From nobody Tue Jun 06 08:52:29 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qb43x6vQ7z4ZjSs; Tue, 6 Jun 2023 08:52:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qb43x6BZjz47P1; Tue, 6 Jun 2023 08:52:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1686041549; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hrOc2Ov+cHaAnWGFYFZcOh0vlWeFP9BB1NTZDukTh1M=; b=Q+Xleu9/0urQ7CtUzN1J7+iYQ3W8yQ9uWTb6Lp+qyUWUyVTPB2c6zA3wO4RRfHde9zb7/d h5xH0Tz6ttR4klHEUo3JNgs5fCEbEj/AmWUpsXUreyRHOCfAvQSInUCQ9n3/VGzLqH/fWq 8tObWnB5417m4KKaD7cv85jgaFQw8BN5pCycTqgkZvpK4TcU7B2AyqCSbXOocVLv5Kwz8L nPA5593n8kv6CRJjYaxiomvkbymFsDshIZy0JgYsQTh7ES7T/5W6xVtvAHbk8WBgM5pBNb NAdzUCo6B5Zr1y+TnnOob9W21TG4fEJ5RbcZ7gaioi7EPlzNEkXo0PS1n0PnGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1686041549; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hrOc2Ov+cHaAnWGFYFZcOh0vlWeFP9BB1NTZDukTh1M=; b=c5qKyLUCVwmJcydBDKREUu/j6UmorIiTBuXbgDHOqHocHzKPy8pcs69/fg9l8P/bd/rjAJ 3ckJ69Dwedss6eizWOnpKak2uv0qJWrHenrt9T2+jPdaL7Vnbas7luyaw+4p0sSDMtxJ/6 /OlTixrixyu4QpKDu8KN8L23kqKOPeSAWVWo/hyk/53hNkS9FDKDndpe12SHd0EMFZtcLq vOmhlhffEld3ArQx4G3xZ6Z1e8IUmW8KYgdSsNvKl5teRXJSrHMNSFGKky35WO9b5Rf3R2 kCkWRclOI2C0irrIdZQTTRs9gle4UyDqjyBMGPd+7NrS5gXWhnd1n0+f2fsIJg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1686041549; a=rsa-sha256; cv=none; b=CSvsA4vUD2xy3q/+0wOkaTFthS5AvSmRfVeV1y7oKbsgdXzwN55zMI5KyKAfYDvp7ks8tc 7AHEunkZ99Zqm16r4QDx8wNhGqOvA7RWGUcFnjAkMeFMphL1LLcRjI3AEomKuN0OJh6rW0 rtdT9/+t7zF51lA/h6Y9ghPU7Wlt7NeLD5jMZ2RvK7CxDm0YDGFKtQ5QoaQZxUK3ykdMD2 0NLgvcsvbEWp3AAzoQJzL0DXw7z6a8JqQEcEXSg8/Qmk6350+9t70va7Alj1qy9tQKQCeE mhrBRE2xn4GyCmp8g+L1k4qFVrFDqnvFatSSjfMfKoNFVdWSi6SEJCxUAjVBeQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Qb43x53sxzNTr; Tue, 6 Jun 2023 08:52:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 3568qTC2054006; Tue, 6 Jun 2023 08:52:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 3568qTRC053993; Tue, 6 Jun 2023 08:52:29 GMT (envelope-from git) Date: Tue, 6 Jun 2023 08:52:29 GMT Message-Id: <202306060852.3568qTRC053993@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 657aec455f7c - main - pf tests: test reassembly in the slow path List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 657aec455f7cd960c8fa79a089f88f450c568d2d Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=657aec455f7cd960c8fa79a089f88f450c568d2d commit 657aec455f7cd960c8fa79a089f88f450c568d2d Author: Kristof Provost AuthorDate: 2023-06-02 14:42:08 +0000 Commit: Kristof Provost CommitDate: 2023-06-06 08:03:50 +0000 pf tests: test reassembly in the slow path Ensure that 'fragment reassemble' works as expected, even in the IP stack's slow forwarding path. (So not via ip_tryforward()) Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D40396 --- tests/sys/netpfil/pf/fragmentation_pass.sh | 44 ++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/tests/sys/netpfil/pf/fragmentation_pass.sh b/tests/sys/netpfil/pf/fragmentation_pass.sh index 560642a189e8..d257de730d2d 100644 --- a/tests/sys/netpfil/pf/fragmentation_pass.sh +++ b/tests/sys/netpfil/pf/fragmentation_pass.sh @@ -425,6 +425,49 @@ no_df_cleanup() pft_cleanup } +atf_test_case "reassemble_slowpath" "cleanup" +reassemble_slowpath_head() +{ + atf_set descr 'Test reassembly on the slow path' + atf_set require.user root +} + +reassemble_slowpath_body() +{ + if ! sysctl -q kern.features.ipsec >/dev/null ; then + atf_skip "This test requires ipsec" + fi + + setup_router_server_ipv4 + + # Now define an ipsec policy so we end up taking the slow path. + # We don't actually need the traffic to go through ipsec, we just don't + # want to go through ip_tryforward(). + echo "flush; + spdflush; + spdadd 203.0.113.1/32 203.0.113.2/32 any -P out ipsec esp/transport//require; + add 203.0.113.1 203.0.113.2 esp 0x1001 -E aes-gcm-16 \"12345678901234567890\";" \ + | jexec router setkey -c + + # Sanity check. + ping_server_check_reply exit:0 --ping-type=icmp + + # Enable packet reassembly with clearing of the no-df flag. + pft_set_rules router \ + "scrub in on ${epair_tester}b fragment no reassemble" \ + "scrub on ${epair_server}a fragment reassemble" \ + "pass" + + # Ensure that the packet makes it through the slow path + atf_check -s exit:0 -o ignore \ + ping -c 1 -s 2000 198.51.100.2 +} + +reassemble_slowpath_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "too_many_fragments" @@ -435,4 +478,5 @@ atf_init_test_cases() atf_add_test_case "overlimit" atf_add_test_case "reassemble" atf_add_test_case "no_df" + atf_add_test_case "reassemble_slowpath" }