From nobody Sat Apr 20 16:05:07 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VMGYv6Zjdz5J3HF; Sat, 20 Apr 2024 16:05:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VMGYv4hdwz4tph; Sat, 20 Apr 2024 16:05:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1713629107; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BdfI67cOlZbzrFpad2PSqf8l8AeFWoujmzrtj01XD+Q=; b=c8+McWxxj184W9aAEKwFSDIt5Zl5IBNCeo1Co09Xno3qCcjXs2/7GPr+onVMtvusVSjsHB EuBr+JDVaJqDgxaoj9+0gsQHVfzm4wbiN2fgEzod/iJ2QXRqCRg1jqpMC+BC9Vg0klJ9xE YByzUjP+ukAmEd2IvKHHH4R89A5S3Doi7N41OCY0szEX1ibBW+lGx90kHnxZtmtjjBt9KK +J+NWvDyRsi1RYTOgbL4s6JBe7QdYLWi7U+MTT3/KamC+jCp1ezaNK468EmYIrxBeob7/y eFJDoq53onk90Ra5hajQwHGu0fz49U23nOT+tQjCfsX0J2Um1QTUiPGSQJLxfw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1713629107; a=rsa-sha256; cv=none; b=HDkBTqO3cVIN8Fgl8X8gfk9lr4cFZd2I7a+NoetQOPjocmON6pNLZEL1CMHFR2TP25D4C1 mC8bmWSyISxqy9XQ+KQcrxUxqS0Pm7wGJvNUusXM71BQBFMvIvX/iOnf9W5j1OQfeNeX3r Bqbk5UpPomwACChvkhFB8FZmbjpi1Zk447MdpuRrgY8MhAqzHoMXg5L3yjgnpFkjUNbHFY ioofYOlqkuIpxBWk9rdFCPE8BHMHdIZ7d0QyzyQJt82Kwqupy/t2wkrqPVIgEVpBCPkXO3 F+XR/UiuFfKU9lI6sIITSCIQV92Dly5/YOYO4F5pQf4hroezsMLq07oBWLM5Hg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1713629107; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BdfI67cOlZbzrFpad2PSqf8l8AeFWoujmzrtj01XD+Q=; b=qLlEKK6ixsXrc8si3qsVkTq3Y+zDJpS2wsOA02ZNq54kjxjfZpcU/aCBGrD7FqBh5dzJn+ ClIqxOsDXu7yzQWV2CpQH9rc4Zl8dgh4zCFTFSDmbaksb4/l0ibDxysMs2Kl1aHZScUODa 3wfkQEU3gB1GQ90Ss0oU3/CvkQ0HmhdNKY61h9LTI+pYVEKzhJjup2v67hxLycrDDicir3 IGJnv5/W7sMA8WWbOObNMH7zUtaaGR8coAwJR477R56wgJjaCampmX7RkQofQ3/wKR+s0/ qon5+eSpJR65VGUPMvLFthhSPU/Z7PkoWeGZ2HsNlsWlXLOHPfhVyycE4obeHQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VMGYv4J7qzkQn; Sat, 20 Apr 2024 16:05:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 43KG57KA080283; Sat, 20 Apr 2024 16:05:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 43KG57wm080280; Sat, 20 Apr 2024 16:05:07 GMT (envelope-from git) Date: Sat, 20 Apr 2024 16:05:07 GMT Message-Id: <202404201605.43KG57wm080280@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: c0f13232410c - main - wg tests: Add a simple regression test case for netmap support List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: c0f13232410cf881475d6e4dbd0ec28ab3476c59 Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=c0f13232410cf881475d6e4dbd0ec28ab3476c59 commit c0f13232410cf881475d6e4dbd0ec28ab3476c59 Author: Mark Johnston AuthorDate: 2024-04-20 16:01:53 +0000 Commit: Mark Johnston CommitDate: 2024-04-20 16:04:42 +0000 wg tests: Add a simple regression test case for netmap support MFC after: 1 month Sponsored by: Klara, Inc. Sponsored by: Zenarmor --- tests/sys/net/Makefile | 6 +++- tests/sys/net/if_wg.sh | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+), 1 deletion(-) diff --git a/tests/sys/net/Makefile b/tests/sys/net/Makefile index 75596028688b..95ab86156a0a 100644 --- a/tests/sys/net/Makefile +++ b/tests/sys/net/Makefile @@ -1,4 +1,3 @@ - PACKAGE= tests TESTSDIR= ${TESTSBASE}/sys/net @@ -19,6 +18,11 @@ ATF_TESTS_SH+= if_wg TESTS_SUBDIRS+= if_ovpn TESTS_SUBDIRS+= routing +# The netmap bridge application is used by if_wg tests. +.PATH: ${SRCTOP}/tools/tools/netmap +PROGS+= bridge +LIBADD.bridge+= netmap + # The tests are written to be run in parallel, but doing so leads to random # panics. I think it's because the kernel's list of interfaces isn't properly # locked. diff --git a/tests/sys/net/if_wg.sh b/tests/sys/net/if_wg.sh index 1f2ea308853a..b43b40f25018 100644 --- a/tests/sys/net/if_wg.sh +++ b/tests/sys/net/if_wg.sh @@ -92,6 +92,97 @@ wg_basic_cleanup() vnet_cleanup } +atf_test_case "wg_basic_netmap" "cleanup" +wg_basic_netmap_head() +{ + atf_set descr 'Create a wg(4) tunnel over an epair and pass traffic between jails with netmap' + atf_set require.user root +} + +wg_basic_netmap_body() +{ + local epair pri1 pri2 pub1 pub2 wg1 wg2 + local endpoint1 endpoint2 tunnel1 tunnel2 tunnel3 tunnel4 + local pid status + + kldload -n if_wg || atf_skip "This test requires if_wg and could not load it" + kldload -n netmap || atf_skip "This test requires netmap and could not load it" + + pri1=$(wg genkey) + pri2=$(wg genkey) + + endpoint1=192.168.2.1 + endpoint2=192.168.2.2 + tunnel1=192.168.3.1 + tunnel2=192.168.3.2 + tunnel3=192.168.3.3 + tunnel4=192.168.3.4 + + epair=$(vnet_mkepair) + + vnet_init + + vnet_mkjail wgtest1 ${epair}a + vnet_mkjail wgtest2 ${epair}b + + jexec wgtest1 ifconfig ${epair}a ${endpoint1}/24 up + jexec wgtest2 ifconfig ${epair}b ${endpoint2}/24 up + + wg1=$(jexec wgtest1 ifconfig wg create) + echo "$pri1" | jexec wgtest1 wg set $wg1 listen-port 12345 \ + private-key /dev/stdin + pub1=$(jexec wgtest1 wg show $wg1 public-key) + wg2=$(jexec wgtest2 ifconfig wg create) + echo "$pri2" | jexec wgtest2 wg set $wg2 listen-port 12345 \ + private-key /dev/stdin + pub2=$(jexec wgtest2 wg show $wg2 public-key) + + atf_check -s exit:0 -o ignore \ + jexec wgtest1 wg set $wg1 peer "$pub2" \ + endpoint ${endpoint2}:12345 allowed-ips ${tunnel2}/32,${tunnel4}/32 + atf_check -s exit:0 \ + jexec wgtest1 ifconfig $wg1 inet ${tunnel1}/24 up + + atf_check -s exit:0 -o ignore \ + jexec wgtest2 wg set $wg2 peer "$pub1" \ + endpoint ${endpoint1}:12345 allowed-ips ${tunnel1}/32,${tunnel3}/32 + atf_check -s exit:0 \ + jexec wgtest2 ifconfig $wg2 inet ${tunnel2}/24 up + + atf_check -s exit:0 -o ignore \ + jexec wgtest1 sysctl net.inet.ip.forwarding=1 + atf_check -s exit:0 -o ignore \ + jexec wgtest2 sysctl net.inet.ip.forwarding=1 + + jexec wgtest1 $(atf_get_srcdir)/bridge -w 0 -i netmap:wg0 -i netmap:wg0^ & + pid=$! + + # Generous timeout since the handshake takes some time. + atf_check -s exit:0 -o ignore jexec wgtest1 ping -c 1 -t 5 $tunnel2 + atf_check -s exit:0 -o ignore jexec wgtest2 ping -c 1 $tunnel1 + + # Verify that we cannot ping non-existent tunnel addresses. In general + # the remote side should respond with an ICMP message. + atf_check -s exit:2 -o ignore jexec wgtest1 ping -c 1 -t 2 $tunnel4 + atf_check -s exit:2 -o ignore jexec wgtest2 ping -c 1 -t 2 $tunnel3 + + # Make sure that the bridge is still functional. + atf_check -s exit:0 -o ignore jexec wgtest1 ping -c 1 $tunnel2 + atf_check -s exit:0 -o ignore jexec wgtest2 ping -c 1 $tunnel1 + + atf_check -s exit:0 kill -TERM $pid + wait $pid + status=$? + + # Make sure that SIGTERM was received and handled. + atf_check_equal $status 143 +} + +wg_basic_netmap_cleanup() +{ + vnet_cleanup +} + # The kernel is expected to silently ignore any attempt to add a peer with a # public key identical to the host's. atf_test_case "wg_key_peerdev_shared" "cleanup" @@ -258,6 +349,7 @@ wg_vnet_parent_routing_cleanup() atf_init_test_cases() { atf_add_test_case "wg_basic" + atf_add_test_case "wg_basic_netmap" atf_add_test_case "wg_key_peerdev_shared" atf_add_test_case "wg_key_peerdev_makeshared" atf_add_test_case "wg_vnet_parent_routing"