From owner-svn-src-all@freebsd.org Sun Nov 18 12:31:42 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 43E3E1138A3C; Sun, 18 Nov 2018 12:31:42 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DD9F17B8EC; Sun, 18 Nov 2018 12:31:41 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BD85F13583; Sun, 18 Nov 2018 12:31:41 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAICVfLE061968; Sun, 18 Nov 2018 12:31:41 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAICVfXc061965; Sun, 18 Nov 2018 12:31:41 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201811181231.wAICVfXc061965@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Sun, 18 Nov 2018 12:31:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r340575 - stable/12/tests/sys/netpfil/pf X-SVN-Group: stable-12 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/12/tests/sys/netpfil/pf X-SVN-Commit-Revision: 340575 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: DD9F17B8EC X-Spamd-Result: default: False [0.06 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.06)[0.058,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 12:31:42 -0000 Author: kp Date: Sun Nov 18 12:31:40 2018 New Revision: 340575 URL: https://svnweb.freebsd.org/changeset/base/340575 Log: MFC r340069: pf tests: Basic pfsync test Set up two jails, configure pfsync between them and create state in one of them, verify that this state is copied to the other jail. Sponsored by: Orange Business Services Added: stable/12/tests/sys/netpfil/pf/pfsync.sh - copied unchanged from r340069, head/tests/sys/netpfil/pf/pfsync.sh Modified: stable/12/tests/sys/netpfil/pf/Makefile stable/12/tests/sys/netpfil/pf/utils.subr Directory Properties: stable/12/ (props changed) Modified: stable/12/tests/sys/netpfil/pf/Makefile ============================================================================== --- stable/12/tests/sys/netpfil/pf/Makefile Sun Nov 18 12:30:18 2018 (r340574) +++ stable/12/tests/sys/netpfil/pf/Makefile Sun Nov 18 12:31:40 2018 (r340575) @@ -11,7 +11,8 @@ ATF_TESTS_SH+= pass_block \ set_tos \ route_to \ synproxy \ - set_skip + set_skip \ + pfsync ${PACKAGE}FILES+= utils.subr \ echo_inetd.conf \ Copied: stable/12/tests/sys/netpfil/pf/pfsync.sh (from r340069, head/tests/sys/netpfil/pf/pfsync.sh) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/12/tests/sys/netpfil/pf/pfsync.sh Sun Nov 18 12:31:40 2018 (r340575, copy of r340069, head/tests/sys/netpfil/pf/pfsync.sh) @@ -0,0 +1,70 @@ +# $FreeBSD$ + +. $(atf_get_srcdir)/utils.subr + +atf_test_case "basic" "cleanup" +basic_head() +{ + atf_set descr 'Basic pfsync test' + atf_set require.user root + + atf_set require.progs scapy +} + +basic_body() +{ + pfsynct_init + + epair_sync=$(pft_mkepair) + epair_one=$(pft_mkepair) + epair_two=$(pft_mkepair) + + pft_mkjail one ${epair_one}a ${epair_sync}a + pft_mkjail two ${epair_two}a ${epair_sync}b + + # pfsync interface + jexec one ifconfig ${epair_sync}a 192.0.2.1/24 up + jexec one ifconfig ${epair_one}a 198.51.100.1/24 up + jexec one ifconfig pfsync0 \ + syncdev ${epair_sync}a \ + maxupd 1 \ + up + jexec two ifconfig ${epair_two}a 198.51.100.2/24 up + jexec two ifconfig ${epair_sync}b 192.0.2.2/24 up + jexec two ifconfig pfsync0 \ + syncdev ${epair_sync}b \ + maxupd 1 \ + up + + # Enable pf! + jexec one pfctl -e + pft_set_rules one \ + "set skip on ${epair_sync}a" \ + "pass keep state" + jexec two pfctl -e + pft_set_rules two \ + "set skip on ${epair_sync}b" \ + "pass keep state" + + ifconfig ${epair_one}b 198.51.100.254/24 up + + ping -c 1 -S 198.51.100.254 198.51.100.1 + + # Give pfsync time to do its thing + sleep 2 + + if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \ + grep 198.51.100.2 ; then + atf_fail "state not found on synced host" + fi +} + +basic_cleanup() +{ + pfsynct_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case "basic" +} Modified: stable/12/tests/sys/netpfil/pf/utils.subr ============================================================================== --- stable/12/tests/sys/netpfil/pf/utils.subr Sun Nov 18 12:30:18 2018 (r340574) +++ stable/12/tests/sys/netpfil/pf/utils.subr Sun Nov 18 12:31:40 2018 (r340575) @@ -13,6 +13,15 @@ pft_init() fi } +pfsynct_init() +{ + pft_init + + if ! kldstat -q -m pfsync; then + atf_skip "This test requires pfsync" + fi +} + pft_mkepair() { ifname=$(ifconfig epair create) @@ -66,4 +75,9 @@ pft_cleanup() done rm created_interfaces.lst fi +} + +pfsynct_cleanup() +{ + pft_cleanup }