git: b0fcf4d5222b - main - pf tests: ensure temporary files end up in the atf working directory
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 23 Jul 2024 15:00:09 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=b0fcf4d5222bfdbbc0e2af2b14f0d73704706aa0 commit b0fcf4d5222bfdbbc0e2af2b14f0d73704706aa0 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-07-19 13:13:33 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-07-23 14:59:31 +0000 pf tests: ensure temporary files end up in the atf working directory Many of the tests create temporary files. pid files, log files, tcpdump captures, ... We should take care to ensure they're stored in the temporary working directory Kyua creates rather than in the root directory. This ensures there are no conflicts between simultaneously running tests, and also keeps the root directory clean. MFC after: 1 month Sponsored by: Rubicon Communications, LLC ("Netgate") --- tests/sys/netpfil/common/dummynet.sh | 4 ++-- tests/sys/netpfil/pf/altq.sh | 2 +- tests/sys/netpfil/pf/ether.sh | 4 ++-- tests/sys/netpfil/pf/killstate.sh | 2 +- tests/sys/netpfil/pf/map_e.sh | 3 +-- tests/sys/netpfil/pf/nat.sh | 3 +-- tests/sys/netpfil/pf/proxy.sh | 2 +- tests/sys/netpfil/pf/rdr.sh | 4 ++-- tests/sys/netpfil/pf/ridentifier.sh | 16 +++++++--------- tests/sys/netpfil/pf/route_to.sh | 3 +-- tests/sys/netpfil/pf/syncookie.sh | 15 ++++++--------- tests/sys/netpfil/pf/synproxy.sh | 9 +++------ 12 files changed, 28 insertions(+), 39 deletions(-) diff --git a/tests/sys/netpfil/common/dummynet.sh b/tests/sys/netpfil/common/dummynet.sh index 0df0db4546c8..126240f00384 100644 --- a/tests/sys/netpfil/common/dummynet.sh +++ b/tests/sys/netpfil/common/dummynet.sh @@ -277,7 +277,7 @@ queue_body() ifconfig ${epair}a 192.0.2.1/24 up jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up - jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/../pf/echo_inetd.conf # Sanity check @@ -385,7 +385,7 @@ queue_v6_body() ifconfig ${epair}a inet6 2001:db8:42::1/64 no_dad up jexec alcatraz ifconfig ${epair}b inet6 2001:db8:42::2 no_dad up - jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/../pf/echo_inetd.conf jexec alcatraz sysctl net.inet6.icmp6.errppslimit=0 diff --git a/tests/sys/netpfil/pf/altq.sh b/tests/sys/netpfil/pf/altq.sh index a902c7caaf4f..416a55777849 100644 --- a/tests/sys/netpfil/pf/altq.sh +++ b/tests/sys/netpfil/pf/altq.sh @@ -212,7 +212,7 @@ prioritise_body() ifconfig ${epair}a 192.0.2.1/24 up jexec altq_prioritise ifconfig ${epair}b 192.0.2.2/24 up - jexec altq_prioritise /usr/sbin/inetd -p inetd-altq.pid \ + jexec altq_prioritise /usr/sbin/inetd -p ${PWD}/inetd-altq.pid \ $(atf_get_srcdir)/../pf/echo_inetd.conf # Sanity check diff --git a/tests/sys/netpfil/pf/ether.sh b/tests/sys/netpfil/pf/ether.sh index e1855949476b..0369e0e57ee6 100644 --- a/tests/sys/netpfil/pf/ether.sh +++ b/tests/sys/netpfil/pf/ether.sh @@ -362,8 +362,8 @@ captive_long_body() # ICMP should still work, because we don't redirect it. atf_check -s exit:0 -o ignore ping -c 1 -t 1 198.51.100.2 - jexec gw /usr/sbin/inetd -p gw.pid $(atf_get_srcdir)/echo_inetd.conf - jexec srv /usr/sbin/inetd -p srv.pid $(atf_get_srcdir)/daytime_inetd.conf + jexec gw /usr/sbin/inetd -p ${PWD}/gw.pid $(atf_get_srcdir)/echo_inetd.conf + jexec srv /usr/sbin/inetd -p ${PWD}/srv.pid $(atf_get_srcdir)/daytime_inetd.conf echo foo | nc -N 198.51.100.2 13 diff --git a/tests/sys/netpfil/pf/killstate.sh b/tests/sys/netpfil/pf/killstate.sh index 046d640ed355..36743b1d8016 100644 --- a/tests/sys/netpfil/pf/killstate.sh +++ b/tests/sys/netpfil/pf/killstate.sh @@ -410,7 +410,7 @@ match_body() vnet_mkjail singsing ${epair_two}b jexec singsing ifconfig ${epair_two}b 198.51.100.2/24 up jexec singsing route add default 198.51.100.1 - jexec singsing /usr/sbin/inetd -p inetd-echo.pid \ + jexec singsing /usr/sbin/inetd -p ${PWD}/inetd-echo.pid \ $(atf_get_srcdir)/echo_inetd.conf route add 198.51.100.0/24 192.0.2.2 diff --git a/tests/sys/netpfil/pf/map_e.sh b/tests/sys/netpfil/pf/map_e.sh index 742264dcf547..59f9e7f7e14c 100644 --- a/tests/sys/netpfil/pf/map_e.sh +++ b/tests/sys/netpfil/pf/map_e.sh @@ -53,7 +53,7 @@ map_e_body() jexec map_e sysctl net.inet.ip.forwarding=1 jexec echo ifconfig ${epair_echo}b 198.51.100.2/24 up - jexec echo /usr/sbin/inetd -p inetd-echo.pid $(atf_get_srcdir)/echo_inetd.conf + jexec echo /usr/sbin/inetd -p ${PWD}/inetd-echo.pid $(atf_get_srcdir)/echo_inetd.conf # Enable pf! jexec map_e pfctl -e @@ -81,7 +81,6 @@ map_e_body() map_e_cleanup() { - rm -f inetd-echo.pid pft_cleanup } diff --git a/tests/sys/netpfil/pf/nat.sh b/tests/sys/netpfil/pf/nat.sh index 7cc0d8f35c96..513abfa5e040 100644 --- a/tests/sys/netpfil/pf/nat.sh +++ b/tests/sys/netpfil/pf/nat.sh @@ -51,7 +51,7 @@ exhaust_body() jexec nat sysctl net.inet.ip.forwarding=1 jexec echo ifconfig ${epair_echo}b 198.51.100.2/24 up - jexec echo /usr/sbin/inetd -p inetd-echo.pid $(atf_get_srcdir)/echo_inetd.conf + jexec echo /usr/sbin/inetd -p ${PWD}/inetd-echo.pid $(atf_get_srcdir)/echo_inetd.conf # Enable pf! jexec nat pfctl -e @@ -79,7 +79,6 @@ exhaust_body() exhaust_cleanup() { - rm -f inetd-echo.pid pft_cleanup } diff --git a/tests/sys/netpfil/pf/proxy.sh b/tests/sys/netpfil/pf/proxy.sh index 4a7ea00a0cd4..b112001ef2b4 100644 --- a/tests/sys/netpfil/pf/proxy.sh +++ b/tests/sys/netpfil/pf/proxy.sh @@ -57,7 +57,7 @@ ftp_body() jexec srv route add default 198.51.100.1 # Start FTP server in srv - jexec srv twistd ftp -r `pwd` -p 21 + jexec srv twistd --logfile=/dev/null ftp -r `pwd` -p 21 # Sanity check atf_check -s exit:0 -o ignore ping -c 1 198.51.100.2 diff --git a/tests/sys/netpfil/pf/rdr.sh b/tests/sys/netpfil/pf/rdr.sh index 5e60b97c653b..b7ec80b4d85e 100644 --- a/tests/sys/netpfil/pf/rdr.sh +++ b/tests/sys/netpfil/pf/rdr.sh @@ -92,7 +92,7 @@ tcp_v6_body() jexec ${j}a ping -6 -c 1 2001:db8:b::2 # capture packets on c so we can look for incorrect checksums - jexec ${j}c tcpdump --immediate-mode -w ${j}.pcap tcp and port 8000 & + jexec ${j}c tcpdump --immediate-mode -w ${PWD}/${j}.pcap tcp and port 8000 & tcpdumppid=$! # start a web server and give it a second to start @@ -112,7 +112,7 @@ tcp_v6_body() # Check for 'incorrect' in packet capture, this should tell us if # checksums are bad with rdr rules - count=$(jexec ${j}c tcpdump -vvvv -r ${j}.pcap | grep incorrect | wc -l) + count=$(jexec ${j}c tcpdump -vvvv -r ${PWD}/${j}.pcap | grep incorrect | wc -l) atf_check_equal " 0" "$count" } diff --git a/tests/sys/netpfil/pf/ridentifier.sh b/tests/sys/netpfil/pf/ridentifier.sh index c456d2111e20..8d83bcfb8213 100644 --- a/tests/sys/netpfil/pf/ridentifier.sh +++ b/tests/sys/netpfil/pf/ridentifier.sh @@ -45,7 +45,7 @@ basic_body() vnet_mkjail alcatraz ${epair}b jexec alcatraz ifconfig lo0 up jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up - jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid $(atf_get_srcdir)/echo_inetd.conf + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid $(atf_get_srcdir)/echo_inetd.conf # Sanity check atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2 @@ -56,7 +56,7 @@ basic_body() "pass in log" \ "pass in log proto tcp ridentifier 1234" - jexec alcatraz tcpdump --immediate-mode -n -e -i pflog0 > tcpdump.log & + jexec alcatraz tcpdump --immediate-mode -n -e -i pflog0 > ${PWD}/tcpdump.log & sleep 1 echo "test" | nc -N 192.0.2.2 7 @@ -67,17 +67,17 @@ basic_body() # Make sure we spotted the ridentifier atf_check -s exit:0 -o ignore \ - grep 'rule 1/0.*ridentifier 1234' tcpdump.log + grep 'rule 1/0.*ridentifier 1234' ${PWD}/tcpdump.log # But not on the !TCP traffic atf_check -s exit:1 -o ignore \ - grep 'rule 0/0.*ridentifier' tcpdump.log + grep 'rule 0/0.*ridentifier' ${PWD}/tcpdump.log # Now try with antispoof rules pft_set_rules alcatraz \ "pass in log" \ "antispoof log for ${epair}b ridentifier 4321" - jexec alcatraz tcpdump --immediate-mode -n -e -i pflog0 > tcpdump.log & + jexec alcatraz tcpdump --immediate-mode -n -e -i pflog0 > ${PWD}/tcpdump.log & sleep 1 # Without explicit rules for lo0 we're going to drop packets to ourself @@ -87,18 +87,16 @@ basic_body() sleep 1 jexec alcatraz killall tcpdump - cat tcpdump.log + cat ${PWD}/tcpdump.log # Make sure we spotted the ridentifier atf_check -s exit:0 -o ignore \ - grep 'rule 2/0.*ridentifier 4321' tcpdump.log + grep 'rule 2/0.*ridentifier 4321' ${PWD}/tcpdump.log } basic_cleanup() { pft_cleanup - rm -f inetd-alcatraz.pid - rm -f tcpdump.log } atf_init_test_cases() diff --git a/tests/sys/netpfil/pf/route_to.sh b/tests/sys/netpfil/pf/route_to.sh index df95eaecc12e..5f47cea39b01 100644 --- a/tests/sys/netpfil/pf/route_to.sh +++ b/tests/sys/netpfil/pf/route_to.sh @@ -140,7 +140,7 @@ multiwan_body() jexec srv sysctl net.inet.ip.forwarding=1 # Run echo server in srv jail - jexec srv /usr/sbin/inetd -p multiwan.pid $(atf_get_srcdir)/echo_inetd.conf + jexec srv /usr/sbin/inetd -p ${PWD}/multiwan.pid $(atf_get_srcdir)/echo_inetd.conf jexec srv pfctl -e pft_set_rules srv \ @@ -178,7 +178,6 @@ multiwan_body() multiwan_cleanup() { - rm -f multiwan.pid pft_cleanup } diff --git a/tests/sys/netpfil/pf/syncookie.sh b/tests/sys/netpfil/pf/syncookie.sh index 8feb2816f589..ac7483bc258b 100644 --- a/tests/sys/netpfil/pf/syncookie.sh +++ b/tests/sys/netpfil/pf/syncookie.sh @@ -51,7 +51,7 @@ basic_body() vnet_mkjail alcatraz ${epair}b jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up - jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/echo_inetd.conf ifconfig ${epair}a 192.0.2.2/24 up @@ -81,7 +81,7 @@ basic_body() basic_cleanup() { - rm -f inetd-alcatraz.pid + rm -f ${PWD}/inetd-alcatraz.pid pft_cleanup } @@ -100,7 +100,7 @@ basic_v6_body() vnet_mkjail alcatraz ${epair}b jexec alcatraz ifconfig ${epair}b inet6 2001:db8::1/64 up no_dad - jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/echo_inetd.conf ifconfig ${epair}a inet6 2001:db8::2/64 up no_dad @@ -130,7 +130,6 @@ basic_v6_body() basic_v6_cleanup() { - rm -f inetd-alcatraz.pid pft_cleanup } @@ -157,7 +156,7 @@ forward_body() jexec srv ifconfig ${epair_out}b 198.51.100.2/24 up jexec srv route add default 198.51.100.1 - jexec srv /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec srv /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/echo_inetd.conf ifconfig ${epair_in}a 192.0.2.2/24 up @@ -181,7 +180,6 @@ forward_body() forward_cleanup() { - rm -f inetd-alcatraz.pid pft_cleanup } @@ -208,7 +206,7 @@ forward_v6_body() jexec srv ifconfig ${epair_out}b inet6 2001:db8:1::2/64 up no_dad jexec srv route -6 add default 2001:db8:1::1 - jexec srv /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec srv /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/echo_inetd.conf ifconfig ${epair_in}a inet6 2001:db8::2/64 up no_dad @@ -232,7 +230,6 @@ forward_v6_body() forward_v6_cleanup() { - rm -f inetd-alcatraz.pid pft_cleanup } @@ -440,7 +437,7 @@ port_reuse_body() vnet_mkjail alcatraz ${epair}b vnet_mkjail singsing jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up - jexec alcatraz /usr/sbin/inetd -p ${HOME}/inetd-alcatraz.pid \ + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/echo_inetd.conf ifconfig ${epair}a 192.0.2.2/24 up diff --git a/tests/sys/netpfil/pf/synproxy.sh b/tests/sys/netpfil/pf/synproxy.sh index 3b3dc62b8993..617fa6ba2afc 100644 --- a/tests/sys/netpfil/pf/synproxy.sh +++ b/tests/sys/netpfil/pf/synproxy.sh @@ -52,7 +52,7 @@ synproxy_body() jexec singsing ifconfig ${link}b 198.51.100.2/24 up jexec singsing route add default 198.51.100.1 - jexec singsing /usr/sbin/inetd -p inetd-singsing.pid $(atf_get_srcdir)/echo_inetd.conf + jexec singsing /usr/sbin/inetd -p ${PWD}/inetd-singsing.pid $(atf_get_srcdir)/echo_inetd.conf jexec alcatraz pfctl -e pft_set_rules alcatraz "set fail-policy return" \ @@ -74,7 +74,6 @@ synproxy_body() synproxy_cleanup() { - rm -f inetd-singsing.pid pft_cleanup } @@ -94,7 +93,7 @@ local_body() vnet_mkjail alcatraz ${epair}b jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up - jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/echo_inetd.conf jexec alcatraz pfctl -e @@ -115,7 +114,6 @@ local_body() local_cleanup() { - rm -f inetd-alcatraz.pid pft_cleanup } @@ -135,7 +133,7 @@ local_v6_body() vnet_mkjail alcatraz ${epair}b jexec alcatraz ifconfig ${epair}b inet6 2001:db8:42::2/64 up - jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/echo_inetd.conf jexec alcatraz pfctl -e @@ -155,7 +153,6 @@ local_v6_body() local_v6_cleanup() { - rm -f inetd-alcatraz.pid pft_cleanup }