From nobody Mon May 20 13:46:45 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vjf4P4rKBz5LJTW; Mon, 20 May 2024 13:46:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Vjf4P229gz4Qgs; Mon, 20 May 2024 13:46:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1716212805; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iZqvJn6c7MHjAqTjGUYzX+gpNp/eatE+o5EgFKmhaA8=; b=akSzzuuqrxalTeZZktAMk5oUE+ccMPlaSffy0APAma9EBFIfLXO5vWFlk08t1csRyVp4DF 1UPT+TlhMgOT60yvPZoVo7QO/Y6AXcMTUZQT+8ZRKPqA77iay+Wh+bPoOdFEbTJGZrXPpI SNWiidTwzpLG9N8tbxa2cjeKOqLurcAQ6o/RatR+UM2YF7cQS4IuM5A6++lwNj4+N8nz6u xNLkZxYWZjxsR/ep4g1BMPaMVfQN0d+gCM+IQ7CURvqUFzYJ74pP/S4H2ItVegXzC1EG13 /S/uoNTs2OsDz2/E57XauKcKrO1lHV6kXE4qk7uh4mkE/TpgfxDb2A8tqiZY7A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1716212805; a=rsa-sha256; cv=none; b=Zu9K/5IKa6hS18GSXjxFMPH07IlTdGrbZOusZ+Q0D8WLtvPNHFaUGSsg3j/O32dJIt4S16 WNfY3OhXjPuXk5NLwlHfVMN7CeFEokXtsDUfnw4qCTdUq6KXH3/V0QnFNFZdAEDS7c5Hid 44ja0RHj/VremFVFNrf5vlZjPfZ8q4ARL4jZeVQ1WOaQL4vzFpeGpVFE9Deoe2Wq9Wl1Vo pC63XX4zofT3PE8xCLZIZkv6EwwLmHtheIjBP8QSqjthMjCj4Q9jYtyXsncraxBitTmaDt OvJ6fZ7bsAq1YZ/ePI5gsD3tvnFGjCwR7wTXBwMSc7lXPZwfJCsNjtHwfKa5tg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1716212805; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iZqvJn6c7MHjAqTjGUYzX+gpNp/eatE+o5EgFKmhaA8=; b=y1sK31lff5P8gWyqcUQBOmWPnL79Wy5nEryGXMKu0MHglNl7ewkVPQw5jmP66EPxaRwQdI k6JChKzluFBv9nJetE9qzquHjPB/06i1FMjcjRp0rcSwHzqC/ijyCZzasHc7OQ/RngGzos O6vmHYn5KZ8HML1xegzka2x3VMMGvuFLqrOZ4LDl+GGCf+jAv3RAWQuLa/+RYoVdmrxmAg 4wYs6yX1xviEHWVE4cwwJ1ZaldslV8mubmTEgp/cVlV8USOWrqc4Vw0VkmSxJrTyxMWBpt ZkNk/Dnun8Nzo2VQsw0TSa+SdPSG8NBVe0mJp+AwQU16N7GkTDvH4+5R6RQaqQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Vjf4P1fV0zh1h; Mon, 20 May 2024 13:46:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 44KDkjZg062988; Mon, 20 May 2024 13:46:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 44KDkjRV062985; Mon, 20 May 2024 13:46:45 GMT (envelope-from git) Date: Mon, 20 May 2024 13:46:45 GMT Message-Id: <202405201346.44KDkjRV062985@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: c39084799647 - stable/14 - wg tests: Add a simple regression test case for netmap support List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: c39084799647c0c085c6e3433a232c668d9447a9 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=c39084799647c0c085c6e3433a232c668d9447a9 commit c39084799647c0c085c6e3433a232c668d9447a9 Author: Mark Johnston AuthorDate: 2024-04-20 16:01:53 +0000 Commit: Mark Johnston CommitDate: 2024-05-20 13:42:46 +0000 wg tests: Add a simple regression test case for netmap support MFC after: 1 month Sponsored by: Klara, Inc. Sponsored by: Zenarmor (cherry picked from commit c0f13232410cf881475d6e4dbd0ec28ab3476c59) --- tests/sys/net/Makefile | 6 +++- tests/sys/net/if_wg.sh | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+), 1 deletion(-) diff --git a/tests/sys/net/Makefile b/tests/sys/net/Makefile index 75596028688b..95ab86156a0a 100644 --- a/tests/sys/net/Makefile +++ b/tests/sys/net/Makefile @@ -1,4 +1,3 @@ - PACKAGE= tests TESTSDIR= ${TESTSBASE}/sys/net @@ -19,6 +18,11 @@ ATF_TESTS_SH+= if_wg TESTS_SUBDIRS+= if_ovpn TESTS_SUBDIRS+= routing +# The netmap bridge application is used by if_wg tests. +.PATH: ${SRCTOP}/tools/tools/netmap +PROGS+= bridge +LIBADD.bridge+= netmap + # The tests are written to be run in parallel, but doing so leads to random # panics. I think it's because the kernel's list of interfaces isn't properly # locked. diff --git a/tests/sys/net/if_wg.sh b/tests/sys/net/if_wg.sh index 1f2ea308853a..b43b40f25018 100644 --- a/tests/sys/net/if_wg.sh +++ b/tests/sys/net/if_wg.sh @@ -92,6 +92,97 @@ wg_basic_cleanup() vnet_cleanup } +atf_test_case "wg_basic_netmap" "cleanup" +wg_basic_netmap_head() +{ + atf_set descr 'Create a wg(4) tunnel over an epair and pass traffic between jails with netmap' + atf_set require.user root +} + +wg_basic_netmap_body() +{ + local epair pri1 pri2 pub1 pub2 wg1 wg2 + local endpoint1 endpoint2 tunnel1 tunnel2 tunnel3 tunnel4 + local pid status + + kldload -n if_wg || atf_skip "This test requires if_wg and could not load it" + kldload -n netmap || atf_skip "This test requires netmap and could not load it" + + pri1=$(wg genkey) + pri2=$(wg genkey) + + endpoint1=192.168.2.1 + endpoint2=192.168.2.2 + tunnel1=192.168.3.1 + tunnel2=192.168.3.2 + tunnel3=192.168.3.3 + tunnel4=192.168.3.4 + + epair=$(vnet_mkepair) + + vnet_init + + vnet_mkjail wgtest1 ${epair}a + vnet_mkjail wgtest2 ${epair}b + + jexec wgtest1 ifconfig ${epair}a ${endpoint1}/24 up + jexec wgtest2 ifconfig ${epair}b ${endpoint2}/24 up + + wg1=$(jexec wgtest1 ifconfig wg create) + echo "$pri1" | jexec wgtest1 wg set $wg1 listen-port 12345 \ + private-key /dev/stdin + pub1=$(jexec wgtest1 wg show $wg1 public-key) + wg2=$(jexec wgtest2 ifconfig wg create) + echo "$pri2" | jexec wgtest2 wg set $wg2 listen-port 12345 \ + private-key /dev/stdin + pub2=$(jexec wgtest2 wg show $wg2 public-key) + + atf_check -s exit:0 -o ignore \ + jexec wgtest1 wg set $wg1 peer "$pub2" \ + endpoint ${endpoint2}:12345 allowed-ips ${tunnel2}/32,${tunnel4}/32 + atf_check -s exit:0 \ + jexec wgtest1 ifconfig $wg1 inet ${tunnel1}/24 up + + atf_check -s exit:0 -o ignore \ + jexec wgtest2 wg set $wg2 peer "$pub1" \ + endpoint ${endpoint1}:12345 allowed-ips ${tunnel1}/32,${tunnel3}/32 + atf_check -s exit:0 \ + jexec wgtest2 ifconfig $wg2 inet ${tunnel2}/24 up + + atf_check -s exit:0 -o ignore \ + jexec wgtest1 sysctl net.inet.ip.forwarding=1 + atf_check -s exit:0 -o ignore \ + jexec wgtest2 sysctl net.inet.ip.forwarding=1 + + jexec wgtest1 $(atf_get_srcdir)/bridge -w 0 -i netmap:wg0 -i netmap:wg0^ & + pid=$! + + # Generous timeout since the handshake takes some time. + atf_check -s exit:0 -o ignore jexec wgtest1 ping -c 1 -t 5 $tunnel2 + atf_check -s exit:0 -o ignore jexec wgtest2 ping -c 1 $tunnel1 + + # Verify that we cannot ping non-existent tunnel addresses. In general + # the remote side should respond with an ICMP message. + atf_check -s exit:2 -o ignore jexec wgtest1 ping -c 1 -t 2 $tunnel4 + atf_check -s exit:2 -o ignore jexec wgtest2 ping -c 1 -t 2 $tunnel3 + + # Make sure that the bridge is still functional. + atf_check -s exit:0 -o ignore jexec wgtest1 ping -c 1 $tunnel2 + atf_check -s exit:0 -o ignore jexec wgtest2 ping -c 1 $tunnel1 + + atf_check -s exit:0 kill -TERM $pid + wait $pid + status=$? + + # Make sure that SIGTERM was received and handled. + atf_check_equal $status 143 +} + +wg_basic_netmap_cleanup() +{ + vnet_cleanup +} + # The kernel is expected to silently ignore any attempt to add a peer with a # public key identical to the host's. atf_test_case "wg_key_peerdev_shared" "cleanup" @@ -258,6 +349,7 @@ wg_vnet_parent_routing_cleanup() atf_init_test_cases() { atf_add_test_case "wg_basic" + atf_add_test_case "wg_basic_netmap" atf_add_test_case "wg_key_peerdev_shared" atf_add_test_case "wg_key_peerdev_makeshared" atf_add_test_case "wg_vnet_parent_routing"