From nobody Sat Jun 18 13:08:09 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 6631885CEF4; Sat, 18 Jun 2022 13:08:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LQGRv086bz3M5K; Sat, 18 Jun 2022 13:08:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1655557691; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+P2d6DrHwrm7epjDvevX9+8K1aqiUAEty9woWprO0JA=; b=mRU31Sek/Mswtqg8SJnOn2o+jGEAKtUuQznzkGvIG7BCtQB1haGW1aHZquaVdd4QqTn2K9 s6s12SgiELlu+Xfx/g8lYImyHIZCgfNEimAXxmXkOycZkjJuXojsE03Lzd4HjlnrHS9wfy H7cKMHLdMqPHgS40CmSzzHmoZEUU9y4CnZTIOPNXLxvHB2S/8rjlJvViGOs5FhYDgFSSTs Md+zN1tHDXEXNZNOMLaiK93dA/R8Ike3zXZHpHzEK/8Pe5mBIj7jvNJy4LAhAoj4Yvv+t6 5mVHSHpyQJwXE54Rwfuw6oV0Q5THcYRBUpi4qvstptjrZmD7361ILeHHIdxMuA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 918B51520B; Sat, 18 Jun 2022 13:08:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 25ID89mI039635; Sat, 18 Jun 2022 13:08:09 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 25ID89to039634; Sat, 18 Jun 2022 13:08:09 GMT (envelope-from git) Date: Sat, 18 Jun 2022 13:08:09 GMT Message-Id: <202206181308.25ID89to039634@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: f40bb3b602ec - stable/13 - pf tests: pfsync and route_to test case List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: f40bb3b602ec6378f56137eac82c295fdcce04a4 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1655557691; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+P2d6DrHwrm7epjDvevX9+8K1aqiUAEty9woWprO0JA=; b=ySK3rNRv0gJUz5hu/E6Ekt7/Brnl3UG1MKp37ZiURmaZctyBijPfZuiSP9QO3GvHVZb8Fb MH0Y+PzwXZn/Owtyg9vhwdgSmAW0gk8o/cznSFN/EJbPnTjwtHxz0v3ItZry18WVfCHb/S 6SIFGkS7F5AxM1AMj8oT2Y7NLZ8Za8SBMEHJE/BhxNJD4pHafhZlmik+NeXJ4jrldthykx J7jR7kOpTWYXofISf7ATHN5ZvCMnMFOMpY/S0vlrdUYoJJniefWNDKf6yDfxsGmW7H97kH cTVaMviQS3026whvFLku9+qSzG2nZm2mm0UNQkt9UiZborLjAvdVj/xnoJ1H1w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1655557691; a=rsa-sha256; cv=none; b=srvgwg95bv+qgBLWdlSmr9xabXP4tRc0ZBy4/Rsnrk3MD752napVfGIh016hgnt7ZX/Y9r 4LDlmOFrmjFqc6GbFugAvPLWI930yPzUoY6g63YfOIv37AOUJGCuCYQmt6gOFfHbySbbPc sLwYmpCaaLdgSSlKU3slqvGgBaBh2qFTH4NRo+d+oHY7UTyNhoy8ao5Yyzg5CEoSHJSK6M dkCL6MbaaCS6/jGGifElKSKErRdlvr4bKL3zvpo6aPaiLI0ZYK/kDy9VXiWpNvEggibWrT CGFjjZlOoPalfgmQsber7d7iEkidxKRLwIT43dFMR/0wSUvVj8MH4K5By+aHEg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=f40bb3b602ec6378f56137eac82c295fdcce04a4 commit f40bb3b602ec6378f56137eac82c295fdcce04a4 Author: Thomas Pasqualini AuthorDate: 2022-06-04 10:43:48 +0000 Commit: Kristof Provost CommitDate: 2022-06-18 07:30:11 +0000 pf tests: pfsync and route_to test case Test pfsync in a more realistic scenario with carp and route_to rules. Build this topology and initiate a single ping session from client to server: ┌──────┐ │client│ └───┬──┘ │ ┌───┴───┐ │bridge0│ └┬─────┬┘ │ │ ┌────────────────┴─┐ ┌─┴────────────────┐ │gw_route_to_master├─┤gw_route_to_backup│ └────────────────┬─┘ └─┬────────────────┘ │ │ ┌┴─────┴┐ │bridge1│ └┬─────┬┘ │ │ ┌────────────────┴─┐ ┌─┴────────────────┐ │gw_reply_to_master├─┤gw_reply_to_backup│ └────────────────┬─┘ └─┬────────────────┘ │ │ ┌┴─────┴┐ │bridge2│ └───┬───┘ │ ┌───┴──┐ │server│ └──────┘ gw* jails forward traffic through pf route-to rules, not fib lookups. If backup_promotion arg is given (as in the pfsync_pbr test case), a carp failover event occurs during the ping session on both gateways. Verify that ping messages still go where we expect them to go. MFC after: 2 weeks Sponsored by: Orange Business Services (cherry picked from commit 536e1da18bae91c74561498b3f484b27a89e13d7) --- tests/sys/netpfil/pf/pfsync.sh | 374 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 374 insertions(+) diff --git a/tests/sys/netpfil/pf/pfsync.sh b/tests/sys/netpfil/pf/pfsync.sh index 1422c0b47c49..8929e14ec7dd 100644 --- a/tests/sys/netpfil/pf/pfsync.sh +++ b/tests/sys/netpfil/pf/pfsync.sh @@ -247,10 +247,384 @@ bulk_cleanup() pfsynct_cleanup } +atf_test_case "pbr" "cleanup" +pbr_head() +{ + atf_set descr 'route_to and reply_to directives test' + atf_set require.user root + atf_set timeout '600' +} + +pbr_body() +{ + pbr_common_body +} + +pbr_cleanup() +{ + pbr_common_cleanup +} + +atf_test_case "pfsync_pbr" "cleanup" +pfsync_pbr_head() +{ + atf_set descr 'route_to and reply_to directives pfsync test' + atf_set require.user root + atf_set timeout '600' +} + +pfsync_pbr_body() +{ + pbr_common_body backup_promotion +} + +pfsync_pbr_cleanup() +{ + pbr_common_cleanup +} + +pbr_common_body() +{ + # + builds bellow topology and initiate a single ping session + # from client to server. + # + gw* forward traffic through pbr not fib lookups. + # + if backup_promotion arg is given, a carp failover event occurs + # during the ping session on both gateways. + # ┌──────┐ + # │client│ + # └───┬──┘ + # │ + # ┌───┴───┐ + # │bridge0│ + # └┬─────┬┘ + # │ │ + # ┌────────────────┴─┐ ┌─┴────────────────┐ + # │gw_route_to_master├─┤gw_route_to_backup│ + # └────────────────┬─┘ └─┬────────────────┘ + # │ │ + # ┌┴─────┴┐ + # │bridge1│ + # └┬─────┬┘ + # │ │ + # ┌────────────────┴─┐ ┌─┴────────────────┐ + # │gw_reply_to_master├─┤gw_reply_to_backup│ + # └────────────────┬─┘ └─┬────────────────┘ + # │ │ + # ┌┴─────┴┐ + # │bridge2│ + # └───┬───┘ + # │ + # ┌───┴──┐ + # │server│ + # └──────┘ + + if ! kldstat -q -m carp + then + atf_skip "This test requires carp" + fi + pfsynct_init + + bridge0=$(vnet_mkbridge) + bridge1=$(vnet_mkbridge) + bridge2=$(vnet_mkbridge) + + epair_sync_gw_route_to=$(vnet_mkepair) + epair_sync_gw_reply_to=$(vnet_mkepair) + epair_client_bridge0=$(vnet_mkepair) + + epair_gw_route_to_master_bridge0=$(vnet_mkepair) + epair_gw_route_to_backup_bridge0=$(vnet_mkepair) + epair_gw_route_to_master_bridge1=$(vnet_mkepair) + epair_gw_route_to_backup_bridge1=$(vnet_mkepair) + + epair_gw_reply_to_master_bridge1=$(vnet_mkepair) + epair_gw_reply_to_backup_bridge1=$(vnet_mkepair) + epair_gw_reply_to_master_bridge2=$(vnet_mkepair) + epair_gw_reply_to_backup_bridge2=$(vnet_mkepair) + + epair_server_bridge2=$(vnet_mkepair) + + ifconfig ${bridge0} up + ifconfig ${epair_client_bridge0}b up + ifconfig ${epair_gw_route_to_master_bridge0}b up + ifconfig ${epair_gw_route_to_backup_bridge0}b up + ifconfig ${bridge0} \ + addm ${epair_client_bridge0}b \ + addm ${epair_gw_route_to_master_bridge0}b \ + addm ${epair_gw_route_to_backup_bridge0}b + + ifconfig ${bridge1} up + ifconfig ${epair_gw_route_to_master_bridge1}b up + ifconfig ${epair_gw_route_to_backup_bridge1}b up + ifconfig ${epair_gw_reply_to_master_bridge1}b up + ifconfig ${epair_gw_reply_to_backup_bridge1}b up + ifconfig ${bridge1} \ + addm ${epair_gw_route_to_master_bridge1}b \ + addm ${epair_gw_route_to_backup_bridge1}b \ + addm ${epair_gw_reply_to_master_bridge1}b \ + addm ${epair_gw_reply_to_backup_bridge1}b + + ifconfig ${bridge2} up + ifconfig ${epair_gw_reply_to_master_bridge2}b up + ifconfig ${epair_gw_reply_to_backup_bridge2}b up + ifconfig ${epair_server_bridge2}b up + ifconfig ${bridge2} \ + addm ${epair_gw_reply_to_master_bridge2}b \ + addm ${epair_gw_reply_to_backup_bridge2}b \ + addm ${epair_server_bridge2}b + + vnet_mkjail client ${epair_client_bridge0}a + jexec client hostname client + vnet_mkjail gw_route_to_master \ + ${epair_gw_route_to_master_bridge0}a \ + ${epair_gw_route_to_master_bridge1}a \ + ${epair_sync_gw_route_to}a + jexec gw_route_to_master hostname gw_route_to_master + vnet_mkjail gw_route_to_backup \ + ${epair_gw_route_to_backup_bridge0}a \ + ${epair_gw_route_to_backup_bridge1}a \ + ${epair_sync_gw_route_to}b + jexec gw_route_to_backup hostname gw_route_to_backup + vnet_mkjail gw_reply_to_master \ + ${epair_gw_reply_to_master_bridge1}a \ + ${epair_gw_reply_to_master_bridge2}a \ + ${epair_sync_gw_reply_to}a + jexec gw_reply_to_master hostname gw_reply_to_master + vnet_mkjail gw_reply_to_backup \ + ${epair_gw_reply_to_backup_bridge1}a \ + ${epair_gw_reply_to_backup_bridge2}a \ + ${epair_sync_gw_reply_to}b + jexec gw_reply_to_backup hostname gw_reply_to_backup + vnet_mkjail server ${epair_server_bridge2}a + jexec server hostname server + + jexec client ifconfig ${epair_client_bridge0}a inet 198.18.0.1/24 up + jexec client route add 198.18.2.0/24 198.18.0.10 + + jexec gw_route_to_master ifconfig ${epair_sync_gw_route_to}a \ + inet 198.19.10.1/24 up + jexec gw_route_to_master ifconfig ${epair_gw_route_to_master_bridge0}a \ + inet 198.18.0.8/24 up + jexec gw_route_to_master ifconfig ${epair_gw_route_to_master_bridge0}a \ + alias 198.18.0.10/32 vhid 10 pass 3WjvVVw7 advskew 50 + jexec gw_route_to_master ifconfig ${epair_gw_route_to_master_bridge1}a \ + inet 198.18.1.8/24 up + jexec gw_route_to_master ifconfig ${epair_gw_route_to_master_bridge1}a \ + alias 198.18.1.10/32 vhid 11 pass 3WjvVVw7 advskew 50 + jexec gw_route_to_master sysctl net.inet.ip.forwarding=1 + jexec gw_route_to_master sysctl net.inet.carp.preempt=1 + jexec gw_route_to_master ifconfig ${epair_sync_gw_route_to}a name if_pfsync + sed -i '' -e 's/'${epair_sync_gw_route_to}'a/if_pfsync/g' created_interfaces.lst + jexec gw_route_to_master ifconfig ${epair_gw_route_to_master_bridge0}a name if_br0 + sed -i '' -e 's/'${epair_gw_route_to_master_bridge0}'a/if_br0/g' created_interfaces.lst + jexec gw_route_to_master ifconfig ${epair_gw_route_to_master_bridge1}a name if_br1 + sed -i '' -e 's/'${epair_gw_route_to_master_bridge1}'a/if_br1/g' created_interfaces.lst + jexec gw_route_to_master ifconfig pfsync0 \ + syncpeer 198.19.10.2 \ + syncdev if_pfsync \ + maxupd 1 \ + up + pft_set_rules gw_route_to_master \ + "keep_state = 'tag auth_packet keep state'" \ + "set timeout { icmp.first 120, icmp.error 60 }" \ + "block log all" \ + "pass quick on if_pfsync proto pfsync keep state (no-sync)" \ + "pass quick on { if_br0 if_br1 } proto carp keep state (no-sync)" \ + "block drop in quick to 224.0.0.18/32" \ + "pass out quick tagged auth_packet keep state" \ + "pass in quick log on if_br0 route-to (if_br1 198.18.1.20) proto { icmp udp tcp } from 198.18.0.0/24 to 198.18.2.0/24 \$keep_state" + jexec gw_route_to_master pfctl -e + + jexec gw_route_to_backup ifconfig ${epair_sync_gw_route_to}b \ + inet 198.19.10.2/24 up + jexec gw_route_to_backup ifconfig ${epair_gw_route_to_backup_bridge0}a \ + inet 198.18.0.9/24 up + jexec gw_route_to_backup ifconfig ${epair_gw_route_to_backup_bridge0}a \ + alias 198.18.0.10/32 vhid 10 pass 3WjvVVw7 advskew 100 + jexec gw_route_to_backup ifconfig ${epair_gw_route_to_backup_bridge1}a \ + inet 198.18.1.9/24 up + jexec gw_route_to_backup ifconfig ${epair_gw_route_to_backup_bridge1}a \ + alias 198.18.1.10/32 vhid 11 pass 3WjvVVw7 advskew 100 + jexec gw_route_to_backup sysctl net.inet.ip.forwarding=1 + jexec gw_route_to_backup sysctl net.inet.carp.preempt=1 + jexec gw_route_to_backup ifconfig ${epair_sync_gw_route_to}b name if_pfsync + sed -i '' -e 's/'${epair_sync_gw_route_to}'b/if_pfsync/g' created_interfaces.lst + jexec gw_route_to_backup ifconfig ${epair_gw_route_to_backup_bridge0}a name if_br0 + sed -i '' -e 's/'${epair_gw_route_to_backup_bridge0}'a/if_br0/g' created_interfaces.lst + jexec gw_route_to_backup ifconfig ${epair_gw_route_to_backup_bridge1}a name if_br1 + sed -i '' -e 's/'${epair_gw_route_to_backup_bridge1}'a/if_br1/g' created_interfaces.lst + jexec gw_route_to_backup ifconfig pfsync0 \ + syncpeer 198.19.10.1 \ + syncdev if_pfsync \ + up + pft_set_rules gw_route_to_backup \ + "keep_state = 'tag auth_packet keep state'" \ + "set timeout { icmp.first 120, icmp.error 60 }" \ + "block log all" \ + "pass quick on if_pfsync proto pfsync keep state (no-sync)" \ + "pass quick on { if_br0 if_br1 } proto carp keep state (no-sync)" \ + "block drop in quick to 224.0.0.18/32" \ + "pass out quick tagged auth_packet keep state" \ + "pass in quick log on if_br0 route-to (if_br1 198.18.1.20) proto { icmp udp tcp } from 198.18.0.0/24 to 198.18.2.0/24 \$keep_state" + jexec gw_route_to_backup pfctl -e + + jexec gw_reply_to_master ifconfig ${epair_sync_gw_reply_to}a \ + inet 198.19.20.1/24 up + jexec gw_reply_to_master ifconfig ${epair_gw_reply_to_master_bridge1}a \ + inet 198.18.1.18/24 up + jexec gw_reply_to_master ifconfig ${epair_gw_reply_to_master_bridge1}a \ + alias 198.18.1.20/32 vhid 21 pass 3WjvVVw7 advskew 50 + jexec gw_reply_to_master ifconfig ${epair_gw_reply_to_master_bridge2}a \ + inet 198.18.2.18/24 up + jexec gw_reply_to_master ifconfig ${epair_gw_reply_to_master_bridge2}a \ + alias 198.18.2.20/32 vhid 22 pass 3WjvVVw7 advskew 50 + jexec gw_reply_to_master sysctl net.inet.ip.forwarding=1 + jexec gw_reply_to_master sysctl net.inet.carp.preempt=1 + jexec gw_reply_to_master ifconfig ${epair_sync_gw_reply_to}a name if_pfsync + sed -i '' -e 's/'${epair_sync_gw_reply_to}'a/if_pfsync/g' created_interfaces.lst + jexec gw_reply_to_master ifconfig ${epair_gw_reply_to_master_bridge1}a name if_br1 + sed -i '' -e 's/'${epair_gw_reply_to_master_bridge1}'a/if_br1/g' created_interfaces.lst + jexec gw_reply_to_master ifconfig ${epair_gw_reply_to_master_bridge2}a name if_br2 + sed -i '' -e 's/'${epair_gw_reply_to_master_bridge2}'a/if_br2/g' created_interfaces.lst + jexec gw_reply_to_master ifconfig pfsync0 \ + syncpeer 198.19.20.2 \ + syncdev if_pfsync \ + maxupd 1 \ + up + pft_set_rules gw_reply_to_master \ + "set timeout { icmp.first 120, icmp.error 60 }" \ + "block log all" \ + "pass quick on if_pfsync proto pfsync keep state (no-sync)" \ + "pass quick on { if_br1 if_br2 } proto carp keep state (no-sync)" \ + "block drop in quick to 224.0.0.18/32" \ + "pass out quick on if_br2 reply-to (if_br1 198.18.1.10) tagged auth_packet_reply_to keep state" \ + "pass in quick log on if_br1 proto { icmp udp tcp } from 198.18.0.0/24 to 198.18.2.0/24 tag auth_packet_reply_to keep state" + jexec gw_reply_to_master pfctl -e + + jexec gw_reply_to_backup ifconfig ${epair_sync_gw_reply_to}b \ + inet 198.19.20.2/24 up + jexec gw_reply_to_backup ifconfig ${epair_gw_reply_to_backup_bridge1}a \ + inet 198.18.1.19/24 up + jexec gw_reply_to_backup ifconfig ${epair_gw_reply_to_backup_bridge1}a \ + alias 198.18.1.20/32 vhid 21 pass 3WjvVVw7 advskew 100 + jexec gw_reply_to_backup ifconfig ${epair_gw_reply_to_backup_bridge2}a \ + inet 198.18.2.19/24 up + jexec gw_reply_to_backup ifconfig ${epair_gw_reply_to_backup_bridge2}a \ + alias 198.18.2.20/32 vhid 22 pass 3WjvVVw7 advskew 100 + jexec gw_reply_to_backup sysctl net.inet.ip.forwarding=1 + jexec gw_reply_to_backup sysctl net.inet.carp.preempt=1 + jexec gw_reply_to_backup ifconfig ${epair_sync_gw_reply_to}b name if_pfsync + sed -i '' -e 's/'${epair_sync_gw_reply_to}'b/if_pfsync/g' created_interfaces.lst + jexec gw_reply_to_backup ifconfig ${epair_gw_reply_to_backup_bridge1}a name if_br1 + sed -i '' -e 's/'${epair_gw_reply_to_backup_bridge1}'a/if_br1/g' created_interfaces.lst + jexec gw_reply_to_backup ifconfig ${epair_gw_reply_to_backup_bridge2}a name if_br2 + sed -i '' -e 's/'${epair_gw_reply_to_backup_bridge2}'a/if_br2/g' created_interfaces.lst + jexec gw_reply_to_backup ifconfig pfsync0 \ + syncpeer 198.19.20.1 \ + syncdev if_pfsync \ + up + pft_set_rules gw_reply_to_backup \ + "set timeout { icmp.first 120, icmp.error 60 }" \ + "block log all" \ + "pass quick on if_pfsync proto pfsync keep state (no-sync)" \ + "pass quick on { if_br1 if_br2 } proto carp keep state (no-sync)" \ + "block drop in quick to 224.0.0.18/32" \ + "pass out quick on if_br2 reply-to (if_br1 198.18.1.10) tagged auth_packet_reply_to keep state" \ + "pass in quick log on if_br1 proto { icmp udp tcp } from 198.18.0.0/24 to 198.18.2.0/24 tag auth_packet_reply_to keep state" + jexec gw_reply_to_backup pfctl -e + + jexec server ifconfig ${epair_server_bridge2}a inet 198.18.2.1/24 up + jexec server route add 198.18.0.0/24 198.18.2.20 + + # Waiting for platform to settle + while ! jexec gw_route_to_backup ifconfig | grep 'carp: BACKUP' + do + sleep 1 + done + while ! jexec gw_reply_to_backup ifconfig | grep 'carp: BACKUP' + do + sleep 1 + done + while ! jexec client ping -c 10 198.18.2.1 | grep ', 0.0% packet loss' + do + sleep 1 + done + + # Checking cluster members pf.conf checksums match + gw_route_to_master_checksum=$(jexec gw_route_to_master pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f 2) + gw_route_to_backup_checksum=$(jexec gw_route_to_backup pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f 2) + gw_reply_to_master_checksum=$(jexec gw_reply_to_master pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f 2) + gw_reply_to_backup_checksum=$(jexec gw_reply_to_backup pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f 2) + if [ "$gw_route_to_master_checksum" != "$gw_route_to_backup_checksum" ] + then + atf_fail "gw_route_to cluster members pf.conf do not match each others" + fi + if [ "$gw_reply_to_master_checksum" != "$gw_reply_to_backup_checksum" ] + then + atf_fail "gw_reply_to cluster members pf.conf do not match each others" + fi + + # Creating state entries + (jexec client ping -c 10 198.18.2.1 >ping.stdout) & + + if [ "$1" = "backup_promotion" ] + then + sleep 1 + jexec gw_route_to_backup ifconfig if_br0 vhid 10 advskew 0 + jexec gw_route_to_backup ifconfig if_br1 vhid 11 advskew 0 + jexec gw_reply_to_backup ifconfig if_br1 vhid 21 advskew 0 + jexec gw_reply_to_backup ifconfig if_br2 vhid 22 advskew 0 + fi + while ! grep -q -e 'packet loss' ping.stdout + do + sleep 1 + done + + # As cleanup is long and may lead to a timeout, + # it's run directly into the body part. + # (as cleanup timeout is not settable) + jail -r \ + client \ + gw_route_to_master \ + gw_route_to_backup \ + gw_reply_to_master \ + gw_reply_to_backup \ + server + for ifname in $(grep -E -e 'if_' -e 'epair.*a' -e 'bridge' created_interfaces.lst) + do + ifconfig $ifname >/dev/null 2>&1 && ifconfig $ifname destroy + done + + atf_check -s exit:0 -e ignore -o ignore grep ', 0.0% packet loss' ping.stdout +} + +pbr_common_cleanup() +{ + for jailname in client gw_route_to_master gw_route_to_backup gw_reply_to_master gw_reply_to_backup server + do + if $(jls | grep -q $jailname); then + jail -r $jailname + else + echo "$jailname already cleaned" + fi + done + for ifname in $(grep -E -e 'if_' -e 'epair.*a' -e 'bridge' created_interfaces.lst) + do + ifconfig $ifname >/dev/null 2>&1 + if [ "$?" -eq "0" ]; then + ifconfig $ifname destroy + else + echo "$ifname already destroyed" + fi + done +} + atf_init_test_cases() { atf_add_test_case "basic" atf_add_test_case "basic_defer" atf_add_test_case "defer" atf_add_test_case "bulk" + atf_add_test_case "pbr" + atf_add_test_case "pfsync_pbr" }