Lines Matching +full:route +full:- +full:up
2 # SPDX-License-Identifier: BSD-2-Clause
34 atf_set descr 'Basic route-to test'
43 ifconfig ${epair_send}a 192.0.2.1/24 up
45 ifconfig ${epair_route}a 203.0.113.1/24 up
48 jexec alcatraz ifconfig ${epair_send}b 192.0.2.2/24 up
49 jexec alcatraz ifconfig ${epair_route}b 203.0.113.2/24 up
50 jexec alcatraz route add -net 198.51.100.0/24 192.0.2.1
51 jexec alcatraz pfctl -e
55 "pass out route-to (${epair_route}b 203.0.113.1) from 192.0.2.2 to 198.51.100.1 no state"
56 jexec alcatraz nc -w 3 -s 192.0.2.2 198.51.100.1 22
70 atf_set descr 'Basic route-to test (IPv6)'
79 ifconfig ${epair_send}a inet6 2001:db8:42::1/64 up no_dad -ifdisabled
81 ifconfig ${epair_route}a inet6 2001:db8:43::1/64 up no_dad -ifdisabled
84 jexec alcatraz ifconfig ${epair_send}b inet6 2001:db8:42::2/64 up no_dad
85 jexec alcatraz ifconfig ${epair_route}b inet6 2001:db8:43::2/64 up no_dad
86 jexec alcatraz route add -6 2001:db8:666::/64 2001:db8:42::2
87 jexec alcatraz pfctl -e
91 …"pass out route-to (${epair_route}b 2001:db8:43::1) from 2001:db8:42::2 to 2001:db8:666::1 no stat…
92 jexec alcatraz nc -6 -w 3 -s 2001:db8:42::2 2001:db8:666::1 22
106 atf_set descr 'Multi-WAN redirection / reply-to test'
126 jexec wan_one ifconfig ${epair_one}a 192.0.2.1/24 up
128 jexec srv ifconfig ${epair_one}b 192.0.2.2/24 up
129 jexec client route add 192.0.2.0/24 203.0.113.2
133 jexec wan_two ifconfig ${epair_two}a 198.51.100.1/24 up
135 jexec srv ifconfig ${epair_two}b 198.51.100.2/24 up
136 jexec client route add 198.51.100.0/24 203.0.113.129
138 jexec srv ifconfig lo0 127.0.0.1/8 up
139 jexec srv route add default 192.0.2.1
143 jexec srv /usr/sbin/inetd -p ${PWD}/multiwan.pid $(atf_get_srcdir)/echo_inetd.conf
145 jexec srv pfctl -e
147 "nat on ${epair_one}b inet from 127.0.0.0/8 to any -> (${epair_one}b)" \
148 "nat on ${epair_two}b inet from 127.0.0.0/8 to any -> (${epair_two}b)" \
149 "rdr on ${epair_one}b inet proto tcp from any to 192.0.2.2 port 7 -> 127.0.0.1 port 7" \
150 "rdr on ${epair_two}b inet proto tcp from any to 198.51.100.2 port 7 -> 127.0.0.1 port 7" \
153 …"pass in quick on ${epair_one}b reply-to (${epair_one}b 192.0.2.1) inet proto tcp from any to 127.…
154 …"pass in quick on ${epair_two}b reply-to (${epair_two}b 198.51.100.1) inet proto tcp from any to 1…
156 # These will always succeed, because we don't change interface to route
158 result=$(echo "one" | jexec wan_one nc -N -w 3 192.0.2.2 7)
162 result=$(echo "two" | jexec wan_two nc -N -w 3 198.51.100.2 7)
167 result=$(echo "one" | jexec client nc -N -w 3 192.0.2.2 7)
173 result=$(echo "two" | jexec client nc -N -w 3 198.51.100.2 7)
187 atf_set descr 'Multi-WAN local origin source-based redirection / route-to test'
208 jexec wan_one ifconfig ${epair_one}a 192.0.2.1/24 up
210 jexec srv1 ifconfig ${epair_one}b 192.0.2.2/24 up
214 jexec wan_two ifconfig ${epair_two}a 198.51.100.1/24 up
216 jexec srv2 ifconfig ${epair_two}b 198.51.100.2/24 up
218 jexec client route add default 203.0.113.2
219 jexec srv1 route add default 192.0.2.1
220 jexec srv2 route add default 198.51.100.1
223 jexec srv1 sh -c 'dd if=/dev/zero bs=1024 count=100 | nc -l 7 -w 2 -N &'
224 jexec srv2 sh -c 'dd if=/dev/zero bs=1024 count=100 | nc -l 7 -w 2 -N &'
226 jexec client pfctl -e
230 …"pass out quick route-to (${epair_cl_two}a 203.0.113.129) inet proto tcp from 203.0.113.128 to any…
235 result=$(jexec client nc -N -w 1 192.0.2.2 7 | wc -c)
236 if [ ${result} -ne 102400 ]; then
237 jexec client pfctl -ss
242 result=$(jexec client nc -N -w 1 -s 203.0.113.128 198.51.100.2 7 | wc -c)
243 jexec client pfctl -ss
244 if [ ${result} -ne 102400 ]; then
257 atf_set descr 'Test that ICMP packets are correct for route-to + NAT'
274 ifconfig ${epair_one}a 192.0.2.2/24 up
275 route add -net 198.51.100.0/24 192.0.2.1
277 jexec gw ifconfig ${epair_one}b 192.0.2.1/24 up
278 jexec gw ifconfig ${epair_two}a 198.51.100.1/24 up
279 jexec gw ifconfig ${epair_three}a 203.0.113.1/24 up mtu 500
280 jexec srv ifconfig ${epair_two}b 198.51.100.2/24 up
281 jexec srv route add default 198.51.100.1
282 jexec srv2 ifconfig ${epair_three}b 203.0.113.2/24 up mtu 500
283 jexec srv2 route add default 203.0.113.1
286 atf_check -s exit:0 -o ignore ping -c 1 198.51.100.2
288 jexec gw pfctl -e
290 "nat on ${epair_two}a inet from 192.0.2.0/24 to any -> (${epair_two}a)" \
291 "nat on ${epair_three}a inet from 192.0.2.0/24 to any -> (${epair_three}a)" \
292 "pass out route-to (${epair_three}a 203.0.113.2) proto icmp icmp-type echoreq"
295 atf_check -s exit:0 ${common_dir}/pft_icmp_check.py \
296 --to 198.51.100.2 \
297 --fromaddr 192.0.2.2 \
298 --recvif ${epair_one}a \
299 --sendif ${epair_one}a
302 atf_check -s exit:2 -o match:'frag needed and DF set' \
303 ping -D -c 1 -s 1000 198.51.100.2
314 atf_set descr 'Test that dummynet applies to route-to packets'
326 jexec srv ifconfig ${epair_srv}a 192.0.2.1/24 up
327 jexec srv route add default 192.0.2.2
330 jexec gw ifconfig ${epair_srv}b 192.0.2.2/24 up
331 jexec gw ifconfig ${epair_gw}a 198.51.100.1/24 up
334 ifconfig ${epair_gw}b 198.51.100.2/24 up
335 route add -net 192.0.2.0/24 198.51.100.1
338 atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1
342 "pass out route-to (${epair_srv}b 192.0.2.1) to 192.0.2.1 dnpipe 1"
343 jexec gw pfctl -e
347 atf_check -s exit:0 -o ignore ping -c 1 -t 2 192.0.2.1
349 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.1
353 "pass out route-to (${epair_srv}b 192.0.2.1) to 192.0.2.1 dnpipe (0, 1)"
357 atf_check -s exit:0 -o ignore ping -c 1 -t 2 192.0.2.1
359 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.1
370 atf_set descr 'Thest that dummynet works as expected on pass in route-to packets'
382 jexec srv ifconfig ${epair_srv}a 192.0.2.1/24 up
383 jexec srv route add default 192.0.2.2
386 jexec gw ifconfig ${epair_srv}b 192.0.2.2/24 up
387 jexec gw ifconfig ${epair_gw}a 198.51.100.1/24 up
390 ifconfig ${epair_gw}b 198.51.100.2/24 up
391 route add -net 192.0.2.0/24 198.51.100.1
394 atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1
398 "pass in route-to (${epair_srv}b 192.0.2.1) to 192.0.2.1 dnpipe 1"
399 jexec gw pfctl -e
404 ping -c 1 192.0.2.1
405 atf_check -s exit:0 -o ignore ping -c 1 -t 2 192.0.2.1
407 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.1
411 "pass in route-to (${epair_srv}b 192.0.2.1) to 192.0.2.1 dnpipe (0, 1)"
416 ping -c 1 192.0.2.1
417 atf_check -s exit:0 -o ignore ping -c 1 -t 2 192.0.2.1
419 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.1
430 atf_set descr 'Test that route-to states bind the expected interface'
442 ifconfig ${epair_one}b up
445 jexec ${j}2 ifconfig ${epair_two}b inet 198.51.100.2/24 up
447 jexec ${j}2 route add default 198.51.100.1
450 jexec $j ifconfig ${epair_one}a 192.0.2.1/24 up
451 jexec $j ifconfig ${epair_two}a 198.51.100.1/24 up
452 jexec $j route add default 192.0.2.2
454 jexec $j pfctl -e
456 "set state-policy if-bound" \
458 "pass out route-to (${epair_two}a 198.51.100.2)"
460 atf_check -s exit:0 -o ignore \
461 jexec $j ping -c 3 203.0.113.1
472 atf_set descr 'Test that route-to states for IPv6 bind the expected interface'
484 ifconfig ${epair_one}b up
487 jexec ${j}2 ifconfig ${epair_two}b inet6 2001:db8:1::2/64 up no_dad
489 jexec ${j}2 route -6 add default 2001:db8:1::1
492 jexec $j ifconfig ${epair_one}a inet6 2001:db8::1/64 up no_dad
493 jexec $j ifconfig ${epair_two}a inet6 2001:db8:1::1/64 up no_dad
494 jexec $j route -6 add default 2001:db8::2
496 jexec $j ping6 -c 3 2001:db8:1::2
498 jexec $j pfctl -e
500 "set state-policy if-bound" \
502 "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv }" \
503 "pass out route-to (${epair_two}a 2001:db8:1::2)"
505 atf_check -s exit:0 -o ignore \
506 jexec $j ping6 -c 3 2001:db8:2::1
517 atf_set descr 'Test that reply-to states bind to the expected interface'
530 ifconfig ${epair_one}b inet 192.0.2.2/24 up
531 ifconfig ${epair_two}b up
534 jexec $j ifconfig ${epair_one}a 192.0.2.1/24 up
535 jexec $j ifconfig ${epair_two}a 198.51.100.1/24 up
536 jexec $j route add default 198.51.100.254
538 jexec $j pfctl -e
540 "set state-policy if-bound" \
542 …"pass in on ${epair_one}a reply-to (${epair_one}a 192.0.2.2) inet from any to 192.0.2.0/24 keep st…
544 atf_check -s exit:0 -o ignore \
545 ping -c 3 192.0.2.1
547 atf_check -s exit:0 \
549 --to 192.0.2.1 \
550 --from 203.0.113.2 \
551 --sendif ${epair_one}b \
552 --replyif ${epair_one}b
555 atf_check -s exit:0 \
557 --to 192.0.2.1 \
558 --from 203.0.113.2 \
559 --sendif ${epair_one}b \
560 --replyif ${epair_one}b
562 jexec $j pfctl -ss -vv
573 atf_set descr 'Test that reply-to states bind to the expected interface for IPv6'
588 jexec ${j}s ifconfig ${epair_one}b inet6 2001:db8::2/64 up no_dad
589 jexec ${j}s ifconfig ${epair_two}b up
590 #jexec ${j}s route -6 add default 2001:db8::1
593 jexec $j ifconfig ${epair_one}a inet6 2001:db8::1/64 up no_dad
594 jexec $j ifconfig ${epair_two}a inet6 2001:db8:1::1/64 up no_dad
595 jexec $j route -6 add default 2001:db8:1::254
597 jexec $j pfctl -e
599 "set state-policy if-bound" \
601 "pass quick inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv }" \
602 …"pass in on ${epair_one}a reply-to (${epair_one}a 2001:db8::2) inet6 from any to 2001:db8::/64 kee…
604 atf_check -s exit:0 -o ignore \
605 jexec ${j}s ping6 -c 3 2001:db8::1
607 atf_check -s exit:0 \
609 --to 2001:db8::1 \
610 --from 2001:db8:2::2 \
611 --sendif ${epair_one}b \
612 --replyif ${epair_one}b
615 atf_check -s exit:0 \
617 --to 2001:db8::1 \
618 --from 2001:db8:2::2 \
619 --sendif ${epair_one}b \
620 --replyif ${epair_one}b
622 jexec $j pfctl -ss -vv
633 …atf_set descr 'Test that reply-to states bind to the expected non-default-route interface after rd…
646 ifconfig ${epair_one}b inet 192.0.2.2/24 up
647 ifconfig ${epair_two}b up
650 jexec $j ifconfig lo0 inet 127.0.0.1/8 up
651 jexec $j ifconfig ${epair_one}a 192.0.2.1/24 up
652 jexec $j ifconfig ${epair_two}a 198.51.100.1/24 up
653 jexec $j route add default 198.51.100.254
655 jexec $j pfctl -e
658 "set state-policy if-bound" \
659 "rdr on ${epair_one}a proto icmp from any to 192.0.2.1 -> 127.0.0.1" \
660 "rdr on ${epair_two}a proto icmp from any to 198.51.100.1 -> 127.0.0.1" \
662 …"pass in on ${epair_one}a reply-to (${epair_one}a 192.0.2.2) inet from any to 127.0.0.1 keep state"
664 atf_check -s exit:0 -o ignore \
665 ping -c 3 192.0.2.1
667 atf_check -s exit:0 \
669 --to 192.0.2.1 \
670 --from 203.0.113.2 \
671 --sendif ${epair_one}b \
672 --replyif ${epair_one}b
675 atf_check -s exit:0 \
677 --to 192.0.2.1 \
678 --from 203.0.113.2 \
679 --sendif ${epair_one}b \
680 --replyif ${epair_one}b
682 jexec $j pfctl -sr -vv
683 jexec $j pfctl -ss -vv
694 atf_set descr 'Test fragmentation with route-to and dummynet'
706 ifconfig ${epair_one}a 192.0.2.1/24 up
709 jexec alcatraz ifconfig ${epair_one}b 192.0.2.2/24 up
710 jexec alcatraz ifconfig ${epair_two}a 198.51.100.1/24 up
714 jexec singsing ifconfig ${epair_two}b 198.51.100.2/24 up
715 jexec singsing route add default 198.51.100.1
717 route add 198.51.100.0/24 192.0.2.2
724 jexec alcatraz pfctl -e
727 "pass in route-to (${epair_two}a 198.51.100.2) inet proto icmp all icmp-type echoreq dnpipe 1" \
731 atf_check -s exit:0 -o ignore ping -c 1 198.51.100.2
732 atf_check -s exit:0 -o ignore ping -c 1 -s 4000 198.51.100.2
755 ifconfig ${epair_one}a 192.0.2.1/24 up
758 jexec alcatraz ifconfig ${epair_one}b 192.0.2.2/24 up
759 jexec alcatraz ifconfig ${epair_two}a 198.51.100.1/24 up
763 jexec singsing ifconfig ${epair_two}b 198.51.100.2/24 up
764 jexec singsing route add default 198.51.100.1
766 route add 198.51.100.0/24 192.0.2.2
770 jexec alcatraz pfctl -e
773 "nat on ${epair_two}a from 192.0.2.0/24 -> (${epair_two}a)" \
774 …"pass in route-to (${epair_two}a 198.51.100.2) inet proto icmp all icmp-type echoreq dnpipe (1, 1)…
775 "pass out route-to (${epair_two}a 198.51.100.2) inet proto icmp all icmp-type echoreq"
777 ping -c 1 198.51.100.2
778 jexec alcatraz pfctl -sr -vv
779 jexec alcatraz pfctl -ss -vv
783 atf_check -s exit:0 -o ignore ping -t 2 -c 1 198.51.100.2
784 atf_check -s exit:2 -o ignore ping -t 1 -c 1 198.51.100.2
795 atf_set descr 'Set and retrieve a rule with sticky-address'
806 …"pass in quick log on n_test_h_rtr route-to (n_srv_h_rtr <change_dst>) sticky-address from any to …
808 jexec alcatraz pfctl -qvvsr