diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2023-05-08 15:44:47 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2023-05-08 15:44:47 +0000 |
| commit | f76df4718d27f512a7f02cccc12b9b10cf6ad13a (patch) | |
| tree | 34135e7564a851771c4925d870875fdf303ff446 | |
| parent | f7ee28e755820375d5f441e19c1f1376a200e834 (diff) | |
| download | src-f76df4718d27f512a7f02cccc12b9b10cf6ad13a.tar.gz src-f76df4718d27f512a7f02cccc12b9b10cf6ad13a.zip | |
if_ovpn tests: fix route_to test case
* Move the .254 address to the tunnel device so we reply through the
tunnel.
* Remove the network route to 'break' routing, which we then 'fix' with
pf's route-to, which is the functionality we wanted to test in the
first place.
Reported by: markj
Sponsored by: Rubicon Communications, LLC ("Netgate")
| -rw-r--r-- | tests/sys/net/if_ovpn/if_ovpn.sh | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/tests/sys/net/if_ovpn/if_ovpn.sh b/tests/sys/net/if_ovpn/if_ovpn.sh index 51d21b826e72..5500dd9f1f41 100644 --- a/tests/sys/net/if_ovpn/if_ovpn.sh +++ b/tests/sys/net/if_ovpn/if_ovpn.sh @@ -91,6 +91,8 @@ atf_test_case "4in4" "cleanup" # Give the tunnel time to come up sleep 10 + atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.1 + echo 'foo' | jexec b nc -u -w 2 192.0.2.1 1194 atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1 } @@ -702,7 +704,6 @@ route_to_body() vnet_mkjail a ${l}a jexec a ifconfig ${l}a 192.0.2.1/24 up - jexec a ifconfig ${l}a inet alias 198.51.100.254/24 vnet_mkjail b ${l}b ${n}a jexec b ifconfig ${l}b 192.0.2.2/24 up jexec b ifconfig ${n}a up @@ -751,26 +752,23 @@ route_to_body() # Give the tunnel time to come up sleep 10 + jexec a ifconfig ovpn0 inet alias 198.51.100.254/24 # Check the tunnel - atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.1 - atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.254 + atf_check -s exit:0 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.1 + atf_check -s exit:0 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.254 + + # Break our route to .254 so that we need a route-to to make things work. + jexec b ifconfig ${n}a 203.0.113.1/24 up + jexec b route add 198.51.100.254 -interface ${n}a - # Break our routes so that we need a route-to to make things work. - jexec b ifconfig ${n}a 198.51.100.3/24 - atf_check -s exit:2 -o ignore jexec b ping -c 1 -t 1 -S 198.51.100.2 198.51.100.254 + # Make sure it's broken. + atf_check -s exit:2 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.254 jexec b pfctl -e pft_set_rules b \ "pass out route-to (tun0 198.51.100.1) proto icmp from 198.51.100.2 " atf_check -s exit:0 -o ignore jexec b ping -c 3 -S 198.51.100.2 198.51.100.254 - - # And this keeps working even if we don't have a route to 198.51.100.0/24 via if_ovpn - jexec b route del -net 198.51.100.0/24 - jexec b route add -net 198.51.100.0/24 -interface ${n}a - pft_set_rules b \ - "pass out route-to (tun0 198.51.100.3) proto icmp from 198.51.100.2 " - atf_check -s exit:0 -o ignore jexec b ping -c 3 -S 198.51.100.2 198.51.100.254 } route_to_cleanup() |