Lines Matching +full:one +full:- +full:to +full:- +full:one
2 # SPDX-License-Identifier: BSD-2-Clause
16 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
52 vnet_mkjail one ${epair_one}a ${epair_sync}a
56 jexec one ifconfig ${epair_sync}a 192.0.2.1/24 up
57 jexec one ifconfig ${epair_one}a 198.51.100.1/24 up
58 jexec one ifconfig pfsync0 \
72 jexec one pfctl -e
73 pft_set_rules one \
76 jexec two pfctl -e
81 hostid_one=$(jexec one pfctl -si -v | awk '/Hostid:/ { gsub(/0x/, "", $2); printf($2); }')
85 ping -c 1 -S 198.51.100.254 198.51.100.1
87 # Give pfsync time to do its thing
90 if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
95 if ! jexec two pfctl -sc | grep ""${hostid_one}"";
97 jexec two pfctl -sc
98 atf_fail "HostID for host one not found on two"
145 jexec alcatraz arp -s 203.0.113.2 00:01:02:03:04:05
160 route add -net 203.0.113.0/24 198.51.100.1
164 jexec alcatraz pfctl -e
169 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
171 --syncdev ${epair_sync}b \
172 --indev ${epair_in}b \
173 --outdev ${epair_out}b
176 jexec alcatraz ifconfig pfsync0 -defer
183 atf_check -s exit:3 env PYTHONPATH=${common_dir} \
185 --syncdev ${epair_sync}b \
186 --indev ${epair_in}b \
187 --outdev ${epair_out}b
210 vnet_mkjail one ${epair_one}a ${epair_sync}a
214 jexec one ifconfig ${epair_sync}a 192.0.2.1/24 up
215 jexec one ifconfig ${epair_one}a 198.51.100.1/24 up
216 jexec one ifconfig pfsync0 \
224 jexec one pfctl -e
225 pft_set_rules one \
228 jexec two pfctl -e
235 # Create state prior to setting up pfsync
236 ping -c 1 -S 198.51.100.254 198.51.100.1
247 # Give pfsync time to do its thing
250 jexec two pfctl -s states
251 if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
301 # from client to server.
333 if ! kldstat -q -m carp
443 "pass quick on if_pfsync proto pfsync keep state (no-sync)" \
444 "pass quick on { if_br0 if_br1 } proto carp keep state (no-sync)" \
445 "block drop in quick to 224.0.0.18/32" \
447 …"pass in quick log on if_br0 route-to (if_br1 198.18.1.20) proto { icmp udp tcp } from 198.18.0.0/…
448 jexec gw_route_to_master pfctl -e
475 "pass quick on if_pfsync proto pfsync keep state (no-sync)" \
476 "pass quick on { if_br0 if_br1 } proto carp keep state (no-sync)" \
477 "block drop in quick to 224.0.0.18/32" \
479 …"pass in quick log on if_br0 route-to (if_br1 198.18.1.20) proto { icmp udp tcp } from 198.18.0.0/…
480 jexec gw_route_to_backup pfctl -e
507 "pass quick on if_pfsync proto pfsync keep state (no-sync)" \
508 "pass quick on { if_br1 if_br2 } proto carp keep state (no-sync)" \
509 "block drop in quick to 224.0.0.18/32" \
510 "pass out quick on if_br2 reply-to (if_br1 198.18.1.10) tagged auth_packet_reply_to keep state" \
511 …"pass in quick log on if_br1 proto { icmp udp tcp } from 198.18.0.0/24 to 198.18.2.0/24 tag auth_p…
512 jexec gw_reply_to_master pfctl -e
538 "pass quick on if_pfsync proto pfsync keep state (no-sync)" \
539 "pass quick on { if_br1 if_br2 } proto carp keep state (no-sync)" \
540 "block drop in quick to 224.0.0.18/32" \
541 "pass out quick on if_br2 reply-to (if_br1 198.18.1.10) tagged auth_packet_reply_to keep state" \
542 …"pass in quick log on if_br1 proto { icmp udp tcp } from 198.18.0.0/24 to 198.18.2.0/24 tag auth_p…
543 jexec gw_reply_to_backup pfctl -e
548 # Waiting for platform to settle
557 while ! jexec client ping -c 10 198.18.2.1 | grep ', 0.0% packet loss'
563 …ute_to_master_checksum=$(jexec gw_route_to_master pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f …
564 …ute_to_backup_checksum=$(jexec gw_route_to_backup pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f …
565 …ply_to_master_checksum=$(jexec gw_reply_to_master pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f …
566 …ply_to_backup_checksum=$(jexec gw_reply_to_backup pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f …
577 (jexec client ping -c 10 198.18.2.1 >ping.stdout) &
587 while ! grep -q -e 'packet loss' ping.stdout
592 atf_check -s exit:0 -e ignore -o ignore grep ', 0.0% packet loss' ping.stdout
609 if ! sysctl -q kern.features.ipsec >/dev/null ; then
613 # Run the common test, to set up pfsync
617 jexec one ifconfig pfsync0 syncpeer 192.0.2.2
621 jexec one pfctl -Fs
622 jexec two pfctl -Fs
624 # Now define an ipsec policy to run over the epair_sync interfaces
627 spdadd 192.0.2.1/32 192.0.2.2/32 any -P out ipsec esp/transport//require;
628 spdadd 192.0.2.2/32 192.0.2.1/32 any -P in ipsec esp/transport//require;
629 add 192.0.2.1 192.0.2.2 esp 0x1000 -E aes-gcm-16 \"12345678901234567890\";
630 add 192.0.2.2 192.0.2.1 esp 0x1001 -E aes-gcm-16 \"12345678901234567890\";" \
631 | jexec one setkey -c
635 spdadd 192.0.2.2/32 192.0.2.1/32 any -P out ipsec esp/transport//require;
636 spdadd 192.0.2.1/32 192.0.2.2/32 any -P in ipsec esp/transport//require;
637 add 192.0.2.1 192.0.2.2 esp 0x1000 -E aes-gcm-16 \"12345678901234567891\";
638 add 192.0.2.2 192.0.2.1 esp 0x1001 -E aes-gcm-16 \"12345678901234567891\";" \
639 | jexec two setkey -c
642 ping -c 1 -S 198.51.100.254 198.51.100.1
644 # Give pfsync time to do its thing
647 if jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
653 jexec one pfctl -Fs
654 jexec two pfctl -Fs
656 # Fix the IPSec key to match
659 spdadd 192.0.2.2/32 192.0.2.1/32 any -P out ipsec esp/transport//require;
660 spdadd 192.0.2.1/32 192.0.2.2/32 any -P in ipsec esp/transport//require;
661 add 192.0.2.1 192.0.2.2 esp 0x1000 -E aes-gcm-16 \"12345678901234567890\";
662 add 192.0.2.2 192.0.2.1 esp 0x1001 -E aes-gcm-16 \"12345678901234567890\";" \
663 | jexec two setkey -c
665 ping -c 1 -S 198.51.100.254 198.51.100.1
667 # Give pfsync time to do its thing
670 if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
692 vnet_mkjail one
694 jexec one ifconfig lo0 127.0.0.1/8 up
695 jexec one ifconfig lo0 inet6 ::1/128 up
697 pft_set_rules one \
699 jexec one pfctl -e
700 jexec one ifconfig pfsync0 defer up
702 jexec one ping -c 1 ::1
703 jexec one ping -c 1 127.0.0.1
705 # Give pfsync_timeout() time to fire (a callout on a 1 second delay)
729 vnet_mkjail one ${epair_one}a ${epair_sync}a
733 jexec one ifconfig ${epair_sync}a inet6 fd2c::1/64 no_dad up
734 jexec one ifconfig ${epair_one}a inet6 fd2b::1/64 no_dad up
735 jexec one ifconfig pfsync0 \
749 jexec one pfctl -e
750 pft_set_rules one \
753 jexec two pfctl -e
760 ping6 -c 1 -S fd2b::f0 fd2b::1
762 # Give pfsync time to do its thing
765 if ! jexec two pfctl -s states | grep icmp | grep fd2b::1 | \
791 vnet_mkjail one ${epair_one}a ${epair_sync}a
795 jexec one ifconfig ${epair_sync}a inet6 fd2c::1/64 no_dad up
796 jexec one ifconfig ${epair_one}a inet6 fd2b::1/64 no_dad up
797 jexec one ifconfig pfsync0 \
811 jexec one pfctl -e
812 pft_set_rules one \
815 jexec two pfctl -e
822 ping6 -c 1 -S fd2b::f0 fd2b::1
824 # Give pfsync time to do its thing
827 if ! jexec two pfctl -s states | grep icmp | grep fd2b::1 | \
851 vnet_mkjail one ${epair_one}a ${epair_sync}a ${epair_out_one}a
855 jexec one ifconfig ${epair_sync}a 192.0.2.1/24 up
856 jexec one ifconfig ${epair_one}a 198.51.100.1/24 up
857 jexec one ifconfig ${epair_out_one}a 203.0.113.1/24 up
858 jexec one ifconfig ${epair_out_one}a name outif
859 jexec one sysctl net.inet.ip.forwarding=1
860 jexec one arp -s 203.0.113.254 00:01:02:03:04:05
861 jexec one ifconfig pfsync0 \
872 jexec two arp -s 203.0.113.254 00:01:02:03:04:05
881 route add -net 203.0.113.0/24 198.51.100.1
889 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
891 --sendif ${epair_one}b \
892 --fromaddr 198.51.100.254 \
893 --to 203.0.113.254 \
894 --recvif ${epair_out_one}b
901 jexec one pfctl -qvvss | normalize_pfctl_s > $states_one
902 jexec two pfctl -qvvss | normalize_pfctl_s > $states_two
908 atf_set descr 'Test route-to with pfsync version 13.1'
917 jexec one pfctl -e
918 pft_set_rules one \
920 "pass out route-to (outif 203.0.113.254)"
922 jexec two pfctl -e
925 "pass out route-to (outif 203.0.113.254)"
930 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif o…
931 atf_fail "State missing on router one"
934 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif' …
948 atf_set descr 'Test route-to with pfsync version 13.1 and incompatible ruleset'
957 jexec one pfctl -e
958 pft_set_rules one \
960 "pass out route-to (outif 203.0.113.254)"
962 jexec two pfctl -e
966 "pass out route-to (outif 203.0.113.254)" \
969 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
971 --sendif ${epair_one}b \
972 --fromaddr 198.51.100.254 \
973 --to 203.0.113.254 \
974 --recvif ${epair_out_one}b
979 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif o…
980 atf_fail "State missing on router one"
984 grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*' $states_two &&
998 atf_set descr 'Test route-to with pfsync version 13.1 and different interface'
1007 jexec one pfctl -e
1008 pft_set_rules one \
1010 "pass out route-to { (outif 203.0.113.254) (outif 203.0.113.254) }"
1012 jexec two pfctl -e
1015 "pass out route-to { (outif 203.0.113.254) (outif 203.0.113.254) }"
1017 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
1019 --sendif ${epair_one}b \
1020 --fromaddr 198.51.100.254 \
1021 --to 203.0.113.254 \
1022 --recvif ${epair_out_one}b
1027 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif o…
1028 atf_fail "State missing on router one"
1031 # pfsync will not attempt to recover the routing information from the rule.
1032 grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*' $states_two &&
1046 atf_set descr 'Test route-to with pfsync version 14.0'
1055 jexec one pfctl -e
1056 pft_set_rules one \
1058 "pass out route-to (outif 203.0.113.254)"
1060 jexec two pfctl -e
1067 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif o…
1068 atf_fail "State missing on router one"
1072 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .* route-to: 203.0.113.254@outif' $states_two…
1086 atf_set descr 'Test route-to with pfsync version 14.0'
1095 jexec one pfctl -e
1096 pft_set_rules one \
1098 "pass out route-to (outif 203.0.113.254)"
1100 jexec two pfctl -e
1104 "pass out route-to (outif_new 203.0.113.254)"
1109 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif o…
1110 atf_fail "State missing on router one"
1113 # a state synced to a router with a different interface name is dropped.
1114 grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*' $states_two &&