Index: head/tests/sys/netinet6/frag6/frag6_01.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_01.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_01.sh (revision 354045) @@ -1,223 +1,233 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr atf_test_case "frag6_01" "cleanup" frag6_01_head() { frag6_head 1 } frag6_01_check_stats() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # XXX-BZ TODO FIXME reassembly-failed should be 1? # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } frag6_01_body() { atf_skip "Sending IPv6 Jumbograms needs 1 kernel changes and BPF fixes" frag6_body 1 frag6_01_check_stats } frag6_01_cleanup() { frag6_cleanup 1 } atf_init_test_cases() { atf_add_test_case "frag6_01" } Index: head/tests/sys/netinet6/frag6/frag6_02.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_02.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_02.sh (revision 354045) @@ -1,220 +1,230 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr atf_test_case "frag6_02" "cleanup" frag6_02_head() { frag6_head 2 } frag6_02_check_stats() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # XXX-TODO no global stats for this case? # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 0 0 1 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } frag6_02_body() { frag6_body 2 frag6_02_check_stats } frag6_02_cleanup() { frag6_cleanup 2 } atf_init_test_cases() { atf_add_test_case "frag6_02" } Index: head/tests/sys/netinet6/frag6/frag6_03.py =================================================================== --- head/tests/sys/netinet6/frag6/frag6_03.py (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_03.py (revision 354045) @@ -1,106 +1,107 @@ #!/usr/bin/env python #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # import argparse import scapy.all as sp import socket import sys from sniffer import Sniffer from time import sleep def check_icmp6_error(args, packet): ip6 = packet.getlayer(sp.IPv6) if not ip6: return False oip6 = sp.IPv6(src=args.src[0], dst=args.to[0]) if ip6.dst != oip6.src: return False icmp6 = packet.getlayer(sp.ICMPv6DestUnreach) if not icmp6: return False # ICMP6_DST_UNREACH_NOPORT 4 if icmp6.code != 4: return False # Should we check the payload as well? # We are running in a very isolated environment and nothing else # should trigger an ICMPv6 Dest Unreach / Port Unreach so leave it. #icmp6.display() return True def main(): parser = argparse.ArgumentParser("frag6.py", description="IPv6 fragementation test tool") parser.add_argument('--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ######################################################################## # - # (1) Atomic fragment. + # Atomic fragment. # # A: Nothing listening on UDP port. # R: ICMPv6 dst unreach, unreach port. # ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ - sp.IPv6ExtHdrFragment(offset=0, m=0, id=1) / \ + sp.IPv6ExtHdrFragment(offset=0, m=0, id=3) / \ sp.UDP(dport=3456, sport=6543) if args.debug : ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sleep(0.10) + sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) sys.exit(0) if __name__ == '__main__': main() Index: head/tests/sys/netinet6/frag6/frag6_03.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_03.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_03.sh (revision 354045) @@ -1,221 +1,231 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr atf_test_case "frag6_03" "cleanup" frag6_03_head() { frag6_head 3 } frag6_03_check_stats() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 1 0 0 0 0 1 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) # cat < ${HOME}/filter-${jname}.txt 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 1 1 0 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } frag6_03_body() { frag6_body 3 frag6_03_check_stats } frag6_03_cleanup() { frag6_cleanup 3 } atf_init_test_cases() { atf_add_test_case "frag6_03" } Index: head/tests/sys/netinet6/frag6/frag6_04.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_04.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_04.sh (revision 354045) @@ -1,221 +1,231 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr atf_test_case "frag6_04" "cleanup" frag6_04_head() { frag6_head 4 } frag6_04_check_stats() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) # cat < ${HOME}/filter-${jname}.txt 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 1 0 1 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } frag6_04_body() { frag6_body 4 frag6_04_check_stats } frag6_04_cleanup() { frag6_cleanup 4 } atf_init_test_cases() { atf_add_test_case "frag6_04" } Index: head/tests/sys/netinet6/frag6/frag6_05.py =================================================================== --- head/tests/sys/netinet6/frag6/frag6_05.py (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_05.py (revision 354045) @@ -1,82 +1,84 @@ #!/usr/bin/env python #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # import argparse import scapy.all as sp import socket import sys from time import sleep def main(): parser = argparse.ArgumentParser("frag6.py", description="IPv6 fragementation test tool") parser.add_argument('--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() ######################################################################## # # Sysctl set to accept (no|maximum 10) fragments. # # A: Discarded. # R: Silence (statistics only) or ICMPv6 timeout expiry. # data = "6" * 1280 bfid = 0x5001 for i in range(20): fid = bfid + i ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=fid) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) + # Wait for possible expiry to happen. + sleep(75) sys.exit(0) if __name__ == '__main__': main() Index: head/tests/sys/netinet6/frag6/frag6_05.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_05.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_05.sh (revision 354045) @@ -1,454 +1,475 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr frag6_05_check_stats_0() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac + # # Check that the sysctl is set to what we expect. # sn=`sysctl -n net.inet6.ip6.maxfrags` case "${sn}" in 0) ;; *) atf_fail "Sysctl net.inet6.ip6.maxfrags is ${sn} and not 0" ;; esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 20 20 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 20 0 20 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } frag6_05_check_stats_1() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac # # Check that the sysctl is set to what we expect. # sn=`sysctl -n net.inet6.ip6.maxfrags` case "${sn}" in 10) ;; *) atf_fail "Sysctl net.inet6.ip6.maxfrags is ${sn} and not 10" ;; esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 20 10 - 0 + 10 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) # cat < ${HOME}/filter-${jname}.txt - 0 + 10 0 0 0 0 0 0 0 - 0 + 10 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 20 0 10 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 - 0 + 10 0 0 - 0 + 10 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } atf_test_case "frag6_05_0" "cleanup" frag6_05_0_head() { frag6_head 5_0 } frag6_05_0_body() { # Save current sysctl value. ov=`sysctl -n net.inet6.ip6.maxfrags` echo "${ov}" > ${HOME}/sysctl-$(atf_get ident).txt # Never accept fragments. sysctl net.inet6.ip6.maxfrags=0 frag6_body 5 frag6_05_check_stats_0 } frag6_05_0_cleanup() { frag6_cleanup 5_0 # Restore sysctl back to default. ov=`cat ${HOME}/sysctl-$(atf_get ident).txt` rm -f ${HOME}/sysctl-$(atf_get ident).txt sysctl net.inet6.ip6.maxfrags=${ov} } atf_test_case "frag6_05_1" "cleanup" frag6_05_1_head() { frag6_head 5_1 } frag6_05_1_body() { # Save current sysctl value. ov=`sysctl -n net.inet6.ip6.maxfrags` echo "${ov}" > ${HOME}/sysctl-$(atf_get ident).txt # Maximum of 10 global system-wide fragments. sysctl net.inet6.ip6.maxfrags=10 frag6_body 5 frag6_05_check_stats_1 } frag6_05_1_cleanup() { frag6_cleanup 5_1 # Restore sysctl back to default. ov=`cat ${HOME}/sysctl-$(atf_get ident).txt` rm -f ${HOME}/sysctl-$(atf_get ident).txt sysctl net.inet6.ip6.maxfrags=${ov} } atf_init_test_cases() { atf_add_test_case "frag6_05_0" atf_add_test_case "frag6_05_1" } Index: head/tests/sys/netinet6/frag6/frag6_06.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_06.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_06.sh (revision 354045) @@ -1,252 +1,263 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr frag6_06_pre_test_0() { local jname ifname jname=$1 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac # Never accept fragments. jexec ${jname} sysctl net.inet6.ip6.maxfragbucketsize=0 } frag6_06_check_stats_0() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac + # # Check that the sysctl is set to what we expect. # sn=`jexec ${jname} sysctl -n net.inet6.ip6.maxfragbucketsize` case "${sn}" in 0) ;; *) atf_fail "Sysctl net.inet6.ip6.maxfragbucketsize is ${sn} and not 0" ;; esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 20 20 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 20 0 20 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } atf_test_case "frag6_06_0" "cleanup" frag6_06_0_head() { frag6_head 6_0 } frag6_06_0_body() { frag6_body 6 frag6_06_check_stats_0 frag6_06_pre_test_0 } frag6_06_0_cleanup() { frag6_cleanup 6_0 # No need to restore the sysctl back to default as the jail is gone. } #atf_test_case "frag6_06_1" "cleanup" # There is no point in testing a != 0 value for net.inet6.ip6.maxfragbucketsize. # We would have to be able to generate hash collisions to end up in the same # bucket (or re-compile a kernel with only 1 bucket). atf_init_test_cases() { atf_add_test_case "frag6_06_0" } Index: head/tests/sys/netinet6/frag6/frag6_07.py =================================================================== --- head/tests/sys/netinet6/frag6/frag6_07.py (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_07.py (revision 354045) @@ -1,150 +1,178 @@ #!/usr/bin/env python #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # import argparse import scapy.all as sp import socket import sys from sniffer import Sniffer from time import sleep def check_icmp6_error(args, packet): ip6 = packet.getlayer(sp.IPv6) if not ip6: return False oip6 = sp.IPv6(src=args.src[0], dst=args.to[0]) if ip6.dst != oip6.src: return False icmp6 = packet.getlayer(sp.ICMPv6ParamProblem) if not icmp6: return False # ICMP6_PARAMPROB_HEADER 0 if icmp6.code != 0: return False # Should we check the payload as well? # We are running in a very isolated environment and nothing else # should trigger an ICMPv6 Param Prob so leave it. #icmp6.display() return True +def check_icmp6_error_2(args, packet): + ip6 = packet.getlayer(sp.IPv6) + if not ip6: + return False + oip6 = sp.IPv6(src=args.src[0], dst=args.to[0]) + if ip6.dst != oip6.src: + return False + icmp6 = packet.getlayer(sp.ICMPv6TimeExceeded) + if not icmp6: + return False + # ICMP6_TIME_EXCEED_REASSEMBLY 1 + if icmp6.code != 1: + return False + # Should we check the payload as well? + # We are running in a very isolated environment and nothing else + # should trigger an ICMPv6 Time Exceeded / Frag reassembly so leave it. + #icmp6.display() + return True + def main(): parser = argparse.ArgumentParser("frag6.py", description="IPv6 fragementation test tool") parser.add_argument('--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) + sniffer2 = Sniffer(args, check_icmp6_error_2) ######################################################################## # # Two fragments with payload and offset set to add up to >64k. # # Make a first fragment arrive and a second to explode everything. # # A: Reassembly failure. # R: ICMPv6 param prob, param header. + # R: ICMPv6 timeout (1st frag, off=0) # data = "6" * 1280 ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=7) / \ sp.UDP(dport=3456, sport=6543) / \ data ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0x1fff, m=1, id=7) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f01.display() ip6f02.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) sleep(1.00) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # # A fragment with payload and offset set to add up to >64k. # # Try again with the first packet to make things explode. # # A: Reassembly failure. # R: ICMPv6 param prob, param header. # # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0x1fff, m=1, id=0x7001) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sleep(0.10) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: + sys.exit(1) + + # Wait for expiry from first test run. + sleep(75) + sniffer2.setEnd() + sniffer2.join() + if not sniffer2.foundCorrectPacket: sys.exit(1) sys.exit(0) if __name__ == '__main__': main() Index: head/tests/sys/netinet6/frag6/frag6_07.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_07.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_07.sh (revision 354045) @@ -1,221 +1,232 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr frag6_07_check_stats() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac + # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # XXX-BZ Only ICMPv6 errors and no proper stats! # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 3 0 - 0 + 1 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) # cat < ${HOME}/filter-${jname}.txt - 2 + 3 0 0 0 0 0 0 0 - 0 + 1 2 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 3 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 - 2 + 3 0 0 - 0 + 1 2 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } atf_test_case "frag6_07" "cleanup" frag6_07_head() { frag6_head 7 } frag6_07_body() { frag6_body 7 frag6_07_check_stats } frag6_07_cleanup() { frag6_cleanup 7 } atf_init_test_cases() { atf_add_test_case "frag6_07" } Index: head/tests/sys/netinet6/frag6/frag6_08.py =================================================================== --- head/tests/sys/netinet6/frag6/frag6_08.py (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_08.py (revision 354045) @@ -1,122 +1,152 @@ #!/usr/bin/env python #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # import argparse import scapy.all as sp import socket import sys from sniffer import Sniffer from time import sleep def check_icmp6_error(args, packet): ip6 = packet.getlayer(sp.IPv6) if not ip6: return False oip6 = sp.IPv6(src=args.src[0], dst=args.to[0]) if ip6.dst != oip6.src: return False icmp6 = packet.getlayer(sp.ICMPv6ParamProblem) if not icmp6: return False # ICMP6_PARAMPROB_HEADER 0 if icmp6.code != 0: return False # Should we check the payload as well? # We are running in a very isolated environment and nothing else # should trigger an ICMPv6 Param Prob so leave it. #icmp6.display() return True +def check_icmp6_error_2(args, packet): + ip6 = packet.getlayer(sp.IPv6) + if not ip6: + return False + oip6 = sp.IPv6(src=args.src[0], dst=args.to[0]) + if ip6.dst != oip6.src: + return False + icmp6 = packet.getlayer(sp.ICMPv6TimeExceeded) + if not icmp6: + return False + # ICMP6_TIME_EXCEED_REASSEMBLY 1 + if icmp6.code != 1: + return False + # Should we check the payload as well? + # We are running in a very isolated environment and nothing else + # should trigger an ICMPv6 Time Exceeded / Frag reassembly so leave it. + #icmp6.display() + return True + + def main(): parser = argparse.ArgumentParser("frag6.py", description="IPv6 fragementation test tool") parser.add_argument('--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) + sniffer2 = Sniffer(args, check_icmp6_error_2) ######################################################################## # # A fragment with payload and offset set to add up to >64k when # another frag with offset=0 arrives and has an unfrag part. + # This is us checking for all fragments queued already when the + # one with off=0 arrives. Note: unless the off=0 has its own problem + # it will be queued and off!=0 ones might be expunged with param prob. # - # A: Reassembly failure (timeout) after - # R: ICMPv6 param prob, param header (earlier). + # A: Reassembly failure, timeout after + # R: ICMPv6 param prob, param header (1st frag) + # R: ICMPv6 time exceeded (2nd frag, as off=0) # data = "6" * 15 ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0x1ffc, m=0, id=8) / \ sp.UDP(dport=3456, sport=6543) / \ data data = "6" * 8 ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrDestOpt(options = \ sp.PadN(optdata="\x00\x00\x00\x00\x00\x00")) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=8) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f01.display() ip6f02.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) sleep(1.00) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: + sys.exit(1) + sleep(75) + sniffer2.setEnd() + sniffer2.join() + if not sniffer2.foundCorrectPacket: sys.exit(1) sys.exit(0) if __name__ == '__main__': main() Index: head/tests/sys/netinet6/frag6/frag6_08.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_08.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_08.sh (revision 354045) @@ -1,221 +1,232 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr frag6_08_check_stats() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac + # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # XXX-BZ Only ICMPv6 errors and no proper stats! # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 2 0 - 0 + 1 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) # cat < ${HOME}/filter-${jname}.txt - 1 + 2 0 0 0 0 0 0 0 - 0 + 1 1 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 2 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 - 1 + 2 0 0 - 0 + 1 1 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } atf_test_case "frag6_08" "cleanup" frag6_08_head() { frag6_head 8 } frag6_08_body() { frag6_body 8 frag6_08_check_stats } frag6_08_cleanup() { frag6_cleanup 8 } atf_init_test_cases() { atf_add_test_case "frag6_08" } Index: head/tests/sys/netinet6/frag6/frag6_09.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_09.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_09.sh (revision 354045) @@ -1,219 +1,229 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr atf_test_case "frag6_09" "cleanup" frag6_09_head() { frag6_head 9 } frag6_09_check_stats() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 1 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } frag6_09_body() { frag6_body 9 frag6_09_check_stats } frag6_09_cleanup() { frag6_cleanup 9 } atf_init_test_cases() { atf_add_test_case "frag6_09" } Index: head/tests/sys/netinet6/frag6/frag6_10.py =================================================================== --- head/tests/sys/netinet6/frag6/frag6_10.py (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_10.py (revision 354045) @@ -1,79 +1,81 @@ #!/usr/bin/env python #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # import argparse import scapy.all as sp import socket import sys from time import sleep def main(): parser = argparse.ArgumentParser("frag6.py", description="IPv6 fragementation test tool") parser.add_argument('--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() ######################################################################## # # A single middle fragment. # # A: Waiting for more data. # R: Timeout / Expiry. # ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=161, m=1, id=7) / \ sp.UDP(dport=3456, sport=6543) if args.debug : ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) # We do not generate ICMPv6 for non-off=0-segments. + # Wait for expiry. + sleep(75) sys.exit(0) if __name__ == '__main__': main() Index: head/tests/sys/netinet6/frag6/frag6_10.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_10.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_10.sh (revision 354045) @@ -1,221 +1,231 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr atf_test_case "frag6_10" "cleanup" frag6_10_head() { frag6_head 10 } frag6_10_check_stats() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. - # We do not seem to sent a timeout ICMPv6 for this one? - # No, as it is not an off=0 segment. + # We do not sent a timeout ICMPv6 for this one + # as it is not an off=0 segment. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 1 0 - 0 + 1 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 1 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } frag6_10_body() { frag6_body 10 frag6_10_check_stats } frag6_10_cleanup() { frag6_cleanup 10 } atf_init_test_cases() { atf_add_test_case "frag6_10" } Index: head/tests/sys/netinet6/frag6/frag6_11.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_11.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_11.sh (revision 354045) @@ -1,220 +1,230 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr atf_test_case "frag6_11" "cleanup" frag6_11_head() { frag6_head 11 } frag6_11_check_stats() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # XXX-TODO We do not seem to sent a timeout ICMPv6 for this one? # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 1 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } frag6_11_body() { frag6_body 11 frag6_11_check_stats } frag6_11_cleanup() { frag6_cleanup 11 } atf_init_test_cases() { atf_add_test_case "frag6_11" } Index: head/tests/sys/netinet6/frag6/frag6_12.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_12.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_12.sh (revision 354045) @@ -1,218 +1,228 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr atf_test_case "frag6_12" "cleanup" frag6_12_head() { frag6_head 12 } frag6_12_check_stats() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 1 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } frag6_12_body() { frag6_body 12 frag6_12_check_stats } frag6_12_cleanup() { frag6_cleanup 12 } atf_init_test_cases() { atf_add_test_case "frag6_12" } Index: head/tests/sys/netinet6/frag6/frag6_13.py =================================================================== --- head/tests/sys/netinet6/frag6/frag6_13.py (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_13.py (revision 354045) @@ -1,120 +1,122 @@ #!/usr/bin/env python #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # import argparse import scapy.all as sp import socket import sys from time import sleep def main(): parser = argparse.ArgumentParser("frag6.py", description="IPv6 fragementation test tool") parser.add_argument('--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() ######################################################################## # # Two fragments with different ECN (Traffic Clas) bits to trigger # error cases. # # A: Reassembly failure. # R: ip6f02 dropped / Timeout (not waiting for). # data = "6" * 8 # IPTOS_ECN_NOTECT ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0], tc=0x00) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=13) / \ sp.UDP(dport=3456, sport=6543) / \ data # IPTOS_ECN_CE ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0], tc=0x03) / \ sp.IPv6ExtHdrFragment(offset=16, m=0, id=13) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f01.display() ip6f02.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # # Two fragments with different ECN (Traffic Clas) bits to trigger # error cases. # # A: Reassembly failure. # R: ip6f02 dropped / Timeout (not waiting for). # # IPTOS_ECN_ECT1 ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0], tc=0x01) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=0x1301) / \ sp.UDP(dport=3456, sport=6543) / \ data # IPTOS_ECN_NOTECT ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0], tc=0x00) / \ sp.IPv6ExtHdrFragment(offset=16, m=0, id=0x1301) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f01.display() ip6f02.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) + # Wait for expiry. + sleep(75) sys.exit(0) if __name__ == '__main__': main() Index: head/tests/sys/netinet6/frag6/frag6_13.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_13.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_13.sh (revision 354045) @@ -1,218 +1,228 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr atf_test_case "frag6_13" "cleanup" frag6_13_head() { frag6_head 13 } frag6_13_check_stats() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 4 2 - 0 + 2 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt - 0 + 2 0 0 0 0 0 0 0 - 0 + 2 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 4 0 2 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 - 0 + 2 0 0 - 0 + 2 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } frag6_13_body() { frag6_body 13 frag6_13_check_stats } frag6_13_cleanup() { frag6_cleanup 13 } atf_init_test_cases() { atf_add_test_case "frag6_13" } Index: head/tests/sys/netinet6/frag6/frag6_14.py =================================================================== --- head/tests/sys/netinet6/frag6/frag6_14.py (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_14.py (revision 354045) @@ -1,135 +1,137 @@ #!/usr/bin/env python #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # import argparse import scapy.all as sp import socket import sys from time import sleep def main(): parser = argparse.ArgumentParser("frag6.py", description="IPv6 fragementation test tool") parser.add_argument('--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() ######################################################################## # # Send multiple fragments, with an exact overlap in a middle one, # not finishing the full packet (and ignoring the content anyway). # # A: Reassembly failure. # R: dup dropped silently / Timeout (not waiting for). # data = "6" * 8 ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=14) / \ sp.UDP(dport=3456, sport=6543) / \ data ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0x1000, m=0, id=14) / \ sp.UDP(dport=3456, sport=6543) / \ data ip6f03 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=16, m=1, id=14) / \ sp.UDP(dport=3456, sport=6543) / \ data ip6f04 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=16, m=1, id=14) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f01.display() ip6f02.display() ip6f03.display() ip6f04.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) sp.sendp(ip6f03, iface=args.sendif[0], verbose=False) sp.sendp(ip6f04, iface=args.sendif[0], verbose=False) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # # Send multiple fragments, with a partial overlap on the first one # not finishing the full packet (and ignoring the content anyway). # The second packet needs to be the first one in the fragment chain # in order to trigger the 2nd case to test. # # A: Reassembly failure. # R: dup dropped silently / Timeout (not waiting for). # data = "6" * 8 ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=10, m=1, id=0x1401) / \ sp.UDP(dport=3456, sport=6543) / \ data ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=9, m=0, id=0x1401) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f01.display() ip6f02.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) + # Wait for expiry. + sleep(75) sys.exit(0) if __name__ == '__main__': main() Index: head/tests/sys/netinet6/frag6/frag6_14.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_14.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_14.sh (revision 354045) @@ -1,218 +1,228 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr atf_test_case "frag6_14" "cleanup" frag6_14_head() { frag6_head 14 } frag6_14_check_stats() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 6 2 - 0 + 4 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt - 0 + 1 0 0 0 0 0 0 0 - 0 + 1 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 6 0 2 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 - 0 + 1 0 0 - 0 + 1 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } frag6_14_body() { frag6_body 14 frag6_14_check_stats } frag6_14_cleanup() { frag6_cleanup 14 } atf_init_test_cases() { atf_add_test_case "frag6_14" } Index: head/tests/sys/netinet6/frag6/frag6_15.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_15.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_15.sh (revision 354045) @@ -1,246 +1,257 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr frag6_15_pre_test() { local jname ifname jname=$1 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac # Accept 3 fragments per fragmented packet. jexec ${jname} sysctl net.inet6.ip6.maxfragsperpacket=3 } frag6_15_check_stats() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac + # # Check that the sysctl is set to what we expect. # sn=`jexec ${jname} sysctl -n net.inet6.ip6.maxfragsperpacket` case "${sn}" in 3) ;; *) atf_fail "Sysctl net.inet6.ip6.maxfragsperpacket is ${sn} and not 3" ;; esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 8 8 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) # cat < ${HOME}/filter-${jname}.txt 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # XXX-BZ no reassembly failed stats.# # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 8 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } atf_test_case "frag6_15" "cleanup" frag6_15_head() { frag6_head 15 } frag6_15_body() { frag6_body 15 frag6_15_check_stats frag6_15_pre_test } frag6_15_cleanup() { frag6_cleanup 15 # No need to restore the sysctl back to default as the jail is gone. } atf_init_test_cases() { atf_add_test_case "frag6_15" } Index: head/tests/sys/netinet6/frag6/frag6_16.sh =================================================================== --- head/tests/sys/netinet6/frag6/frag6_16.sh (revision 354044) +++ head/tests/sys/netinet6/frag6/frag6_16.sh (revision 354045) @@ -1,222 +1,233 @@ # $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr frag6_16_check_stats() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac + # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 1 0 0 0 0 1 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 30 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) # cat < ${HOME}/filter-${jname}.txt 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # XXX-BZ no reassembly failed stats.# # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 30 1 0 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } atf_test_case "frag6_16" "cleanup" frag6_16_head() { frag6_head 16 } frag6_16_body() { frag6_body 16 frag6_16_check_stats } frag6_16_cleanup() { frag6_cleanup 16 } atf_init_test_cases() { atf_add_test_case "frag6_16" }