Lines Matching +full:sync +full:- +full:2
2 # SPDX-License-Identifier: BSD-2-Clause
11 # 2. Redistributions in binary form must reproduce the above copyright
72 jexec one pfctl -e
76 jexec two pfctl -e
81 hostid_one=$(jexec one pfctl -si -v | awk '/Hostid:/ { gsub(/0x/, "", $2); printf($2); }')
85 ping -c 1 -S 198.51.100.254 198.51.100.1
88 sleep 2
90 if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
95 if ! jexec two pfctl -sc | grep ""${hostid_one}"";
97 jexec two pfctl -sc
145 jexec alcatraz arp -s 203.0.113.2 00:01:02:03:04:05
160 route add -net 203.0.113.0/24 198.51.100.1
164 jexec alcatraz pfctl -e
169 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
171 --syncdev ${epair_sync}b \
172 --indev ${epair_in}b \
173 --outdev ${epair_out}b
176 jexec alcatraz ifconfig pfsync0 -defer
183 atf_check -s exit:3 env PYTHONPATH=${common_dir} \
185 --syncdev ${epair_sync}b \
186 --indev ${epair_in}b \
187 --outdev ${epair_out}b
224 jexec one pfctl -e
228 jexec two pfctl -e
236 ping -c 1 -S 198.51.100.254 198.51.100.1
248 sleep 2
250 jexec two pfctl -s states
251 if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
333 if ! kldstat -q -m carp
443 "pass quick on if_pfsync proto pfsync keep state (no-sync)" \
444 "pass quick on { if_br0 if_br1 } proto carp keep state (no-sync)" \
447 …"pass in quick log on if_br0 route-to (if_br1 198.18.1.20) proto { icmp udp tcp } from 198.18.0.0/…
448 jexec gw_route_to_master pfctl -e
475 "pass quick on if_pfsync proto pfsync keep state (no-sync)" \
476 "pass quick on { if_br0 if_br1 } proto carp keep state (no-sync)" \
479 …"pass in quick log on if_br0 route-to (if_br1 198.18.1.20) proto { icmp udp tcp } from 198.18.0.0/…
480 jexec gw_route_to_backup pfctl -e
507 "pass quick on if_pfsync proto pfsync keep state (no-sync)" \
508 "pass quick on { if_br1 if_br2 } proto carp keep state (no-sync)" \
510 "pass out quick on if_br2 reply-to (if_br1 198.18.1.10) tagged auth_packet_reply_to keep state" \
512 jexec gw_reply_to_master pfctl -e
538 "pass quick on if_pfsync proto pfsync keep state (no-sync)" \
539 "pass quick on { if_br1 if_br2 } proto carp keep state (no-sync)" \
541 "pass out quick on if_br2 reply-to (if_br1 198.18.1.10) tagged auth_packet_reply_to keep state" \
543 jexec gw_reply_to_backup pfctl -e
557 while ! jexec client ping -c 10 198.18.2.1 | grep ', 0.0% packet loss'
563 …te_to_master_checksum=$(jexec gw_route_to_master pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f 2)
564 …te_to_backup_checksum=$(jexec gw_route_to_backup pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f 2)
565 …ly_to_master_checksum=$(jexec gw_reply_to_master pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f 2)
566 …ly_to_backup_checksum=$(jexec gw_reply_to_backup pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f 2)
577 (jexec client ping -c 10 198.18.2.1 >ping.stdout) &
587 while ! grep -q -e 'packet loss' ping.stdout
592 atf_check -s exit:0 -e ignore -o ignore grep ', 0.0% packet loss' ping.stdout
609 if ! sysctl -q kern.features.ipsec >/dev/null ; then
621 jexec one pfctl -Fs
622 jexec two pfctl -Fs
627 spdadd 192.0.2.1/32 192.0.2.2/32 any -P out ipsec esp/transport//require;
628 spdadd 192.0.2.2/32 192.0.2.1/32 any -P in ipsec esp/transport//require;
629 add 192.0.2.1 192.0.2.2 esp 0x1000 -E aes-gcm-16 \"12345678901234567890\";
630 add 192.0.2.2 192.0.2.1 esp 0x1001 -E aes-gcm-16 \"12345678901234567890\";" \
631 | jexec one setkey -c
635 spdadd 192.0.2.2/32 192.0.2.1/32 any -P out ipsec esp/transport//require;
636 spdadd 192.0.2.1/32 192.0.2.2/32 any -P in ipsec esp/transport//require;
637 add 192.0.2.1 192.0.2.2 esp 0x1000 -E aes-gcm-16 \"12345678901234567891\";
638 add 192.0.2.2 192.0.2.1 esp 0x1001 -E aes-gcm-16 \"12345678901234567891\";" \
639 | jexec two setkey -c
642 ping -c 1 -S 198.51.100.254 198.51.100.1
645 sleep 2
647 if jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
653 jexec one pfctl -Fs
654 jexec two pfctl -Fs
659 spdadd 192.0.2.2/32 192.0.2.1/32 any -P out ipsec esp/transport//require;
660 spdadd 192.0.2.1/32 192.0.2.2/32 any -P in ipsec esp/transport//require;
661 add 192.0.2.1 192.0.2.2 esp 0x1000 -E aes-gcm-16 \"12345678901234567890\";
662 add 192.0.2.2 192.0.2.1 esp 0x1001 -E aes-gcm-16 \"12345678901234567890\";" \
663 | jexec two setkey -c
665 ping -c 1 -S 198.51.100.254 198.51.100.1
668 sleep 2
670 if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
699 jexec one pfctl -e
702 jexec one ping -c 1 ::1
703 jexec one ping -c 1 127.0.0.1
706 sleep 2
737 syncpeer fd2c::2 \
740 jexec two ifconfig ${epair_two}a inet6 fd2b::2/64 no_dad up
741 jexec two ifconfig ${epair_sync}b inet6 fd2c::2/64 no_dad up
749 jexec one pfctl -e
753 jexec two pfctl -e
760 ping6 -c 1 -S fd2b::f0 fd2b::1
763 sleep 2
765 if ! jexec two pfctl -s states | grep icmp | grep fd2b::1 | \
802 jexec two ifconfig ${epair_two}a inet6 fd2b::2/64 no_dad up
803 jexec two ifconfig ${epair_sync}b inet6 fd2c::2/64 no_dad up
811 jexec one pfctl -e
815 jexec two pfctl -e
822 ping6 -c 1 -S fd2b::f0 fd2b::1
825 sleep 2
827 if ! jexec two pfctl -s states | grep icmp | grep fd2b::1 | \
871 mac=$(jexec one ifconfig ${epair_one}a | awk '/ether/ { print($2); }')
876 jexec one pfctl -e
881 jexec two pfctl -e
892 --sendif ${epair_one}b \
893 --fromaddr 198.51.100.254 \
894 --to 198.51.100.1 \
895 --recvif ${epair_one}b
898 jexec one pfctl -ss -vv
899 sleep 2
904 --sendif ${epair_two}b \
905 --fromaddr 198.51.100.254 \
906 --to 198.51.100.1 \
907 --recvif ${epair_two}b
910 jexec one pfctl -ss -vv
911 jexec one pfctl -sr -vv
913 jexec two pfctl -ss -vv
914 jexec two pfctl -sr -vv
924 # TODO: Extend setup_router_server_nat64 to create a 2nd router
950 jexec one arp -s 203.0.113.254 00:01:02:00:00:04
951 jexec one ndp -s 2001:db8:4200::fe 00:01:02:00:00:06
963 jexec two ifconfig ${epair_out_two}a inet6 2001:db8:4200::2/64 no_dad
967 jexec two arp -s 203.0.113.254 00:01:02:00:00:04
968 jexec two ndp -s 2001:db8:4200::fe 00:01:02:00:00:06
976 ifconfig ${epair_one}b inet6 2001:db8:4211::2/64 no_dad
978 ifconfig ${epair_two}b inet6 2001:db8:4212::2/64 no_dad
980 route add -net 203.0.113.0/24 198.51.100.1
981 route add -inet6 -net 64:ff9b::/96 2001:db8:4211::1
990 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
992 --sendif ${epair_one}b \
993 --fromaddr 198.51.100.254 \
994 --to 203.0.113.254 \
995 --recvif ${epair_out_one}b
997 # Allow time for sync
998 sleep 2
1002 jexec one pfctl -qvvss | normalize_pfctl_s > $states_one
1003 jexec two pfctl -qvvss | normalize_pfctl_s > $states_two
1009 atf_set descr 'Test route-to with pfsync version 13.1'
1018 jexec one pfctl -e
1021 "pass out route-to (outif 203.0.113.254)"
1023 jexec two pfctl -e
1026 "pass out route-to (outif 203.0.113.254)"
1031 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif o…
1035 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif' …
1049 atf_set descr 'Test route-to with pfsync version 13.1 and incompatible ruleset'
1058 jexec one pfctl -e
1061 "pass out route-to (outif 203.0.113.254)"
1063 jexec two pfctl -e
1067 "pass out route-to (outif 203.0.113.254)" \
1070 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
1072 --sendif ${epair_one}b \
1073 --fromaddr 198.51.100.254 \
1074 --to 203.0.113.254 \
1075 --recvif ${epair_out_one}b
1080 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif o…
1085 grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*' $states_two &&
1099 atf_set descr 'Test route-to with pfsync version 13.1 and different interface'
1108 jexec one pfctl -e
1111 "pass out route-to { (outif 203.0.113.254) (outif 203.0.113.254) }"
1113 jexec two pfctl -e
1116 "pass out route-to { (outif 203.0.113.254) (outif 203.0.113.254) }"
1118 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
1120 --sendif ${epair_one}b \
1121 --fromaddr 198.51.100.254 \
1122 --to 203.0.113.254 \
1123 --recvif ${epair_out_one}b
1128 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif o…
1133 grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*' $states_two &&
1147 atf_set descr 'Test route-to with pfsync version 14.0'
1156 jexec one pfctl -e
1159 "pass out route-to (outif 203.0.113.254)"
1161 jexec two pfctl -e
1168 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif o…
1173 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .* route-to: 203.0.113.254@outif' $states_two…
1187 atf_set descr 'Test route-to with pfsync version 14.0'
1196 jexec one pfctl -e
1199 "pass out route-to (outif 203.0.113.254)"
1201 jexec two pfctl -e
1205 "pass out route-to (outif_new 203.0.113.254)"
1210 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif o…
1215 grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*' $states_two &&
1229 atf_set descr 'Test syncing of states created by inbound af-to rules with floating states'
1238 jexec one pfctl -e
1240 "set state-policy floating" \
1243 "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv } keep state (no-sync)" \
1244 "pass in on inif to 64:ff9b::/96 af-to inet from (outif) keep state"
1246 jexec two pfctl -e
1250 "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv } keep state (no-sync)"
1253 atf_check -s exit:1 env PYTHONPATH=${common_dir} \
1255 --sendif ${epair_one}b \
1256 --fromaddr 2001:db8:4201::fe \
1257 --to 64:ff9b::203.0.113.254 \
1258 --recvif ${epair_out_one}b
1260 # Allow time for sync
1261 sleep 2
1265 jexec one pfctl -qvvss | normalize_pfctl_s > $states_one
1266 jexec two pfctl -qvvss | normalize_pfctl_s > $states_two
1269 …grep -qE 'all ipv6-icmp 203.0.113.1 \(2001:db8:4201::fe\) -> 203.0.113.254:8 \(64:ff9b::cb00:71fe)…
1272 …grep -qE 'all ipv6-icmp 203.0.113.1 \(2001:db8:4201::fe\) -> 203.0.113.254:8 \(64:ff9b::cb00:71fe)…
1284 atf_set descr 'Test syncing of states created by inbound af-to rules with if-bound states'
1293 jexec one pfctl -e
1295 "set state-policy if-bound" \
1298 "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv } keep state (no-sync)" \
1299 "pass in on inif to 64:ff9b::/96 af-to inet from (outif) keep state"
1301 jexec two pfctl -e
1305 "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv } keep state (no-sync)"
1308 atf_check -s exit:1 env PYTHONPATH=${common_dir} \
1310 --sendif ${epair_one}b \
1311 --fromaddr 2001:db8:4201::fe \
1312 --to 64:ff9b::203.0.113.254 \
1313 --recvif ${epair_out_one}b
1315 # Allow time for sync
1316 sleep 2
1320 jexec one pfctl -qvvss | normalize_pfctl_s > $states_one
1321 jexec two pfctl -qvvss | normalize_pfctl_s > $states_two
1324 …grep -qE 'outif ipv6-icmp 203.0.113.1 \(2001:db8:4201::fe\) -> 203.0.113.254:8 \(64:ff9b::cb00:71f…
1327 …grep -qE 'outif ipv6-icmp 203.0.113.1 \(2001:db8:4201::fe\) -> 203.0.113.254:8 \(64:ff9b::cb00:71f…
1339 atf_set descr 'Test syncing of states created by outbound af-to rules with if-bound states'
1348 jexec one route add -inet6 -net 64:ff9b::/96 -iface outif
1351 jexec one pfctl -e
1353 "set state-policy if-bound" \
1356 "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv } keep state (no-sync)" \
1358 "pass out on outif to 64:ff9b::/96 af-to inet from (outif) keep state"
1360 jexec two pfctl -e
1364 "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv } keep state (no-sync)"
1367 atf_check -s exit:1 env PYTHONPATH=${common_dir} \
1369 --sendif ${epair_one}b \
1370 --fromaddr 2001:db8:4201::fe \
1371 --to 64:ff9b::203.0.113.254 \
1372 --recvif ${epair_out_one}b
1374 # Allow time for sync
1375 sleep 2
1379 jexec one pfctl -qvvss | normalize_pfctl_s > $states_one
1380 jexec two pfctl -qvvss | normalize_pfctl_s > $states_two
1383 # st->orig_kif is the same as st->kif, so st->orig_kif is not printed.
1385 …"inif ipv6-icmp 64:ff9b::cb00:71fe\[128\] <- 2001:db8:4201::fe .* rule 3 .* creatorid: [0-9a-f]+" \
1386 … 203.0.113.1 \(64:ff9b::cb00:71fe\[8\]\) -> 203.0.113.254:8 \(2001:db8:4201::fe\) .* rule 4 .* cre…
1388 grep -qE "${state_regexp}" $states_one || atf_fail "State not found for '${state_regexp}'"
1392 "inif ipv6-icmp 64:ff9b::cb00:71fe\[128\] <- 2001:db8:4201::fe .* creatorid: [0-9a-f]+" \
1393 … icmp 203.0.113.1 \(64:ff9b::cb00:71fe\[8\]\) -> 203.0.113.254:8 \(2001:db8:4201::fe\) .* creatori…
1395 grep -qE "${state_regexp}" $states_two || atf_fail "State not found for '${state_regexp}'"
1416 jexec one pfctl -e
1420 "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv } keep state (no-sync)" \
1422 "pass out on outif tagged sometag keep state (no-sync)"
1424 jexec two pfctl -e
1429 "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv } keep state (no-sync)" \
1431 "pass out on outif tagged sometag keep state (no-sync)"
1433 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
1435 --ping-type=udp \
1436 --sendif ${epair_one}b \
1437 --fromaddr 198.51.100.254 \
1438 --to 203.0.113.254 \
1439 --recvif ${epair_out_one}b
1441 # Allow time for sync
1442 sleep 2
1444 # Force the next request to go through the 2nd router
1445 route change -net 203.0.113.0/24 198.51.100.17
1447 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
1449 --ping-type=udp \
1450 --sendif ${epair_two}b \
1451 --fromaddr 198.51.100.254 \
1452 --to 203.0.113.254 \
1453 --recvif ${epair_out_two}b
1475 jexec one pfctl -e
1483 "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv } keep state (no-sync)" \
1487 jexec two pfctl -e
1496 "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv } keep state (no-sync)" \
1499 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
1501 --ping-type=udp \
1502 --sendif ${epair_one}b \
1503 --fromaddr 198.51.100.254 \
1504 --to 203.0.113.254 \
1505 --recvif ${epair_out_one}b
1508 jexec one pfctl -qvsq | normalize_pfctl_s > $queues_one
1511 …grep -qE 'queue other1 on outif .* pkts: 1 ' $queues_one || atf_fail 'Packets not sent through que…
1513 # Allow time for sync
1514 sleep 2
1516 # Force the next request to go through the 2nd router
1517 route change -net 203.0.113.0/24 198.51.100.17
1522 # on router "two" in different order and we only sync queue index,
1525 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
1527 --ping-type=udp \
1528 --sendif ${epair_two}b \
1529 --fromaddr 198.51.100.254 \
1530 --to 203.0.113.254 \
1531 --recvif ${epair_out_two}b
1534 jexec two pfctl -qvsq | normalize_pfctl_s > $queues_two
1537 …grep -qE 'queue other2 on outif .* pkts: 1 ' $queues_two || atf_fail 'Packets not sent through que…
1546 jexec one pfctl -F all
1547 jexec two pfctl -F all
1563 jexec one pfctl -e
1567 "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv } keep state (no-sync)" \
1569 route-to (outif 203.0.113.254) prefer-ipv6-nexthop \
1574 route-to (outif 2001:db8:4200::fe) prefer-ipv6-nexthop \
1579 route-to (outif 2001:db8:4200::fe) prefer-ipv6-nexthop \
1583 "pass out on outif inet proto udp keep state (no-sync)" \
1584 "pass out on outif inet6 proto udp keep state (no-sync)"
1586 jexec two pfctl -e
1591 "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv } keep state (no-sync)" \
1594 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
1596 --ping-type=udp \
1597 --sendif ${epair_one}b \
1598 --fromaddr 198.51.100.254 \
1599 --to 203.0.113.241 \
1600 --recvif ${epair_out_one}b
1603 # with `ndp -s` causes the static NDP entry to become expired.
1609 #atf_check -s exit:0 env PYTHONPATH=${common_dir} \
1611 # --ping-type=udp \
1612 # --sendif ${epair_one}b \
1613 # --fromaddr 198.51.100.254 \
1614 # --to 203.0.113.242 \
1615 # --recvif ${epair_out_one}b
1618 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
1620 --ping-type=udp \
1621 --sendif ${epair_one}b \
1622 --fromaddr 2001:db8:4211::fe \
1623 --to 2001:db8:4200::f3 \
1624 --recvif ${epair_out_one}b
1630 jexec one pfctl -qvvss | normalize_pfctl_s > $states_one
1631 jexec two pfctl -qvvss | normalize_pfctl_s > $states_two
1639 "all udp 203.0.113.241:9 <- 198.51.100.254 .* route-to: 203.0.113.254@outif origif: inif" \
1640 …"all udp 2001:db8:4200::f3\[9\] <- 2001:db8:4211::fe .* route-to: 2001:db8:4200::fe@outif origif: …
1642 …grep -qE "${state_regexp}" $states_two || atf_fail "State not found for '${state_regexp}' on route…
1648 jexec one pfctl -qvvsr
1649 jexec one pfctl -qvvss
1650 jexec one arp -an
1651 jexec one ndp -an