Date: Tue, 30 Sep 2025 12:53:36 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: a57f6ce4792f - main - pf tests: fix intermittent mld test failures Message-ID: <202509301253.58UCraB0061760@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=a57f6ce4792f12bebdbe3e46d6d9d39da10055db commit a57f6ce4792f12bebdbe3e46d6d9d39da10055db Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-09-27 14:41:30 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-09-30 12:53:21 +0000 pf tests: fix intermittent mld test failures We can't reliably check for the absence of replies to our MLD queries (because a host may announce its multicast subscriptions), so enable pf logging and check for the relevant error message instead. PR: 289821 MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D52762 --- tests/sys/netpfil/pf/Makefile | 2 +- tests/sys/netpfil/pf/mld.py | 35 +++++++++++++++-------------------- 2 files changed, 16 insertions(+), 21 deletions(-) diff --git a/tests/sys/netpfil/pf/Makefile b/tests/sys/netpfil/pf/Makefile index 99500fc90806..b363e0b17c76 100644 --- a/tests/sys/netpfil/pf/Makefile +++ b/tests/sys/netpfil/pf/Makefile @@ -72,7 +72,7 @@ ATF_TESTS_PYTEST+= tcp.py # Allow tests to run in parallel in their own jails TEST_METADATA+= execenv="jail" -TEST_METADATA+= execenv_jail_params="vnet allow.raw_sockets" +TEST_METADATA+= execenv_jail_params="vnet allow.raw_sockets allow.read_msgbuf" ${PACKAGE}FILES+= \ bsnmpd.conf \ diff --git a/tests/sys/netpfil/pf/mld.py b/tests/sys/netpfil/pf/mld.py index d118a34c8a7d..b3ef6c21b3de 100644 --- a/tests/sys/netpfil/pf/mld.py +++ b/tests/sys/netpfil/pf/mld.py @@ -32,23 +32,22 @@ from atf_python.sys.net.vnet import VnetTestTemplate class TestMLD(VnetTestTemplate): REQUIRED_MODULES = [ "pf" ] TOPOLOGY = { - "vnet1": {"ifaces": ["if1"]}, + "vnet1": {"ifaces": ["if1"], "opts": ["allow.read_msgbuf"]}, "vnet2": {"ifaces": ["if1"]}, "if1": {"prefixes6": [("2001:db8::2/64", "2001:db8::1/64")]}, } def vnet2_handler(self, vnet): ifname = vnet.iface_alias_map["if1"].name - #ToolsHelper.print_output("/sbin/pfctl -e") + ToolsHelper.print_output("/sbin/pfctl -e") ToolsHelper.pf_rules([ "pass", ]) ToolsHelper.print_output("/sbin/pfctl -x loud") - #ToolsHelper.print_output("echo \"j 230.0.0.1 %s\ns 3600\nq\" | /usr/sbin/mtest" % ifname) def find_mld_reply(self, pkt, ifname): pkt.show() - s = DelayedSend(pkt) + s = DelayedSend(pkt, ifname) found = False packets = self.sp.sniff(iface=ifname, timeout=5) @@ -66,7 +65,6 @@ class TestMLD(VnetTestTemplate): def test_router_alert(self): """Verify that we allow MLD packets with router alert extension header""" ifname = self.vnet.iface_alias_map["if1"].name - #ToolsHelper.print_output("/sbin/ifconfig %s inet6 -ifdisable" % ifname) ToolsHelper.print_output("/sbin/ifconfig") # Import in the correct vnet, so at to not confuse Scapy @@ -76,20 +74,17 @@ class TestMLD(VnetTestTemplate): self.sp = sp self.sc = sc - # A correct MLD query gets a reply - pkt = sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=1) \ - / sp.RouterAlert(value=0) \ + # MLD packets with an incorrect hop limit get dropped. + pkt = sp.Ether() \ + / sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=2) \ + / sp.IPv6ExtHdrHopByHop(options=[ \ + sp.RouterAlert(value=0) \ + ]) \ / sp.ICMPv6MLQuery2() - assert self.find_mld_reply(pkt, ifname) + # We can't reliably test this by checking for a reply, because + # the other jail may just send a spontaneous MLD reply. + self.find_mld_reply(pkt, ifname) - # The wrong extension header does not - pkt = sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=1) \ - / sp.IPv6ExtHdrRouting() \ - / sp.ICMPv6MLQuery2() - assert not self.find_mld_reply(pkt, ifname) - - # Neither does an incorrect hop limit - pkt = sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=2) \ - / sp.RouterAlert(value=0) \ - / sp.ICMPv6MLQuery2() - assert not self.find_mld_reply(pkt, ifname) + # Check if we logged dropping the MLD paacket + dmesg = ToolsHelper.get_output("/sbin/dmesg") + assert dmesg.find("Invalid MLD") != -1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202509301253.58UCraB0061760>