Date: Wed, 31 Mar 2021 13:12:46 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: e99aa5c2cf6b - stable/13 - pf tests: pfsync bulk update test Message-ID: <202103311312.12VDCk2l057480@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=e99aa5c2cf6b0eadcc29c62243d51de0eb36937c commit e99aa5c2cf6b0eadcc29c62243d51de0eb36937c Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-03-15 13:10:55 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-03-31 13:09:08 +0000 pf tests: pfsync bulk update test Test that pfsync works as expected with bulk updates. That is, create some state before setting up the second firewall. Let that firewall request a bulk update so it can catch up, and check that it got the state which was created before it enable pfsync. PR: 254236 MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D29272 (cherry picked from commit 8ad7d25dfc808ca00300f7553a9b28dfc0e99c18) --- tests/sys/netpfil/pf/pfsync.sh | 68 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/tests/sys/netpfil/pf/pfsync.sh b/tests/sys/netpfil/pf/pfsync.sh index d8cb0a13efb7..a6fc7ec9f7e9 100644 --- a/tests/sys/netpfil/pf/pfsync.sh +++ b/tests/sys/netpfil/pf/pfsync.sh @@ -112,8 +112,76 @@ defer_cleanup() pfsynct_cleanup } +atf_test_case "bulk" "cleanup" +bulk_head() +{ + atf_set descr 'Test bulk updates' + atf_set require.user root +} + +bulk_body() +{ + pfsynct_init + + epair_sync=$(vnet_mkepair) + epair_one=$(vnet_mkepair) + epair_two=$(vnet_mkepair) + + vnet_mkjail one ${epair_one}a ${epair_sync}a + vnet_mkjail two ${epair_two}a ${epair_sync}b + + # pfsync interface + jexec one ifconfig ${epair_sync}a 192.0.2.1/24 up + jexec one ifconfig ${epair_one}a 198.51.100.1/24 up + jexec one ifconfig pfsync0 \ + syncdev ${epair_sync}a \ + maxupd 1\ + up + jexec two ifconfig ${epair_two}a 198.51.100.2/24 up + jexec two ifconfig ${epair_sync}b 192.0.2.2/24 up + + # Enable pf + jexec one pfctl -e + pft_set_rules one \ + "set skip on ${epair_sync}a" \ + "pass keep state" + jexec two pfctl -e + pft_set_rules two \ + "set skip on ${epair_sync}b" \ + "pass keep state" + + ifconfig ${epair_one}b 198.51.100.254/24 up + + # Create state prior to setting up pfsync + ping -c 1 -S 198.51.100.254 198.51.100.1 + + # Wait before setting up pfsync on two, so we don't accidentally catch + # the update anyway. + sleep 1 + + # Now set up pfsync in jail two + jexec two ifconfig pfsync0 \ + syncdev ${epair_sync}b \ + up + + # Give pfsync time to do its thing + sleep 2 + + jexec two pfctl -s states + if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \ + grep 198.51.100.2 ; then + atf_fail "state not found on synced host" + fi +} + +bulk_cleanup() +{ + pfsynct_cleanup +} + atf_init_test_cases() { atf_add_test_case "basic" atf_add_test_case "defer" + atf_add_test_case "bulk" }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202103311312.12VDCk2l057480>