup() { jail -r j return 0 } atf_test_case "env_readable_by_jail" "cleanup" env_readable_by_jail_head() { atf_set descr 'Test that a jail can read its own env parameter via sysctl(8)' atf_set require.user root atf_set execenv jail } env_readable_by_jail_body() { setup atf_check -s not-exit:0 -e match:"not found" -o ignore \ jls -jj atf_check -s exit:0 \ jail -c name=j persist meta="a b c" env="CBA" atf_check -s exit:0 -o inline:"a b c\n" \ jls -jj meta atf_check -s exit:0 -o inline:"CBA\n" \ jls -jj env atf_check -s exit:0 -o inline:"CBA\n" \ jexec j sysctl -n security.jail.env } env_readable_by_jail_cleanup() { jail -r j return 0 } atf_test_case "not_inheritable" "cleanup" not_inheritable_head() { atf_set descr 'Test that a jail does not inherit metadata from its parent jail' atf_set require.user root atf_set execenv jail } not_inheritable_body() { setup atf_check -s not-exit:0 -e match:"not found" -o ignore \ jls -j parent atf_check -s exit:0 \ jail -c name=parent children.max=1 persist meta="abc" env="cba" jexec parent jail -c name=child persist atf_check -s exit:0 -o inline:"abc\n" \ jls -j parent meta atf_check -s exit:0 -o inline:'""\n' \ jls -j parent.child meta atf_check -s exit:0 -o inline:"cba\n" \ jexec parent sysctl -n security.jail.env atf_check -s exit:0 -o inline:"\n" \ jexec parent.child sysctl -n security.jail.env } not_inheritable_cleanup() { jail -r parent.child jail -r parent return 0 } atf_test_case "maxbufsize" "cleanup" maxbufsize_head() { atf_set descr 'Test that metadata buffer maximum size can be changed' atf_set require.user root atf_set is.exclusive true } maxbufsize_body() { setup jn=jailmeta_maxbufsize atf_check -s not-exit:0 -e match:"not found" -o ignore \ jls -j $jn # the size counts string length and the trailing \0 char origmax=$(sysctl -n security.jail.meta_maxbufsize) # must be fine with current max atf_check -s exit:0 \ jail -c name=$jn persist meta="$(printf %$((origmax-1))s)" atf_check -s exit:0 -o inline:"${origmax}\n" \ jls -j $jn meta | wc -c # atf_check -s exit:0 \ jail -m name=$jn env="$(printf %$((origmax-1))s)" atf_check -s exit:0 -o inline:"${origmax}\n" \ jls -j $jn env | wc -c # should not allow exceeding current max atf_check -s not-exit:0 -e match:"too large" \ jail -m name=$jn meta="$(printf %${origmax}s)" # atf_check -s not-exit:0 -e match:"too large" \ jail -m name=$jn env="$(printf %${origmax}s)" # should allow the same size with increased max newmax=$((origmax + 1)) sysctl security.jail.meta_maxbufsize=$newmax atf_check -s exit:0 \ jail -m name=$jn meta="$(printf %${origmax}s)" atf_check -s exit:0 -o inline:"${origmax}\n" \ jls -j $jn meta | wc -c # atf_check -s exit:0 \ jail -m name=$jn env="$(printf %${origmax}s)" atf_check -s exit:0 -o inline:"${origmax}\n" \ jls -j $jn env | wc -c # decrease back to the original max sysctl security.jail.meta_maxbufsize=$origmax atf_check -s not-exit:0 -e match:"too large" \ jail -m name=$jn meta="$(printf %${origmax}s)" # atf_check -s not-exit:0 -e match:"too large" \ jail -m name=$jn env="$(printf %${origmax}s)" # the previously set long meta is still readable as is # due to the soft limit remains higher than the hard limit atf_check_equal '${newmax}' '$(sysctl -n security.jail.param.meta)' atf_check_equal '${newmax}' '$(sysctl -n security.jail.param.env)' atf_check -s exit:0 -o inline:"${origmax}\n" \ jls -j $jn meta | wc -c # atf_check -s exit:0 -o inline:"${origmax}\n" \ jls -j $jn env | wc -c } maxbufsize_cleanup() { jail -r jailmeta_maxbufsize return 0 } atf_test_case "keyvalue" "cleanup" keyvalue_head() { atf_set descr 'Test that metadata can be handled as a set of key=value\n strings using jail(8), jls(8), and flua' atf_set require.user root atf_set execenv jail } keyvalue_generic() { local meta=$1 atf_check -sexit:0 -oinline:'""\n' jls -jj $meta # Note: each sub-case depends on the results of the previous ones # Should be able to extract a key added manually atf_check -sexit:0 jail -m name=j $meta="a=1" atf_check -sexit:0 -oinline:'a=1\n' jls -jj $meta atf_check -sexit:0 -oinline:'1\n' jls -jj $meta.a atf_check -sexit:0 jail -m name=j $meta="$(printf 'a=2\nb=3')" atf_check -sexit:0 -oinline:'a=2\nb=3\n' jls -jj $meta atf_check -sexit:0 -oinline:'2\n' jls -jj $meta.a atf_check -sexit:0 -oinline:'3\n' jls -jj $meta.b # Should provide nothing for a non-found key atf_check -sexit:0 -oinline:'\n' jls -jj $meta.c # Should be able to lookup multiple keys at once atf_check -sexit:0 -oinline:'3 2\n' jls -jj $meta.b $meta.a # Should be able to lookup keys and the whole buffer at once atf_check -sexit:0 -oinline:'3 a=2\nb=3 2\n' jls -jj $meta.b $meta $meta.a # Should be able to lookup a key using libxo-based JSON output s='{"__version": "2", "jail-information": {"jail": [{"'$meta'.b":"3"}]}}\n' atf_check -s exit:0 -o inline:"$s" jls -jj --libxo json $meta.b # Should provide nothing for a non-found key using libxo-based JSON output s='{"__version": "2", "jail-information": {"jail": [{}]}}\n' atf_check -s exit:0 -o inline:"$s" jls -jj --libxo json $meta.c $meta.d # Should be able to lookup a key using flua atf_check -s exit:0 -o inline:"2\n" \ /usr/libexec/flua -ljail -e 'jid, res = jail.getparams("j", {"'$meta'.a"}); print(res["'$meta'.a"])' # Should provide nil for a non-found key using flua atf_check -s exit:0 -o inline:"true\n" \ /usr/libexec/flua -ljail -e 'jid, res = jail.getparams("j", {"'$meta'.meta"}); print(res["'$meta'.meta"] == nil)' # Should allow resetting a buffer atf_check -sexit:0 jail -m name=j $meta= atf_check -sexit:0 -oinline:' "" \n' jls -jj $meta.c $meta $meta.a # Should allow adding a new key atf_check -sexit:0 jail -m name=j $meta.a=1 atf_check -sexit:0 -oinline:'1\n' jls -jj $meta.a atf_check -sexit:0 -oinline:'a=1\n' jls -jj $meta # Should allow adding multiple new keys at once atf_check -sexit:0 jail -m name=j $meta.c=3 $meta.b=2 atf_check -sexit:0 -oinline:'3\n' jls -jj $meta.c atf_check -sexit:0 -oinline:'2\n' jls -jj $meta.b atf_check -sexit:0 -oinline:'b=2\nc=3\na=1\n' jls -jj $meta # Should replace existing keys atf_check -sexit:0 jail -m name=j $meta.a=A $meta.c=C atf_check -sexit:0 -oinline:'A\n' jls -jj $meta.a atf_check -sexit:0 -oinline:'C\n' jls -jj $meta.c atf_check -sexit:0 -oinline:'c=C\na=A\nb=2\n' jls -jj $meta # Should treat empty value correctly atf_check -sexit:0 jail -m name=j $meta.a= atf_check -sexit:0 -oinline:'""\n' jls -jj $meta.a atf_check -sexit:0 -oinline:'a=\nc=C\nb=2\n' jls -jj $meta # Should treat NULL value as a key removal atf_check -sexit:0 -oinline:'2\n' jls -jj $meta.b atf_check -sexit:0 jail -m name=j $meta.b atf_check -sexit:0 -oinline:'\n' jls -jj $meta.b atf_check -sexit:0 -oinline:'a=\nc=C\n' jls -jj $meta # Should allow changing the whole buffer and per key at once (order matters) atf_check -sexit:0 jail -m name=j $meta.a=1 $meta=ttt $meta.b=2 atf_check -sexit:0 -oinline:'\n' jls -jj $meta.a atf_check -sexit:0 -oinline:'2\n' jls -jj $meta.b atf_check -sexit:0 -oinline:'b=2\nttt\n' jls -jj $meta # Should treat only the first equal sign as syntax atf_check -sexit:0 jail -m name=j $meta.b== atf_check -sexit:0 -oinline:'=\n' jls -jj $meta.b atf_check -sexit:0 -oinline:'b==\nttt\n' jls -jj $meta # Should allow adding or modifying keys using flua atf_check -s exit:0 \ /usr/libexec/flua -ljail -e 'jail.setparams("j", {["'$meta.b'"]="ttt", ["'$meta'.c"]="C"}, jail.UPDATE)' atf_check -sexit:0 -oinline:'ttt\n' jls -jj $meta.b atf_check -sexit:0 -oinline:'C\n' jls -jj $meta.c # Should allow key removal using flua atf_check -s exit:0 \ /usr/libexec/flua -ljail -e 'jail.setparams("j", {["'$meta.c'"] = {}}, jail.UPDATE)' atf_check -sexit:0 -oinline:'\n' jls -jj $meta.c atf_check -s exit:0 \ /usr/libexec/flua -ljail -e 'jail.setparams("j", {["'$meta.b'"] = false}, jail.UPDATE)' atf_check -sexit:0 -oinline:'\n' jls -jj $meta.b # Should respectively support "jls -s" for a missing key atf_check -sexit:0 -oinline:''$meta'.missing\n' jls -jj -s $meta.missing } keyvalue_body() { setup atf_check -s exit:0 \ jail -c name=j persist meta env keyvalue_generic "meta" keyvalue_generic "env" } keyvalue_cleanup() { jail -r j return 0 } atf_test_case "keyvalue_contention" "cleanup" keyvalue_contention_head() { atf_set descr 'Try to stress metadata read/write mechanism with some contention' atf_set require.user root atf_set execenv jail - atf_set timeout 30 + atf_set timeout 60 } keyvalue_stresser() { local jailname=$1 local modifier=$2 while true do jail -m name=$jailname $modifier done } keyvalue_contention_body() { setup atf_check -s exit:0 jail -c name=j persist meta env keyvalue_stresser "j" "meta.a=1" & apid=$! keyvalue_stresser "j" "meta.b=2" & bpid=$! keyvalue_stresser "j" "env.c=3" & cpid=$! keyvalue_stresser "j" "env.d=4" & dpid=$! for it in $(jot 8) do jail -m name=j meta='meta=META' env='env=ENV' sleep 1 atf_check -sexit:0 -oinline:'1\n' jls -jj meta.a atf_check -sexit:0 -oinline:'2\n' jls -jj meta.b atf_check -sexit:0 -oinline:'3\n' jls -jj env.c atf_check -sexit:0 -oinline:'4\n' jls -jj env.d atf_check -sexit:0 -oinline:'META\n' jls -jj meta.meta atf_check -sexit:0 -oinline:'ENV\n' jls -jj env.env done # TODO: Think of adding a stresser on the kernel side which does # osd_set() w/o allprison lock. It could test the compare # and swap mechanism in jm_osd_method_set(). kill -9 $apid $bpid $cpid $dpid } keyvalue_contention_cleanup() { jail -r j return 0 } atf_init_test_cases() { atf_add_test_case "jail_create" atf_add_test_case "jail_modify" atf_add_test_case "jail_add" atf_add_test_case "jail_reset" atf_add_test_case "jls_libxo_json" atf_add_test_case "flua_create" atf_add_test_case "flua_modify" atf_add_test_case "env_readable_by_jail" atf_add_test_case "not_inheritable" atf_add_test_case "maxbufsize" atf_add_test_case "keyvalue" atf_add_test_case "keyvalue_contention" } diff --git a/tests/sys/mac/portacl/Makefile b/tests/sys/mac/portacl/Makefile index 28c3a5cd71ce..2b0f4634c802 100644 --- a/tests/sys/mac/portacl/Makefile +++ b/tests/sys/mac/portacl/Makefile @@ -1,17 +1,17 @@ PACKAGE= tests TESTSDIR= ${TESTSBASE}/sys/mac/portacl ${PACKAGE}FILES+= misc.sh TAP_TESTS_SH+= nobody_test TAP_TESTS_SH+= root_test .for t in ${TAP_TESTS_SH} TEST_METADATA.$t+= required_kmods="mac_portacl" TEST_METADATA.$t+= required_user="root" -TEST_METADATA.$t+= timeout="450" +TEST_METADATA.$t+= timeout="600" TEST_METADATA.$t+= is_exclusive="true" .endfor .include diff --git a/tests/sys/netpfil/pf/rules_counter.sh b/tests/sys/netpfil/pf/rules_counter.sh index e80a46e9d6c6..54a65a907b4f 100644 --- a/tests/sys/netpfil/pf/rules_counter.sh +++ b/tests/sys/netpfil/pf/rules_counter.sh @@ -1,210 +1,210 @@ # # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2021 Rubicon Communications, LLC (Netgate) # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. . $(atf_get_srcdir)/utils.subr atf_test_case "get_clear" "cleanup" get_clear_head() { atf_set descr 'Test clearing rules counters on get rules' atf_set require.user root } get_clear_body() { pft_init epair_send=$(vnet_mkepair) ifconfig ${epair_send}a 192.0.2.1/24 up vnet_mkjail alcatraz ${epair_send}b jexec alcatraz ifconfig ${epair_send}b 192.0.2.2/24 up jexec alcatraz pfctl -e pft_set_rules alcatraz \ "pass all" # Ensure the rule matched packets, so we can verify non-zero counters atf_check -s exit:0 -o ignore ping -c 3 192.0.2.2 # Expect non-zero counters atf_check -s exit:0 -e ignore \ -o match:'Evaluations: [1-9][0-9]*[[:space:]]*Packets: [1-9][0-9]*[[:space:]]*Bytes: [1-9][0-9]*[[:space:]]*' \ jexec alcatraz pfctl -s r -v # We should still see non-zero because we didn't clear on the last # pfctl, but are going to clear now atf_check -s exit:0 -e ignore \ -o match:'Evaluations: [1-9][0-9]*[[:space:]]*Packets: [1-9][0-9]*[[:space:]]*Bytes: [1-9][0-9]*[[:space:]]*' \ jexec alcatraz pfctl -s r -v -z # Expect zero counters atf_check -s exit:0 -e ignore \ -o match:'Evaluations: 0[[:space:]]*Packets: 0*[[:space:]]*Bytes: 0*[[:space:]]*' \ jexec alcatraz pfctl -s r -v } get_clear_cleanup() { pft_cleanup } atf_test_case "keepcounters" "cleanup" keepcounters_head() { atf_set descr 'Test keepcounter functionality' atf_set require.user root } keepcounters_body() { pft_init epair_send=$(vnet_mkepair) ifconfig ${epair_send}a 192.0.2.1/24 up vnet_mkjail alcatraz ${epair_send}b jexec alcatraz ifconfig ${epair_send}b 192.0.2.2/24 up jexec alcatraz pfctl -e pft_set_rules alcatraz \ "pass all" # Expect zero counters atf_check -s exit:0 -e ignore \ -o match:'Evaluations: 0[[:space:]]*Packets: 0*[[:space:]]*Bytes: 0*[[:space:]]*' \ jexec alcatraz pfctl -s r -v # Ensure the rule matched packets, so we can verify non-zero counters atf_check -s exit:0 -o ignore ping -c 3 192.0.2.2 # Expect non-zero counters atf_check -s exit:0 -e ignore \ -o match:'Evaluations: [1-9][0-9]*[[:space:]]*Packets: [1-9][0-9]*[[:space:]]*Bytes: [1-9][0-9]*[[:space:]]*' \ jexec alcatraz pfctl -s r -v # As we set the (same) rules again we'd expect the counters to return # to zero pft_set_rules noflush alcatraz \ "pass all" atf_check -s exit:0 -e ignore \ -o match:'Evaluations: 0[[:space:]]*Packets: 0*[[:space:]]*Bytes: 0*[[:space:]]*' \ jexec alcatraz pfctl -s r -v # Increment rule counters atf_check -s exit:0 -o ignore ping -c 3 192.0.2.2 # Now set new rules with 'keepcounters' set, so we'd expect nonzero # counters pft_set_rules noflush alcatraz \ "set keepcounters" \ "pass all" atf_check -s exit:0 -e ignore \ -o match:'Evaluations: [1-9][0-9]*[[:space:]]*Packets: [1-9][0-9]*[[:space:]]*Bytes: [1-9][0-9]*[[:space:]]*' \ jexec alcatraz pfctl -s r -v # However, if we set a different rule it should return to zero pft_set_rules noflush alcatraz \ "set keepcounters" \ "pass inet all" atf_check -s exit:0 -e ignore \ -o match:'Evaluations: 0[[:space:]]*Packets: 0*[[:space:]]*Bytes: 0*[[:space:]]*' \ jexec alcatraz pfctl -s r -v # If we generate traffic and don't set keepcounters we also see zero # counts when setting new rules atf_check -s exit:0 -o ignore ping -c 3 192.0.2.2 pft_set_rules noflush alcatraz \ "pass inet all" atf_check -s exit:0 -e ignore \ -o match:'Evaluations: 0[[:space:]]*Packets: 0*[[:space:]]*Bytes: 0*[[:space:]]*' \ jexec alcatraz pfctl -s r -v } atf_test_case "4G" "cleanup" 4G_head() { atf_set descr 'Test keepcounter for values above 32 bits' atf_set require.user root - atf_set timeout 900 + atf_set timeout 1200 } 4G_body() { pft_init epair=$(vnet_mkepair) ifconfig ${epair}a 192.0.2.1/24 up vnet_mkjail alcatraz ${epair}b jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up jexec alcatraz nc -l 1234 >/dev/null & jexec alcatraz pfctl -e pft_set_rules alcatraz \ "pass all" # Now pass more than 4GB of data dd if=/dev/zero bs=1k count=4M | nc -N 192.0.2.2 1234 bytes=$(jexec alcatraz pfctl -s r -v | awk '/Bytes:/ { print $7; }') if [ $bytes -lt 4000000000 ]; then atf_fail "Expected to see > 4GB" fi # Set new rules, keeping counters pft_set_rules noflush alcatraz \ "set keepcounters" \ "pass all" bytes=$(jexec alcatraz pfctl -s r -v | awk '/Bytes:/ { print $7; }') if [ $bytes -lt 4000000000 ]; then atf_fail "Expected to see > 4GB after rule reload" fi } 4G_cleanup() { pft_cleanup } keepcounters_cleanup() { pft_cleanup } atf_init_test_cases() { atf_add_test_case "get_clear" atf_add_test_case "keepcounters" atf_add_test_case "4G" }