xref: /freebsd/tests/sys/netpfil/pf/pfsync.sh (revision e17f5b1d) 
1# $FreeBSD$
2#
3# SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4#
5# Copyright (c) 2018 Orange Business Services
6#
7# Redistribution and use in source and binary forms, with or without
8# modification, are permitted provided that the following conditions
9# are met:
10# 1. Redistributions of source code must retain the above copyright
11#    notice, this list of conditions and the following disclaimer.
12# 2. Redistributions in binary form must reproduce the above copyright
13#    notice, this list of conditions and the following disclaimer in the
14#    documentation and/or other materials provided with the distribution.
15#
16# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26# SUCH DAMAGE.
27
28. $(atf_get_srcdir)/utils.subr
29
30atf_test_case "basic" "cleanup"
31basic_head()
32{
33	atf_set descr 'Basic pfsync test'
34	atf_set require.user root
35}
36
37basic_body()
38{
39	common_body
40}
41
42common_body()
43{
44	defer=$1
45	pfsynct_init
46
47	epair_sync=$(vnet_mkepair)
48	epair_one=$(vnet_mkepair)
49	epair_two=$(vnet_mkepair)
50
51	vnet_mkjail one ${epair_one}a ${epair_sync}a
52	vnet_mkjail two ${epair_two}a ${epair_sync}b
53
54	# pfsync interface
55	jexec one ifconfig ${epair_sync}a 192.0.2.1/24 up
56	jexec one ifconfig ${epair_one}a 198.51.100.1/24 up
57	jexec one ifconfig pfsync0 \
58		syncdev ${epair_sync}a \
59		maxupd 1 \
60		$defer \
61		up
62	jexec two ifconfig ${epair_two}a 198.51.100.2/24 up
63	jexec two ifconfig ${epair_sync}b 192.0.2.2/24 up
64	jexec two ifconfig pfsync0 \
65		syncdev ${epair_sync}b \
66		maxupd 1 \
67		$defer \
68		up
69
70	# Enable pf!
71	jexec one pfctl -e
72	pft_set_rules one \
73		"set skip on ${epair_sync}a" \
74		"pass keep state"
75	jexec two pfctl -e
76	pft_set_rules two \
77		"set skip on ${epair_sync}b" \
78		"pass keep state"
79
80	ifconfig ${epair_one}b 198.51.100.254/24 up
81
82	ping -c 1 -S 198.51.100.254 198.51.100.1
83
84	# Give pfsync time to do its thing
85	sleep 2
86
87	if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
88	    grep 198.51.100.2 ; then
89		atf_fail "state not found on synced host"
90	fi
91}
92
93basic_cleanup()
94{
95	pfsynct_cleanup
96}
97
98atf_test_case "defer" "cleanup"
99defer_head()
100{
101	atf_set descr 'Defer mode pfsync test'
102	atf_set require.user root
103}
104
105defer_body()
106{
107	common_body defer
108}
109
110defer_cleanup()
111{
112	pfsynct_cleanup
113}
114
115atf_init_test_cases()
116{
117	atf_add_test_case "basic"
118	atf_add_test_case "defer"
119}
120