Add regress test to verify that IPv6 link-local addresses work

6 files changed, 235 insertions, 4 deletions

diff --git a/regress/usr.sbin/bgpd/integrationtests/Makefile b/regress/usr.sbin/bgpd/integrationtests/Makefile
index bc0b9810cb2..10e36ac401a 100644
--- a/regress/usr.sbin/bgpd/integrationtests/Makefile
+++ b/regress/usr.sbin/bgpd/integrationtests/Makefile
@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.22 2023/10/12 09:18:56 claudio Exp $
+# $OpenBSD: Makefile,v 1.23 2023/10/16 10:26:51 claudio Exp $
 
-REGRESS_TARGETS	= 	network_statement md5 ovs mrt pftable \
-			maxprefix maxprefixout maxcomm \
-			as0 med eval_all policy l3vpn attr ixp
+REGRESS_TARGETS	= 	network_statement md5 ovs policy pftable \
+			mrt maxprefix maxprefixout maxcomm l3vpn \
+			ixp lladdr \
+			as0 med eval_all attr
 
 BGPD ?=			/usr/sbin/bgpd
 
@@ -44,6 +45,9 @@ l3vpn:
 ixp:
 	${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12
 
+lladdr:
+	${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12
+
 .if ! exists(/usr/local/bin/exabgp)
 as0:
 	# install exabgp from ports for additional tests
diff --git a/regress/usr.sbin/bgpd/integrationtests/bgpd.lladdr.rdomain1.conf b/regress/usr.sbin/bgpd/integrationtests/bgpd.lladdr.rdomain1.conf
new file mode 100644
index 00000000000..91d5c03855b
--- /dev/null
+++ b/regress/usr.sbin/bgpd/integrationtests/bgpd.lladdr.rdomain1.conf
@@ -0,0 +1,23 @@
+AS 4200000001
+router-id 42.0.0.1
+fib-update yes
+
+network 2001:db8:1::/48 set community 0:1
+network 2001:db8:11::/48 set community 0:11
+
+neighbor fe80::c0fe:2%pair11 {
+	descr		"RDOMAIN2"
+	remote-as	4200000002
+	local-address	fe80::c0fe:1%pair11
+}
+neighbor fe80::beef:2%gif11 {
+	descr		"RDOMAIN2_2"
+	remote-as	4200000002
+	local-address	fe80::beef:1%gif11
+}
+
+
+allow from any
+deny to any
+allow to fe80::c0fe:2%pair11 community 0:1
+allow to fe80::beef:2%gif11 community 0:11
diff --git a/regress/usr.sbin/bgpd/integrationtests/bgpd.lladdr.rdomain2.conf b/regress/usr.sbin/bgpd/integrationtests/bgpd.lladdr.rdomain2.conf
new file mode 100644
index 00000000000..c40fdb48282
--- /dev/null
+++ b/regress/usr.sbin/bgpd/integrationtests/bgpd.lladdr.rdomain2.conf
@@ -0,0 +1,23 @@
+AS 4200000002
+router-id 42.0.0.2
+fib-update yes
+
+network 2001:db8:2::/48 set community 0:1
+network 2001:db8:12::/48 set community 0:11
+
+neighbor fe80::c0fe:1%pair12 {
+	descr		"RDOMAIN1"
+	remote-as	4200000001
+	local-address	fe80::c0fe:2%pair12
+}
+
+neighbor fe80::beef:1%gif12 {
+	descr		"RDOMAIN1_2"
+	remote-as	4200000001
+	local-address	fe80::beef:2%gif12
+}
+
+allow from any
+deny to any
+allow to fe80::c0fe:1%pair12 community 0:1
+allow to fe80::beef:1%gif12 community 0:11
diff --git a/regress/usr.sbin/bgpd/integrationtests/lladdr.rdomain1.ok b/regress/usr.sbin/bgpd/integrationtests/lladdr.rdomain1.ok
new file mode 100644
index 00000000000..bb90aab04bc
--- /dev/null
+++ b/regress/usr.sbin/bgpd/integrationtests/lladdr.rdomain1.ok
@@ -0,0 +1,36 @@
+flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
+       S = Stale, E = Error
+origin validation state: N = not-found, V = valid, ! = invalid
+aspa validation state: ? = unknown, V = valid, ! = invalid
+origin: i = IGP, e = EGP, ? = Incomplete
+
+flags  vs destination          gateway          lpref   med aspath origin
+AI*>  N-? 2001:db8:1::/48      ::                100     0 i
+*>    N-? 2001:db8:2::/48      fe80::c0fe:2%pair11   100     0 4200000002 i
+AI*>  N-? 2001:db8:11::/48     ::                100     0 i
+*>    N-? 2001:db8:12::/48     fe80::beef:2%gif11   100     0 4200000002 i
+flags: B = BGP, C = Connected, S = Static
+       N = BGP Nexthop reachable via this route
+       r = reject route, b = blackhole route
+
+flags prio destination                      gateway                         
+B       48 2001:db8:2::/48                  fe80::c0fe:2%pair11
+B       48 2001:db8:12::/48                 fe80::beef:2%gif11
+   route to: 2001:db8:2::
+destination: 2001:db8:2::
+       mask: ffff:ffff:ffff::
+    gateway: fe80::c0fe:2%pair11
+  interface: pair11
+   priority: 48 (bgp)
+      flags: <UP,GATEWAY,DONE>
+     use       mtu    expire
+       0         0         0 
+   route to: 2001:db8:12::
+destination: 2001:db8:12::
+       mask: ffff:ffff:ffff::
+    gateway: fe80::beef:2%gif11
+  interface: gif11
+   priority: 48 (bgp)
+      flags: <UP,GATEWAY,DONE>
+     use       mtu    expire
+       0         0         0 
diff --git a/regress/usr.sbin/bgpd/integrationtests/lladdr.rdomain2.ok b/regress/usr.sbin/bgpd/integrationtests/lladdr.rdomain2.ok
new file mode 100644
index 00000000000..f92a39f0788
--- /dev/null
+++ b/regress/usr.sbin/bgpd/integrationtests/lladdr.rdomain2.ok
@@ -0,0 +1,36 @@
+flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
+       S = Stale, E = Error
+origin validation state: N = not-found, V = valid, ! = invalid
+aspa validation state: ? = unknown, V = valid, ! = invalid
+origin: i = IGP, e = EGP, ? = Incomplete
+
+flags  vs destination          gateway          lpref   med aspath origin
+*>    N-? 2001:db8:1::/48      fe80::c0fe:1%pair12   100     0 4200000001 i
+AI*>  N-? 2001:db8:2::/48      ::                100     0 i
+*>    N-? 2001:db8:11::/48     fe80::beef:1%gif12   100     0 4200000001 i
+AI*>  N-? 2001:db8:12::/48     ::                100     0 i
+flags: B = BGP, C = Connected, S = Static
+       N = BGP Nexthop reachable via this route
+       r = reject route, b = blackhole route
+
+flags prio destination                      gateway                         
+B       48 2001:db8:1::/48                  fe80::c0fe:1%pair12
+B       48 2001:db8:11::/48                 fe80::beef:1%gif12
+   route to: 2001:db8:1::
+destination: 2001:db8:1::
+       mask: ffff:ffff:ffff::
+    gateway: fe80::c0fe:1%pair12
+  interface: pair12
+   priority: 48 (bgp)
+      flags: <UP,GATEWAY,DONE>
+     use       mtu    expire
+       0         0         0 
+   route to: 2001:db8:11::
+destination: 2001:db8:11::
+       mask: ffff:ffff:ffff::
+    gateway: fe80::beef:1%gif12
+  interface: gif12
+   priority: 48 (bgp)
+      flags: <UP,GATEWAY,DONE>
+     use       mtu    expire
+       0         0         0 
diff --git a/regress/usr.sbin/bgpd/integrationtests/lladdr.sh b/regress/usr.sbin/bgpd/integrationtests/lladdr.sh
new file mode 100644
index 00000000000..f91eb9989dc
--- /dev/null
+++ b/regress/usr.sbin/bgpd/integrationtests/lladdr.sh
@@ -0,0 +1,109 @@
+#!/bin/ksh
+#	$OpenBSD: lladdr.sh,v 1.1 2023/10/16 10:26:51 claudio Exp $
+
+set -e
+
+BGPD=$1
+BGPDCONFIGDIR=$2
+RDOMAIN1=$3
+RDOMAIN2=$4
+PAIR1=$5
+PAIR2=$6
+GIF1=gif${RDOMAIN1}
+GIF2=gif${RDOMAIN2}
+
+RDOMAINS="${RDOMAIN1} ${RDOMAIN2}"
+IFACES="${PAIR1} ${PAIR2} ${GIF1} ${GIF2}"
+PAIR1IP6=fe80::c0fe:1
+PAIR2IP6=fe80::c0fe:2
+GIF1IP6=fe80::beef:1
+GIF2IP6=fe80::beef:2
+
+error_notify() {
+	set -x
+	echo cleanup
+	pfctl -q -t bgpd_integ_test -T kill
+	pkill -T ${RDOMAIN1} bgpd || true
+	pkill -T ${RDOMAIN2} bgpd || true
+	sleep 1
+	ifconfig ${GIF1} destroy || true
+	ifconfig ${GIF2} destroy || true
+	ifconfig ${PAIR1} destroy || true
+	ifconfig ${PAIR2} destroy || true
+	route -qn -T ${RDOMAIN1} flush || true
+	route -qn -T ${RDOMAIN2} flush || true
+	ifconfig lo${RDOMAIN1} destroy || true
+	ifconfig lo${RDOMAIN2} destroy || true
+	if [ $1 -ne 0 ]; then
+		echo FAILED
+		exit 1
+	else
+		echo SUCCESS
+	fi
+}
+
+if [ "$(id -u)" -ne 0 ]; then 
+	echo need root privileges >&2
+	exit 1
+fi
+
+trap 'error_notify $?' EXIT
+
+echo check if rdomains are busy
+for n in ${RDOMAINS}; do
+	if /sbin/ifconfig | grep -v "^lo${n}:" | grep " rdomain ${n} "; then
+		echo routing domain ${n} is already used >&2
+		exit 1
+	fi
+done
+
+echo check if interfaces are busy
+for n in ${IFACES}; do
+	/sbin/ifconfig "${n}" >/dev/null 2>&1 && \
+	    ( echo interface ${n} is already used >&2; exit 1 )
+done
+
+set -x
+
+echo setup
+ifconfig ${PAIR1} rdomain ${RDOMAIN1} up
+ifconfig ${PAIR2} rdomain ${RDOMAIN2} up
+ifconfig ${PAIR1} inet6 ${PAIR1IP6}/64
+ifconfig ${PAIR2} inet6 ${PAIR2IP6}/64
+ifconfig ${PAIR1} patch ${PAIR2}
+ifconfig ${GIF1} rdomain ${RDOMAIN1} tunneldomain ${RDOMAIN1}
+ifconfig ${GIF2} rdomain ${RDOMAIN2} tunneldomain ${RDOMAIN2}
+ifconfig ${GIF1} tunnel ${PAIR1IP6}%${PAIR1} ${PAIR2IP6}%${PAIR1}
+ifconfig ${GIF2} tunnel ${PAIR2IP6}%${PAIR2} ${PAIR1IP6}%${PAIR2}
+ifconfig ${GIF1} inet6 ${GIF1IP6}/128 ${GIF2IP6}
+ifconfig ${GIF2} inet6 ${GIF2IP6}/128 ${GIF1IP6}
+
+echo run bgpds
+route -T ${RDOMAIN1} exec ${BGPD} \
+	-v -f ${BGPDCONFIGDIR}/bgpd.lladdr.rdomain1.conf
+route -T ${RDOMAIN2} exec ${BGPD} \
+	-v -f ${BGPDCONFIGDIR}/bgpd.lladdr.rdomain2.conf
+
+sleep 1
+
+route -T11 exec bgpctl nei RDOMAIN2 up
+route -T11 exec bgpctl nei RDOMAIN2_2 up
+
+sleep 2
+
+route -T11 exec bgpctl show rib | tee lladdr.rdomain1.out
+route -T11 exec bgpctl show fib | grep -v 'link#' | tee -a lladdr.rdomain1.out
+route -T11 get 2001:db8:2::/48 | grep -v "if address" | tee -a lladdr.rdomain1.out
+route -T11 get 2001:db8:12::/48 | grep -v "if address" | tee -a lladdr.rdomain1.out
+
+route -T12 exec bgpctl show rib | tee lladdr.rdomain2.out
+route -T12 exec bgpctl show fib | grep -v 'link#' | tee -a lladdr.rdomain2.out
+route -T12 get 2001:db8:1::/48 | grep -v "if address" | tee -a lladdr.rdomain2.out
+route -T12 get 2001:db8:11::/48 | grep -v "if address" | tee -a lladdr.rdomain2.out
+
+sleep .2
+diff -u ${BGPDCONFIGDIR}/lladdr.rdomain1.ok lladdr.rdomain1.out
+diff -u ${BGPDCONFIGDIR}/lladdr.rdomain2.ok lladdr.rdomain2.out
+echo OK
+
+exit 0