pf: Very basic forwarding test
ClosedPublic
Actions

Authored by kp on Oct 3 2017, 8:28 PM.

Details

Reviewers

Group Reviewers

tests
network

Commits

rS324376: pf: Very basic forwarding test

Summary

This test illustrates the use of scapy to test pf.
This builds on https://reviews.freebsd.org/D12580

Repository

rS FreeBSD src repository - subversion

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 11862

kp created this revision.Oct 3 2017, 8:28 PM

asomers added inline comments.

tests/sys/netpfil/pf/forward.sh
25	Here as in the other review, use RFC5737 addresses
33	This is too intrusive, and could screw up the host system. If you're going to do it, then put `require.config allow_sysctl_side_effects` in the head, and restore the old setting of `net.inet.ip.forwarding` during cleanup.
tests/sys/netpfil/pf/pft_ping.py
1	Is it python2 or python3?

kp added inline comments.Oct 3 2017, 9:46 PM

tests/sys/netpfil/pf/forward.sh
25	Ack, will fix (in the next few days).
33	Note that this only affects the jail, not the host system.
tests/sys/netpfil/pf/pft_ping.py
1	Scapy still uses 2.7, so I want 2.7 too. I'll make it explicit.

tests/sys/netpfil/pf/forward.sh
33	Oh, I see. I didn't realize that was a per-VIMAGE sysctl.

kp marked 7 inline comments as done.

tests/sys/netpfil/pf/forward.sh
13	`require.progs` searches through your `PATH` so it should be used with plain executable names. `require.files` does not, so it should be used with absolute paths. In this case, since ports can be installed to alternate prefixes, you should probably do `require.progs scapy`