Page MenuHomeFreeBSD
Files F109361204

D32751.id97735.diff
No OneTemporary
Actions

D32751.id97735.diff
View Options

Index: tests/sys/netpfil/pf/Makefile
===================================================================
--- tests/sys/netpfil/pf/Makefile
+++ tests/sys/netpfil/pf/Makefile
@@ -22,6 +22,7 @@
pfsync \
proxy \
rdr \
+ ridentifier \
route_to \
rules_counter \
set_skip \
Index: tests/sys/netpfil/pf/ridentifier.sh
===================================================================
--- tests/sys/netpfil/pf/ridentifier.sh
+++ tests/sys/netpfil/pf/ridentifier.sh
@@ -1,9 +1,8 @@
# $FreeBSD$
-# Utility functions
-##
+#
# SPDX-License-Identifier: BSD-2-Clause-FreeBSD
#
-# Copyright (c) 2017 Kristof Provost <kp@FreeBSD.org>
+# Copyright (c) 2021 Rubicon Communications, LLC (Netgate)
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
@@ -26,80 +25,62 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
-. $(atf_get_srcdir)/../../common/vnet.subr
+. $(atf_get_srcdir)/utils.subr
-pft_init()
+atf_test_case "basic" "cleanup"
+basic_head()
{
- vnet_init
-
- if [ ! -c /dev/pf ]; then
- atf_skip "This test requires pf"
- fi
+ atf_set descr 'Test ridentifier keyword'
+ atf_set require.user root
}
-pfsynct_init()
+basic_body()
{
pft_init
+ pflog_init
- if ! kldstat -q -m pfsync; then
- atf_skip "This test requires pfsync"
- fi
-}
+ epair=$(vnet_mkepair)
-pft_set_rules()
-{
- jname=$1
- shift
+ ifconfig ${epair}a 192.0.2.1/24 up
- if [ $jname == "noflush" ];
- then
- jname=$1
- shift
- else
- # Flush all states, rules, fragments, ...
- jexec ${jname} pfctl -F all
- fi
+ vnet_mkjail alcatraz ${epair}b
+ jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up
+ jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid $(atf_get_srcdir)/echo_inetd.conf
- while [ $# -gt 0 ]; do
- printf "$1\n"
- shift
- done | jexec ${jname} pfctl -f -
- if [ $? -ne 0 ];
- then
- atf_fail "Failed to set PF rules in ${jname}"
- fi
-}
+ # Sanity check
+ atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
-pft_cleanup()
-{
- vnet_cleanup
-}
+ jexec alcatraz pfctl -e
+ jexec alcatraz ifconfig pflog0 up
+ pft_set_rules alcatraz \
+ "pass in log" \
+ "pass in log proto tcp ridentifier 1234"
-pfsynct_cleanup()
-{
- pft_cleanup
-}
+ jexec alcatraz tcpdump --immediate-mode -n -e -i pflog0 > tcpdump.log &
+ sleep 1
-is_altq_supported()
-{
- sysctl -q kern.features.altq >/dev/null || \
- atf_skip "Test requires ALTQ"
+ echo "test" | nc -N 192.0.2.2 7
+ atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
+
+ sleep 1
+ jexec alcatraz killall tcpdump
- while [ -n "$1" ]
- do
- sysctl -q kern.features.altq.${1} >/dev/null || \
- atf_skip "Test required ALTQ_${1}"
- shift
- done
+ # Make sure we spotted the ridentifier
+ atf_check -s exit:0 -o ignore \
+ grep 'rule 1/0.*ridentifier 1234' tcpdump.log
+ # But not on the !TCP traffic
+ atf_check -s exit:1 -o ignore \
+ grep 'rule 0/0.*ridentifier' tcpdump.log
}
-altq_init()
+basic_cleanup()
{
- pft_init
- is_altq_supported
+ pft_cleanup
+ rm -f inetd-alcatraz.pid
+ rm -f tcpdump.log
}
-altq_cleanup()
+atf_init_test_cases()
{
- pft_cleanup
+ atf_add_test_case "basic"
}
Index: tests/sys/netpfil/pf/utils.subr
===================================================================
--- tests/sys/netpfil/pf/utils.subr
+++ tests/sys/netpfil/pf/utils.subr
@@ -46,6 +46,13 @@
fi
}
+pflog_init()
+{
+ if ! kldstat -q -m pflog; then
+ atf_skip "This test requires pflog"
+ fi
+}
+
pft_set_rules()
{
jname=$1

File Metadata

Mime Type
text/plain
Expires
Wed, Feb 5, 1:41 AM (20 h, 55 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
16464644
Default Alt Text
D32751.id97735.diff (3 KB)

Event Timeline