xref: /freebsd/tests/sys/netpfil/pf/pfsync.sh (revision 036d2e814bf0f5d88ffb4b24c159320894541757)
1# $FreeBSD$
2
3. $(atf_get_srcdir)/utils.subr
4
5atf_test_case "basic" "cleanup"
6basic_head()
7{
8	atf_set descr 'Basic pfsync test'
9	atf_set require.user root
10}
11
12basic_body()
13{
14	common_body
15}
16
17common_body()
18{
19	defer=$1
20	pfsynct_init
21
22	epair_sync=$(vnet_mkepair)
23	epair_one=$(vnet_mkepair)
24	epair_two=$(vnet_mkepair)
25
26	vnet_mkjail one ${epair_one}a ${epair_sync}a
27	vnet_mkjail two ${epair_two}a ${epair_sync}b
28
29	# pfsync interface
30	jexec one ifconfig ${epair_sync}a 192.0.2.1/24 up
31	jexec one ifconfig ${epair_one}a 198.51.100.1/24 up
32	jexec one ifconfig pfsync0 \
33		syncdev ${epair_sync}a \
34		maxupd 1 \
35		$defer \
36		up
37	jexec two ifconfig ${epair_two}a 198.51.100.2/24 up
38	jexec two ifconfig ${epair_sync}b 192.0.2.2/24 up
39	jexec two ifconfig pfsync0 \
40		syncdev ${epair_sync}b \
41		maxupd 1 \
42		$defer \
43		up
44
45	# Enable pf!
46	jexec one pfctl -e
47	pft_set_rules one \
48		"set skip on ${epair_sync}a" \
49		"pass keep state"
50	jexec two pfctl -e
51	pft_set_rules two \
52		"set skip on ${epair_sync}b" \
53		"pass keep state"
54
55	ifconfig ${epair_one}b 198.51.100.254/24 up
56
57	ping -c 1 -S 198.51.100.254 198.51.100.1
58
59	# Give pfsync time to do its thing
60	sleep 2
61
62	if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
63	    grep 198.51.100.2 ; then
64		atf_fail "state not found on synced host"
65	fi
66}
67
68basic_cleanup()
69{
70	pfsynct_cleanup
71}
72
73atf_test_case "defer" "cleanup"
74defer_head()
75{
76	atf_set descr 'Defer mode pfsync test'
77	atf_set require.user root
78}
79
80defer_body()
81{
82	common_body defer
83}
84
85defer_cleanup()
86{
87	pfsynct_cleanup
88}
89
90atf_init_test_cases()
91{
92	atf_add_test_case "basic"
93	atf_add_test_case "defer"
94}
95