fibs_test.sh revision 265092
1# 2# Copyright (c) 2014 Spectra Logic Corporation 3# All rights reserved. 4# 5# Redistribution and use in source and binary forms, with or without 6# modification, are permitted provided that the following conditions 7# are met: 8# 1. Redistributions of source code must retain the above copyright 9# notice, this list of conditions, and the following disclaimer, 10# without modification. 11# 2. Redistributions in binary form must reproduce at minimum a disclaimer 12# substantially similar to the "NO WARRANTY" disclaimer below 13# ("Disclaimer") and any redistribution must be conditioned upon 14# including a substantially similar Disclaimer requirement for further 15# binary redistribution. 16# 17# NO WARRANTY 18# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR 21# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22# HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 26# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 27# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28# POSSIBILITY OF SUCH DAMAGES. 29# 30# Authors: Alan Somers (Spectra Logic Corporation) 31# 32# $FreeBSD: head/tests/sys/netinet/fibs_test.sh 265092 2014-04-29 14:46:45Z asomers $ 33 34# All of the tests in this file requires the test-suite config variable "fibs" 35# to be defined to a space-delimited list of FIBs that may be used for testing. 36 37# arpresolve should check the interface fib for routes to a target when 38# creating an ARP table entry. This is a regression for kern/167947, where 39# arpresolve only checked the default route. 40# 41# Outline: 42# Create two tap(4) interfaces 43# Simulate a crossover cable between them by using net/socat 44# Use nping (from security/nmap) to send an ICMP echo request from one 45# interface to the other, spoofing the source IP. The source IP must be 46# spoofed, or else it will already have an entry in the arp table. 47# Check whether an arp entry exists for the spoofed IP 48atf_test_case arpresolve_checks_interface_fib cleanup 49arpresolve_checks_interface_fib_head() 50{ 51 atf_set "descr" "arpresolve should check the interface fib, not the default fib, for routes" 52 atf_set "require.user" "root" 53 atf_set "require.config" "fibs" 54 atf_set "require.progs" "socat nping" 55} 56arpresolve_checks_interface_fib_body() 57{ 58 # Configure the TAP interfaces to use a RFC5737 nonrouteable addresses 59 # and a non-default fib 60 ADDR0="192.0.2.2" 61 ADDR1="192.0.2.3" 62 SUBNET="192.0.2.0" 63 # Due to bug TBD (regressed by multiple_fibs_on_same_subnet) we need 64 # diffferent subnet masks, or FIB1 won't have a subnet route. 65 MASK0="24" 66 MASK1="25" 67 # Spoof a MAC that is reserved per RFC7042 68 SPOOF_ADDR="192.0.2.4" 69 SPOOF_MAC="00:00:5E:00:53:00" 70 71 # Check system configuration 72 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 73 atf_skip "This test requires net.add_addr_allfibs=0" 74 fi 75 get_fibs 2 76 77 # Configure TAP interfaces 78 setup_tap "$FIB0" ${ADDR0} ${MASK0} 79 TAP0=$TAP 80 setup_tap "$FIB1" ${ADDR1} ${MASK1} 81 TAP1=$TAP 82 83 # Simulate a crossover cable 84 socat /dev/${TAP0} /dev/${TAP1} & 85 SOCAT_PID=$! 86 echo ${SOCAT_PID} >> "processes_to_kill" 87 88 # Send an ICMP echo request with a spoofed source IP 89 setfib 2 nping -c 1 -e ${TAP0} -S ${SPOOF_ADDR} \ 90 --source-mac ${SPOOF_MAC} --icmp --icmp-type "echo-request" \ 91 --icmp-code 0 --icmp-id 0xdead --icmp-seq 1 --data 0xbeef \ 92 ${ADDR1} 93 # For informational and debugging purposes only, look for the 94 # characteristic error message 95 dmesg | grep "llinfo.*${SPOOF_ADDR}" 96 # Check that the ARP entry exists 97 atf_check -o match:"${SPOOF_ADDR}.*expires" setfib 3 arp ${SPOOF_ADDR} 98} 99arpresolve_checks_interface_fib_cleanup() 100{ 101 for PID in `cat "processes_to_kill"`; do 102 kill $PID 103 done 104 cleanup_tap 105} 106 107 108# Regression test for kern/187549 109atf_test_case loopback_and_network_routes_on_nondefault_fib cleanup 110loopback_and_network_routes_on_nondefault_fib_head() 111{ 112 atf_set "descr" "When creating and deleting loopback routes, use the interface's fib" 113 atf_set "require.user" "root" 114 atf_set "require.config" "fibs" 115} 116 117loopback_and_network_routes_on_nondefault_fib_body() 118{ 119 # Configure the TAP interface to use an RFC5737 nonrouteable address 120 # and a non-default fib 121 ADDR="192.0.2.2" 122 SUBNET="192.0.2.0" 123 MASK="24" 124 125 # Check system configuration 126 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 127 atf_skip "This test requires net.add_addr_allfibs=0" 128 fi 129 get_fibs 1 130 131 # Configure a TAP interface 132 setup_tap ${FIB0} ${ADDR} ${MASK} 133 134 # Check whether the host route exists in only the correct FIB 135 setfib ${FIB0} netstat -rn -f inet | grep -q "^${ADDR}.*UHS.*lo0" 136 if [ 0 -ne $? ]; then 137 setfib ${FIB0} netstat -rn -f inet 138 atf_fail "Host route did not appear in the correct FIB" 139 fi 140 setfib 0 netstat -rn -f inet | grep -q "^${ADDR}.*UHS.*lo0" 141 if [ 0 -eq $? ]; then 142 setfib 0 netstat -rn -f inet 143 atf_fail "Host route appeared in the wrong FIB" 144 fi 145 146 # Check whether the network route exists in only the correct FIB 147 setfib ${FIB0} netstat -rn -f inet | \ 148 grep -q "^${SUBNET}/${MASK}.*${TAPD}" 149 if [ 0 -ne $? ]; then 150 setfib ${FIB0} netstat -rn -f inet 151 atf_fail "Network route did not appear in the correct FIB" 152 fi 153 setfib 0 netstat -rn -f inet | \ 154 grep -q "^${SUBNET}/${MASK}.*${TAPD}" 155 if [ 0 -eq $? ]; then 156 setfib ${FIB0} netstat -rn -f inet 157 atf_fail "Network route appeared in the wrong FIB" 158 fi 159} 160 161loopback_and_network_routes_on_nondefault_fib_cleanup() 162{ 163 cleanup_tap 164} 165 166 167# Regression test for kern/187552 168atf_test_case default_route_with_multiple_fibs_on_same_subnet cleanup 169default_route_with_multiple_fibs_on_same_subnet_head() 170{ 171 atf_set "descr" "Multiple interfaces on the same subnet but with different fibs can both have default routes" 172 atf_set "require.user" "root" 173 atf_set "require.config" "fibs" 174} 175 176default_route_with_multiple_fibs_on_same_subnet_body() 177{ 178 # Configure the TAP interfaces to use a RFC5737 nonrouteable addresses 179 # and a non-default fib 180 ADDR0="192.0.2.2" 181 ADDR1="192.0.2.3" 182 GATEWAY="192.0.2.1" 183 SUBNET="192.0.2.0" 184 MASK="24" 185 186 # Check system configuration 187 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 188 atf_skip "This test requires net.add_addr_allfibs=0" 189 fi 190 get_fibs 2 191 192 # Configure TAP interfaces 193 setup_tap "$FIB0" ${ADDR0} ${MASK} 194 TAP0=$TAP 195 setup_tap "$FIB1" ${ADDR1} ${MASK} 196 TAP1=$TAP 197 198 # Attempt to add default routes 199 setfib ${FIB0} route add default ${GATEWAY} 200 setfib ${FIB1} route add default ${GATEWAY} 201 202 # Verify that the default route exists for both fibs, with their 203 # respective interfaces. 204 atf_check -o match:"^default.*${TAP0}$" \ 205 setfib ${FIB0} netstat -rn -f inet 206 atf_check -o match:"^default.*${TAP1}$" \ 207 setfib ${FIB1} netstat -rn -f inet 208} 209 210default_route_with_multiple_fibs_on_same_subnet_cleanup() 211{ 212 cleanup_tap 213} 214 215 216# Regression test for PR kern/189089 217# Create two tap interfaces and assign them both the same IP address but with 218# different netmasks, and both on the default FIB. Then remove one's IP 219# address. Hopefully the machine won't panic. 220atf_test_case same_ip_multiple_ifaces_fib0 cleanup 221same_ip_multiple_ifaces_fib0_head() 222{ 223 atf_set "descr" "Can remove an IP alias from an interface when the same IP is also assigned to another interface." 224 atf_set "require.user" "root" 225 atf_set "require.config" "fibs" 226} 227same_ip_multiple_ifaces_fib0_body() 228{ 229 ADDR="192.0.2.2" 230 MASK0="24" 231 MASK1="32" 232 233 # Unlike most of the tests in this file, this is applicable regardless 234 # of net.add_addr_allfibs 235 236 # Setup the interfaces, then remove one alias. It should not panic. 237 setup_tap 0 ${ADDR} ${MASK0} 238 TAP0=${TAP} 239 setup_tap 0 ${ADDR} ${MASK1} 240 TAP1=${TAP} 241 ifconfig ${TAP1} -alias ${ADDR} 242 243 # Do it again, in the opposite order. It should not panic. 244 setup_tap 0 ${ADDR} ${MASK0} 245 TAP0=${TAP} 246 setup_tap 0 ${ADDR} ${MASK1} 247 TAP1=${TAP} 248 ifconfig ${TAP0} -alias ${ADDR} 249} 250same_ip_multiple_ifaces_fib0_cleanup() 251{ 252 cleanup_tap 253} 254 255# Regression test for kern/187550 256atf_test_case subnet_route_with_multiple_fibs_on_same_subnet cleanup 257subnet_route_with_multiple_fibs_on_same_subnet_head() 258{ 259 atf_set "descr" "Multiple FIBs can have subnet routes for the same subnet" 260 atf_set "require.user" "root" 261 atf_set "require.config" "fibs" 262} 263 264subnet_route_with_multiple_fibs_on_same_subnet_body() 265{ 266 # Configure the TAP interfaces to use a RFC5737 nonrouteable addresses 267 # and a non-default fib 268 ADDR0="192.0.2.2" 269 ADDR1="192.0.2.3" 270 SUBNET="192.0.2.0" 271 MASK="24" 272 273 # Check system configuration 274 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 275 atf_skip "This test requires net.add_addr_allfibs=0" 276 fi 277 get_fibs 2 278 279 # Configure TAP interfaces 280 setup_tap "$FIB0" ${ADDR0} ${MASK} 281 setup_tap "$FIB1" ${ADDR1} ${MASK} 282 283 # Check that a subnet route exists on both fibs 284 atf_check -o ignore setfib "$FIB0" route get $ADDR1 285 atf_check -o ignore setfib "$FIB1" route get $ADDR0 286} 287 288subnet_route_with_multiple_fibs_on_same_subnet_cleanup() 289{ 290 cleanup_tap 291} 292 293# Test that source address selection works correctly for UDP packets with 294# SO_DONTROUTE set that are sent on non-default FIBs. 295# This bug was discovered with "setfib 1 netperf -t UDP_STREAM -H some_host" 296# Regression test for kern/187553 297# 298# The root cause was that ifa_ifwithnet() did not have a fib argument. It 299# would return an address from an interface on any FIB that had a subnet route 300# for the destination. If more than one were available, it would choose the 301# most specific. This is most easily tested by creating a FIB without a 302# default route, then trying to send a UDP packet with SO_DONTROUTE set to an 303# address which is not routable on that FIB. Absent the fix for this bug, 304# in_pcbladdr would choose an interface on any FIB with a default route. With 305# the fix, you will get EUNREACH or ENETUNREACH. 306atf_test_case udp_dontroute cleanup 307udp_dontroute_head() 308{ 309 atf_set "descr" "Source address selection for UDP packets with SO_DONTROUTE on non-default FIBs works" 310 atf_set "require.user" "root" 311 atf_set "require.config" "fibs" 312} 313 314udp_dontroute_body() 315{ 316 atf_expect_fail "kern/187553 Source address selection for UDP packets with SO_DONTROUTE uses the default FIB" 317 # Configure the TAP interface to use an RFC5737 nonrouteable address 318 # and a non-default fib 319 ADDR="192.0.2.2" 320 SUBNET="192.0.2.0" 321 MASK="24" 322 # Use a different IP on the same subnet as the target 323 TARGET="192.0.2.100" 324 325 # Check system configuration 326 if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then 327 atf_skip "This test requires net.add_addr_allfibs=0" 328 fi 329 get_fibs 1 330 331 # Configure a TAP interface 332 setup_tap ${FIB0} ${ADDR} ${MASK} 333 334 # Send a UDP packet with SO_DONTROUTE. In the failure case, it will 335 # return ENETUNREACH 336 SRCDIR=`atf_get_srcdir` 337 atf_check -o ignore setfib ${FIB0} ${SRCDIR}/udp_dontroute ${TARGET} 338} 339 340udp_dontroute_cleanup() 341{ 342 cleanup_tap 343} 344 345 346atf_init_test_cases() 347{ 348 atf_add_test_case arpresolve_checks_interface_fib 349 atf_add_test_case loopback_and_network_routes_on_nondefault_fib 350 atf_add_test_case default_route_with_multiple_fibs_on_same_subnet 351 atf_add_test_case same_ip_multiple_ifaces_fib0 352 atf_add_test_case subnet_route_with_multiple_fibs_on_same_subnet 353 atf_add_test_case udp_dontroute 354} 355 356# Looks up one or more fibs from the configuration data and validates them. 357# Returns the results in the env varilables FIB0, FIB1, etc. 358 359# parameter numfibs The number of fibs to lookup 360get_fibs() 361{ 362 NUMFIBS=$1 363 net_fibs=`sysctl -n net.fibs` 364 i=0 365 while [ $i -lt "$NUMFIBS" ]; do 366 fib=`atf_config_get "fibs" | \ 367 awk -v i=$(( i + 1 )) '{print $i}'` 368 echo "fib is ${fib}" 369 eval FIB${i}=${fib} 370 if [ "$fib" -ge "$net_fibs" ]; then 371 atf_skip "The ${i}th configured fib is ${fib}, which is not less than net.fibs, which is ${net_fibs}" 372 fi 373 i=$(( $i + 1 )) 374 done 375} 376 377# Creates a new tap(4) interface, registers it for cleanup, and returns the 378# name via the environment variable TAP 379get_tap() 380{ 381 local TAPN=0 382 while ! ifconfig tap${TAPN} create > /dev/null 2>&1; do 383 if [ "$TAPN" -ge 8 ]; then 384 atf_skip "Could not create a tap(4) interface" 385 else 386 TAPN=$(($TAPN + 1)) 387 fi 388 done 389 local TAPD=tap${TAPN} 390 # Record the TAP device so we can clean it up later 391 echo ${TAPD} >> "tap_devices_to_cleanup" 392 TAP=${TAPD} 393} 394 395# Create a tap(4) interface, configure it, and register it for cleanup. 396# parameters: 397# fib 398# IP address 399# Netmask in number of bits (eg 24 or 8) 400# Return: the tap interface name as the env variable TAP 401setup_tap() 402{ 403 local FIB=$1 404 local ADDR=$2 405 local MASK=$3 406 get_tap 407 echo setfib ${FIB} ifconfig $TAP ${ADDR}/${MASK} fib $FIB 408 setfib ${FIB} ifconfig $TAP ${ADDR}/${MASK} fib $FIB 409} 410 411cleanup_tap() 412{ 413 for TAPD in `cat "tap_devices_to_cleanup"`; do 414 ifconfig ${TAPD} destroy 415 done 416} 417