diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2022-05-09 10:36:53 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2022-05-12 19:50:10 +0000 |
| commit | 920c3410872c93f0ca97dcc4c96a134746eb9393 (patch) | |
| tree | 4e98dfe1a1dc39ab137598497f0dcd76b5b48356 /tests | |
| parent | 1977d9a37b880657512f16bd46e0656c02d19b29 (diff) | |
| download | src-920c3410872c93f0ca97dcc4c96a134746eb9393.tar.gz src-920c3410872c93f0ca97dcc4c96a134746eb9393.zip | |
pf tests: test dummynet on route-to'd packets
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D35161
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/sys/netpfil/pf/route_to.sh | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/tests/sys/netpfil/pf/route_to.sh b/tests/sys/netpfil/pf/route_to.sh index 570d1feb36ff..f77b9a35b8ad 100644 --- a/tests/sys/netpfil/pf/route_to.sh +++ b/tests/sys/netpfil/pf/route_to.sh @@ -309,6 +309,62 @@ icmp_nat_cleanup() pft_cleanup } +atf_test_case "dummynet" "cleanup" +dummynet_head() +{ + atf_set descr 'Test that dummynet applies to route-to packets' + atf_set require.user root +} + +dummynet_body() +{ + dummynet_init + + epair_srv=$(vnet_mkepair) + epair_gw=$(vnet_mkepair) + + vnet_mkjail srv ${epair_srv}a + jexec srv ifconfig ${epair_srv}a 192.0.2.1/24 up + jexec srv route add default 192.0.2.2 + + vnet_mkjail gw ${epair_srv}b ${epair_gw}a + jexec gw ifconfig ${epair_srv}b 192.0.2.2/24 up + jexec gw ifconfig ${epair_gw}a 198.51.100.1/24 up + jexec gw sysctl net.inet.ip.forwarding=1 + + ifconfig ${epair_gw}b 198.51.100.2/24 up + route add -net 192.0.2.0/24 198.51.100.1 + + # Sanity check + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1 + + jexec gw dnctl pipe 1 config delay 1200 + pft_set_rules gw \ + "pass out route-to (${epair_srv}b 192.0.2.1) to 192.0.2.1 dnpipe 1" + jexec gw pfctl -e + + # The ping request will pass, but take 1.2 seconds + # So this works: + atf_check -s exit:0 -o ignore ping -c 1 192.0.2.1 + # But this times out: + atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.1 + + # return path dummynet + pft_set_rules gw \ + "pass out route-to (${epair_srv}b 192.0.2.1) to 192.0.2.1 dnpipe (0, 1)" + + # The ping request will pass, but take 1.2 seconds + # So this works: + atf_check -s exit:0 -o ignore ping -c 1 192.0.2.1 + # But this times out: + atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.1 +} + +dummynet_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "v4" @@ -316,4 +372,5 @@ atf_init_test_cases() atf_add_test_case "multiwan" atf_add_test_case "multiwanlocal" atf_add_test_case "icmp_nat" + atf_add_test_case "dummynet" } |