git: c0f13232410c - main - wg tests: Add a simple regression test case for netmap support

Sat, 20 Apr 2024 09:05:23 -0700 

The branch main has been updated by markj:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=c0f13232410cf881475d6e4dbd0ec28ab3476c59

commit c0f13232410cf881475d6e4dbd0ec28ab3476c59
Author:     Mark Johnston <ma...@freebsd.org>
AuthorDate: 2024-04-20 16:01:53 +0000
Commit:     Mark Johnston <ma...@freebsd.org>
CommitDate: 2024-04-20 16:04:42 +0000

    wg tests: Add a simple regression test case for netmap support
    
    MFC after:      1 month
    Sponsored by:   Klara, Inc.
    Sponsored by:   Zenarmor
---
 tests/sys/net/Makefile |  6 +++-
 tests/sys/net/if_wg.sh | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 97 insertions(+), 1 deletion(-)

diff --git a/tests/sys/net/Makefile b/tests/sys/net/Makefile
index 75596028688b..95ab86156a0a 100644
--- a/tests/sys/net/Makefile
+++ b/tests/sys/net/Makefile
@@ -1,4 +1,3 @@
-
 PACKAGE=       tests
 
 TESTSDIR=      ${TESTSBASE}/sys/net
@@ -19,6 +18,11 @@ ATF_TESTS_SH+=       if_wg
 TESTS_SUBDIRS+=        if_ovpn
 TESTS_SUBDIRS+=        routing
 
+# The netmap bridge application is used by if_wg tests.
+.PATH: ${SRCTOP}/tools/tools/netmap
+PROGS+=                bridge
+LIBADD.bridge+=        netmap
+
 # The tests are written to be run in parallel, but doing so leads to random
 # panics.  I think it's because the kernel's list of interfaces isn't properly
 # locked.
diff --git a/tests/sys/net/if_wg.sh b/tests/sys/net/if_wg.sh
index 1f2ea308853a..b43b40f25018 100644
--- a/tests/sys/net/if_wg.sh
+++ b/tests/sys/net/if_wg.sh
@@ -92,6 +92,97 @@ wg_basic_cleanup()
        vnet_cleanup
 }
 
+atf_test_case "wg_basic_netmap" "cleanup"
+wg_basic_netmap_head()
+{
+       atf_set descr 'Create a wg(4) tunnel over an epair and pass traffic 
between jails with netmap'
+       atf_set require.user root
+}
+
+wg_basic_netmap_body()
+{
+       local epair pri1 pri2 pub1 pub2 wg1 wg2
+        local endpoint1 endpoint2 tunnel1 tunnel2 tunnel3 tunnel4
+       local pid status
+
+       kldload -n if_wg || atf_skip "This test requires if_wg and could not 
load it"
+       kldload -n netmap || atf_skip "This test requires netmap and could not 
load it"
+
+       pri1=$(wg genkey)
+       pri2=$(wg genkey)
+
+       endpoint1=192.168.2.1
+       endpoint2=192.168.2.2
+       tunnel1=192.168.3.1
+       tunnel2=192.168.3.2
+       tunnel3=192.168.3.3
+       tunnel4=192.168.3.4
+
+       epair=$(vnet_mkepair)
+
+       vnet_init
+
+       vnet_mkjail wgtest1 ${epair}a
+       vnet_mkjail wgtest2 ${epair}b
+
+       jexec wgtest1 ifconfig ${epair}a ${endpoint1}/24 up
+       jexec wgtest2 ifconfig ${epair}b ${endpoint2}/24 up
+
+       wg1=$(jexec wgtest1 ifconfig wg create)
+       echo "$pri1" | jexec wgtest1 wg set $wg1 listen-port 12345 \
+           private-key /dev/stdin
+       pub1=$(jexec wgtest1 wg show $wg1 public-key)
+       wg2=$(jexec wgtest2 ifconfig wg create)
+       echo "$pri2" | jexec wgtest2 wg set $wg2 listen-port 12345 \
+           private-key /dev/stdin
+       pub2=$(jexec wgtest2 wg show $wg2 public-key)
+
+       atf_check -s exit:0 -o ignore \
+           jexec wgtest1 wg set $wg1 peer "$pub2" \
+           endpoint ${endpoint2}:12345 allowed-ips ${tunnel2}/32,${tunnel4}/32
+       atf_check -s exit:0 \
+           jexec wgtest1 ifconfig $wg1 inet ${tunnel1}/24 up
+
+       atf_check -s exit:0 -o ignore \
+           jexec wgtest2 wg set $wg2 peer "$pub1" \
+           endpoint ${endpoint1}:12345 allowed-ips ${tunnel1}/32,${tunnel3}/32
+       atf_check -s exit:0 \
+           jexec wgtest2 ifconfig $wg2 inet ${tunnel2}/24 up
+
+       atf_check -s exit:0 -o ignore \
+           jexec wgtest1 sysctl net.inet.ip.forwarding=1
+       atf_check -s exit:0 -o ignore \
+           jexec wgtest2 sysctl net.inet.ip.forwarding=1
+
+       jexec wgtest1 $(atf_get_srcdir)/bridge -w 0 -i netmap:wg0 -i 
netmap:wg0^ &
+       pid=$!
+
+       # Generous timeout since the handshake takes some time.
+       atf_check -s exit:0 -o ignore jexec wgtest1 ping -c 1 -t 5 $tunnel2
+       atf_check -s exit:0 -o ignore jexec wgtest2 ping -c 1 $tunnel1
+
+       # Verify that we cannot ping non-existent tunnel addresses.  In general
+       # the remote side should respond with an ICMP message.
+       atf_check -s exit:2 -o ignore jexec wgtest1 ping -c 1 -t 2 $tunnel4
+       atf_check -s exit:2 -o ignore jexec wgtest2 ping -c 1 -t 2 $tunnel3
+
+       # Make sure that the bridge is still functional.
+       atf_check -s exit:0 -o ignore jexec wgtest1 ping -c 1 $tunnel2
+       atf_check -s exit:0 -o ignore jexec wgtest2 ping -c 1 $tunnel1
+
+       atf_check -s exit:0 kill -TERM $pid
+       wait $pid
+       status=$?
+
+       # Make sure that SIGTERM was received and handled.
+       atf_check_equal $status 143
+}
+
+wg_basic_netmap_cleanup()
+{
+       vnet_cleanup
+}
+
 # The kernel is expected to silently ignore any attempt to add a peer with a
 # public key identical to the host's.
 atf_test_case "wg_key_peerdev_shared" "cleanup"
@@ -258,6 +349,7 @@ wg_vnet_parent_routing_cleanup()
 atf_init_test_cases()
 {
        atf_add_test_case "wg_basic"
+       atf_add_test_case "wg_basic_netmap"
        atf_add_test_case "wg_key_peerdev_shared"
        atf_add_test_case "wg_key_peerdev_makeshared"
        atf_add_test_case "wg_vnet_parent_routing"

Reply via email to