Lines Matching +full:j +full:- +full:to +full:- +full:k
2 # SPDX-License-Identifier: BSD-2-Clause
16 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 jail=${1:-alcatraz}
34 ip=${2:-192.0.2.2}
36 jexec ${jail} pfctl -ss | grep icmp | grep ${ip}
41 jexec alcatraz pfctl -ss | grep icmp | grep 2001:db8::2
62 jexec alcatraz pfctl -e
69 atf_check -s exit:0 -o ignore ${common_dir}/pft_ping.py \
70 --sendif ${epair}a \
71 --to 192.0.2.2 \
72 --replyif ${epair}a
74 # Change rules to now deny the ICMP traffic
82 jexec alcatraz pfctl -k 192.0.2.3
89 jexec alcatraz pfctl -k 192.0.2.1 -k 192.0.2.3
96 jexec alcatraz pfctl -k 192.0.2.1
129 jexec alcatraz pfctl -e
136 atf_check -s exit:0 -o ignore ${common_dir}/pft_ping.py \
137 --sendif ${epair}a \
138 --to 2001:db8::2 \
139 --replyif ${epair}a
141 # Change rules to now deny the ICMP traffic
149 jexec alcatraz pfctl -k 2001:db8::3
156 jexec alcatraz pfctl -k 2001:db8::1 -k 2001:db8::3
163 jexec alcatraz pfctl -k 2001:db8::1
192 jexec alcatraz pfctl -e
200 atf_check -s exit:0 -o ignore ${common_dir}/pft_ping.py \
201 --sendif ${epair}a \
202 --to 192.0.2.2 \
203 --replyif ${epair}a
205 # Change rules to now deny the ICMP traffic
213 jexec alcatraz pfctl -k label -k bar
219 # Killing a non-existing label keeps the state
220 jexec alcatraz pfctl -k label -k baz
223 atf_fail "Killing a non-existing label removed the state."
227 jexec alcatraz pfctl -k label -k foo
256 jexec alcatraz pfctl -e
263 atf_check -s exit:0 -o ignore ${common_dir}/pft_ping.py \
264 --sendif ${epair}a \
265 --to 192.0.2.2 \
266 --replyif ${epair}a
268 # Change rules to now deny the ICMP traffic
276 jexec alcatraz pfctl -k label -k baz
283 jexec alcatraz pfctl -k label -k bar
294 atf_check -s exit:0 -o ignore ${common_dir}/pft_ping.py \
295 --sendif ${epair}a \
296 --to 192.0.2.2 \
297 --replyif ${epair}a
299 # Change rules to now deny the ICMP traffic
307 jexec alcatraz pfctl -k label -k foo
322 atf_set descr 'Test killing states by route-to/reply-to address'
336 jexec alcatraz pfctl -e
339 "pass in reply-to (${epair}b 192.0.2.1) proto icmp" \
345 atf_check -s exit:0 -o ignore ${common_dir}/pft_ping.py \
346 --sendif ${epair}a \
347 --to 192.0.2.2 \
348 --replyif ${epair}a
350 # Change rules to now deny the ICMP traffic
358 jexec alcatraz pfctl -k gateway -k 192.0.2.2
365 jexec alcatraz pfctl -k gateway -k 192.0.2.1
389 while ! jexec $jail pfctl -s s | grep $addr >/dev/null;
408 jexec alcatraz pfctl -e
413 jexec singsing /usr/sbin/inetd -p ${PWD}/inetd-echo.pid \
419 "nat on ${epair_two}a from 192.0.2.0/24 -> (${epair_two}a)" \
426 states=$(jexec alcatraz pfctl -s s | grep 192.0.2.1 | wc -l)
427 if [ $states -ne 2 ] ;
433 jexec alcatraz pfctl -k 192.0.2.1
434 states=$(jexec alcatraz pfctl -s s | grep 192.0.2.1 | wc -l)
435 if [ $states -ne 1 ] ;
441 jexec alcatraz pfctl -F states
446 # Kill matching states, expect all of them to be gone
447 jexec alcatraz pfctl -M -k 192.0.2.1
448 states=$(jexec alcatraz pfctl -s s | grep 192.0.2.1 | wc -l)
449 if [ $states -ne 0 ] ;
477 jexec alcatraz pfctl -e
484 atf_check -s exit:0 -o ignore ${common_dir}/pft_ping.py \
485 --sendif ${epair}a \
486 --to 192.0.2.2 \
487 --replyif ${epair}a
489 # Change rules to now deny the ICMP traffic
497 jexec alcatraz pfctl -i ${epair}a -Fs
504 jexec alcatraz pfctl -i ${epair}b -Fs
533 jexec alcatraz pfctl -e
541 atf_check -s exit:0 -o ignore ${common_dir}/pft_ping.py \
542 --sendif ${epair}a \
543 --to 192.0.2.2 \
544 --replyif ${epair}a
546 # Change rules to now deny the ICMP traffic
554 id=$(jexec alcatraz pfctl -ss -vvv | grep -A 3 icmp |
555 grep -A 3 192.0.2.2 | awk '/id:/ { printf("%s/%s", $2, $4); }')
558 jexec alcatraz pfctl -k id -k 1
565 jexec alcatraz pfctl -k id -k ${id}
580 atf_set descr 'Test killing states by their NAT-ed IP address'
588 j="killstate:nat"
593 vnet_mkjail ${j}c ${epair_c}a
594 ifconfig -j ${j}c ${epair_c}a inet 192.0.2.2/24 up
595 jexec ${j}c route add default 192.0.2.1
597 vnet_mkjail ${j}srv ${epair_srv}a
598 ifconfig -j ${j}srv ${epair_srv}a inet 198.51.100.2/24 up
600 vnet_mkjail ${j}r ${epair_c}b ${epair_srv}b
601 ifconfig -j ${j}r ${epair_c}b inet 192.0.2.1/24 up
602 ifconfig -j ${j}r ${epair_srv}b inet 198.51.100.1/24 up
603 jexec ${j}r sysctl net.inet.ip.forwarding=1
605 jexec ${j}r pfctl -e
606 pft_set_rules ${j}r \
607 "nat on ${epair_srv}b inet from 192.0.2.0/24 to any -> (${epair_srv}b)"
610 atf_check -s exit:0 -o ignore \
611 jexec ${j}c ping -c 1 192.0.2.1
612 atf_check -s exit:0 -o ignore \
613 jexec ${j}srv ping -c 1 198.51.100.1
614 atf_check -s exit:0 -o ignore \
615 jexec ${j}c ping -c 1 198.51.100.2
620 atf_check -s exit:0 -o ignore jexec ${j}c ${common_dir}/pft_ping.py \
621 --sendif ${epair_c}a \
622 --to 198.51.100.1 \
623 --replyif ${epair_c}a
626 if ! find_state ${j}r 198.51.100.1;
631 # By NAT-ed address?
632 jexec ${j}r pfctl -k nat -k 192.0.2.2
634 if find_state ${j}r 198.51.100.1;
636 jexec ${j}r pfctl -ss -v
637 atf_fail "Failed to remove state"