Page MenuHomeFreeBSD

NAT basic test for pf, ipfw (both in-kernel and userspace) and ipf
ClosedPublic

Authored by ahsanb on Aug 9 2019, 5:03 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Mar 28, 7:49 AM
Unknown Object (File)
Feb 13 2024, 1:13 PM
Unknown Object (File)
Jan 26 2024, 1:51 PM
Unknown Object (File)
Jan 26 2024, 1:50 PM
Unknown Object (File)
Jan 26 2024, 1:46 PM
Unknown Object (File)
Jan 26 2024, 1:14 PM
Unknown Object (File)
Jan 26 2024, 1:14 PM
Unknown Object (File)
Jan 26 2024, 1:10 PM
Subscribers

Details

Summary

Add tests for basic nat in which it is tested that two clients behind the nat are able to reach a common host.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

ahsanb retitled this revision from NAT basic test for pf, ipfw (noth in-kernel and userspace) and ipf to NAT basic test for pf, ipfw (both in-kernel and userspace) and ipf.
tests/sys/netpfil/common/nat.sh
152

The setup test lines should align based on the first character

155

I do think 'userspace_nat' is descriptie enough, I can't tell from this line which firewall is being tested. Is there a different name that could be used?

156

ipfw is in the list twice, should this be ipf?

tests/sys/netpfil/common/nat.sh
152

I don't know why after git push 4-spaced tabs are being converted to 8-spaced tabs.

155

The "userspace_nat" is the name of the test case, same as "basic". The "basic" is tested on ipf, ipfw and pf. while "userspace_nat" is tested on ipfw. This is also the reason why ipfw appears twice.

I seem to run into issues running the ipfw_basic test:

Part of the run output (with 'set -x' added to the test):

+ [ 4 -gt 0 ]
+ is_firewall ipfw -q add 1000 nat 123 all from any to any
+ [ ipfw '=' pf -o ipfw '=' ipfw -o ipfw '=' ipf -o ipfw '=' ipfnat ]
+ echo 1
+ [ 1 -eq 1 ]
+ current_fw='ipfw -q add 1000 nat 123 all from any to any'
+ shift
+ filename='ipfw -q add 1000 nat 123 all from any to any.rule'
+ pwd
+ cwd=/tmp/kyua.plyoOz/2/work
+ [ -f ipfw -q add 1000 nat 123 all from any to any.rule ]
[: ipfw: unexpected operator

It seems to take the ipfw rule for a filename for some reason.

fixed the ipfw rule loading issue

And this is wrong, or at least very confusing, in firewall_init():

elif [ ${firewall} == "ipfnat" ]; then
        if ! kldstat -q -m ipfw_nat; then
                atf_skip "This test requires ipfw_nat"
        fi
else
tests/sys/netpfil/common/utils.subr
111

You're checking for ipfw_nat, but report needing ipfw here.

Fix wrong module name check for ipfw (ipfw_nat instead of ipfw)

  • Fixed indentation for setup_tests() in nat.sh
  • Fixed indentation in common/Makefile
This revision is now accepted and ready to land.Aug 14 2019, 12:17 PM
This revision was automatically updated to reflect the committed changes.