1263445Sasomers# 2263445Sasomers# Copyright (c) 2014 Spectra Logic Corporation 3263445Sasomers# All rights reserved. 4264917Sasomers# 5263445Sasomers# Redistribution and use in source and binary forms, with or without 6263445Sasomers# modification, are permitted provided that the following conditions 7263445Sasomers# are met: 8263445Sasomers# 1. Redistributions of source code must retain the above copyright 9263445Sasomers# notice, this list of conditions, and the following disclaimer, 10263445Sasomers# without modification. 11263445Sasomers# 2. Redistributions in binary form must reproduce at minimum a disclaimer 12263445Sasomers# substantially similar to the "NO WARRANTY" disclaimer below 13263445Sasomers# ("Disclaimer") and any redistribution must be conditioned upon 14263445Sasomers# including a substantially similar Disclaimer requirement for further 15263445Sasomers# binary redistribution. 16264917Sasomers# 17263445Sasomers# NO WARRANTY 18263445Sasomers# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19263445Sasomers# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20263445Sasomers# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR 21263445Sasomers# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22263445Sasomers# HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23263445Sasomers# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24263445Sasomers# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25263445Sasomers# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26263445Sasomers# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 27263445Sasomers# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28263445Sasomers# POSSIBILITY OF SUCH DAMAGES. 29264917Sasomers# 30263445Sasomers# Authors: Alan Somers (Spectra Logic Corporation) 31263445Sasomers# 32263445Sasomers# $FreeBSD: stable/11/tests/sys/netinet/fibs_test.sh 324404 2017-10-07 23:10:16Z ngie $ 33263445Sasomers 34263445Sasomers# All of the tests in this file requires the test-suite config variable "fibs" 35263445Sasomers# to be defined to a space-delimited list of FIBs that may be used for testing. 36263445Sasomers 37263445Sasomers# arpresolve should check the interface fib for routes to a target when 38263445Sasomers# creating an ARP table entry. This is a regression for kern/167947, where 39263445Sasomers# arpresolve only checked the default route. 40263445Sasomers# 41263445Sasomers# Outline: 42317067Sasomers# Create two connected epair(4) interfaces 43263445Sasomers# Use nping (from security/nmap) to send an ICMP echo request from one 44263445Sasomers# interface to the other, spoofing the source IP. The source IP must be 45264917Sasomers# spoofed, or else it will already have an entry in the arp table. 46263445Sasomers# Check whether an arp entry exists for the spoofed IP 47263445Sasomersatf_test_case arpresolve_checks_interface_fib cleanup 48263445Sasomersarpresolve_checks_interface_fib_head() 49263445Sasomers{ 50263445Sasomers atf_set "descr" "arpresolve should check the interface fib, not the default fib, for routes" 51263445Sasomers atf_set "require.user" "root" 52263445Sasomers atf_set "require.config" "fibs" 53317067Sasomers atf_set "require.progs" "nping" 54263445Sasomers} 55263445Sasomersarpresolve_checks_interface_fib_body() 56263445Sasomers{ 57263445Sasomers # Configure the TAP interfaces to use a RFC5737 nonrouteable addresses 58263445Sasomers # and a non-default fib 59263445Sasomers ADDR0="192.0.2.2" 60263445Sasomers ADDR1="192.0.2.3" 61263445Sasomers SUBNET="192.0.2.0" 62263445Sasomers # Due to bug TBD (regressed by multiple_fibs_on_same_subnet) we need 63263445Sasomers # diffferent subnet masks, or FIB1 won't have a subnet route. 64263445Sasomers MASK0="24" 65263445Sasomers MASK1="25" 66263445Sasomers # Spoof a MAC that is reserved per RFC7042 67263445Sasomers SPOOF_ADDR="192.0.2.4" 68263445Sasomers SPOOF_MAC="00:00:5E:00:53:00" 69263445Sasomers 70263445Sasomers # Check system configuration 71263445Sasomers if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 72263445Sasomers atf_skip "This test requires net.add_addr_allfibs=0" 73263445Sasomers fi 74263445Sasomers get_fibs 2 75263445Sasomers 76317067Sasomers # Configure epair interfaces 77317067Sasomers get_epair 78317067Sasomers setup_iface "$EPAIRA" "$FIB0" inet ${ADDR0} ${MASK0} 79317067Sasomers setup_iface "$EPAIRB" "$FIB1" inet ${ADDR1} ${MASK1} 80263445Sasomers 81263445Sasomers # Send an ICMP echo request with a spoofed source IP 82317067Sasomers setfib "$FIB0" nping -c 1 -e ${EPAIRA} -S ${SPOOF_ADDR} \ 83263445Sasomers --source-mac ${SPOOF_MAC} --icmp --icmp-type "echo-request" \ 84263445Sasomers --icmp-code 0 --icmp-id 0xdead --icmp-seq 1 --data 0xbeef \ 85263445Sasomers ${ADDR1} 86263445Sasomers # For informational and debugging purposes only, look for the 87263445Sasomers # characteristic error message 88263445Sasomers dmesg | grep "llinfo.*${SPOOF_ADDR}" 89263445Sasomers # Check that the ARP entry exists 90317067Sasomers atf_check -o match:"${SPOOF_ADDR}.*expires" setfib "$FIB1" arp ${SPOOF_ADDR} 91263445Sasomers} 92263445Sasomersarpresolve_checks_interface_fib_cleanup() 93263445Sasomers{ 94317067Sasomers cleanup_ifaces 95263445Sasomers} 96263445Sasomers 97263445Sasomers 98263445Sasomers# Regression test for kern/187549 99263445Sasomersatf_test_case loopback_and_network_routes_on_nondefault_fib cleanup 100263445Sasomersloopback_and_network_routes_on_nondefault_fib_head() 101263445Sasomers{ 102317067Sasomers atf_set "descr" "When creating and deleting loopback IPv4 routes, use the interface's fib" 103263445Sasomers atf_set "require.user" "root" 104263445Sasomers atf_set "require.config" "fibs" 105263445Sasomers} 106263445Sasomers 107263445Sasomersloopback_and_network_routes_on_nondefault_fib_body() 108263445Sasomers{ 109263445Sasomers # Configure the TAP interface to use an RFC5737 nonrouteable address 110263445Sasomers # and a non-default fib 111263445Sasomers ADDR="192.0.2.2" 112263445Sasomers SUBNET="192.0.2.0" 113263445Sasomers MASK="24" 114263445Sasomers 115263445Sasomers # Check system configuration 116263445Sasomers if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 117263445Sasomers atf_skip "This test requires net.add_addr_allfibs=0" 118263445Sasomers fi 119263445Sasomers get_fibs 1 120263445Sasomers 121263445Sasomers # Configure a TAP interface 122317067Sasomers setup_tap ${FIB0} inet ${ADDR} ${MASK} 123263445Sasomers 124263445Sasomers # Check whether the host route exists in only the correct FIB 125263445Sasomers setfib ${FIB0} netstat -rn -f inet | grep -q "^${ADDR}.*UHS.*lo0" 126263445Sasomers if [ 0 -ne $? ]; then 127263445Sasomers setfib ${FIB0} netstat -rn -f inet 128263445Sasomers atf_fail "Host route did not appear in the correct FIB" 129263445Sasomers fi 130263445Sasomers setfib 0 netstat -rn -f inet | grep -q "^${ADDR}.*UHS.*lo0" 131263445Sasomers if [ 0 -eq $? ]; then 132263445Sasomers setfib 0 netstat -rn -f inet 133263445Sasomers atf_fail "Host route appeared in the wrong FIB" 134263445Sasomers fi 135263445Sasomers 136263445Sasomers # Check whether the network route exists in only the correct FIB 137263445Sasomers setfib ${FIB0} netstat -rn -f inet | \ 138263445Sasomers grep -q "^${SUBNET}/${MASK}.*${TAPD}" 139263445Sasomers if [ 0 -ne $? ]; then 140263445Sasomers setfib ${FIB0} netstat -rn -f inet 141263445Sasomers atf_fail "Network route did not appear in the correct FIB" 142263445Sasomers fi 143263445Sasomers setfib 0 netstat -rn -f inet | \ 144263445Sasomers grep -q "^${SUBNET}/${MASK}.*${TAPD}" 145263445Sasomers if [ 0 -eq $? ]; then 146317067Sasomers setfib 0 netstat -rn -f inet 147263445Sasomers atf_fail "Network route appeared in the wrong FIB" 148263445Sasomers fi 149263445Sasomers} 150263445Sasomers 151263445Sasomersloopback_and_network_routes_on_nondefault_fib_cleanup() 152263445Sasomers{ 153317067Sasomers cleanup_ifaces 154263445Sasomers} 155263445Sasomers 156317067Sasomersatf_test_case loopback_and_network_routes_on_nondefault_fib_inet6 cleanup 157317067Sasomersloopback_and_network_routes_on_nondefault_fib_inet6_head() 158317067Sasomers{ 159317067Sasomers atf_set "descr" "When creating and deleting loopback IPv6 routes, use the interface's fib" 160317067Sasomers atf_set "require.user" "root" 161317067Sasomers atf_set "require.config" "fibs" 162317067Sasomers} 163263445Sasomers 164317067Sasomersloopback_and_network_routes_on_nondefault_fib_inet6_body() 165317067Sasomers{ 166317067Sasomers # Configure the TAP interface to use a nonrouteable RFC3849 167317067Sasomers # address and a non-default fib 168317067Sasomers ADDR="2001:db8::2" 169317067Sasomers SUBNET="2001:db8::" 170317067Sasomers MASK="64" 171317067Sasomers 172317067Sasomers # Check system configuration 173317067Sasomers if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 174317067Sasomers atf_skip "This test requires net.add_addr_allfibs=0" 175317067Sasomers fi 176317067Sasomers get_fibs 1 177317067Sasomers 178317067Sasomers # Configure a TAP interface 179317067Sasomers setup_tap ${FIB0} inet6 ${ADDR} ${MASK} 180317067Sasomers 181317067Sasomers # Check whether the host route exists in only the correct FIB 182317067Sasomers setfib ${FIB0} netstat -rn -f inet6 | grep -q "^${ADDR}.*UHS.*lo0" 183317067Sasomers if [ 0 -ne $? ]; then 184317067Sasomers setfib ${FIB0} netstat -rn -f inet6 185317067Sasomers atf_fail "Host route did not appear in the correct FIB" 186317067Sasomers fi 187317067Sasomers setfib 0 netstat -rn -f inet6 | grep -q "^${ADDR}.*UHS.*lo0" 188317067Sasomers if [ 0 -eq $? ]; then 189317067Sasomers setfib 0 netstat -rn -f inet6 190317067Sasomers atf_fail "Host route appeared in the wrong FIB" 191317067Sasomers fi 192317067Sasomers 193317067Sasomers # Check whether the network route exists in only the correct FIB 194317067Sasomers setfib ${FIB0} netstat -rn -f inet6 | \ 195317067Sasomers grep -q "^${SUBNET}/${MASK}.*${TAPD}" 196317067Sasomers if [ 0 -ne $? ]; then 197317067Sasomers setfib ${FIB0} netstat -rn -f inet6 198317067Sasomers atf_fail "Network route did not appear in the correct FIB" 199317067Sasomers fi 200317067Sasomers setfib 0 netstat -rn -f inet6 | \ 201317067Sasomers grep -q "^${SUBNET}/${MASK}.*${TAPD}" 202317067Sasomers if [ 0 -eq $? ]; then 203317067Sasomers setfib 0 netstat -rn -f inet6 204317067Sasomers atf_fail "Network route appeared in the wrong FIB" 205317067Sasomers fi 206317067Sasomers} 207317067Sasomers 208317067Sasomersloopback_and_network_routes_on_nondefault_fib_inet6_cleanup() 209317067Sasomers{ 210317067Sasomers cleanup_ifaces 211317067Sasomers} 212317067Sasomers 213317067Sasomers 214263445Sasomers# Regression test for kern/187552 215263445Sasomersatf_test_case default_route_with_multiple_fibs_on_same_subnet cleanup 216263445Sasomersdefault_route_with_multiple_fibs_on_same_subnet_head() 217263445Sasomers{ 218317067Sasomers atf_set "descr" "Multiple interfaces on the same subnet but with different fibs can both have default IPv4 routes" 219263445Sasomers atf_set "require.user" "root" 220263445Sasomers atf_set "require.config" "fibs" 221263445Sasomers} 222263445Sasomers 223263445Sasomersdefault_route_with_multiple_fibs_on_same_subnet_body() 224263445Sasomers{ 225263445Sasomers # Configure the TAP interfaces to use a RFC5737 nonrouteable addresses 226263445Sasomers # and a non-default fib 227263445Sasomers ADDR0="192.0.2.2" 228263445Sasomers ADDR1="192.0.2.3" 229263445Sasomers GATEWAY="192.0.2.1" 230263445Sasomers SUBNET="192.0.2.0" 231263445Sasomers MASK="24" 232263445Sasomers 233263445Sasomers # Check system configuration 234263445Sasomers if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 235263445Sasomers atf_skip "This test requires net.add_addr_allfibs=0" 236263445Sasomers fi 237263445Sasomers get_fibs 2 238263445Sasomers 239263445Sasomers # Configure TAP interfaces 240317067Sasomers setup_tap "$FIB0" inet ${ADDR0} ${MASK} 241263445Sasomers TAP0=$TAP 242317067Sasomers setup_tap "$FIB1" inet ${ADDR1} ${MASK} 243263445Sasomers TAP1=$TAP 244263445Sasomers 245263445Sasomers # Attempt to add default routes 246263445Sasomers setfib ${FIB0} route add default ${GATEWAY} 247263445Sasomers setfib ${FIB1} route add default ${GATEWAY} 248263445Sasomers 249263445Sasomers # Verify that the default route exists for both fibs, with their 250263445Sasomers # respective interfaces. 251263445Sasomers atf_check -o match:"^default.*${TAP0}$" \ 252263445Sasomers setfib ${FIB0} netstat -rn -f inet 253263445Sasomers atf_check -o match:"^default.*${TAP1}$" \ 254263445Sasomers setfib ${FIB1} netstat -rn -f inet 255263445Sasomers} 256263445Sasomers 257263445Sasomersdefault_route_with_multiple_fibs_on_same_subnet_cleanup() 258263445Sasomers{ 259317067Sasomers cleanup_ifaces 260263445Sasomers} 261263445Sasomers 262317067Sasomersatf_test_case default_route_with_multiple_fibs_on_same_subnet_inet6 cleanup 263317067Sasomersdefault_route_with_multiple_fibs_on_same_subnet_inet6_head() 264317067Sasomers{ 265317067Sasomers atf_set "descr" "Multiple interfaces on the same subnet but with different fibs can both have default IPv6 routes" 266317067Sasomers atf_set "require.user" "root" 267317067Sasomers atf_set "require.config" "fibs" 268317067Sasomers} 269263445Sasomers 270317067Sasomersdefault_route_with_multiple_fibs_on_same_subnet_inet6_body() 271317067Sasomers{ 272317067Sasomers # Configure the TAP interfaces to use nonrouteable RFC3849 273317067Sasomers # addresses and non-default FIBs 274317067Sasomers ADDR0="2001:db8::2" 275317067Sasomers ADDR1="2001:db8::3" 276317067Sasomers GATEWAY="2001:db8::1" 277317067Sasomers SUBNET="2001:db8::" 278317067Sasomers MASK="64" 279317067Sasomers 280317067Sasomers # Check system configuration 281317067Sasomers if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 282317067Sasomers atf_skip "This test requires net.add_addr_allfibs=0" 283317067Sasomers fi 284317067Sasomers get_fibs 2 285317067Sasomers 286317067Sasomers # Configure TAP interfaces 287317067Sasomers setup_tap "$FIB0" inet6 ${ADDR0} ${MASK} 288317067Sasomers TAP0=$TAP 289317067Sasomers setup_tap "$FIB1" inet6 ${ADDR1} ${MASK} 290317067Sasomers TAP1=$TAP 291317067Sasomers 292317067Sasomers # Attempt to add default routes 293317067Sasomers setfib ${FIB0} route -6 add default ${GATEWAY} 294317067Sasomers setfib ${FIB1} route -6 add default ${GATEWAY} 295317067Sasomers 296317067Sasomers # Verify that the default route exists for both fibs, with their 297317067Sasomers # respective interfaces. 298317067Sasomers atf_check -o match:"^default.*${TAP0}$" \ 299317067Sasomers setfib ${FIB0} netstat -rn -f inet6 300317067Sasomers atf_check -o match:"^default.*${TAP1}$" \ 301317067Sasomers setfib ${FIB1} netstat -rn -f inet6 302317067Sasomers} 303317067Sasomers 304317067Sasomersdefault_route_with_multiple_fibs_on_same_subnet_inet6_cleanup() 305317067Sasomers{ 306317067Sasomers cleanup_ifaces 307317067Sasomers} 308317067Sasomers 309317067Sasomers 310265092Sasomers# Regression test for PR kern/189089 311265092Sasomers# Create two tap interfaces and assign them both the same IP address but with 312265092Sasomers# different netmasks, and both on the default FIB. Then remove one's IP 313265092Sasomers# address. Hopefully the machine won't panic. 314265092Sasomersatf_test_case same_ip_multiple_ifaces_fib0 cleanup 315265092Sasomerssame_ip_multiple_ifaces_fib0_head() 316265092Sasomers{ 317317067Sasomers atf_set "descr" "Can remove an IPv4 alias from an interface when the same IPv4 is also assigned to another interface." 318265092Sasomers atf_set "require.user" "root" 319265092Sasomers atf_set "require.config" "fibs" 320265092Sasomers} 321265092Sasomerssame_ip_multiple_ifaces_fib0_body() 322265092Sasomers{ 323265092Sasomers ADDR="192.0.2.2" 324265092Sasomers MASK0="24" 325265092Sasomers MASK1="32" 326265092Sasomers 327265092Sasomers # Unlike most of the tests in this file, this is applicable regardless 328265092Sasomers # of net.add_addr_allfibs 329265092Sasomers 330265092Sasomers # Setup the interfaces, then remove one alias. It should not panic. 331317067Sasomers setup_tap 0 inet ${ADDR} ${MASK0} 332265092Sasomers TAP0=${TAP} 333317067Sasomers setup_tap 0 inet ${ADDR} ${MASK1} 334265092Sasomers TAP1=${TAP} 335265092Sasomers ifconfig ${TAP1} -alias ${ADDR} 336265092Sasomers 337265092Sasomers # Do it again, in the opposite order. It should not panic. 338317067Sasomers setup_tap 0 inet ${ADDR} ${MASK0} 339265092Sasomers TAP0=${TAP} 340317067Sasomers setup_tap 0 inet ${ADDR} ${MASK1} 341265092Sasomers TAP1=${TAP} 342265092Sasomers ifconfig ${TAP0} -alias ${ADDR} 343265092Sasomers} 344265092Sasomerssame_ip_multiple_ifaces_fib0_cleanup() 345265092Sasomers{ 346317067Sasomers cleanup_ifaces 347265092Sasomers} 348265092Sasomers 349265094Sasomers# Regression test for PR kern/189088 350265094Sasomers# Test that removing an IP address works even if the same IP is assigned to a 351265094Sasomers# different interface, on a different FIB. Tests the same code that whose 352265094Sasomers# panic was regressed by same_ip_multiple_ifaces_fib0. 353265094Sasomers# Create two tap interfaces and assign them both the same IP address but with 354265094Sasomers# different netmasks, and on different FIBs. Then remove one's IP 355265094Sasomers# address. Hopefully the machine won't panic. Also, the IP's hostroute should 356265094Sasomers# dissappear from the correct fib. 357265094Sasomersatf_test_case same_ip_multiple_ifaces cleanup 358265094Sasomerssame_ip_multiple_ifaces_head() 359265094Sasomers{ 360317067Sasomers atf_set "descr" "Can remove an IPv4 alias from an interface when the same address is also assigned to another interface, on non-default FIBs." 361265094Sasomers atf_set "require.user" "root" 362265094Sasomers atf_set "require.config" "fibs" 363265094Sasomers} 364265094Sasomerssame_ip_multiple_ifaces_body() 365265094Sasomers{ 366265094Sasomers atf_expect_fail "kern/189088 Assigning the same IP to multiple interfaces in different FIBs creates a host route for only one" 367265094Sasomers ADDR="192.0.2.2" 368265094Sasomers MASK0="24" 369265094Sasomers MASK1="32" 370265094Sasomers 371265094Sasomers # Unlike most of the tests in this file, this is applicable regardless 372265094Sasomers # of net.add_addr_allfibs 373265094Sasomers get_fibs 2 374265094Sasomers 375265094Sasomers # Setup the interfaces, then remove one alias. It should not panic. 376317067Sasomers setup_tap ${FIB0} inet ${ADDR} ${MASK0} 377265094Sasomers TAP0=${TAP} 378317067Sasomers setup_tap ${FIB1} inet ${ADDR} ${MASK1} 379265094Sasomers TAP1=${TAP} 380265094Sasomers ifconfig ${TAP1} -alias ${ADDR} 381265094Sasomers atf_check -o not-match:"^${ADDR}[[:space:]]" \ 382265094Sasomers setfib ${FIB1} netstat -rn -f inet 383265094Sasomers 384265094Sasomers # Do it again, in the opposite order. It should not panic. 385317067Sasomers setup_tap ${FIB0} inet ${ADDR} ${MASK0} 386265094Sasomers TAP0=${TAP} 387317067Sasomers setup_tap ${FIB1} inet ${ADDR} ${MASK1} 388265094Sasomers TAP1=${TAP} 389265094Sasomers ifconfig ${TAP0} -alias ${ADDR} 390265094Sasomers atf_check -o not-match:"^${ADDR}[[:space:]]" \ 391265094Sasomers setfib ${FIB0} netstat -rn -f inet 392265094Sasomers} 393265094Sasomerssame_ip_multiple_ifaces_cleanup() 394265094Sasomers{ 395265094Sasomers # Due to PR kern/189088, we must destroy the interfaces in LIFO order 396265094Sasomers # in order for the routes to be correctly cleaned up. 397317067Sasomers for TAPD in `tail -r "ifaces_to_cleanup"`; do 398317067Sasomers echo ifconfig ${TAPD} destroy 399265094Sasomers ifconfig ${TAPD} destroy 400265094Sasomers done 401265094Sasomers} 402265094Sasomers 403317067Sasomersatf_test_case same_ip_multiple_ifaces_inet6 cleanup 404317067Sasomerssame_ip_multiple_ifaces_inet6_head() 405317067Sasomers{ 406317067Sasomers atf_set "descr" "Can remove an IPv6 alias from an interface when the same address is also assigned to another interface, on non-default FIBs." 407317067Sasomers atf_set "require.user" "root" 408317067Sasomers atf_set "require.config" "fibs" 409317067Sasomers} 410317067Sasomerssame_ip_multiple_ifaces_inet6_body() 411317067Sasomers{ 412317067Sasomers ADDR="2001:db8::2" 413317067Sasomers MASK0="64" 414317067Sasomers MASK1="128" 415317067Sasomers 416317067Sasomers # Unlike most of the tests in this file, this is applicable regardless 417317067Sasomers # of net.add_addr_allfibs 418317067Sasomers get_fibs 2 419317067Sasomers 420317067Sasomers # Setup the interfaces, then remove one alias. It should not panic. 421317067Sasomers setup_tap ${FIB0} inet6 ${ADDR} ${MASK0} 422317067Sasomers TAP0=${TAP} 423317067Sasomers setup_tap ${FIB1} inet6 ${ADDR} ${MASK1} 424317067Sasomers TAP1=${TAP} 425317067Sasomers atf_check -s exit:0 ifconfig ${TAP1} inet6 ${ADDR} -alias 426317067Sasomers atf_check -o not-match:"^${ADDR}[[:space:]]" \ 427317067Sasomers setfib ${FIB1} netstat -rn -f inet6 428317067Sasomers ifconfig ${TAP1} destroy 429317067Sasomers ifconfig ${TAP0} destroy 430317067Sasomers 431317067Sasomers # Do it again, in the opposite order. It should not panic. 432317067Sasomers setup_tap ${FIB0} inet6 ${ADDR} ${MASK0} 433317067Sasomers TAP0=${TAP} 434317067Sasomers setup_tap ${FIB1} inet6 ${ADDR} ${MASK1} 435317067Sasomers TAP1=${TAP} 436317067Sasomers atf_check -s exit:0 ifconfig ${TAP0} inet6 ${ADDR} -alias 437317067Sasomers atf_check -o not-match:"^${ADDR}[[:space:]]" \ 438317067Sasomers setfib ${FIB0} netstat -rn -f inet6 439317067Sasomers} 440317067Sasomerssame_ip_multiple_ifaces_inet6_cleanup() 441317067Sasomers{ 442317067Sasomers cleanup_ifaces 443317067Sasomers} 444317067Sasomers 445317067Sasomersatf_test_case slaac_on_nondefault_fib6 cleanup 446317067Sasomersslaac_on_nondefault_fib6_head() 447317067Sasomers{ 448317067Sasomers atf_set "descr" "SLAAC correctly installs routes on non-default FIBs" 449317067Sasomers atf_set "require.user" "root" 450317067Sasomers atf_set "require.config" "fibs" "allow_sysctl_side_effects" 451317067Sasomers} 452317067Sasomersslaac_on_nondefault_fib6_body() 453317067Sasomers{ 454317067Sasomers # Configure the epair interfaces to use nonrouteable RFC3849 455317067Sasomers # addresses and non-default FIBs 456317067Sasomers PREFIX="2001:db8:$(printf "%x" `jot -r 1 0 65535`):$(printf "%x" `jot -r 1 0 65535`)" 457317067Sasomers ADDR="$PREFIX::2" 458317067Sasomers GATEWAY="$PREFIX::1" 459317067Sasomers SUBNET="$PREFIX:" 460317067Sasomers MASK="64" 461317067Sasomers 462317067Sasomers # Check system configuration 463317067Sasomers if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 464317067Sasomers atf_skip "This test requires net.add_addr_allfibs=0" 465317067Sasomers fi 466317067Sasomers get_fibs 2 467317067Sasomers 468317067Sasomers sysctl -n "net.inet6.ip6.rfc6204w3" >> "rfc6204w3.state" 469317067Sasomers sysctl -n "net.inet6.ip6.forwarding" >> "forwarding.state" 470317067Sasomers # Enable forwarding so the kernel will send RAs 471317067Sasomers sysctl net.inet6.ip6.forwarding=1 472317067Sasomers # Enable RFC6204W3 mode so the kernel will enable default router 473317067Sasomers # selection while also forwarding packets 474317067Sasomers sysctl net.inet6.ip6.rfc6204w3=1 475317067Sasomers 476317067Sasomers # Configure epair interfaces 477317067Sasomers get_epair 478317067Sasomers setup_iface "$EPAIRA" "$FIB0" inet6 ${ADDR} ${MASK} 479317067Sasomers echo setfib $FIB1 ifconfig "$EPAIRB" inet6 -ifdisabled accept_rtadv fib $FIB1 up 480317067Sasomers setfib $FIB1 ifconfig "$EPAIRB" inet6 -ifdisabled accept_rtadv fib $FIB1 up 481317067Sasomers rtadvd -p rtadvd.pid -C rtadvd.sock -c /dev/null "$EPAIRA" 482317067Sasomers rtsol "$EPAIRB" 483317067Sasomers 484317067Sasomers # Check SLAAC address 485317067Sasomers atf_check -o match:"inet6 ${SUBNET}.*prefixlen ${MASK}.*autoconf" \ 486317067Sasomers ifconfig "$EPAIRB" 487317067Sasomers # Check local route 488317067Sasomers atf_check -o match:"${SUBNET}.*\<UHS\>.*lo0" \ 489317067Sasomers netstat -rnf inet6 -F $FIB1 490317067Sasomers # Check subnet route 491317067Sasomers atf_check -o match:"${SUBNET}:/${MASK}.*\<U\>.*$EPAIRB" \ 492317067Sasomers netstat -rnf inet6 -F $FIB1 493317067Sasomers # Check default route 494317067Sasomers atf_check -o match:"default.*\<UG\>.*$EPAIRB" \ 495317067Sasomers netstat -rnf inet6 -F $FIB1 496317067Sasomers 497317067Sasomers # Check that none of the above routes appeared on other routes 498317067Sasomers for fib in $( seq 0 $(($(sysctl -n net.fibs) - 1))); do 499317067Sasomers if [ "$fib" = "$FIB1" -o "$fib" = "$FIB0" ]; then 500317067Sasomers continue 501317067Sasomers fi 502317067Sasomers atf_check -o not-match:"${SUBNET}.*\<UHS\>.*lo0" \ 503317067Sasomers netstat -rnf inet6 -F $fib 504317067Sasomers atf_check -o not-match:"${SUBNET}:/${MASK}.*\<U\>.*$EPAIRB" \ 505317067Sasomers netstat -rnf inet6 -F $fib 506317067Sasomers atf_check -o not-match:"default.*\<UG\>.*$EPAIRB" \ 507317067Sasomers netstat -rnf inet6 -F $fib 508317067Sasomers done 509317067Sasomers} 510317067Sasomersslaac_on_nondefault_fib6_cleanup() 511317067Sasomers{ 512317067Sasomers if [ -f "rtadvd.pid" ]; then 513317067Sasomers # rtadvd can take a long time to shutdown. Use SIGKILL to kill 514317067Sasomers # it right away. The downside to using SIGKILL is that it 515317067Sasomers # won't send final RAs to all interfaces, but we don't care 516317067Sasomers # because we're about to destroy its interface anyway. 517317067Sasomers pkill -kill -F rtadvd.pid 518317067Sasomers rm -f rtadvd.pid 519317067Sasomers fi 520317067Sasomers cleanup_ifaces 521317067Sasomers if [ -f "forwarding.state" ] ; then 522317067Sasomers sysctl "net.inet6.ip6.forwarding"=`cat "forwarding.state"` 523317067Sasomers rm "forwarding.state" 524317067Sasomers fi 525317067Sasomers if [ -f "rfc6204w3.state" ] ; then 526317067Sasomers sysctl "net.inet6.ip6.rfc6204w3"=`cat "rfc6204w3.state"` 527317067Sasomers rm "rfc6204w3.state" 528317067Sasomers fi 529317067Sasomers} 530317067Sasomers 531263445Sasomers# Regression test for kern/187550 532263445Sasomersatf_test_case subnet_route_with_multiple_fibs_on_same_subnet cleanup 533263445Sasomerssubnet_route_with_multiple_fibs_on_same_subnet_head() 534263445Sasomers{ 535317067Sasomers atf_set "descr" "Multiple FIBs can have IPv4 subnet routes for the same subnet" 536263445Sasomers atf_set "require.user" "root" 537263445Sasomers atf_set "require.config" "fibs" 538263445Sasomers} 539263445Sasomers 540263445Sasomerssubnet_route_with_multiple_fibs_on_same_subnet_body() 541263445Sasomers{ 542263445Sasomers # Configure the TAP interfaces to use a RFC5737 nonrouteable addresses 543263445Sasomers # and a non-default fib 544263445Sasomers ADDR0="192.0.2.2" 545263445Sasomers ADDR1="192.0.2.3" 546263445Sasomers SUBNET="192.0.2.0" 547263445Sasomers MASK="24" 548263445Sasomers 549263445Sasomers # Check system configuration 550263445Sasomers if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 551263445Sasomers atf_skip "This test requires net.add_addr_allfibs=0" 552263445Sasomers fi 553263445Sasomers get_fibs 2 554263445Sasomers 555263445Sasomers # Configure TAP interfaces 556317067Sasomers setup_tap "$FIB0" inet ${ADDR0} ${MASK} 557317067Sasomers setup_tap "$FIB1" inet ${ADDR1} ${MASK} 558263445Sasomers 559263445Sasomers # Check that a subnet route exists on both fibs 560263445Sasomers atf_check -o ignore setfib "$FIB0" route get $ADDR1 561263445Sasomers atf_check -o ignore setfib "$FIB1" route get $ADDR0 562263445Sasomers} 563263445Sasomers 564263445Sasomerssubnet_route_with_multiple_fibs_on_same_subnet_cleanup() 565263445Sasomers{ 566317067Sasomers cleanup_ifaces 567263445Sasomers} 568263445Sasomers 569317067Sasomersatf_test_case subnet_route_with_multiple_fibs_on_same_subnet_inet6 cleanup 570317067Sasomerssubnet_route_with_multiple_fibs_on_same_subnet_inet6_head() 571317067Sasomers{ 572317067Sasomers atf_set "descr" "Multiple FIBs can have IPv6 subnet routes for the same subnet" 573317067Sasomers atf_set "require.user" "root" 574317067Sasomers atf_set "require.config" "fibs" 575317067Sasomers} 576317067Sasomers 577317067Sasomerssubnet_route_with_multiple_fibs_on_same_subnet_inet6_body() 578317067Sasomers{ 579317067Sasomers # Configure the TAP interfaces to use a RFC3849 nonrouteable addresses 580317067Sasomers # and a non-default fib 581317067Sasomers ADDR0="2001:db8::2" 582317067Sasomers ADDR1="2001:db8::3" 583317067Sasomers SUBNET="2001:db8::" 584317067Sasomers MASK="64" 585317067Sasomers 586317067Sasomers # Check system configuration 587317067Sasomers if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 588317067Sasomers atf_skip "This test requires net.add_addr_allfibs=0" 589317067Sasomers fi 590317067Sasomers get_fibs 2 591317067Sasomers 592317067Sasomers # Configure TAP interfaces 593317067Sasomers setup_tap "$FIB0" inet6 ${ADDR0} ${MASK} 594317067Sasomers setup_tap "$FIB1" inet6 ${ADDR1} ${MASK} 595317067Sasomers 596317067Sasomers # Check that a subnet route exists on both fibs 597317067Sasomers atf_check -o ignore setfib "$FIB0" route -6 get $ADDR1 598317067Sasomers atf_check -o ignore setfib "$FIB1" route -6 get $ADDR0 599317067Sasomers} 600317067Sasomers 601317067Sasomerssubnet_route_with_multiple_fibs_on_same_subnet_inet6_cleanup() 602317067Sasomers{ 603317067Sasomers cleanup_ifaces 604317067Sasomers} 605317067Sasomers 606264905Sasomers# Test that source address selection works correctly for UDP packets with 607264905Sasomers# SO_DONTROUTE set that are sent on non-default FIBs. 608263445Sasomers# This bug was discovered with "setfib 1 netperf -t UDP_STREAM -H some_host" 609263445Sasomers# Regression test for kern/187553 610264905Sasomers# 611263738Sasomers# The root cause was that ifa_ifwithnet() did not have a fib argument. It 612263738Sasomers# would return an address from an interface on any FIB that had a subnet route 613263738Sasomers# for the destination. If more than one were available, it would choose the 614264905Sasomers# most specific. This is most easily tested by creating a FIB without a 615264905Sasomers# default route, then trying to send a UDP packet with SO_DONTROUTE set to an 616264905Sasomers# address which is not routable on that FIB. Absent the fix for this bug, 617264905Sasomers# in_pcbladdr would choose an interface on any FIB with a default route. With 618264905Sasomers# the fix, you will get EUNREACH or ENETUNREACH. 619264905Sasomersatf_test_case udp_dontroute cleanup 620264905Sasomersudp_dontroute_head() 621263445Sasomers{ 622263445Sasomers atf_set "descr" "Source address selection for UDP packets with SO_DONTROUTE on non-default FIBs works" 623263445Sasomers atf_set "require.user" "root" 624263445Sasomers atf_set "require.config" "fibs" 625263445Sasomers} 626263445Sasomers 627264905Sasomersudp_dontroute_body() 628263445Sasomers{ 629263445Sasomers # Configure the TAP interface to use an RFC5737 nonrouteable address 630263445Sasomers # and a non-default fib 631266860Sasomers ADDR0="192.0.2.2" 632266860Sasomers ADDR1="192.0.2.3" 633263445Sasomers SUBNET="192.0.2.0" 634264905Sasomers MASK="24" 635264905Sasomers # Use a different IP on the same subnet as the target 636264905Sasomers TARGET="192.0.2.100" 637266860Sasomers SRCDIR=`atf_get_srcdir` 638263445Sasomers 639263445Sasomers # Check system configuration 640263445Sasomers if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 641263445Sasomers atf_skip "This test requires net.add_addr_allfibs=0" 642263445Sasomers fi 643266860Sasomers get_fibs 2 644263445Sasomers 645266860Sasomers # Configure the TAP interfaces 646317067Sasomers setup_tap ${FIB0} inet ${ADDR0} ${MASK} 647266860Sasomers TARGET_TAP=${TAP} 648317067Sasomers setup_tap ${FIB1} inet ${ADDR1} ${MASK} 649263445Sasomers 650264905Sasomers # Send a UDP packet with SO_DONTROUTE. In the failure case, it will 651266860Sasomers # return ENETUNREACH, or send the packet to the wrong tap 652266860Sasomers atf_check -o ignore setfib ${FIB0} \ 653266860Sasomers ${SRCDIR}/udp_dontroute ${TARGET} /dev/${TARGET_TAP} 654317067Sasomers cleanup_ifaces 655266860Sasomers 656266860Sasomers # Repeat, but this time target the other tap 657317067Sasomers setup_tap ${FIB0} inet ${ADDR0} ${MASK} 658317067Sasomers setup_tap ${FIB1} inet ${ADDR1} ${MASK} 659266860Sasomers TARGET_TAP=${TAP} 660266860Sasomers 661266860Sasomers atf_check -o ignore setfib ${FIB1} \ 662266860Sasomers ${SRCDIR}/udp_dontroute ${TARGET} /dev/${TARGET_TAP} 663263445Sasomers} 664263445Sasomers 665264905Sasomersudp_dontroute_cleanup() 666263445Sasomers{ 667317067Sasomers cleanup_ifaces 668263445Sasomers} 669263445Sasomers 670317067Sasomersatf_test_case udp_dontroute6 cleanup 671317067Sasomersudp_dontroute6_head() 672317067Sasomers{ 673317067Sasomers atf_set "descr" "Source address selection for UDP IPv6 packets with SO_DONTROUTE on non-default FIBs works" 674317067Sasomers atf_set "require.user" "root" 675317067Sasomers atf_set "require.config" "fibs" 676317067Sasomers} 677263445Sasomers 678317067Sasomersudp_dontroute6_body() 679317067Sasomers{ 680317067Sasomers # Configure the TAP interface to use an RFC3849 nonrouteable address 681317067Sasomers # and a non-default fib 682317067Sasomers ADDR0="2001:db8::2" 683317067Sasomers ADDR1="2001:db8::3" 684317067Sasomers SUBNET="2001:db8::" 685317067Sasomers MASK="64" 686317067Sasomers # Use a different IP on the same subnet as the target 687317067Sasomers TARGET="2001:db8::100" 688317067Sasomers SRCDIR=`atf_get_srcdir` 689317067Sasomers 690317067Sasomers # Check system configuration 691317067Sasomers if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 692317067Sasomers atf_skip "This test requires net.add_addr_allfibs=0" 693317067Sasomers fi 694317067Sasomers get_fibs 2 695317067Sasomers 696317067Sasomers # Configure the TAP interfaces. Use no_dad so the addresses will be 697317067Sasomers # ready right away and won't be marked as tentative until DAD 698317067Sasomers # completes. 699317067Sasomers setup_tap ${FIB0} inet6 ${ADDR0} ${MASK} no_dad 700317067Sasomers TARGET_TAP=${TAP} 701317067Sasomers setup_tap ${FIB1} inet6 ${ADDR1} ${MASK} no_dad 702317067Sasomers 703317067Sasomers # Send a UDP packet with SO_DONTROUTE. In the failure case, it will 704317067Sasomers # return ENETUNREACH, or send the packet to the wrong tap 705317067Sasomers atf_check -o ignore setfib ${FIB0} \ 706317067Sasomers ${SRCDIR}/udp_dontroute -6 ${TARGET} /dev/${TARGET_TAP} 707317067Sasomers cleanup_ifaces 708317067Sasomers 709317067Sasomers # Repeat, but this time target the other tap 710317067Sasomers setup_tap ${FIB0} inet6 ${ADDR0} ${MASK} no_dad 711317067Sasomers setup_tap ${FIB1} inet6 ${ADDR1} ${MASK} no_dad 712317067Sasomers TARGET_TAP=${TAP} 713317067Sasomers 714317067Sasomers atf_check -o ignore setfib ${FIB1} \ 715317067Sasomers ${SRCDIR}/udp_dontroute -6 ${TARGET} /dev/${TARGET_TAP} 716317067Sasomers} 717317067Sasomers 718317067Sasomersudp_dontroute6_cleanup() 719317067Sasomers{ 720317067Sasomers cleanup_ifaces 721317067Sasomers} 722317067Sasomers 723317067Sasomers 724263445Sasomersatf_init_test_cases() 725263445Sasomers{ 726263445Sasomers atf_add_test_case arpresolve_checks_interface_fib 727264917Sasomers atf_add_test_case loopback_and_network_routes_on_nondefault_fib 728317067Sasomers atf_add_test_case loopback_and_network_routes_on_nondefault_fib_inet6 729264917Sasomers atf_add_test_case default_route_with_multiple_fibs_on_same_subnet 730317067Sasomers atf_add_test_case default_route_with_multiple_fibs_on_same_subnet_inet6 731265092Sasomers atf_add_test_case same_ip_multiple_ifaces_fib0 732265094Sasomers atf_add_test_case same_ip_multiple_ifaces 733317067Sasomers atf_add_test_case same_ip_multiple_ifaces_inet6 734317067Sasomers atf_add_test_case slaac_on_nondefault_fib6 735264917Sasomers atf_add_test_case subnet_route_with_multiple_fibs_on_same_subnet 736317067Sasomers atf_add_test_case subnet_route_with_multiple_fibs_on_same_subnet_inet6 737264905Sasomers atf_add_test_case udp_dontroute 738317067Sasomers atf_add_test_case udp_dontroute6 739263445Sasomers} 740263445Sasomers 741263445Sasomers# Looks up one or more fibs from the configuration data and validates them. 742263445Sasomers# Returns the results in the env varilables FIB0, FIB1, etc. 743263445Sasomers 744263445Sasomers# parameter numfibs The number of fibs to lookup 745263445Sasomersget_fibs() 746263445Sasomers{ 747263445Sasomers NUMFIBS=$1 748263445Sasomers net_fibs=`sysctl -n net.fibs` 749263445Sasomers i=0 750263445Sasomers while [ $i -lt "$NUMFIBS" ]; do 751263445Sasomers fib=`atf_config_get "fibs" | \ 752263445Sasomers awk -v i=$(( i + 1 )) '{print $i}'` 753263445Sasomers echo "fib is ${fib}" 754263445Sasomers eval FIB${i}=${fib} 755263445Sasomers if [ "$fib" -ge "$net_fibs" ]; then 756263445Sasomers atf_skip "The ${i}th configured fib is ${fib}, which is not less than net.fibs, which is ${net_fibs}" 757263445Sasomers fi 758263445Sasomers i=$(( $i + 1 )) 759263445Sasomers done 760263445Sasomers} 761263445Sasomers 762317067Sasomers# Creates a new pair of connected epair(4) interface, registers them for 763317067Sasomers# cleanup, and returns their namen via the environment variables EPAIRA and 764317067Sasomers# EPAIRB 765317067Sasomersget_epair() 766317067Sasomers{ 767317067Sasomers local EPAIRD 768317067Sasomers 769323284Sasomers if (which pfctl && pfctl -s info | grep -q 'Status: Enabled') || 770323284Sasomers [ `sysctl -n net.inet.ip.fw.enable` = "1" ] || 771323284Sasomers (which ipf && ipf -V); then 772323284Sasomers atf_skip "firewalls interfere with this test" 773323284Sasomers fi 774323284Sasomers 775317067Sasomers if EPAIRD=`ifconfig epair create`; then 776317067Sasomers # Record the epair device so we can clean it up later 777317067Sasomers echo ${EPAIRD} >> "ifaces_to_cleanup" 778317067Sasomers EPAIRA=${EPAIRD} 779317067Sasomers EPAIRB=${EPAIRD%a}b 780317067Sasomers else 781317067Sasomers atf_skip "Could not create epair(4) interfaces" 782317067Sasomers fi 783317067Sasomers} 784317067Sasomers 785263445Sasomers# Creates a new tap(4) interface, registers it for cleanup, and returns the 786263445Sasomers# name via the environment variable TAP 787263445Sasomersget_tap() 788263445Sasomers{ 789317067Sasomers local TAPD 790317067Sasomers 791317067Sasomers if TAPD=`ifconfig tap create`; then 792317067Sasomers # Record the TAP device so we can clean it up later 793317067Sasomers echo ${TAPD} >> "ifaces_to_cleanup" 794317067Sasomers TAP=${TAPD} 795317067Sasomers else 796317067Sasomers atf_skip "Could not create a tap(4) interface" 797317067Sasomers fi 798263445Sasomers} 799263445Sasomers 800317067Sasomers# Configure an ethernet interface 801317067Sasomers# parameters: 802317067Sasomers# Interface name 803317067Sasomers# fib 804317067Sasomers# Protocol (inet or inet6) 805317067Sasomers# IP address 806317067Sasomers# Netmask in number of bits (eg 24 or 8) 807317067Sasomers# Extra flags 808317067Sasomers# Return: None 809317067Sasomerssetup_iface() 810317067Sasomers{ 811317067Sasomers local IFACE=$1 812317067Sasomers local FIB=$2 813317067Sasomers local PROTO=$3 814317067Sasomers local ADDR=$4 815317067Sasomers local MASK=$5 816317067Sasomers local FLAGS=$6 817317067Sasomers echo setfib ${FIB} \ 818317067Sasomers ifconfig $IFACE ${PROTO} ${ADDR}/${MASK} fib $FIB $FLAGS 819317067Sasomers setfib ${FIB} ifconfig $IFACE ${PROTO} ${ADDR}/${MASK} fib $FIB $FLAGS 820317067Sasomers} 821317067Sasomers 822263445Sasomers# Create a tap(4) interface, configure it, and register it for cleanup. 823263445Sasomers# parameters: 824263445Sasomers# fib 825317067Sasomers# Protocol (inet or inet6) 826263445Sasomers# IP address 827263445Sasomers# Netmask in number of bits (eg 24 or 8) 828317067Sasomers# Extra flags 829263445Sasomers# Return: the tap interface name as the env variable TAP 830263445Sasomerssetup_tap() 831263445Sasomers{ 832263445Sasomers get_tap 833317067Sasomers setup_iface "$TAP" "$@" 834263445Sasomers} 835263445Sasomers 836317067Sasomerscleanup_ifaces() 837263445Sasomers{ 838317067Sasomers if [ -f ifaces_to_cleanup ]; then 839317067Sasomers for iface in $(cat ifaces_to_cleanup); do 840317067Sasomers echo ifconfig "${iface}" destroy 841317067Sasomers ifconfig "${iface}" destroy 2>/dev/null || true 842285117Sjmmv done 843317067Sasomers rm -f ifaces_to_cleanup 844285117Sjmmv fi 845263445Sasomers} 846