Page MenuHomeFreeBSD

pf: Very basic forwarding test
ClosedPublic

Authored by kp on Oct 3 2017, 8:28 PM.
Tags
None
Referenced Files
Unknown Object (File)
Dec 4 2024, 10:32 PM
Unknown Object (File)
Dec 3 2024, 4:59 AM
Unknown Object (File)
Dec 2 2024, 3:34 PM
Unknown Object (File)
Nov 17 2024, 7:23 AM
Unknown Object (File)
Oct 20 2024, 6:18 AM
Unknown Object (File)
Oct 19 2024, 4:04 PM
Unknown Object (File)
Oct 18 2024, 6:37 AM
Unknown Object (File)
Oct 3 2024, 9:55 PM
Subscribers

Details

Summary

This test illustrates the use of scapy to test pf.
This builds on https://reviews.freebsd.org/D12580

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

asomers added inline comments.
tests/sys/netpfil/pf/forward.sh
25 ↗(On Diff #33663)

Here as in the other review, use RFC5737 addresses

33 ↗(On Diff #33663)

This is too intrusive, and could screw up the host system. If you're going to do it, then put require.config allow_sysctl_side_effects in the head, and restore the old setting of net.inet.ip.forwarding during cleanup.

tests/sys/netpfil/pf/pft_ping.py
1 ↗(On Diff #33663)

Is it python2 or python3?

tests/sys/netpfil/pf/forward.sh
25 ↗(On Diff #33663)

Ack, will fix (in the next few days).

33 ↗(On Diff #33663)

Note that this only affects the jail, not the host system.

tests/sys/netpfil/pf/pft_ping.py
1 ↗(On Diff #33663)

Scapy still uses 2.7, so I want 2.7 too. I'll make it explicit.

tests/sys/netpfil/pf/forward.sh
33 ↗(On Diff #33663)

Oh, I see. I didn't realize that was a per-VIMAGE sysctl.

kp marked 7 inline comments as done.
tests/sys/netpfil/pf/forward.sh
12 ↗(On Diff #33725)

require.progs searches through your PATH so it should be used with plain executable names. require.files does not, so it should be used with absolute paths. In this case, since ports can be installed to alternate prefixes, you should probably do require.progs scapy

kp marked an inline comment as done.
This revision is now accepted and ready to land.Oct 6 2017, 6:57 PM
This revision was automatically updated to reflect the committed changes.