git: ab55fa11b38f - main - netpfil tests: extend dummynet tests to pf
Kristof Provost
kp at FreeBSD.org
Fri Sep 24 09:43:56 UTC 2021
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=ab55fa11b38f1794f39c2a94595b088e4c191cfb
commit ab55fa11b38f1794f39c2a94595b088e4c191cfb
Author: Kristof Provost <kp at FreeBSD.org>
AuthorDate: 2021-09-06 15:13:19 +0000
Commit: Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-09-24 09:41:25 +0000
netpfil tests: extend dummynet tests to pf
Now that pf can also use dummynet we should extend the existing dummynet
tests to also test it when used with pf.
Reviewed by: donner
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31905
---
tests/sys/netpfil/common/dummynet.sh | 32 +++++++++++++++++++++++---------
tests/sys/netpfil/common/utils.subr | 9 ++++++---
2 files changed, 29 insertions(+), 12 deletions(-)
diff --git a/tests/sys/netpfil/common/dummynet.sh b/tests/sys/netpfil/common/dummynet.sh
index 7ff9a1e18fdc..644b36516b5a 100644
--- a/tests/sys/netpfil/common/dummynet.sh
+++ b/tests/sys/netpfil/common/dummynet.sh
@@ -53,7 +53,9 @@ pipe_body()
firewall_config alcatraz ${fw} \
"ipfw" \
- "ipfw add 1000 pipe 1 ip from any to any"
+ "ipfw add 1000 pipe 1 ip from any to any" \
+ "pf" \
+ "pass dnpipe 1"
# single ping succeeds just fine
atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
@@ -95,7 +97,9 @@ pipe_v6_body()
firewall_config alcatraz ${fw} \
"ipfw" \
- "ipfw add 1000 pipe 1 ip6 from any to any"
+ "ipfw add 1000 pipe 1 ip6 from any to any" \
+ "pf" \
+ "pass dnpipe 1"
# Single ping succeeds
atf_check -s exit:0 -o ignore ping6 -c 1 2001:db8:42::2
@@ -149,7 +153,10 @@ queue_body()
"ipfw" \
"ipfw add 1000 queue 100 tcp from 192.0.2.2 to any out" \
"ipfw add 1001 queue 200 icmp from 192.0.2.2 to any out" \
- "ipfw add 1002 allow ip from any to any"
+ "ipfw add 1002 allow ip from any to any" \
+ "pf" \
+ "pass in proto tcp dnqueue (0, 100)" \
+ "pass in proto icmp dnqueue (0, 200)"
# Single ping succeeds
atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
@@ -188,7 +195,10 @@ queue_body()
"ipfw" \
"ipfw add 1000 queue 200 tcp from 192.0.2.2 to any out" \
"ipfw add 1001 queue 100 icmp from 192.0.2.2 to any out" \
- "ipfw add 1002 allow ip from any to any"
+ "ipfw add 1002 allow ip from any to any" \
+ "pf" \
+ "pass in proto tcp dnqueue (0, 200)" \
+ "pass in proto icmp dnqueue (0, 100)"
jexec alcatraz ping -f -s 1300 192.0.2.1 &
sleep 1
@@ -253,8 +263,8 @@ queue_v6_body()
"ipfw add 1000 queue 200 ipv6-icmp from 2001:db8:42::2 to any out" \
"ipfw add 1002 allow ip6 from any to any" \
"pf" \
- "pass out proto tcp dnqueue 100" \
- "pass out proto icmp6 dnqueue 200"
+ "pass in proto tcp dnqueue (0, 100)" \
+ "pass in proto icmp6 dnqueue (0, 200)"
# Single ping succeeds
atf_check -s exit:0 -o ignore ping6 -c 1 2001:db8:42::2
@@ -295,8 +305,8 @@ queue_v6_body()
"ipfw add 1000 queue 100 ipv6-icmp from 2001:db8:42::2 to any out" \
"ipfw add 1002 allow ip6 from any to any" \
"pf" \
- "pass out proto tcp dnqueue 200" \
- "pass out proto icmp6 dnqueue 100"
+ "pass in proto tcp dnqueue (0, 200)" \
+ "pass in proto icmp6 dnqueue (0, 100)"
fails=0
for i in `seq 1 3`
@@ -322,9 +332,13 @@ queue_v6_cleanup()
setup_tests \
pipe \
ipfw \
+ pf \
pipe_v6 \
ipfw \
+ pf \
queue \
ipfw \
+ pf \
queue_v6 \
- ipfw
+ ipfw \
+ pf
diff --git a/tests/sys/netpfil/common/utils.subr b/tests/sys/netpfil/common/utils.subr
index 722271981af4..43cd856b2e87 100644
--- a/tests/sys/netpfil/common/utils.subr
+++ b/tests/sys/netpfil/common/utils.subr
@@ -111,11 +111,14 @@ dummynet_init()
atf_skip "This test requires dummynet"
fi
- if [ ${firewall} == "ipfw" ]; then
+ case $firewall in
+ ipfw|pf)
# Nothing. This is okay.
- else
+ ;;
+ *)
atf_skip "${firewall} does not support dummynet"
- fi
+ ;;
+ esac
}
nat_init()
More information about the dev-commits-src-all
mailing list