From 0faafc2185f032fdbf42a5f424286de7b68269f6 Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Tue, 28 Sep 2021 18:21:26 +0200 Subject: [PATCH] pf tests: test dummynet for ether traffic Test that we can set dummynet information on L2, which is processed by L3 later (assuming it's not overruled by L3 rules, of course). Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D32223 --- tests/sys/netpfil/pf/ether.sh | 45 +++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/tests/sys/netpfil/pf/ether.sh b/tests/sys/netpfil/pf/ether.sh index 340eb079ca2..a7e23779396 100644 --- a/tests/sys/netpfil/pf/ether.sh +++ b/tests/sys/netpfil/pf/ether.sh @@ -280,10 +280,55 @@ captive_cleanup() pft_cleanup } +atf_test_case "dummynet" "cleanup" +dummynet_head() +{ + atf_set descr 'Test dummynet for L2 traffic' + atf_set require.user root +} + +dummynet_body() +{ + pft_init + + if ! kldstat -q -m dummynet; then + atf_skip "This test requires dummynet" + fi + + epair=$(vnet_mkepair) + vnet_mkjail alcatraz ${epair}b + + ifconfig ${epair}a 192.0.2.1/24 up + jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up + + # Sanity check + atf_check -s exit:0 -o ignore ping -i .1 -c 3 -s 1200 192.0.2.2 + + jexec alcatraz dnctl pipe 1 config bw 30Byte/s + jexec alcatraz pfctl -e + pft_set_rules alcatraz \ + "ether pass in dnpipe 1" + + # single ping succeeds just fine + atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2 + + # Saturate the link + ping -i .1 -c 5 -s 1200 192.0.2.2 + + # We should now be hitting the limits and get this packet dropped. + atf_check -s exit:2 -o ignore ping -c 1 -s 1200 192.0.2.2 +} + +dummynet_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "mac" atf_add_test_case "proto" atf_add_test_case "direction" atf_add_test_case "captive" + atf_add_test_case "dummynet" }