xref: /freebsd/tests/sys/netpfil/pf/route_to.sh (revision fa50a3552d1e759e1bb65e54cb0b7e863bcf54d5)
1# $FreeBSD$
2
3. $(atf_get_srcdir)/utils.subr
4
5atf_test_case "v4" "cleanup"
6v4_head()
7{
8	atf_set descr 'Basic route-to test'
9	atf_set require.user root
10}
11
12v4_body()
13{
14	pft_init
15
16	epair_send=$(pft_mkepair)
17	ifconfig ${epair_send}a 192.0.2.1/24 up
18	epair_route=$(pft_mkepair)
19	ifconfig ${epair_route}a 203.0.113.1/24 up
20
21	pft_mkjail alcatraz ${epair_send}b ${epair_route}b
22	jexec alcatraz ifconfig ${epair_send}b 192.0.2.2/24 up
23	jexec alcatraz ifconfig ${epair_route}b 203.0.113.2/24 up
24	jexec alcatraz route add -net 198.51.100.0/24 192.0.2.1
25	jexec alcatraz pfctl -e
26
27	# Attempt to provoke PR 228782
28	pft_set_rules alcatraz "block all" "pass user 2" \
29		"pass out route-to (${epair_route}b 203.0.113.1) from 192.0.2.2 to 198.51.100.1 no state"
30	jexec alcatraz nc -w 3 -s 192.0.2.2 198.51.100.1 22
31
32	# atf wants us to not return an error, but our netcat will fail
33	true
34}
35
36v4_cleanup()
37{
38	pft_cleanup
39}
40
41atf_test_case "v6" "cleanup"
42v6_head()
43{
44	atf_set descr 'Basic route-to test (IPv6)'
45	atf_set require.user root
46}
47
48v6_body()
49{
50	pft_init
51
52	epair_send=$(pft_mkepair)
53	ifconfig ${epair_send}a inet6 2001:db8:42::1/64 up no_dad -ifdisabled
54	epair_route=$(pft_mkepair)
55	ifconfig ${epair_route}a inet6 2001:db8:43::1/64 up no_dad -ifdisabled
56
57	pft_mkjail alcatraz ${epair_send}b ${epair_route}b
58	jexec alcatraz ifconfig ${epair_send}b inet6 2001:db8:42::2/64 up no_dad
59	jexec alcatraz ifconfig ${epair_route}b inet6 2001:db8:43::2/64 up no_dad
60	jexec alcatraz route add -6 2001:db8:666::/64 2001:db8:42::2
61	jexec alcatraz pfctl -e
62
63	# Attempt to provoke PR 228782
64	pft_set_rules alcatraz "block all" "pass user 2" \
65		"pass out route-to (${epair_route}b 2001:db8:43::1) from 2001:db8:42::2 to 2001:db8:666::1 no state"
66	jexec alcatraz nc -6 -w 3 -s 2001:db8:42::2 2001:db8:666::1 22
67
68	# atf wants us to not return an error, but our netcat will fail
69	true
70}
71
72v6_cleanup()
73{
74	pft_cleanup
75}
76
77atf_init_test_cases()
78{
79	atf_add_test_case "v4"
80	atf_add_test_case "v6"
81}
82