git: 641fbfc82822 - main - pf tests: Do not handle ipfw presence
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 14 Sep 2024 08:12:55 UTC
The branch main has been updated by igoro: URL: https://cgit.FreeBSD.org/src/commit/?id=641fbfc82822ac269c778dcdba2406a4df520424 commit 641fbfc82822ac269c778dcdba2406a4df520424 Author: Igor Ostapenko <igoro@FreeBSD.org> AuthorDate: 2024-09-14 08:08:06 +0000 Commit: Igor Ostapenko <igoro@FreeBSD.org> CommitDate: 2024-09-14 08:08:06 +0000 pf tests: Do not handle ipfw presence Initially, it was added to cover a conflicting case of ipfw and pf used together. But there are more drawbacks than benefits: - A half of these tests are always skipped. That leads to misunderstanding, while the test suite strives to avoid ambiguous situations. - Handling enabled ipfw on the test level is tedious, error-prone, and less maintainable. - CI and similar parties already know how to deal with ipfw for the test suite, like making it open by default. Extra complexity is not needed. In addition, ipfw+pf use cases are not officially supported. Reviewed by: kp, markj Approved by: kp (mentor), markj (mentor) Differential Revision: https://reviews.freebsd.org/D46655 --- tests/sys/netpfil/pf/divert-to.sh | 203 ++++++-------------------------------- tests/sys/netpfil/pf/if_enc.sh | 56 ++--------- 2 files changed, 37 insertions(+), 222 deletions(-) diff --git a/tests/sys/netpfil/pf/divert-to.sh b/tests/sys/netpfil/pf/divert-to.sh index 72adbeedb007..c7118c397032 100644 --- a/tests/sys/netpfil/pf/divert-to.sh +++ b/tests/sys/netpfil/pf/divert-to.sh @@ -51,8 +51,6 @@ # > outbound > diverted > outbound | network terminated # # Test case naming legend: -# ipfwon - with ipfw enabled -# ipfwoff - with ipfw disabled # in - inbound # div - diverted # out - outbound @@ -76,40 +74,21 @@ dummynet_init() fi } -ipfw_init() -{ - if ! kldstat -q -m ipfw; then - atf_skip "This test requires ipfw" - fi -} - -assert_ipfw_is_off() -{ - if kldstat -q -m ipfw; then - atf_skip "This test is for the case when ipfw is not loaded" - fi -} - -atf_test_case "ipfwoff_in_div" "cleanup" -ipfwoff_in_div_head() +atf_test_case "in_div" "cleanup" +in_div_head() { atf_set descr 'Test inbound > diverted | divapp terminated' atf_set require.user root } -ipfwoff_in_div_body() +in_div_body() { - local ipfwon - pft_init divert_init - test "$1" == "ipfwon" && ipfwon="yes" - test $ipfwon && ipfw_init || assert_ipfw_is_off epair=$(vnet_mkepair) vnet_mkjail div ${epair}b ifconfig ${epair}a 192.0.2.1/24 up jexec div ifconfig ${epair}b 192.0.2.2/24 up - test $ipfwon && jexec div ipfw add 65534 allow all from any to any # Sanity check atf_check -s exit:0 -o ignore ping -c3 192.0.2.2 @@ -129,46 +108,26 @@ ipfwoff_in_div_body() wait $divapp_pid } -ipfwoff_in_div_cleanup() -{ - pft_cleanup -} - -atf_test_case "ipfwon_in_div" "cleanup" -ipfwon_in_div_head() -{ - atf_set descr 'Test inbound > diverted | divapp terminated, with ipfw enabled' - atf_set require.user root -} -ipfwon_in_div_body() -{ - ipfwoff_in_div_body "ipfwon" -} -ipfwon_in_div_cleanup() +in_div_cleanup() { pft_cleanup } -atf_test_case "ipfwoff_in_div_in" "cleanup" -ipfwoff_in_div_in_head() +atf_test_case "in_div_in" "cleanup" +in_div_in_head() { atf_set descr 'Test inbound > diverted > inbound | host terminated' atf_set require.user root } -ipfwoff_in_div_in_body() +in_div_in_body() { - local ipfwon - pft_init divert_init - test "$1" == "ipfwon" && ipfwon="yes" - test $ipfwon && ipfw_init || assert_ipfw_is_off epair=$(vnet_mkepair) vnet_mkjail div ${epair}b ifconfig ${epair}a 192.0.2.1/24 up jexec div ifconfig ${epair}b 192.0.2.2/24 up - test $ipfwon && jexec div ipfw add 65534 allow all from any to any # Sanity check atf_check -s exit:0 -o ignore ping -c3 192.0.2.2 @@ -188,46 +147,26 @@ ipfwoff_in_div_in_body() wait $divapp_pid } -ipfwoff_in_div_in_cleanup() +in_div_in_cleanup() { pft_cleanup } -atf_test_case "ipfwon_in_div_in" "cleanup" -ipfwon_in_div_in_head() -{ - atf_set descr 'Test inbound > diverted > inbound | host terminated, with ipfw enabled' - atf_set require.user root -} -ipfwon_in_div_in_body() -{ - ipfwoff_in_div_in_body "ipfwon" -} -ipfwon_in_div_in_cleanup() -{ - pft_cleanup -} - -atf_test_case "ipfwoff_out_div" "cleanup" -ipfwoff_out_div_head() +atf_test_case "out_div" "cleanup" +out_div_head() { atf_set descr 'Test outbound > diverted | divapp terminated' atf_set require.user root } -ipfwoff_out_div_body() +out_div_body() { - local ipfwon - pft_init divert_init - test "$1" == "ipfwon" && ipfwon="yes" - test $ipfwon && ipfw_init || assert_ipfw_is_off epair=$(vnet_mkepair) vnet_mkjail div ${epair}b ifconfig ${epair}a 192.0.2.1/24 up jexec div ifconfig ${epair}b 192.0.2.2/24 up - test $ipfwon && jexec div ipfw add 65534 allow all from any to any # Sanity check atf_check -s exit:0 -o ignore ping -c3 192.0.2.2 @@ -248,46 +187,26 @@ ipfwoff_out_div_body() wait $divapp_pid } -ipfwoff_out_div_cleanup() -{ - pft_cleanup -} - -atf_test_case "ipfwon_out_div" "cleanup" -ipfwon_out_div_head() -{ - atf_set descr 'Test outbound > diverted | divapp terminated, with ipfw enabled' - atf_set require.user root -} -ipfwon_out_div_body() -{ - ipfwoff_out_div_body "ipfwon" -} -ipfwon_out_div_cleanup() +out_div_cleanup() { pft_cleanup } -atf_test_case "ipfwoff_out_div_out" "cleanup" -ipfwoff_out_div_out_head() +atf_test_case "out_div_out" "cleanup" +out_div_out_head() { atf_set descr 'Test outbound > diverted > outbound | network terminated' atf_set require.user root } -ipfwoff_out_div_out_body() +out_div_out_body() { - local ipfwon - pft_init divert_init - test "$1" == "ipfwon" && ipfwon="yes" - test $ipfwon && ipfw_init || assert_ipfw_is_off epair=$(vnet_mkepair) vnet_mkjail div ${epair}b ifconfig ${epair}a 192.0.2.1/24 up jexec div ifconfig ${epair}b 192.0.2.2/24 up - test $ipfwon && jexec div ipfw add 65534 allow all from any to any # Sanity check atf_check -s exit:0 -o ignore ping -c3 192.0.2.2 @@ -308,40 +227,21 @@ ipfwoff_out_div_out_body() wait $divapp_pid } -ipfwoff_out_div_out_cleanup() +out_div_out_cleanup() { pft_cleanup } -atf_test_case "ipfwon_out_div_out" "cleanup" -ipfwon_out_div_out_head() -{ - atf_set descr 'Test outbound > diverted > outbound | network terminated, with ipfw enabled' - atf_set require.user root -} -ipfwon_out_div_out_body() -{ - ipfwoff_out_div_out_body "ipfwon" -} -ipfwon_out_div_out_cleanup() -{ - pft_cleanup -} - -atf_test_case "ipfwoff_in_div_in_fwd_out_div_out" "cleanup" -ipfwoff_in_div_in_fwd_out_div_out_head() +atf_test_case "in_div_in_fwd_out_div_out" "cleanup" +in_div_in_fwd_out_div_out_head() { atf_set descr 'Test inbound > diverted > inbound > forwarded > outbound > diverted > outbound | network terminated' atf_set require.user root } -ipfwoff_in_div_in_fwd_out_div_out_body() +in_div_in_fwd_out_div_out_body() { - local ipfwon - pft_init divert_init - test "$1" == "ipfwon" && ipfwon="yes" - test $ipfwon && ipfw_init || assert_ipfw_is_off # host <a--epair0--b> router <a--epair1--b> site epair0=$(vnet_mkepair) @@ -352,12 +252,10 @@ ipfwoff_in_div_in_fwd_out_div_out_body() jexec router sysctl net.inet.ip.forwarding=1 jexec router ifconfig ${epair0}b 192.0.2.2/24 up jexec router ifconfig ${epair1}a 198.51.100.1/24 up - test $ipfwon && jexec router ipfw add 65534 allow all from any to any vnet_mkjail site ${epair1}b jexec site ifconfig ${epair1}b 198.51.100.2/24 up jexec site route add default 198.51.100.1 - test $ipfwon && jexec site ipfw add 65534 allow all from any to any route add -net 198.51.100.0/24 192.0.2.2 @@ -385,48 +283,28 @@ ipfwoff_in_div_in_fwd_out_div_out_body() wait $indivapp_pid && wait $outdivapp_pid } -ipfwoff_in_div_in_fwd_out_div_out_cleanup() -{ - pft_cleanup -} - -atf_test_case "ipfwon_in_div_in_fwd_out_div_out" "cleanup" -ipfwon_in_div_in_fwd_out_div_out_head() -{ - atf_set descr 'Test inbound > diverted > inbound > forwarded > outbound > diverted > outbound | network terminated, with ipfw enabled' - atf_set require.user root -} -ipfwon_in_div_in_fwd_out_div_out_body() -{ - ipfwoff_in_div_in_fwd_out_div_out_body "ipfwon" -} -ipfwon_in_div_in_fwd_out_div_out_cleanup() +in_div_in_fwd_out_div_out_cleanup() { pft_cleanup } -atf_test_case "ipfwoff_in_dn_in_div_in_out_div_out_dn_out" "cleanup" -ipfwoff_in_dn_in_div_in_out_div_out_dn_out_head() +atf_test_case "in_dn_in_div_in_out_div_out_dn_out" "cleanup" +in_dn_in_div_in_out_div_out_dn_out_head() { atf_set descr 'Test inbound > delayed+diverted > outbound > diverted+delayed > outbound | network terminated' atf_set require.user root } -ipfwoff_in_dn_in_div_in_out_div_out_dn_out_body() +in_dn_in_div_in_out_div_out_dn_out_body() { - local ipfwon - pft_init divert_init dummynet_init - test "$1" == "ipfwon" && ipfwon="yes" - test $ipfwon && ipfw_init || assert_ipfw_is_off epair=$(vnet_mkepair) vnet_mkjail alcatraz ${epair}b ifconfig ${epair}a 192.0.2.1/24 up ifconfig ${epair}a ether 02:00:00:00:00:01 jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up - test $ipfwon && jexec alcatraz ipfw add 65534 allow all from any to any # Sanity check atf_check -s exit:0 -o ignore ping -c3 192.0.2.2 @@ -489,41 +367,20 @@ ipfwoff_in_dn_in_div_in_out_div_out_dn_out_body() # } } -ipfwoff_in_dn_in_div_in_out_div_out_dn_out_cleanup() -{ - pft_cleanup -} - -atf_test_case "ipfwon_in_dn_in_div_in_out_div_out_dn_out" "cleanup" -ipfwon_in_dn_in_div_in_out_div_out_dn_out_head() -{ - atf_set descr 'Test inbound > delayed+diverted > outbound > diverted+delayed > outbound | network terminated, with ipfw enabled' - atf_set require.user root -} -ipfwon_in_dn_in_div_in_out_div_out_dn_out_body() -{ - ipfwoff_in_dn_in_div_in_out_div_out_dn_out_body "ipfwon" -} -ipfwon_in_dn_in_div_in_out_div_out_dn_out_cleanup() +in_dn_in_div_in_out_div_out_dn_out_cleanup() { pft_cleanup } atf_init_test_cases() { - atf_add_test_case "ipfwoff_in_div" - atf_add_test_case "ipfwoff_in_div_in" - atf_add_test_case "ipfwon_in_div" - atf_add_test_case "ipfwon_in_div_in" + atf_add_test_case "in_div" + atf_add_test_case "in_div_in" - atf_add_test_case "ipfwoff_out_div" - atf_add_test_case "ipfwoff_out_div_out" - atf_add_test_case "ipfwon_out_div" - atf_add_test_case "ipfwon_out_div_out" + atf_add_test_case "out_div" + atf_add_test_case "out_div_out" - atf_add_test_case "ipfwoff_in_div_in_fwd_out_div_out" - atf_add_test_case "ipfwon_in_div_in_fwd_out_div_out" + atf_add_test_case "in_div_in_fwd_out_div_out" - atf_add_test_case "ipfwoff_in_dn_in_div_in_out_div_out_dn_out" - atf_add_test_case "ipfwon_in_dn_in_div_in_out_div_out_dn_out" + atf_add_test_case "in_dn_in_div_in_out_div_out_dn_out" } diff --git a/tests/sys/netpfil/pf/if_enc.sh b/tests/sys/netpfil/pf/if_enc.sh index 2e9060d4aa68..40090b175470 100644 --- a/tests/sys/netpfil/pf/if_enc.sh +++ b/tests/sys/netpfil/pf/if_enc.sh @@ -71,24 +71,8 @@ if_enc_init() fi } -ipfw_init() -{ - if ! kldstat -q -m ipfw; then - atf_skip "This test requires ipfw" - fi -} - -assert_ipfw_is_off() -{ - if kldstat -q -m ipfw; then - atf_skip "This test is for the case when ipfw is not loaded" - fi -} - build_test_network() { - local ipfwon=$1 - alan=$(vnet_mkepair) awan=$(vnet_mkepair) bwan=$(vnet_mkepair) @@ -98,7 +82,6 @@ build_test_network() vnet_mkjail a ${alan}a jexec a ifconfig ${alan}a 1.0.0.11/24 up jexec a route add default 1.0.0.1 - test $ipfwon && jexec a ipfw add 65534 allow all from any to any # host agw vnet_mkjail agw ${alan}b ${awan}a @@ -106,14 +89,12 @@ build_test_network() jexec agw ifconfig ${awan}a 2.0.0.22/24 up jexec agw route add default 2.0.0.1 jexec agw sysctl net.inet.ip.forwarding=1 - test $ipfwon && jexec agw ipfw add 65534 allow all from any to any # host wan vnet_mkjail wan ${awan}b ${bwan}b jexec wan ifconfig ${awan}b 2.0.0.1/24 up jexec wan ifconfig ${bwan}b 3.0.0.1/24 up jexec wan sysctl net.inet.ip.forwarding=1 - test $ipfwon && jexec wan ipfw add 65534 allow all from any to any # host bgw vnet_mkjail bgw ${bwan}a ${blan}b @@ -121,13 +102,11 @@ build_test_network() jexec bgw ifconfig ${blan}b 4.0.0.1/24 up jexec bgw route add default 3.0.0.1 jexec bgw sysctl net.inet.ip.forwarding=1 - test $ipfwon && jexec bgw ipfw add 65534 allow all from any to any # host b vnet_mkjail b ${blan}a jexec b ifconfig ${blan}a 4.0.0.44/24 up jexec b route add default 4.0.0.1 - test $ipfwon && jexec b ipfw add 65534 allow all from any to any # Office A VPN setup echo ' @@ -146,23 +125,19 @@ build_test_network() ' | jexec bgw setkey -c } -atf_test_case "ipfwoff_ip4_pfil_in_after_stripping" "cleanup" -ipfwoff_ip4_pfil_in_after_stripping_head() +atf_test_case "ip4_pfil_in_after_stripping" "cleanup" +ip4_pfil_in_after_stripping_head() { - atf_set descr 'Test that pf pulls up mbuf if m_len==0 after stripping the outer header, with ipfw disabled' + atf_set descr 'Test that pf pulls up mbuf if m_len==0 after stripping the outer header' atf_set require.user root atf_set require.progs nc } -ipfwoff_ip4_pfil_in_after_stripping_body() +ip4_pfil_in_after_stripping_body() { - local ipfwon - pft_init if_enc_init - test "$1" == "ipfwon" && ipfwon="yes" - test $ipfwon && ipfw_init || assert_ipfw_is_off - build_test_network $ipfwon + build_test_network # Sanity check atf_check -s exit:0 -o ignore jexec a ping -c3 4.0.0.44 @@ -192,29 +167,12 @@ ipfwoff_ip4_pfil_in_after_stripping_body() jexec b kill -KILL $nc_pid # in a fail case the catcher may listen forever atf_check_equal "$spell" "$(cat ./receiver)" } -ipfwoff_ip4_pfil_in_after_stripping_cleanup() -{ - pft_cleanup -} - -atf_test_case "ipfwon_ip4_pfil_in_after_stripping" "cleanup" -ipfwon_ip4_pfil_in_after_stripping_head() -{ - atf_set descr 'Test that pf pulls up mbuf if m_len==0 after stripping the outer header, with ipfw enabled' - atf_set require.user root - atf_set require.progs nc -} -ipfwon_ip4_pfil_in_after_stripping_body() -{ - ipfwoff_ip4_pfil_in_after_stripping_body "ipfwon" -} -ipfwon_ip4_pfil_in_after_stripping_cleanup() +ip4_pfil_in_after_stripping_cleanup() { pft_cleanup } atf_init_test_cases() { - atf_add_test_case "ipfwoff_ip4_pfil_in_after_stripping" - atf_add_test_case "ipfwon_ip4_pfil_in_after_stripping" + atf_add_test_case "ip4_pfil_in_after_stripping" }