From owner-dev-commits-src-all@freebsd.org Sat Aug 7 16:30:04 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BC24D66D7C0; Sat, 7 Aug 2021 16:30:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GhnrD4tGZz3w2r; Sat, 7 Aug 2021 16:30:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8F86F23EF9; Sat, 7 Aug 2021 16:30:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 177GU4Ce024832; Sat, 7 Aug 2021 16:30:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 177GU4Ok024829; Sat, 7 Aug 2021 16:30:04 GMT (envelope-from git) Date: Sat, 7 Aug 2021 16:30:04 GMT Message-Id: <202108071630.177GU4Ok024829@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 3bedd8a3b6d7 - stable/13 - pf tests: test locally originated connections with route-to MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 3bedd8a3b6d7816341cf6eebc3f91633a175320d Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Aug 2021 16:30:04 -0000 The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=3bedd8a3b6d7816341cf6eebc3f91633a175320d commit 3bedd8a3b6d7816341cf6eebc3f91633a175320d Author: Kristof Provost AuthorDate: 2021-07-14 10:33:37 +0000 Commit: Kristof Provost CommitDate: 2021-08-07 07:08:19 +0000 pf tests: test locally originated connections with route-to PR: 257106 Submitted by: Mark Cammidge MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D31178 (cherry picked from commit f808bb9b7e5ee2243e5a2aaad2275a78cdbe981b) --- tests/sys/netpfil/pf/route_to.sh | 70 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/tests/sys/netpfil/pf/route_to.sh b/tests/sys/netpfil/pf/route_to.sh index 59b16e35ee6f..957317eb462e 100644 --- a/tests/sys/netpfil/pf/route_to.sh +++ b/tests/sys/netpfil/pf/route_to.sh @@ -181,9 +181,79 @@ multiwan_cleanup() pft_cleanup } +atf_test_case "multiwanlocal" "cleanup" +multiwanlocal_head() +{ + atf_set descr 'Multi-WAN local origin source-based redirection / route-to test' + atf_set require.user root +} + +multiwanlocal_body() +{ + pft_init + + epair_one=$(vnet_mkepair) + epair_two=$(vnet_mkepair) + epair_cl_one=$(vnet_mkepair) + epair_cl_two=$(vnet_mkepair) + + vnet_mkjail srv1 ${epair_one}b + vnet_mkjail srv2 ${epair_two}b + vnet_mkjail wan_one ${epair_one}a ${epair_cl_one}b + vnet_mkjail wan_two ${epair_two}a ${epair_cl_two}b + vnet_mkjail client ${epair_cl_one}a ${epair_cl_two}a + + jexec client ifconfig ${epair_cl_one}a 203.0.113.1/25 + jexec wan_one ifconfig ${epair_cl_one}b 203.0.113.2/25 + jexec wan_one ifconfig ${epair_one}a 192.0.2.1/24 up + jexec wan_one sysctl net.inet.ip.forwarding=1 + jexec srv1 ifconfig ${epair_one}b 192.0.2.2/24 up + + jexec client ifconfig ${epair_cl_two}a 203.0.113.128/25 + jexec wan_two ifconfig ${epair_cl_two}b 203.0.113.129/25 + jexec wan_two ifconfig ${epair_two}a 198.51.100.1/24 up + jexec wan_two sysctl net.inet.ip.forwarding=1 + jexec srv2 ifconfig ${epair_two}b 198.51.100.2/24 up + + jexec client route add default 203.0.113.2 + jexec srv1 route add default 192.0.2.1 + jexec srv2 route add default 198.51.100.1 + + # Run data source in srv1 and srv2 + jexec srv1 sh -c 'dd if=/dev/zero bs=1024 count=100 | nc -l 7 -w 2 -N &' + jexec srv2 sh -c 'dd if=/dev/zero bs=1024 count=100 | nc -l 7 -w 2 -N &' + + jexec client pfctl -e + pft_set_rules client \ + "block in" \ + "block out" \ + "pass out quick route-to (${epair_cl_two}a 203.0.113.129) inet proto tcp from 203.0.113.128 to any port 7" \ + "pass out on ${epair_cl_one}a inet proto tcp from any to any port 7" + + # This should work + result=$(jexec client nc -N -w 1 192.0.2.2 7 | wc -c) + if [ ${result} -ne 102400 ]; then + jexec client pfctl -ss + atf_fail "Redirect from client on one failed: ${result}" + fi + + # This should trigger the issue + result=$(jexec client nc -N -w 1 -s 203.0.113.128 198.51.100.2 7 | wc -c) + jexec client pfctl -ss + if [ ${result} -ne 102400 ]; then + atf_fail "Redirect from client on two failed: ${result}" + fi +} + +multiwanlocal_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "v4" atf_add_test_case "v6" atf_add_test_case "multiwan" + atf_add_test_case "multiwanlocal" }