Page MenuHomeFreeBSD

NAT basic test for pf, ipfw (both in-kernel and userspace) and ipf
ClosedPublic

Authored by ahsanb on Aug 9 2019, 5:03 PM.
Tags
None
Referenced Files
F102784654: D21199.id60654.diff
Sun, Nov 17, 3:54 AM
Unknown Object (File)
Oct 18 2024, 6:07 AM
Unknown Object (File)
Oct 8 2024, 4:34 AM
Unknown Object (File)
Oct 3 2024, 9:15 AM
Unknown Object (File)
Oct 2 2024, 5:30 PM
Unknown Object (File)
Oct 2 2024, 5:48 AM
Unknown Object (File)
Oct 1 2024, 5:46 AM
Unknown Object (File)
Sep 30 2024, 1:17 AM
Subscribers

Details

Summary

Add tests for basic nat in which it is tested that two clients behind the nat are able to reach a common host.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

ahsanb retitled this revision from NAT basic test for pf, ipfw (noth in-kernel and userspace) and ipf to NAT basic test for pf, ipfw (both in-kernel and userspace) and ipf.
tests/sys/netpfil/common/nat.sh
152

The setup test lines should align based on the first character

155

I do think 'userspace_nat' is descriptie enough, I can't tell from this line which firewall is being tested. Is there a different name that could be used?

156

ipfw is in the list twice, should this be ipf?

tests/sys/netpfil/common/nat.sh
152

I don't know why after git push 4-spaced tabs are being converted to 8-spaced tabs.

155

The "userspace_nat" is the name of the test case, same as "basic". The "basic" is tested on ipf, ipfw and pf. while "userspace_nat" is tested on ipfw. This is also the reason why ipfw appears twice.

I seem to run into issues running the ipfw_basic test:

Part of the run output (with 'set -x' added to the test):

+ [ 4 -gt 0 ]
+ is_firewall ipfw -q add 1000 nat 123 all from any to any
+ [ ipfw '=' pf -o ipfw '=' ipfw -o ipfw '=' ipf -o ipfw '=' ipfnat ]
+ echo 1
+ [ 1 -eq 1 ]
+ current_fw='ipfw -q add 1000 nat 123 all from any to any'
+ shift
+ filename='ipfw -q add 1000 nat 123 all from any to any.rule'
+ pwd
+ cwd=/tmp/kyua.plyoOz/2/work
+ [ -f ipfw -q add 1000 nat 123 all from any to any.rule ]
[: ipfw: unexpected operator

It seems to take the ipfw rule for a filename for some reason.

fixed the ipfw rule loading issue

And this is wrong, or at least very confusing, in firewall_init():

elif [ ${firewall} == "ipfnat" ]; then
        if ! kldstat -q -m ipfw_nat; then
                atf_skip "This test requires ipfw_nat"
        fi
else
tests/sys/netpfil/common/utils.subr
111

You're checking for ipfw_nat, but report needing ipfw here.

Fix wrong module name check for ipfw (ipfw_nat instead of ipfw)

  • Fixed indentation for setup_tests() in nat.sh
  • Fixed indentation in common/Makefile
This revision is now accepted and ready to land.Aug 14 2019, 12:17 PM
This revision was automatically updated to reflect the committed changes.