Page MenuHomeFreeBSD

pf: Very basic forwarding test
ClosedPublic

Authored by kp on Oct 3 2017, 8:28 PM.

Details

Summary

This test illustrates the use of scapy to test pf.
This builds on https://reviews.freebsd.org/D12580

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Unit Tests Skipped
Build Status
Buildable 11862

Event Timeline

asomers added inline comments.
tests/sys/netpfil/pf/forward.sh
25

Here as in the other review, use RFC5737 addresses

33

This is too intrusive, and could screw up the host system. If you're going to do it, then put require.config allow_sysctl_side_effects in the head, and restore the old setting of net.inet.ip.forwarding during cleanup.

tests/sys/netpfil/pf/pft_ping.py
1

Is it python2 or python3?

tests/sys/netpfil/pf/forward.sh
25

Ack, will fix (in the next few days).

33

Note that this only affects the jail, not the host system.

tests/sys/netpfil/pf/pft_ping.py
1

Scapy still uses 2.7, so I want 2.7 too. I'll make it explicit.

tests/sys/netpfil/pf/forward.sh
33

Oh, I see. I didn't realize that was a per-VIMAGE sysctl.

kp marked 7 inline comments as done.
tests/sys/netpfil/pf/forward.sh
12

require.progs searches through your PATH so it should be used with plain executable names. require.files does not, so it should be used with absolute paths. In this case, since ports can be installed to alternate prefixes, you should probably do require.progs scapy

kp marked an inline comment as done.
This revision is now accepted and ready to land.Oct 6 2017, 6:57 PM
This revision was automatically updated to reflect the committed changes.