The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=8ad7d25dfc808ca00300f7553a9b28dfc0e99c18
commit 8ad7d25dfc808ca00300f7553a9b28dfc0e99c18
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2021-03-15 13:10:55 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2021-03-17 18:18:14 +0000
pf tests: pfsync bulk update test
Test that pfsync works as expected with bulk updates. That is, create
some state before setting up the second firewall. Let that firewall
request a bulk update so it can catch up, and check that it got the
state which was created before it enable pfsync.
PR: 254236
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D29272
---
tests/sys/netpfil/pf/pfsync.sh | 68 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 68 insertions(+)
diff --git a/tests/sys/netpfil/pf/pfsync.sh b/tests/sys/netpfil/pf/pfsync.sh
index d8cb0a13efb7..a6fc7ec9f7e9 100644
--- a/tests/sys/netpfil/pf/pfsync.sh
+++ b/tests/sys/netpfil/pf/pfsync.sh
@@ -112,8 +112,76 @@ defer_cleanup()
pfsynct_cleanup
}
+atf_test_case "bulk" "cleanup"
+bulk_head()
+{
+ atf_set descr 'Test bulk updates'
+ atf_set require.user root
+}
+
+bulk_body()
+{
+ pfsynct_init
+
+ epair_sync=$(vnet_mkepair)
+ epair_one=$(vnet_mkepair)
+ epair_two=$(vnet_mkepair)
+
+ vnet_mkjail one ${epair_one}a ${epair_sync}a
+ vnet_mkjail two ${epair_two}a ${epair_sync}b
+
+ # pfsync interface
+ jexec one ifconfig ${epair_sync}a 192.0.2.1/24 up
+ jexec one ifconfig ${epair_one}a 198.51.100.1/24 up
+ jexec one ifconfig pfsync0 \
+ syncdev ${epair_sync}a \
+ maxupd 1\
+ up
+ jexec two ifconfig ${epair_two}a 198.51.100.2/24 up
+ jexec two ifconfig ${epair_sync}b 192.0.2.2/24 up
+
+ # Enable pf
+ jexec one pfctl -e
+ pft_set_rules one \
+ "set skip on ${epair_sync}a" \
+ "pass keep state"
+ jexec two pfctl -e
+ pft_set_rules two \
+ "set skip on ${epair_sync}b" \
+ "pass keep state"
+
+ ifconfig ${epair_one}b 198.51.100.254/24 up
+
+ # Create state prior to setting up pfsync
+ ping -c 1 -S 198.51.100.254 198.51.100.1
+
+ # Wait before setting up pfsync on two, so we don't accidentally catch
+ # the update anyway.
+ sleep 1
+
+ # Now set up pfsync in jail two
+ jexec two ifconfig pfsync0 \
+ syncdev ${epair_sync}b \
+ up
+
+ # Give pfsync time to do its thing
+ sleep 2
+
+ jexec two pfctl -s states
+ if ! jexec two pfctl -s states | grep icmp | grep 198.51.100.1 | \
+ grep 198.51.100.2 ; then
+ atf_fail "state not found on synced host"
+ fi
+}
+
+bulk_cleanup()
+{
+ pfsynct_cleanup
+}
+
atf_init_test_cases()
{
atf_add_test_case "basic"
atf_add_test_case "defer"
+ atf_add_test_case "bulk"
}
_______________________________________________
dev-commits-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all
To unsubscribe, send any mail to "dev-commits-src-all-unsubscr...@freebsd.org"
