Changeset View
Changeset View
Standalone View
Standalone View
tests/sys/netpfil/pf/synproxy.sh
| Show First 20 Lines • Show All 47 Lines • ▼ Show 20 Lines | synproxy_body() | ||||
| jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up | jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up | ||||
| jexec alcatraz ifconfig ${link}a 198.51.100.1/24 up | jexec alcatraz ifconfig ${link}a 198.51.100.1/24 up | ||||
| jexec alcatraz sysctl net.inet.ip.forwarding=1 | jexec alcatraz sysctl net.inet.ip.forwarding=1 | ||||
| vnet_mkjail singsing ${link}b | vnet_mkjail singsing ${link}b | ||||
| jexec singsing ifconfig ${link}b 198.51.100.2/24 up | jexec singsing ifconfig ${link}b 198.51.100.2/24 up | ||||
| jexec singsing route add default 198.51.100.1 | jexec singsing route add default 198.51.100.1 | ||||
| jexec singsing /usr/sbin/inetd $(atf_get_srcdir)/echo_inetd.conf | jexec singsing /usr/sbin/inetd -p inetd-singsing.pid $(atf_get_srcdir)/echo_inetd.conf | ||||
| jexec alcatraz pfctl -e | jexec alcatraz pfctl -e | ||||
| pft_set_rules alcatraz "set fail-policy return" \ | pft_set_rules alcatraz "set fail-policy return" \ | ||||
| "scrub in all fragment reassemble" \ | "scrub in all fragment reassemble" \ | ||||
| "pass out quick on ${epair}b all no state allow-opts" \ | "pass out quick on ${epair}b all no state allow-opts" \ | ||||
| "pass in quick on ${epair}b proto tcp from any to any port 7 synproxy state" \ | "pass in quick on ${epair}b proto tcp from any to any port 7 synproxy state" \ | ||||
| "pass in quick on ${epair}b all no state" | "pass in quick on ${epair}b all no state" | ||||
| # Sanity check, can we ping singing | # Sanity check, can we ping singing | ||||
| atf_check -s exit:0 -o ignore ping -c 1 198.51.100.2 | atf_check -s exit:0 -o ignore ping -c 1 198.51.100.2 | ||||
| # Check that we can talk to the singsing jail, after synproxying | # Check that we can talk to the singsing jail, after synproxying | ||||
| reply=$(echo ping | nc -N 198.51.100.2 7) | reply=$(echo ping | nc -N 198.51.100.2 7) | ||||
| if [ "${reply}" != "ping" ]; | if [ "${reply}" != "ping" ]; | ||||
| then | then | ||||
| atf_fail "echo failed" | atf_fail "echo failed" | ||||
| fi | fi | ||||
| } | } | ||||
| synproxy_cleanup() | synproxy_cleanup() | ||||
| { | { | ||||
| rm -f inetd-singsing.pid | |||||
| pft_cleanup | pft_cleanup | ||||
| } | } | ||||
| atf_init_test_cases() | atf_init_test_cases() | ||||
| { | { | ||||
| atf_add_test_case "synproxy" | atf_add_test_case "synproxy" | ||||
| } | } | ||||