Lines Matching +full:two +full:- +full:user
2 # SPDX-License-Identifier: BSD-2-Clause
35 atf_set require.user root
53 vnet_mkjail two ${epair_two}a ${epair_sync}b
63 jexec two ifconfig ${epair_two}a 198.51.100.2/24 up
64 jexec two ifconfig ${epair_sync}b 192.0.2.2/24 up
65 jexec two ifconfig pfsync0 \
72 jexec one pfctl -e
76 jexec two pfctl -e
77 pft_set_rules two \
81 hostid_one=$(jexec one pfctl -si -v | awk '/Hostid:/ { gsub(/0x/, "", $2); printf($2); }')
85 ping -c 1 -S 198.51.100.254 198.51.100.1
90 if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
95 if ! jexec two pfctl -sc | grep ""${hostid_one}"";
97 jexec two pfctl -sc
98 atf_fail "HostID for host one not found on two"
111 atf_set require.user root
128 atf_set require.user root
145 jexec alcatraz arp -s 203.0.113.2 00:01:02:03:04:05
160 route add -net 203.0.113.0/24 198.51.100.1
164 jexec alcatraz pfctl -e
169 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
171 --syncdev ${epair_sync}b \
172 --indev ${epair_in}b \
173 --outdev ${epair_out}b
176 jexec alcatraz ifconfig pfsync0 -defer
183 atf_check -s exit:3 env PYTHONPATH=${common_dir} \
185 --syncdev ${epair_sync}b \
186 --indev ${epair_in}b \
187 --outdev ${epair_out}b
199 atf_set require.user root
211 vnet_mkjail two ${epair_two}a ${epair_sync}b
220 jexec two ifconfig ${epair_two}a 198.51.100.2/24 up
221 jexec two ifconfig ${epair_sync}b 192.0.2.2/24 up
224 jexec one pfctl -e
228 jexec two pfctl -e
229 pft_set_rules two \
236 ping -c 1 -S 198.51.100.254 198.51.100.1
238 # Wait before setting up pfsync on two, so we don't accidentally catch
242 # Now set up pfsync in jail two
243 jexec two ifconfig pfsync0 \
250 jexec two pfctl -s states
251 if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
266 atf_set require.user root
284 atf_set require.user root
333 if ! kldstat -q -m carp
443 "pass quick on if_pfsync proto pfsync keep state (no-sync)" \
444 "pass quick on { if_br0 if_br1 } proto carp keep state (no-sync)" \
447 …"pass in quick log on if_br0 route-to (if_br1 198.18.1.20) proto { icmp udp tcp } from 198.18.0.0/…
448 jexec gw_route_to_master pfctl -e
475 "pass quick on if_pfsync proto pfsync keep state (no-sync)" \
476 "pass quick on { if_br0 if_br1 } proto carp keep state (no-sync)" \
479 …"pass in quick log on if_br0 route-to (if_br1 198.18.1.20) proto { icmp udp tcp } from 198.18.0.0/…
480 jexec gw_route_to_backup pfctl -e
507 "pass quick on if_pfsync proto pfsync keep state (no-sync)" \
508 "pass quick on { if_br1 if_br2 } proto carp keep state (no-sync)" \
510 "pass out quick on if_br2 reply-to (if_br1 198.18.1.10) tagged auth_packet_reply_to keep state" \
512 jexec gw_reply_to_master pfctl -e
538 "pass quick on if_pfsync proto pfsync keep state (no-sync)" \
539 "pass quick on { if_br1 if_br2 } proto carp keep state (no-sync)" \
541 "pass out quick on if_br2 reply-to (if_br1 198.18.1.10) tagged auth_packet_reply_to keep state" \
543 jexec gw_reply_to_backup pfctl -e
557 while ! jexec client ping -c 10 198.18.2.1 | grep ', 0.0% packet loss'
563 …ute_to_master_checksum=$(jexec gw_route_to_master pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f …
564 …ute_to_backup_checksum=$(jexec gw_route_to_backup pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f …
565 …ply_to_master_checksum=$(jexec gw_reply_to_master pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f …
566 …ply_to_backup_checksum=$(jexec gw_reply_to_backup pfctl -si -v | grep 'Checksum:' | cut -d ' ' -f …
577 (jexec client ping -c 10 198.18.2.1 >ping.stdout) &
587 while ! grep -q -e 'packet loss' ping.stdout
592 atf_check -s exit:0 -e ignore -o ignore grep ', 0.0% packet loss' ping.stdout
604 atf_set require.user root
609 if ! sysctl -q kern.features.ipsec >/dev/null ; then
618 jexec two ifconfig pfsync0 syncpeer 192.0.2.1
621 jexec one pfctl -Fs
622 jexec two pfctl -Fs
627 spdadd 192.0.2.1/32 192.0.2.2/32 any -P out ipsec esp/transport//require;
628 spdadd 192.0.2.2/32 192.0.2.1/32 any -P in ipsec esp/transport//require;
629 add 192.0.2.1 192.0.2.2 esp 0x1000 -E aes-gcm-16 \"12345678901234567890\";
630 add 192.0.2.2 192.0.2.1 esp 0x1001 -E aes-gcm-16 \"12345678901234567890\";" \
631 | jexec one setkey -c
635 spdadd 192.0.2.2/32 192.0.2.1/32 any -P out ipsec esp/transport//require;
636 spdadd 192.0.2.1/32 192.0.2.2/32 any -P in ipsec esp/transport//require;
637 add 192.0.2.1 192.0.2.2 esp 0x1000 -E aes-gcm-16 \"12345678901234567891\";
638 add 192.0.2.2 192.0.2.1 esp 0x1001 -E aes-gcm-16 \"12345678901234567891\";" \
639 | jexec two setkey -c
642 ping -c 1 -S 198.51.100.254 198.51.100.1
647 if jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
653 jexec one pfctl -Fs
654 jexec two pfctl -Fs
659 spdadd 192.0.2.2/32 192.0.2.1/32 any -P out ipsec esp/transport//require;
660 spdadd 192.0.2.1/32 192.0.2.2/32 any -P in ipsec esp/transport//require;
661 add 192.0.2.1 192.0.2.2 esp 0x1000 -E aes-gcm-16 \"12345678901234567890\";
662 add 192.0.2.2 192.0.2.1 esp 0x1001 -E aes-gcm-16 \"12345678901234567890\";" \
663 | jexec two setkey -c
665 ping -c 1 -S 198.51.100.254 198.51.100.1
670 if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
685 atf_set require.user root
699 jexec one pfctl -e
702 jexec one ping -c 1 ::1
703 jexec one ping -c 1 127.0.0.1
718 atf_set require.user root
730 vnet_mkjail two ${epair_two}a ${epair_sync}b
740 jexec two ifconfig ${epair_two}a inet6 fd2b::2/64 no_dad up
741 jexec two ifconfig ${epair_sync}b inet6 fd2c::2/64 no_dad up
742 jexec two ifconfig pfsync0 \
749 jexec one pfctl -e
753 jexec two pfctl -e
754 pft_set_rules two \
760 ping6 -c 1 -S fd2b::f0 fd2b::1
765 if ! jexec two pfctl -s states | grep icmp | grep fd2b::1 | \
780 atf_set require.user root
792 vnet_mkjail two ${epair_two}a ${epair_sync}b
802 jexec two ifconfig ${epair_two}a inet6 fd2b::2/64 no_dad up
803 jexec two ifconfig ${epair_sync}b inet6 fd2c::2/64 no_dad up
804 jexec two ifconfig pfsync0 \
811 jexec one pfctl -e
815 jexec two pfctl -e
816 pft_set_rules two \
822 ping6 -c 1 -S fd2b::f0 fd2b::1
827 if ! jexec two pfctl -s states | grep icmp | grep fd2b::1 | \
842 atf_set require.user root
854 vnet_mkjail two ${epair_two}a ${epair_sync}b
863 jexec two ifconfig ${epair_two}a 198.51.100.1/24 up
864 jexec two ifconfig ${epair_sync}b 192.0.2.2/24 up
865 jexec two ifconfig pfsync0 \
872 jexec two ifconfig ${epair_two}a ether ${mac}
876 jexec one pfctl -e
880 # No extra fibs in two
881 jexec two pfctl -e
882 pft_set_rules two \
892 --sendif ${epair_one}b \
893 --fromaddr 198.51.100.254 \
894 --to 198.51.100.1 \
895 --recvif ${epair_one}b
898 jexec one pfctl -ss -vv
901 # Now try to use that state on jail two
904 --sendif ${epair_two}b \
905 --fromaddr 198.51.100.254 \
906 --to 198.51.100.1 \
907 --recvif ${epair_two}b
910 jexec one pfctl -ss -vv
911 jexec one pfctl -sr -vv
912 echo two
913 jexec two pfctl -ss -vv
914 jexec two pfctl -sr -vv
936 vnet_mkjail two ${epair_two}a ${epair_sync}b ${epair_out_two}a
944 jexec one arp -s 203.0.113.254 00:01:02:03:04:05
951 jexec two ifconfig ${epair_sync}b 192.0.2.2/24 up
952 jexec two ifconfig ${epair_two}a 198.51.100.2/24 up
953 jexec two ifconfig ${epair_out_two}a 203.0.113.2/24 up
954 jexec two ifconfig ${epair_out_two}a name outif
955 jexec two sysctl net.inet.ip.forwarding=1
956 jexec two arp -s 203.0.113.254 00:01:02:03:04:05
957 jexec two ifconfig pfsync0 \
965 route add -net 203.0.113.0/24 198.51.100.1
973 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
975 --sendif ${epair_one}b \
976 --fromaddr 198.51.100.254 \
977 --to 203.0.113.254 \
978 --recvif ${epair_out_one}b
985 jexec one pfctl -qvvss | normalize_pfctl_s > $states_one
986 jexec two pfctl -qvvss | normalize_pfctl_s > $states_two
992 atf_set descr 'Test route-to with pfsync version 13.1'
993 atf_set require.user root
1001 jexec one pfctl -e
1004 "pass out route-to (outif 203.0.113.254)"
1006 jexec two pfctl -e
1007 pft_set_rules two \
1009 "pass out route-to (outif 203.0.113.254)"
1014 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif o…
1018 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif' …
1019 atf_fail "State missing on router two"
1032 atf_set descr 'Test route-to with pfsync version 13.1 and incompatible ruleset'
1033 atf_set require.user root
1041 jexec one pfctl -e
1044 "pass out route-to (outif 203.0.113.254)"
1046 jexec two pfctl -e
1047 pft_set_rules two \
1050 "pass out route-to (outif 203.0.113.254)" \
1053 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
1055 --sendif ${epair_one}b \
1056 --fromaddr 198.51.100.254 \
1057 --to 203.0.113.254 \
1058 --recvif ${epair_out_one}b
1063 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif o…
1068 grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*' $states_two &&
1069 atf_fail "State present on router two"
1082 atf_set descr 'Test route-to with pfsync version 13.1 and different interface'
1083 atf_set require.user root
1091 jexec one pfctl -e
1094 "pass out route-to { (outif 203.0.113.254) (outif 203.0.113.254) }"
1096 jexec two pfctl -e
1097 pft_set_rules two \
1099 "pass out route-to { (outif 203.0.113.254) (outif 203.0.113.254) }"
1101 atf_check -s exit:0 env PYTHONPATH=${common_dir} \
1103 --sendif ${epair_one}b \
1104 --fromaddr 198.51.100.254 \
1105 --to 203.0.113.254 \
1106 --recvif ${epair_out_one}b
1111 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif o…
1116 grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*' $states_two &&
1117 atf_fail "State present on router two"
1130 atf_set descr 'Test route-to with pfsync version 14.0'
1131 atf_set require.user root
1139 jexec one pfctl -e
1142 "pass out route-to (outif 203.0.113.254)"
1144 jexec two pfctl -e
1145 pft_set_rules two \
1151 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif o…
1156 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .* route-to: 203.0.113.254@outif' $states_two…
1157 atf_fail "State missing on router two"
1170 atf_set descr 'Test route-to with pfsync version 14.0'
1171 atf_set require.user root
1179 jexec one pfctl -e
1182 "pass out route-to (outif 203.0.113.254)"
1184 jexec two pfctl -e
1185 jexec two ifconfig outif name outif_new
1186 pft_set_rules two \
1188 "pass out route-to (outif_new 203.0.113.254)"
1193 …grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*, rule 0 .* route-to: 203.0.113.254@outif o…
1198 grep -qE 'all icmp 198.51.100.254 -> 203.0.113.254:8 .*' $states_two &&
1199 atf_fail "State present on router two"