Lines Matching +full:python3 +full:- +full:dev
2 # SPDX-License-Identifier: BSD-2-Clause
34 atf_set descr 'Basic route-to test'
50 jexec alcatraz route add -net 198.51.100.0/24 192.0.2.1
51 jexec alcatraz pfctl -e
55 "pass out route-to (${epair_route}b 203.0.113.1) from 192.0.2.2 to 198.51.100.1 no state"
56 jexec alcatraz nc -w 3 -s 192.0.2.2 198.51.100.1 22
70 atf_set descr 'Basic route-to test (IPv6)'
79 ifconfig ${epair_send}a inet6 2001:db8:42::1/64 up no_dad -ifdisabled
81 ifconfig ${epair_route}a inet6 2001:db8:43::1/64 up no_dad -ifdisabled
86 jexec alcatraz route add -6 2001:db8:666::/64 2001:db8:42::2
87 jexec alcatraz pfctl -e
91 …"pass out route-to (${epair_route}b 2001:db8:43::1) from 2001:db8:42::2 to 2001:db8:666::1 no stat…
92 jexec alcatraz nc -6 -w 3 -s 2001:db8:42::2 2001:db8:666::1 22
106 atf_set descr 'Multi-WAN redirection / reply-to test'
143 jexec srv /usr/sbin/inetd -p ${PWD}/multiwan.pid $(atf_get_srcdir)/echo_inetd.conf
145 jexec srv pfctl -e
147 "nat on ${epair_one}b inet from 127.0.0.0/8 to any -> (${epair_one}b)" \
148 "nat on ${epair_two}b inet from 127.0.0.0/8 to any -> (${epair_two}b)" \
149 "rdr on ${epair_one}b inet proto tcp from any to 192.0.2.2 port 7 -> 127.0.0.1 port 7" \
150 "rdr on ${epair_two}b inet proto tcp from any to 198.51.100.2 port 7 -> 127.0.0.1 port 7" \
153 …"pass in quick on ${epair_one}b reply-to (${epair_one}b 192.0.2.1) inet proto tcp from any to 127.…
154 …"pass in quick on ${epair_two}b reply-to (${epair_two}b 198.51.100.1) inet proto tcp from any to 1…
158 result=$(echo "one" | jexec wan_one nc -N -w 3 192.0.2.2 7)
162 result=$(echo "two" | jexec wan_two nc -N -w 3 198.51.100.2 7)
167 result=$(echo "one" | jexec client nc -N -w 3 192.0.2.2 7)
173 result=$(echo "two" | jexec client nc -N -w 3 198.51.100.2 7)
187 atf_set descr 'Multi-WAN local origin source-based redirection / route-to test'
223 jexec srv1 sh -c 'dd if=/dev/zero bs=1024 count=100 | nc -l 7 -w 2 -N &'
224 jexec srv2 sh -c 'dd if=/dev/zero bs=1024 count=100 | nc -l 7 -w 2 -N &'
226 jexec client pfctl -e
230 …"pass out quick route-to (${epair_cl_two}a 203.0.113.129) inet proto tcp from 203.0.113.128 to any…
235 result=$(jexec client nc -N -w 1 192.0.2.2 7 | wc -c)
236 if [ ${result} -ne 102400 ]; then
237 jexec client pfctl -ss
242 result=$(jexec client nc -N -w 1 -s 203.0.113.128 198.51.100.2 7 | wc -c)
243 jexec client pfctl -ss
244 if [ ${result} -ne 102400 ]; then
257 atf_set descr 'Test that ICMP packets are correct for route-to + NAT'
259 atf_set require.progs python3 scapy
275 route add -net 198.51.100.0/24 192.0.2.1
286 atf_check -s exit:0 -o ignore ping -c 1 198.51.100.2
288 jexec gw pfctl -e
290 "nat on ${epair_two}a inet from 192.0.2.0/24 to any -> (${epair_two}a)" \
291 "nat on ${epair_three}a inet from 192.0.2.0/24 to any -> (${epair_three}a)" \
292 "pass out route-to (${epair_three}a 203.0.113.2) proto icmp icmp-type echoreq"
295 atf_check -s exit:0 ${common_dir}/pft_icmp_check.py \
296 --to 198.51.100.2 \
297 --fromaddr 192.0.2.2 \
298 --recvif ${epair_one}a \
299 --sendif ${epair_one}a
302 atf_check -s exit:2 -o match:'frag needed and DF set' \
303 ping -D -c 1 -s 1000 198.51.100.2
314 atf_set descr 'Test that dummynet applies to route-to packets'
335 route add -net 192.0.2.0/24 198.51.100.1
338 atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1
342 "pass out route-to (${epair_srv}b 192.0.2.1) to 192.0.2.1 dnpipe 1"
343 jexec gw pfctl -e
347 atf_check -s exit:0 -o ignore ping -c 1 -t 2 192.0.2.1
349 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.1
353 "pass out route-to (${epair_srv}b 192.0.2.1) to 192.0.2.1 dnpipe (0, 1)"
357 atf_check -s exit:0 -o ignore ping -c 1 -t 2 192.0.2.1
359 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.1
370 atf_set descr 'Thest that dummynet works as expected on pass in route-to packets'
391 route add -net 192.0.2.0/24 198.51.100.1
394 atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1
398 "pass in route-to (${epair_srv}b 192.0.2.1) to 192.0.2.1 dnpipe 1"
399 jexec gw pfctl -e
404 ping -c 1 192.0.2.1
405 atf_check -s exit:0 -o ignore ping -c 1 -t 2 192.0.2.1
407 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.1
411 "pass in route-to (${epair_srv}b 192.0.2.1) to 192.0.2.1 dnpipe (0, 1)"
416 ping -c 1 192.0.2.1
417 atf_check -s exit:0 -o ignore ping -c 1 -t 2 192.0.2.1
419 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.1
430 atf_set descr 'Test that route-to states bind the expected interface'
454 jexec $j pfctl -e
456 "set state-policy if-bound" \
458 "pass out route-to (${epair_two}a 198.51.100.2)"
460 atf_check -s exit:0 -o ignore \
461 jexec $j ping -c 3 203.0.113.1
472 atf_set descr 'Test that route-to states for IPv6 bind the expected interface'
489 jexec ${j}2 route -6 add default 2001:db8:1::1
494 jexec $j route -6 add default 2001:db8::2
496 jexec $j ping6 -c 3 2001:db8:1::2
498 jexec $j pfctl -e
500 "set state-policy if-bound" \
502 "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv }" \
503 "pass out route-to (${epair_two}a 2001:db8:1::2)"
505 atf_check -s exit:0 -o ignore \
506 jexec $j ping6 -c 3 2001:db8:2::1
517 atf_set descr 'Test that reply-to states bind to the expected interface'
519 atf_set require.progs python3 scapy
538 jexec $j pfctl -e
540 "set state-policy if-bound" \
542 …"pass in on ${epair_one}a reply-to (${epair_one}a 192.0.2.2) inet from any to 192.0.2.0/24 keep st…
544 atf_check -s exit:0 -o ignore \
545 ping -c 3 192.0.2.1
547 atf_check -s exit:0 \
549 --to 192.0.2.1 \
550 --from 203.0.113.2 \
551 --sendif ${epair_one}b \
552 --replyif ${epair_one}b
555 atf_check -s exit:0 \
557 --to 192.0.2.1 \
558 --from 203.0.113.2 \
559 --sendif ${epair_one}b \
560 --replyif ${epair_one}b
562 jexec $j pfctl -ss -vv
573 atf_set descr 'Test that reply-to states bind to the expected interface for IPv6'
575 atf_set require.progs python3 scapy
590 #jexec ${j}s route -6 add default 2001:db8::1
595 jexec $j route -6 add default 2001:db8:1::254
597 jexec $j pfctl -e
599 "set state-policy if-bound" \
601 "pass quick inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv }" \
602 …"pass in on ${epair_one}a reply-to (${epair_one}a 2001:db8::2) inet6 from any to 2001:db8::/64 kee…
604 atf_check -s exit:0 -o ignore \
605 jexec ${j}s ping6 -c 3 2001:db8::1
607 atf_check -s exit:0 \
609 --to 2001:db8::1 \
610 --from 2001:db8:2::2 \
611 --sendif ${epair_one}b \
612 --replyif ${epair_one}b
615 atf_check -s exit:0 \
617 --to 2001:db8::1 \
618 --from 2001:db8:2::2 \
619 --sendif ${epair_one}b \
620 --replyif ${epair_one}b
622 jexec $j pfctl -ss -vv
633 …atf_set descr 'Test that reply-to states bind to the expected non-default-route interface after rd…
635 atf_set require.progs python3 scapy
655 jexec $j pfctl -e
658 "set state-policy if-bound" \
659 "rdr on ${epair_one}a proto icmp from any to 192.0.2.1 -> 127.0.0.1" \
660 "rdr on ${epair_two}a proto icmp from any to 198.51.100.1 -> 127.0.0.1" \
662 …"pass in on ${epair_one}a reply-to (${epair_one}a 192.0.2.2) inet from any to 127.0.0.1 keep state"
664 atf_check -s exit:0 -o ignore \
665 ping -c 3 192.0.2.1
667 atf_check -s exit:0 \
669 --to 192.0.2.1 \
670 --from 203.0.113.2 \
671 --sendif ${epair_one}b \
672 --replyif ${epair_one}b
675 atf_check -s exit:0 \
677 --to 192.0.2.1 \
678 --from 203.0.113.2 \
679 --sendif ${epair_one}b \
680 --replyif ${epair_one}b
682 jexec $j pfctl -sr -vv
683 jexec $j pfctl -ss -vv
694 atf_set descr 'Test fragmentation with route-to and dummynet'
724 jexec alcatraz pfctl -e
727 "pass in route-to (${epair_two}a 198.51.100.2) inet proto icmp all icmp-type echoreq dnpipe 1" \
731 atf_check -s exit:0 -o ignore ping -c 1 198.51.100.2
732 atf_check -s exit:0 -o ignore ping -c 1 -s 4000 198.51.100.2
770 jexec alcatraz pfctl -e
773 "nat on ${epair_two}a from 192.0.2.0/24 -> (${epair_two}a)" \
774 …"pass in route-to (${epair_two}a 198.51.100.2) inet proto icmp all icmp-type echoreq dnpipe (1, 1)…
775 "pass out route-to (${epair_two}a 198.51.100.2) inet proto icmp all icmp-type echoreq"
777 ping -c 1 198.51.100.2
778 jexec alcatraz pfctl -sr -vv
779 jexec alcatraz pfctl -ss -vv
783 atf_check -s exit:0 -o ignore ping -t 2 -c 1 198.51.100.2
784 atf_check -s exit:2 -o ignore ping -t 1 -c 1 198.51.100.2
795 atf_set descr 'Set and retrieve a rule with sticky-address'
806 …"pass in quick log on n_test_h_rtr route-to (n_srv_h_rtr <change_dst>) sticky-address from any to …
808 jexec alcatraz pfctl -qvvsr
819 atf_set descr 'Ensure we decrement TTL on route-to'
842 atf_check -s exit:0 -o ignore \
843 ping -c 3 198.51.100.2
845 jexec alcatraz pfctl -e
848 "pass in route-to (${epair_two}a 198.51.100.2)"
850 atf_check -s exit:0 -o ignore \
851 ping -c 3 198.51.100.2
853 atf_check -s exit:2 -o ignore \
854 ping -m 1 -c 3 198.51.100.2
866 atf_set descr 'Route-to with empty pool'
878 "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv }" \
879 …"pass in on ${epair_tester}b route-to (${epair_server}a <nonexistent>) inet6 from any to ${net_se…
886 # Ignore warnings about not-loaded ALTQ
887 atf_check -o "match:map-failed +1 +" -x "jexec router pfctl -qvvsi 2> /dev/null"
910 jexec router route add -6 ${net_clients_6}::/${net_clients_6_mask} ${net_tester_6_host_tester}
925 jexec router pfctl -e
929 "set state-policy if-bound" \
933 route-to { \
948 atf_check -s exit:0 ${common_dir}/pft_ping.py \
949 --sendif ${epair_tester}a --replyif ${epair_tester}a \
950 --fromaddr ${net_clients_6}::1 --to ${host_server_6} \
951 --ping-type=tcp3way --send-sport=${port}
955 jexec router pfctl -qvvss | normalize_pfctl_s > $states
959 …"${epair_tester}b tcp ${host_server_6}\[9\] <- ${net_clients_6}::1\[4201\] .* route-to: ${net_serv…
960 …"${epair_tester}b tcp ${host_server_6}\[9\] <- ${net_clients_6}::1\[4202\] .* route-to: ${net_serv…
961 …"${epair_tester}b tcp ${host_server_6}\[9\] <- ${net_clients_6}::1\[4203\] .* route-to: ${net_serv…
962 …"${epair_tester}b tcp ${host_server_6}\[9\] <- ${net_clients_6}::1\[4204\] .* route-to: ${net_serv…
963 …"${epair_tester}b tcp ${host_server_6}\[9\] <- ${net_clients_6}::1\[4205\] .* route-to: ${net_serv…
964 …"${epair_tester}b tcp ${host_server_6}\[9\] <- ${net_clients_6}::1\[4206\] .* route-to: ${net_serv…
965 …"${epair_tester}b tcp ${host_server_6}\[9\] <- ${net_clients_6}::1\[4207\] .* route-to: ${net_serv…
967 grep -qE "${state_regexp}" $states || atf_fail "State not found for '${state_regexp}'"