git: 5fb35badc0d5 - main - if_ovpn tests: IPv4-mapped IPv6 address test

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Fri, 01 Jul 2022 08:07:52 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=5fb35badc0d5e27aa2259b2fdeb83a988184faf3

commit 5fb35badc0d5e27aa2259b2fdeb83a988184faf3
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-06-30 15:47:58 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-07-01 08:02:32 +0000

    if_ovpn tests: IPv4-mapped IPv6 address test
    
    OpenVPN uses IPv4-mapped IPv6 addresses by default (if we don't specify
    'proto udp4', or an IPv4 address to bind to). Test that this works.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 tests/sys/net/if_ovpn/if_ovpn.sh | 73 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)

diff --git a/tests/sys/net/if_ovpn/if_ovpn.sh b/tests/sys/net/if_ovpn/if_ovpn.sh
index fcf05372d3b9..fb32e3ed1895 100644
--- a/tests/sys/net/if_ovpn/if_ovpn.sh
+++ b/tests/sys/net/if_ovpn/if_ovpn.sh
@@ -99,6 +99,78 @@ atf_test_case "4in4" "cleanup"
 	ovpn_cleanup
 }
 
+atf_test_case "4mapped" "cleanup"
+4mapped_head()
+{
+	atf_set descr 'IPv4 mapped addresses'
+	atf_set require.user root
+	atf_set require.progs openvpn
+}
+
+4mapped_body()
+{
+	ovpn_init
+
+	l=$(vnet_mkepair)
+
+	vnet_mkjail a ${l}a
+	jexec a ifconfig ${l}a 192.0.2.1/24 up
+	vnet_mkjail b ${l}b
+	jexec b ifconfig ${l}b 192.0.2.2/24 up
+
+	# Sanity check
+	atf_check -s exit:0 -o ignore jexec a ping -c 1 192.0.2.2
+
+	#jexec a ifconfig ${l}a
+
+	ovpn_start a "
+		dev ovpn0
+		dev-type tun
+
+		cipher AES-256-GCM
+		auth SHA256
+
+		server 198.51.100.0 255.255.255.0
+		ca $(atf_get_srcdir)/ca.crt
+		cert $(atf_get_srcdir)/server.crt
+		key $(atf_get_srcdir)/server.key
+		dh $(atf_get_srcdir)/dh.pem
+
+		mode server
+		script-security 2
+		auth-user-pass-verify /usr/bin/true via-env
+		topology subnet
+
+		keepalive 100 600
+	"
+	ovpn_start b "
+		dev tun0
+		dev-type tun
+
+		client
+
+		remote 192.0.2.1
+		auth-user-pass $(atf_get_srcdir)/user.pass
+
+		ca $(atf_get_srcdir)/ca.crt
+		cert $(atf_get_srcdir)/client.crt
+		key $(atf_get_srcdir)/client.key
+		dh $(atf_get_srcdir)/dh.pem
+
+		keepalive 100 600
+	"
+
+	# Give the tunnel time to come up
+	sleep 10
+
+	atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
+}
+
+4mapped_cleanup()
+{
+	ovpn_cleanup
+}
+
 atf_test_case "6in4" "cleanup"
 6in4_head()
 {
@@ -693,6 +765,7 @@ chacha_cleanup()
 atf_init_test_cases()
 {
 	atf_add_test_case "4in4"
+	atf_add_test_case "4mapped"
 	atf_add_test_case "6in4"
 	atf_add_test_case "6in6"
 	atf_add_test_case "4in6"