Index: head/tests/sys/netpfil/pf/Makefile =================================================================== --- head/tests/sys/netpfil/pf/Makefile (revision 340068) +++ head/tests/sys/netpfil/pf/Makefile (revision 340069) @@ -1,22 +1,23 @@ # $FreeBSD$ PACKAGE= tests TESTSDIR= ${TESTSBASE}/sys/netpfil/pf TESTS_SUBDIRS+= ioctl ATF_TESTS_SH+= pass_block \ forward \ fragmentation \ set_tos \ route_to \ synproxy \ - set_skip + set_skip \ + pfsync ${PACKAGE}FILES+= utils.subr \ echo_inetd.conf \ pft_ping.py ${PACKAGE}FILESMODE_pft_ping.py= 0555 .include Index: head/tests/sys/netpfil/pf/pfsync.sh =================================================================== --- head/tests/sys/netpfil/pf/pfsync.sh (nonexistent) +++ head/tests/sys/netpfil/pf/pfsync.sh (revision 340069) @@ -0,0 +1,70 @@ +# $FreeBSD$ + +. $(atf_get_srcdir)/utils.subr + +atf_test_case "basic" "cleanup" +basic_head() +{ + atf_set descr 'Basic pfsync test' + atf_set require.user root + + atf_set require.progs scapy +} + +basic_body() +{ + pfsynct_init + + epair_sync=$(pft_mkepair) + epair_one=$(pft_mkepair) + epair_two=$(pft_mkepair) + + pft_mkjail one ${epair_one}a ${epair_sync}a + pft_mkjail two ${epair_two}a ${epair_sync}b + + # pfsync interface + jexec one ifconfig ${epair_sync}a 192.0.2.1/24 up + jexec one ifconfig ${epair_one}a 198.51.100.1/24 up + jexec one ifconfig pfsync0 \ + syncdev ${epair_sync}a \ + maxupd 1 \ + up + jexec two ifconfig ${epair_two}a 198.51.100.2/24 up + jexec two ifconfig ${epair_sync}b 192.0.2.2/24 up + jexec two ifconfig pfsync0 \ + syncdev ${epair_sync}b \ + maxupd 1 \ + up + + # Enable pf! + jexec one pfctl -e + pft_set_rules one \ + "set skip on ${epair_sync}a" \ + "pass keep state" + jexec two pfctl -e + pft_set_rules two \ + "set skip on ${epair_sync}b" \ + "pass keep state" + + ifconfig ${epair_one}b 198.51.100.254/24 up + + ping -c 1 -S 198.51.100.254 198.51.100.1 + + # Give pfsync time to do its thing + sleep 2 + + if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \ + grep 198.51.100.2 ; then + atf_fail "state not found on synced host" + fi +} + +basic_cleanup() +{ + pfsynct_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case "basic" +} Property changes on: head/tests/sys/netpfil/pf/pfsync.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/tests/sys/netpfil/pf/utils.subr =================================================================== --- head/tests/sys/netpfil/pf/utils.subr (revision 340068) +++ head/tests/sys/netpfil/pf/utils.subr (revision 340069) @@ -1,69 +1,83 @@ # $FreeBSD$ # Utility functions ## pft_init() { if [ ! -c /dev/pf ]; then atf_skip "This test requires pf" fi if [ "`sysctl -i -n kern.features.vimage`" != 1 ]; then atf_skip "This test requires VIMAGE" fi } +pfsynct_init() +{ + pft_init + + if ! kldstat -q -m pfsync; then + atf_skip "This test requires pfsync" + fi +} + pft_mkepair() { ifname=$(ifconfig epair create) echo $ifname >> created_interfaces.lst echo ${ifname%a} } pft_mkjail() { jailname=$1 shift vnet_interfaces= for ifname in $@ do vnet_interfaces="${vnet_interfaces} vnet.interface=${ifname}" done jail -c name=${jailname} persist vnet ${vnet_interfaces} echo $jailname >> created_jails.lst } pft_set_rules() { jname=$1 shift # Flush all states, rules, fragments, ... jexec ${jname} pfctl -F all while [ $# -gt 0 ]; do printf "$1\n" shift done | jexec ${jname} pfctl -f - } pft_cleanup() { if [ -f created_jails.lst ]; then for jailname in `cat created_jails.lst` do jail -r ${jailname} done rm created_jails.lst fi if [ -f created_interfaces.lst ]; then for ifname in `cat created_interfaces.lst` do ifconfig ${ifname} destroy done rm created_interfaces.lst fi +} + +pfsynct_cleanup() +{ + pft_cleanup }