git: 3bedd8a3b6d7 - stable/13 - pf tests: test locally originated connections with route-to

Kristof Provost kp at FreeBSD.org
Sat Aug 7 16:30:04 UTC 2021 

The branch stable/13 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=3bedd8a3b6d7816341cf6eebc3f91633a175320d

commit 3bedd8a3b6d7816341cf6eebc3f91633a175320d
Author:     Kristof Provost <kp at FreeBSD.org>
AuthorDate: 2021-07-14 10:33:37 +0000
Commit:     Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-08-07 07:08:19 +0000

    pf tests: test locally originated connections with route-to
    
    PR:             257106
    Submitted by:   Mark Cammidge <mark at peralex.com>
    MFC after:      3 weeks
    Differential Revision:  https://reviews.freebsd.org/D31178
    
    (cherry picked from commit f808bb9b7e5ee2243e5a2aaad2275a78cdbe981b)
---
 tests/sys/netpfil/pf/route_to.sh | 70 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)

diff --git a/tests/sys/netpfil/pf/route_to.sh b/tests/sys/netpfil/pf/route_to.sh
index 59b16e35ee6f..957317eb462e 100644
--- a/tests/sys/netpfil/pf/route_to.sh
+++ b/tests/sys/netpfil/pf/route_to.sh
@@ -181,9 +181,79 @@ multiwan_cleanup()
 	pft_cleanup
 }
 
+atf_test_case "multiwanlocal" "cleanup"
+multiwanlocal_head()
+{
+	atf_set descr 'Multi-WAN local origin source-based redirection / route-to test'
+	atf_set require.user root
+}
+
+multiwanlocal_body()
+{
+	pft_init
+
+	epair_one=$(vnet_mkepair)
+	epair_two=$(vnet_mkepair)
+	epair_cl_one=$(vnet_mkepair)
+	epair_cl_two=$(vnet_mkepair)
+
+	vnet_mkjail srv1 ${epair_one}b
+	vnet_mkjail srv2 ${epair_two}b
+	vnet_mkjail wan_one ${epair_one}a ${epair_cl_one}b
+	vnet_mkjail wan_two ${epair_two}a ${epair_cl_two}b
+	vnet_mkjail client ${epair_cl_one}a ${epair_cl_two}a
+
+	jexec client ifconfig ${epair_cl_one}a 203.0.113.1/25
+	jexec wan_one ifconfig ${epair_cl_one}b 203.0.113.2/25
+	jexec wan_one ifconfig ${epair_one}a 192.0.2.1/24 up
+	jexec wan_one sysctl net.inet.ip.forwarding=1
+	jexec srv1 ifconfig ${epair_one}b 192.0.2.2/24 up
+
+	jexec client ifconfig ${epair_cl_two}a 203.0.113.128/25
+	jexec wan_two ifconfig ${epair_cl_two}b 203.0.113.129/25
+	jexec wan_two ifconfig ${epair_two}a 198.51.100.1/24 up
+	jexec wan_two sysctl net.inet.ip.forwarding=1
+	jexec srv2 ifconfig ${epair_two}b 198.51.100.2/24 up
+
+	jexec client route add default 203.0.113.2
+	jexec srv1 route add default 192.0.2.1
+	jexec srv2 route add default 198.51.100.1
+
+	# Run data source in srv1 and srv2
+	jexec srv1 sh -c 'dd if=/dev/zero bs=1024 count=100 | nc -l 7 -w 2 -N &'
+	jexec srv2 sh -c 'dd if=/dev/zero bs=1024 count=100 | nc -l 7 -w 2 -N &'
+
+	jexec client pfctl -e
+	pft_set_rules client \
+		"block in"	\
+		"block out"	\
+		"pass out quick route-to (${epair_cl_two}a 203.0.113.129) inet proto tcp from 203.0.113.128 to any port 7" \
+		"pass out on ${epair_cl_one}a inet proto tcp from any to any port 7"
+
+	# This should work
+	result=$(jexec client nc -N -w 1 192.0.2.2 7 | wc -c)
+	if [ ${result} -ne 102400 ]; then
+		jexec client pfctl -ss
+		atf_fail "Redirect from client on one failed: ${result}"
+	fi
+
+	# This should trigger the issue
+	result=$(jexec client nc -N -w 1 -s 203.0.113.128 198.51.100.2 7 | wc -c)
+	jexec client pfctl -ss
+	if [ ${result} -ne 102400 ]; then
+		atf_fail "Redirect from client on two failed: ${result}"
+	fi
+}
+
+multiwanlocal_cleanup()
+{
+	pft_cleanup
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case "v4"
 	atf_add_test_case "v6"
 	atf_add_test_case "multiwan"
+	atf_add_test_case "multiwanlocal"
 }

More information about the dev-commits-src-all mailing list