From nobody Sat Sep 14 08:12:55 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X5P7C3kdfz5WCDX; Sat, 14 Sep 2024 08:12:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X5P7C3Hf9z4kkH; Sat, 14 Sep 2024 08:12:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726301575; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=j9k1he4D2hMqpO4tXCD8HkYq7o+jMFJbHF+jWlUgBnU=; b=DP63wJ0Rfv9Hs1W+4hj7QUh7Kuh3c25O6Oh8mmCaNVkb0J9ebGrQLRkrctIVn32p6DLjL8 UooccxX/APZAi9uNNpMJDaroG4MwKOZQMx2q5MxNjSmWPBVZ4HZb8HY24M5l7VmV8d9tjs FpmolPg/ZQFZatAwGcg18uYk8ijCwj1wt04/6BNcyvY2tyUerTPH68xmZK1q0pTTHaW+bq nKQEQhkhCMj9bgwPdeQcpmtw0Y+0aFx2nm4E/KUqhi9QuKTTuto0it7lJAV97crgdai7Ck kihnzZrItSwK59c0dG0F6XQizrEq5/xuoStMNj7c0Mi/HOeKgijavC+7Nu2oBw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1726301575; a=rsa-sha256; cv=none; b=GP1wo33YMTheoMRz+HlQHhkf8Vp/UntJFoFcRgzcNvRPQSO9p0Nv+js3hagZELz7gI57g9 Yv1SRuXrkVjMouLU3xaUg+plsBqqGZ7WOJbYv4H3PJSx+n7Fcxu8HPl/UokSNGtExfKseF iegTnPEQ0gHR8lk04zB0ajXMn7exOooonwpzsmDAd1TcEdjs7itIt7bfZVdnrFHt8NnX17 7fIY8jDt+kO2AZ5+dJBA5vsLDIKp1Da4zxjHw9LHxJQbvlktS0w+EuzMpFk0HZZg/3mCn3 xIKQ7195sb1p45F4iCU91FOe4ervQoA4jZSkRj67HQrSs3VNJ+XA6hvDWh/DAA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726301575; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=j9k1he4D2hMqpO4tXCD8HkYq7o+jMFJbHF+jWlUgBnU=; b=eli44EPydx8F6Jrg9yWHRflw3wInWP3lo4PFxitJnwd9nI24GzXJ8hVPQyfOcumS2ktBRU VvGONnvzx5WwWKTltVvwSqC9dK9CG/+avJ4WD1UH9OCNkVK4djXwlnlZd/ubFp6oQ+t89k e/C5/JOz2RHQPXSZnncClOwUX+bmx8iOISJE7teHNVj0zSxmTBMFnNeP98tTJMUyquf13E crRpr4sscCZJzv5GiE6Rz+1NGLIqUGzBsmz7eg/oSaIaS99YKAco4qtw74+OsS14x+zVjY 1hNg8POepFhj1LxdxcnbvT4R8Pa76XWDwGRxdB9bWyztxIFZoLS0W+boAD28Rg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4X5P7C2mjZzKB9; Sat, 14 Sep 2024 08:12:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 48E8CtYG000118; Sat, 14 Sep 2024 08:12:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 48E8CtUO000115; Sat, 14 Sep 2024 08:12:55 GMT (envelope-from git) Date: Sat, 14 Sep 2024 08:12:55 GMT Message-Id: <202409140812.48E8CtUO000115@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Igor Ostapenko Subject: git: 641fbfc82822 - main - pf tests: Do not handle ipfw presence List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: igoro X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 641fbfc82822ac269c778dcdba2406a4df520424 Auto-Submitted: auto-generated The branch main has been updated by igoro: URL: https://cgit.FreeBSD.org/src/commit/?id=641fbfc82822ac269c778dcdba2406a4df520424 commit 641fbfc82822ac269c778dcdba2406a4df520424 Author: Igor Ostapenko AuthorDate: 2024-09-14 08:08:06 +0000 Commit: Igor Ostapenko CommitDate: 2024-09-14 08:08:06 +0000 pf tests: Do not handle ipfw presence Initially, it was added to cover a conflicting case of ipfw and pf used together. But there are more drawbacks than benefits: - A half of these tests are always skipped. That leads to misunderstanding, while the test suite strives to avoid ambiguous situations. - Handling enabled ipfw on the test level is tedious, error-prone, and less maintainable. - CI and similar parties already know how to deal with ipfw for the test suite, like making it open by default. Extra complexity is not needed. In addition, ipfw+pf use cases are not officially supported. Reviewed by: kp, markj Approved by: kp (mentor), markj (mentor) Differential Revision: https://reviews.freebsd.org/D46655 --- tests/sys/netpfil/pf/divert-to.sh | 203 ++++++-------------------------------- tests/sys/netpfil/pf/if_enc.sh | 56 ++--------- 2 files changed, 37 insertions(+), 222 deletions(-) diff --git a/tests/sys/netpfil/pf/divert-to.sh b/tests/sys/netpfil/pf/divert-to.sh index 72adbeedb007..c7118c397032 100644 --- a/tests/sys/netpfil/pf/divert-to.sh +++ b/tests/sys/netpfil/pf/divert-to.sh @@ -51,8 +51,6 @@ # > outbound > diverted > outbound | network terminated # # Test case naming legend: -# ipfwon - with ipfw enabled -# ipfwoff - with ipfw disabled # in - inbound # div - diverted # out - outbound @@ -76,40 +74,21 @@ dummynet_init() fi } -ipfw_init() -{ - if ! kldstat -q -m ipfw; then - atf_skip "This test requires ipfw" - fi -} - -assert_ipfw_is_off() -{ - if kldstat -q -m ipfw; then - atf_skip "This test is for the case when ipfw is not loaded" - fi -} - -atf_test_case "ipfwoff_in_div" "cleanup" -ipfwoff_in_div_head() +atf_test_case "in_div" "cleanup" +in_div_head() { atf_set descr 'Test inbound > diverted | divapp terminated' atf_set require.user root } -ipfwoff_in_div_body() +in_div_body() { - local ipfwon - pft_init divert_init - test "$1" == "ipfwon" && ipfwon="yes" - test $ipfwon && ipfw_init || assert_ipfw_is_off epair=$(vnet_mkepair) vnet_mkjail div ${epair}b ifconfig ${epair}a 192.0.2.1/24 up jexec div ifconfig ${epair}b 192.0.2.2/24 up - test $ipfwon && jexec div ipfw add 65534 allow all from any to any # Sanity check atf_check -s exit:0 -o ignore ping -c3 192.0.2.2 @@ -129,46 +108,26 @@ ipfwoff_in_div_body() wait $divapp_pid } -ipfwoff_in_div_cleanup() -{ - pft_cleanup -} - -atf_test_case "ipfwon_in_div" "cleanup" -ipfwon_in_div_head() -{ - atf_set descr 'Test inbound > diverted | divapp terminated, with ipfw enabled' - atf_set require.user root -} -ipfwon_in_div_body() -{ - ipfwoff_in_div_body "ipfwon" -} -ipfwon_in_div_cleanup() +in_div_cleanup() { pft_cleanup } -atf_test_case "ipfwoff_in_div_in" "cleanup" -ipfwoff_in_div_in_head() +atf_test_case "in_div_in" "cleanup" +in_div_in_head() { atf_set descr 'Test inbound > diverted > inbound | host terminated' atf_set require.user root } -ipfwoff_in_div_in_body() +in_div_in_body() { - local ipfwon - pft_init divert_init - test "$1" == "ipfwon" && ipfwon="yes" - test $ipfwon && ipfw_init || assert_ipfw_is_off epair=$(vnet_mkepair) vnet_mkjail div ${epair}b ifconfig ${epair}a 192.0.2.1/24 up jexec div ifconfig ${epair}b 192.0.2.2/24 up - test $ipfwon && jexec div ipfw add 65534 allow all from any to any # Sanity check atf_check -s exit:0 -o ignore ping -c3 192.0.2.2 @@ -188,46 +147,26 @@ ipfwoff_in_div_in_body() wait $divapp_pid } -ipfwoff_in_div_in_cleanup() +in_div_in_cleanup() { pft_cleanup } -atf_test_case "ipfwon_in_div_in" "cleanup" -ipfwon_in_div_in_head() -{ - atf_set descr 'Test inbound > diverted > inbound | host terminated, with ipfw enabled' - atf_set require.user root -} -ipfwon_in_div_in_body() -{ - ipfwoff_in_div_in_body "ipfwon" -} -ipfwon_in_div_in_cleanup() -{ - pft_cleanup -} - -atf_test_case "ipfwoff_out_div" "cleanup" -ipfwoff_out_div_head() +atf_test_case "out_div" "cleanup" +out_div_head() { atf_set descr 'Test outbound > diverted | divapp terminated' atf_set require.user root } -ipfwoff_out_div_body() +out_div_body() { - local ipfwon - pft_init divert_init - test "$1" == "ipfwon" && ipfwon="yes" - test $ipfwon && ipfw_init || assert_ipfw_is_off epair=$(vnet_mkepair) vnet_mkjail div ${epair}b ifconfig ${epair}a 192.0.2.1/24 up jexec div ifconfig ${epair}b 192.0.2.2/24 up - test $ipfwon && jexec div ipfw add 65534 allow all from any to any # Sanity check atf_check -s exit:0 -o ignore ping -c3 192.0.2.2 @@ -248,46 +187,26 @@ ipfwoff_out_div_body() wait $divapp_pid } -ipfwoff_out_div_cleanup() -{ - pft_cleanup -} - -atf_test_case "ipfwon_out_div" "cleanup" -ipfwon_out_div_head() -{ - atf_set descr 'Test outbound > diverted | divapp terminated, with ipfw enabled' - atf_set require.user root -} -ipfwon_out_div_body() -{ - ipfwoff_out_div_body "ipfwon" -} -ipfwon_out_div_cleanup() +out_div_cleanup() { pft_cleanup } -atf_test_case "ipfwoff_out_div_out" "cleanup" -ipfwoff_out_div_out_head() +atf_test_case "out_div_out" "cleanup" +out_div_out_head() { atf_set descr 'Test outbound > diverted > outbound | network terminated' atf_set require.user root } -ipfwoff_out_div_out_body() +out_div_out_body() { - local ipfwon - pft_init divert_init - test "$1" == "ipfwon" && ipfwon="yes" - test $ipfwon && ipfw_init || assert_ipfw_is_off epair=$(vnet_mkepair) vnet_mkjail div ${epair}b ifconfig ${epair}a 192.0.2.1/24 up jexec div ifconfig ${epair}b 192.0.2.2/24 up - test $ipfwon && jexec div ipfw add 65534 allow all from any to any # Sanity check atf_check -s exit:0 -o ignore ping -c3 192.0.2.2 @@ -308,40 +227,21 @@ ipfwoff_out_div_out_body() wait $divapp_pid } -ipfwoff_out_div_out_cleanup() +out_div_out_cleanup() { pft_cleanup } -atf_test_case "ipfwon_out_div_out" "cleanup" -ipfwon_out_div_out_head() -{ - atf_set descr 'Test outbound > diverted > outbound | network terminated, with ipfw enabled' - atf_set require.user root -} -ipfwon_out_div_out_body() -{ - ipfwoff_out_div_out_body "ipfwon" -} -ipfwon_out_div_out_cleanup() -{ - pft_cleanup -} - -atf_test_case "ipfwoff_in_div_in_fwd_out_div_out" "cleanup" -ipfwoff_in_div_in_fwd_out_div_out_head() +atf_test_case "in_div_in_fwd_out_div_out" "cleanup" +in_div_in_fwd_out_div_out_head() { atf_set descr 'Test inbound > diverted > inbound > forwarded > outbound > diverted > outbound | network terminated' atf_set require.user root } -ipfwoff_in_div_in_fwd_out_div_out_body() +in_div_in_fwd_out_div_out_body() { - local ipfwon - pft_init divert_init - test "$1" == "ipfwon" && ipfwon="yes" - test $ipfwon && ipfw_init || assert_ipfw_is_off # host router site epair0=$(vnet_mkepair) @@ -352,12 +252,10 @@ ipfwoff_in_div_in_fwd_out_div_out_body() jexec router sysctl net.inet.ip.forwarding=1 jexec router ifconfig ${epair0}b 192.0.2.2/24 up jexec router ifconfig ${epair1}a 198.51.100.1/24 up - test $ipfwon && jexec router ipfw add 65534 allow all from any to any vnet_mkjail site ${epair1}b jexec site ifconfig ${epair1}b 198.51.100.2/24 up jexec site route add default 198.51.100.1 - test $ipfwon && jexec site ipfw add 65534 allow all from any to any route add -net 198.51.100.0/24 192.0.2.2 @@ -385,48 +283,28 @@ ipfwoff_in_div_in_fwd_out_div_out_body() wait $indivapp_pid && wait $outdivapp_pid } -ipfwoff_in_div_in_fwd_out_div_out_cleanup() -{ - pft_cleanup -} - -atf_test_case "ipfwon_in_div_in_fwd_out_div_out" "cleanup" -ipfwon_in_div_in_fwd_out_div_out_head() -{ - atf_set descr 'Test inbound > diverted > inbound > forwarded > outbound > diverted > outbound | network terminated, with ipfw enabled' - atf_set require.user root -} -ipfwon_in_div_in_fwd_out_div_out_body() -{ - ipfwoff_in_div_in_fwd_out_div_out_body "ipfwon" -} -ipfwon_in_div_in_fwd_out_div_out_cleanup() +in_div_in_fwd_out_div_out_cleanup() { pft_cleanup } -atf_test_case "ipfwoff_in_dn_in_div_in_out_div_out_dn_out" "cleanup" -ipfwoff_in_dn_in_div_in_out_div_out_dn_out_head() +atf_test_case "in_dn_in_div_in_out_div_out_dn_out" "cleanup" +in_dn_in_div_in_out_div_out_dn_out_head() { atf_set descr 'Test inbound > delayed+diverted > outbound > diverted+delayed > outbound | network terminated' atf_set require.user root } -ipfwoff_in_dn_in_div_in_out_div_out_dn_out_body() +in_dn_in_div_in_out_div_out_dn_out_body() { - local ipfwon - pft_init divert_init dummynet_init - test "$1" == "ipfwon" && ipfwon="yes" - test $ipfwon && ipfw_init || assert_ipfw_is_off epair=$(vnet_mkepair) vnet_mkjail alcatraz ${epair}b ifconfig ${epair}a 192.0.2.1/24 up ifconfig ${epair}a ether 02:00:00:00:00:01 jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up - test $ipfwon && jexec alcatraz ipfw add 65534 allow all from any to any # Sanity check atf_check -s exit:0 -o ignore ping -c3 192.0.2.2 @@ -489,41 +367,20 @@ ipfwoff_in_dn_in_div_in_out_div_out_dn_out_body() # } } -ipfwoff_in_dn_in_div_in_out_div_out_dn_out_cleanup() -{ - pft_cleanup -} - -atf_test_case "ipfwon_in_dn_in_div_in_out_div_out_dn_out" "cleanup" -ipfwon_in_dn_in_div_in_out_div_out_dn_out_head() -{ - atf_set descr 'Test inbound > delayed+diverted > outbound > diverted+delayed > outbound | network terminated, with ipfw enabled' - atf_set require.user root -} -ipfwon_in_dn_in_div_in_out_div_out_dn_out_body() -{ - ipfwoff_in_dn_in_div_in_out_div_out_dn_out_body "ipfwon" -} -ipfwon_in_dn_in_div_in_out_div_out_dn_out_cleanup() +in_dn_in_div_in_out_div_out_dn_out_cleanup() { pft_cleanup } atf_init_test_cases() { - atf_add_test_case "ipfwoff_in_div" - atf_add_test_case "ipfwoff_in_div_in" - atf_add_test_case "ipfwon_in_div" - atf_add_test_case "ipfwon_in_div_in" + atf_add_test_case "in_div" + atf_add_test_case "in_div_in" - atf_add_test_case "ipfwoff_out_div" - atf_add_test_case "ipfwoff_out_div_out" - atf_add_test_case "ipfwon_out_div" - atf_add_test_case "ipfwon_out_div_out" + atf_add_test_case "out_div" + atf_add_test_case "out_div_out" - atf_add_test_case "ipfwoff_in_div_in_fwd_out_div_out" - atf_add_test_case "ipfwon_in_div_in_fwd_out_div_out" + atf_add_test_case "in_div_in_fwd_out_div_out" - atf_add_test_case "ipfwoff_in_dn_in_div_in_out_div_out_dn_out" - atf_add_test_case "ipfwon_in_dn_in_div_in_out_div_out_dn_out" + atf_add_test_case "in_dn_in_div_in_out_div_out_dn_out" } diff --git a/tests/sys/netpfil/pf/if_enc.sh b/tests/sys/netpfil/pf/if_enc.sh index 2e9060d4aa68..40090b175470 100644 --- a/tests/sys/netpfil/pf/if_enc.sh +++ b/tests/sys/netpfil/pf/if_enc.sh @@ -71,24 +71,8 @@ if_enc_init() fi } -ipfw_init() -{ - if ! kldstat -q -m ipfw; then - atf_skip "This test requires ipfw" - fi -} - -assert_ipfw_is_off() -{ - if kldstat -q -m ipfw; then - atf_skip "This test is for the case when ipfw is not loaded" - fi -} - build_test_network() { - local ipfwon=$1 - alan=$(vnet_mkepair) awan=$(vnet_mkepair) bwan=$(vnet_mkepair) @@ -98,7 +82,6 @@ build_test_network() vnet_mkjail a ${alan}a jexec a ifconfig ${alan}a 1.0.0.11/24 up jexec a route add default 1.0.0.1 - test $ipfwon && jexec a ipfw add 65534 allow all from any to any # host agw vnet_mkjail agw ${alan}b ${awan}a @@ -106,14 +89,12 @@ build_test_network() jexec agw ifconfig ${awan}a 2.0.0.22/24 up jexec agw route add default 2.0.0.1 jexec agw sysctl net.inet.ip.forwarding=1 - test $ipfwon && jexec agw ipfw add 65534 allow all from any to any # host wan vnet_mkjail wan ${awan}b ${bwan}b jexec wan ifconfig ${awan}b 2.0.0.1/24 up jexec wan ifconfig ${bwan}b 3.0.0.1/24 up jexec wan sysctl net.inet.ip.forwarding=1 - test $ipfwon && jexec wan ipfw add 65534 allow all from any to any # host bgw vnet_mkjail bgw ${bwan}a ${blan}b @@ -121,13 +102,11 @@ build_test_network() jexec bgw ifconfig ${blan}b 4.0.0.1/24 up jexec bgw route add default 3.0.0.1 jexec bgw sysctl net.inet.ip.forwarding=1 - test $ipfwon && jexec bgw ipfw add 65534 allow all from any to any # host b vnet_mkjail b ${blan}a jexec b ifconfig ${blan}a 4.0.0.44/24 up jexec b route add default 4.0.0.1 - test $ipfwon && jexec b ipfw add 65534 allow all from any to any # Office A VPN setup echo ' @@ -146,23 +125,19 @@ build_test_network() ' | jexec bgw setkey -c } -atf_test_case "ipfwoff_ip4_pfil_in_after_stripping" "cleanup" -ipfwoff_ip4_pfil_in_after_stripping_head() +atf_test_case "ip4_pfil_in_after_stripping" "cleanup" +ip4_pfil_in_after_stripping_head() { - atf_set descr 'Test that pf pulls up mbuf if m_len==0 after stripping the outer header, with ipfw disabled' + atf_set descr 'Test that pf pulls up mbuf if m_len==0 after stripping the outer header' atf_set require.user root atf_set require.progs nc } -ipfwoff_ip4_pfil_in_after_stripping_body() +ip4_pfil_in_after_stripping_body() { - local ipfwon - pft_init if_enc_init - test "$1" == "ipfwon" && ipfwon="yes" - test $ipfwon && ipfw_init || assert_ipfw_is_off - build_test_network $ipfwon + build_test_network # Sanity check atf_check -s exit:0 -o ignore jexec a ping -c3 4.0.0.44 @@ -192,29 +167,12 @@ ipfwoff_ip4_pfil_in_after_stripping_body() jexec b kill -KILL $nc_pid # in a fail case the catcher may listen forever atf_check_equal "$spell" "$(cat ./receiver)" } -ipfwoff_ip4_pfil_in_after_stripping_cleanup() -{ - pft_cleanup -} - -atf_test_case "ipfwon_ip4_pfil_in_after_stripping" "cleanup" -ipfwon_ip4_pfil_in_after_stripping_head() -{ - atf_set descr 'Test that pf pulls up mbuf if m_len==0 after stripping the outer header, with ipfw enabled' - atf_set require.user root - atf_set require.progs nc -} -ipfwon_ip4_pfil_in_after_stripping_body() -{ - ipfwoff_ip4_pfil_in_after_stripping_body "ipfwon" -} -ipfwon_ip4_pfil_in_after_stripping_cleanup() +ip4_pfil_in_after_stripping_cleanup() { pft_cleanup } atf_init_test_cases() { - atf_add_test_case "ipfwoff_ip4_pfil_in_after_stripping" - atf_add_test_case "ipfwon_ip4_pfil_in_after_stripping" + atf_add_test_case "ip4_pfil_in_after_stripping" }