git: f76df4718d27 - main - if_ovpn tests: fix route_to test case
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 08 May 2023 16:13:55 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=f76df4718d27f512a7f02cccc12b9b10cf6ad13a
commit f76df4718d27f512a7f02cccc12b9b10cf6ad13a
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-05-08 15:44:47 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-05-08 15:44:47 +0000
if_ovpn tests: fix route_to test case
* Move the .254 address to the tunnel device so we reply through the
tunnel.
* Remove the network route to 'break' routing, which we then 'fix' with
pf's route-to, which is the functionality we wanted to test in the
first place.
Reported by: markj
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
tests/sys/net/if_ovpn/if_ovpn.sh | 24 +++++++++++-------------
1 file changed, 11 insertions(+), 13 deletions(-)
diff --git a/tests/sys/net/if_ovpn/if_ovpn.sh b/tests/sys/net/if_ovpn/if_ovpn.sh
index 51d21b826e72..5500dd9f1f41 100644
--- a/tests/sys/net/if_ovpn/if_ovpn.sh
+++ b/tests/sys/net/if_ovpn/if_ovpn.sh
@@ -91,6 +91,8 @@ atf_test_case "4in4" "cleanup"
# Give the tunnel time to come up
sleep 10
+ atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.1
+
echo 'foo' | jexec b nc -u -w 2 192.0.2.1 1194
atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
}
@@ -702,7 +704,6 @@ route_to_body()
vnet_mkjail a ${l}a
jexec a ifconfig ${l}a 192.0.2.1/24 up
- jexec a ifconfig ${l}a inet alias 198.51.100.254/24
vnet_mkjail b ${l}b ${n}a
jexec b ifconfig ${l}b 192.0.2.2/24 up
jexec b ifconfig ${n}a up
@@ -751,26 +752,23 @@ route_to_body()
# Give the tunnel time to come up
sleep 10
+ jexec a ifconfig ovpn0 inet alias 198.51.100.254/24
# Check the tunnel
- atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.1
- atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.254
+ atf_check -s exit:0 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.1
+ atf_check -s exit:0 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.254
+
+ # Break our route to .254 so that we need a route-to to make things work.
+ jexec b ifconfig ${n}a 203.0.113.1/24 up
+ jexec b route add 198.51.100.254 -interface ${n}a
- # Break our routes so that we need a route-to to make things work.
- jexec b ifconfig ${n}a 198.51.100.3/24
- atf_check -s exit:2 -o ignore jexec b ping -c 1 -t 1 -S 198.51.100.2 198.51.100.254
+ # Make sure it's broken.
+ atf_check -s exit:2 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.254
jexec b pfctl -e
pft_set_rules b \
"pass out route-to (tun0 198.51.100.1) proto icmp from 198.51.100.2 "
atf_check -s exit:0 -o ignore jexec b ping -c 3 -S 198.51.100.2 198.51.100.254
-
- # And this keeps working even if we don't have a route to 198.51.100.0/24 via if_ovpn
- jexec b route del -net 198.51.100.0/24
- jexec b route add -net 198.51.100.0/24 -interface ${n}a
- pft_set_rules b \
- "pass out route-to (tun0 198.51.100.3) proto icmp from 198.51.100.2 "
- atf_check -s exit:0 -o ignore jexec b ping -c 3 -S 198.51.100.2 198.51.100.254
}
route_to_cleanup()