tests/sys/netpfil/pf/pfsync.sh

   1 # $FreeBSD$
   2
   3 . $(atf_get_srcdir)/utils.subr
   4
   5 atf_test_case "basic" "cleanup"
   6 basic_head()
   7 {
   8         atf_set descr 'Basic pfsync test'
   9         atf_set require.user root
  10 }
  11
  12 basic_body()
  13 {
  14         common_body
  15 }
  16
  17 common_body()
  18 {
  19         defer=$1
  20         pfsynct_init
  21
  22         epair_sync=$(vnet_mkepair)
  23         epair_one=$(vnet_mkepair)
  24         epair_two=$(vnet_mkepair)
  25
  26         vnet_mkjail one ${epair_one}a ${epair_sync}a
  27         vnet_mkjail two ${epair_two}a ${epair_sync}b
  28
  29         # pfsync interface
  30         jexec one ifconfig ${epair_sync}a 192.0.2.1/24 up
  31         jexec one ifconfig ${epair_one}a 198.51.100.1/24 up
  32         jexec one ifconfig pfsync0 \
  33                 syncdev ${epair_sync}a \
  34                 maxupd 1 \
  35                 $defer \
  36                 up
  37         jexec two ifconfig ${epair_two}a 198.51.100.2/24 up
  38         jexec two ifconfig ${epair_sync}b 192.0.2.2/24 up
  39         jexec two ifconfig pfsync0 \
  40                 syncdev ${epair_sync}b \
  41                 maxupd 1 \
  42                 $defer \
  43                 up
  44
  45         # Enable pf!
  46         jexec one pfctl -e
  47         pft_set_rules one \
  48                 "set skip on ${epair_sync}a" \
  49                 "pass keep state"
  50         jexec two pfctl -e
  51         pft_set_rules two \
  52                 "set skip on ${epair_sync}b" \
  53                 "pass keep state"
  54
  55         ifconfig ${epair_one}b 198.51.100.254/24 up
  56
  57         ping -c 1 -S 198.51.100.254 198.51.100.1
  58
  59         # Give pfsync time to do its thing
  60         sleep 2
  61
  62         if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
  63             grep 198.51.100.2 ; then
  64                 atf_fail "state not found on synced host"
  65         fi
  66 }
  67
  68 basic_cleanup()
  69 {
  70         pfsynct_cleanup
  71 }
  72
  73 atf_test_case "defer" "cleanup"
  74 defer_head()
  75 {
  76         atf_set descr 'Defer mode pfsync test'
  77         atf_set require.user root
  78 }
  79
  80 defer_body()
  81 {
  82         common_body defer
  83 }
  84
  85 defer_cleanup()
  86 {
  87         pfsynct_cleanup
  88 }
  89
  90 atf_init_test_cases()
  91 {
  92         atf_add_test_case "basic"
  93         atf_add_test_case "defer"
  94 }