1# $FreeBSD$ 2 3. $(atf_get_srcdir)/utils.subr 4 5atf_test_case "exhaust" "cleanup" 6exhaust_head() 7{ 8 atf_set descr 'Test exhausting the NAT pool' 9 atf_set require.user root 10} 11 12exhaust_body() 13{ 14 pft_init 15 16 epair_nat=$(pft_mkepair) 17 epair_echo=$(pft_mkepair) 18 19 pft_mkjail nat ${epair_nat}b ${epair_echo}a 20 pft_mkjail echo ${epair_echo}b 21 22 ifconfig ${epair_nat}a 192.0.2.2/24 up 23 route add -net 198.51.100.0/24 192.0.2.1 24 25 jexec nat ifconfig ${epair_nat}b 192.0.2.1/24 up 26 jexec nat ifconfig ${epair_echo}a 198.51.100.1/24 up 27 jexec nat sysctl net.inet.ip.forwarding=1 28 29 jexec echo ifconfig ${epair_echo}b 198.51.100.2/24 up 30 jexec echo /usr/sbin/inetd $(atf_get_srcdir)/echo_inetd.conf 31 32 # Enable pf! 33 jexec nat pfctl -e 34 pft_set_rules nat \ 35 "nat pass on ${epair_echo}a inet from 192.0.2.0/24 to any -> (${epair_echo}a) port 30000:30001 sticky-address" 36 37 # Sanity check 38 atf_check -s exit:0 -o ignore ping -c 3 198.51.100.2 39 40 echo "foo" | nc -N 198.51.100.2 7 41 echo "foo" | nc -N 198.51.100.2 7 42 43 # This one will fail, but that's expected 44 echo "foo" | nc -N 198.51.100.2 7 & 45 46 sleep 1 47 48 # If the kernel is stuck in pf_get_sport() this will not succeed either. 49 timeout 2 jexec nat pfctl -sa 50 if [ $? -eq 124 ]; then 51 # Timed out 52 atf_fail "pfctl timeout" 53 fi 54} 55 56exhaust_cleanup() 57{ 58 pft_cleanup 59} 60 61atf_init_test_cases() 62{ 63 atf_add_test_case "exhaust" 64} 65