From 45112a88f5ca25cb291454cef3767a690a4bd580 Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Fri, 19 Jul 2024 15:13:33 +0200 Subject: [PATCH] pf tests: ensure temporary files end up in the atf working directory Many of the tests create temporary files. pid files, log files, tcpdump captures, ... We should take care to ensure they're stored in the temporary working directory Kyua creates rather than in the root directory. This ensures there are no conflicts between simultaneously running tests, and also keeps the root directory clean. MFC after: 1 month Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit b0fcf4d5222bfdbbc0e2af2b14f0d73704706aa0) --- tests/sys/netpfil/common/dummynet.sh | 4 ++-- tests/sys/netpfil/pf/altq.sh | 2 +- tests/sys/netpfil/pf/ether.sh | 4 ++-- tests/sys/netpfil/pf/killstate.sh | 2 +- tests/sys/netpfil/pf/map_e.sh | 3 +-- tests/sys/netpfil/pf/nat.sh | 3 +-- tests/sys/netpfil/pf/proxy.sh | 2 +- tests/sys/netpfil/pf/ridentifier.sh | 16 +++++++--------- tests/sys/netpfil/pf/route_to.sh | 3 +-- tests/sys/netpfil/pf/syncookie.sh | 15 ++++++--------- tests/sys/netpfil/pf/synproxy.sh | 9 +++------ 11 files changed, 26 insertions(+), 37 deletions(-) diff --git a/tests/sys/netpfil/common/dummynet.sh b/tests/sys/netpfil/common/dummynet.sh index 14d863d001c..f46601b4e6b 100644 --- a/tests/sys/netpfil/common/dummynet.sh +++ b/tests/sys/netpfil/common/dummynet.sh @@ -277,7 +277,7 @@ queue_body() ifconfig ${epair}a 192.0.2.1/24 up jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up - jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/../pf/echo_inetd.conf # Sanity check @@ -385,7 +385,7 @@ queue_v6_body() ifconfig ${epair}a inet6 2001:db8:42::1/64 no_dad up jexec alcatraz ifconfig ${epair}b inet6 2001:db8:42::2 no_dad up - jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/../pf/echo_inetd.conf # Sanity check diff --git a/tests/sys/netpfil/pf/altq.sh b/tests/sys/netpfil/pf/altq.sh index a902c7caaf4..416a5577784 100644 --- a/tests/sys/netpfil/pf/altq.sh +++ b/tests/sys/netpfil/pf/altq.sh @@ -212,7 +212,7 @@ prioritise_body() ifconfig ${epair}a 192.0.2.1/24 up jexec altq_prioritise ifconfig ${epair}b 192.0.2.2/24 up - jexec altq_prioritise /usr/sbin/inetd -p inetd-altq.pid \ + jexec altq_prioritise /usr/sbin/inetd -p ${PWD}/inetd-altq.pid \ $(atf_get_srcdir)/../pf/echo_inetd.conf # Sanity check diff --git a/tests/sys/netpfil/pf/ether.sh b/tests/sys/netpfil/pf/ether.sh index e1855949476..0369e0e57ee 100644 --- a/tests/sys/netpfil/pf/ether.sh +++ b/tests/sys/netpfil/pf/ether.sh @@ -362,8 +362,8 @@ captive_long_body() # ICMP should still work, because we don't redirect it. atf_check -s exit:0 -o ignore ping -c 1 -t 1 198.51.100.2 - jexec gw /usr/sbin/inetd -p gw.pid $(atf_get_srcdir)/echo_inetd.conf - jexec srv /usr/sbin/inetd -p srv.pid $(atf_get_srcdir)/daytime_inetd.conf + jexec gw /usr/sbin/inetd -p ${PWD}/gw.pid $(atf_get_srcdir)/echo_inetd.conf + jexec srv /usr/sbin/inetd -p ${PWD}/srv.pid $(atf_get_srcdir)/daytime_inetd.conf echo foo | nc -N 198.51.100.2 13 diff --git a/tests/sys/netpfil/pf/killstate.sh b/tests/sys/netpfil/pf/killstate.sh index 72f8d9d29fc..33995eec6fc 100644 --- a/tests/sys/netpfil/pf/killstate.sh +++ b/tests/sys/netpfil/pf/killstate.sh @@ -407,7 +407,7 @@ match_body() vnet_mkjail singsing ${epair_two}b jexec singsing ifconfig ${epair_two}b 198.51.100.2/24 up jexec singsing route add default 198.51.100.1 - jexec singsing /usr/sbin/inetd -p inetd-echo.pid \ + jexec singsing /usr/sbin/inetd -p ${PWD}/inetd-echo.pid \ $(atf_get_srcdir)/echo_inetd.conf route add 198.51.100.0/24 192.0.2.2 diff --git a/tests/sys/netpfil/pf/map_e.sh b/tests/sys/netpfil/pf/map_e.sh index 742264dcf54..59f9e7f7e14 100644 --- a/tests/sys/netpfil/pf/map_e.sh +++ b/tests/sys/netpfil/pf/map_e.sh @@ -53,7 +53,7 @@ map_e_body() jexec map_e sysctl net.inet.ip.forwarding=1 jexec echo ifconfig ${epair_echo}b 198.51.100.2/24 up - jexec echo /usr/sbin/inetd -p inetd-echo.pid $(atf_get_srcdir)/echo_inetd.conf + jexec echo /usr/sbin/inetd -p ${PWD}/inetd-echo.pid $(atf_get_srcdir)/echo_inetd.conf # Enable pf! jexec map_e pfctl -e @@ -81,7 +81,6 @@ map_e_body() map_e_cleanup() { - rm -f inetd-echo.pid pft_cleanup } diff --git a/tests/sys/netpfil/pf/nat.sh b/tests/sys/netpfil/pf/nat.sh index 4ceded782cf..ca83e432fea 100644 --- a/tests/sys/netpfil/pf/nat.sh +++ b/tests/sys/netpfil/pf/nat.sh @@ -51,7 +51,7 @@ exhaust_body() jexec nat sysctl net.inet.ip.forwarding=1 jexec echo ifconfig ${epair_echo}b 198.51.100.2/24 up - jexec echo /usr/sbin/inetd -p inetd-echo.pid $(atf_get_srcdir)/echo_inetd.conf + jexec echo /usr/sbin/inetd -p ${PWD}/inetd-echo.pid $(atf_get_srcdir)/echo_inetd.conf # Enable pf! jexec nat pfctl -e @@ -79,7 +79,6 @@ exhaust_body() exhaust_cleanup() { - rm -f inetd-echo.pid pft_cleanup } diff --git a/tests/sys/netpfil/pf/proxy.sh b/tests/sys/netpfil/pf/proxy.sh index 4a7ea00a0cd..b112001ef2b 100644 --- a/tests/sys/netpfil/pf/proxy.sh +++ b/tests/sys/netpfil/pf/proxy.sh @@ -57,7 +57,7 @@ ftp_body() jexec srv route add default 198.51.100.1 # Start FTP server in srv - jexec srv twistd ftp -r `pwd` -p 21 + jexec srv twistd --logfile=/dev/null ftp -r `pwd` -p 21 # Sanity check atf_check -s exit:0 -o ignore ping -c 1 198.51.100.2 diff --git a/tests/sys/netpfil/pf/ridentifier.sh b/tests/sys/netpfil/pf/ridentifier.sh index c456d2111e2..8d83bcfb821 100644 --- a/tests/sys/netpfil/pf/ridentifier.sh +++ b/tests/sys/netpfil/pf/ridentifier.sh @@ -45,7 +45,7 @@ basic_body() vnet_mkjail alcatraz ${epair}b jexec alcatraz ifconfig lo0 up jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up - jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid $(atf_get_srcdir)/echo_inetd.conf + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid $(atf_get_srcdir)/echo_inetd.conf # Sanity check atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2 @@ -56,7 +56,7 @@ basic_body() "pass in log" \ "pass in log proto tcp ridentifier 1234" - jexec alcatraz tcpdump --immediate-mode -n -e -i pflog0 > tcpdump.log & + jexec alcatraz tcpdump --immediate-mode -n -e -i pflog0 > ${PWD}/tcpdump.log & sleep 1 echo "test" | nc -N 192.0.2.2 7 @@ -67,17 +67,17 @@ basic_body() # Make sure we spotted the ridentifier atf_check -s exit:0 -o ignore \ - grep 'rule 1/0.*ridentifier 1234' tcpdump.log + grep 'rule 1/0.*ridentifier 1234' ${PWD}/tcpdump.log # But not on the !TCP traffic atf_check -s exit:1 -o ignore \ - grep 'rule 0/0.*ridentifier' tcpdump.log + grep 'rule 0/0.*ridentifier' ${PWD}/tcpdump.log # Now try with antispoof rules pft_set_rules alcatraz \ "pass in log" \ "antispoof log for ${epair}b ridentifier 4321" - jexec alcatraz tcpdump --immediate-mode -n -e -i pflog0 > tcpdump.log & + jexec alcatraz tcpdump --immediate-mode -n -e -i pflog0 > ${PWD}/tcpdump.log & sleep 1 # Without explicit rules for lo0 we're going to drop packets to ourself @@ -87,18 +87,16 @@ basic_body() sleep 1 jexec alcatraz killall tcpdump - cat tcpdump.log + cat ${PWD}/tcpdump.log # Make sure we spotted the ridentifier atf_check -s exit:0 -o ignore \ - grep 'rule 2/0.*ridentifier 4321' tcpdump.log + grep 'rule 2/0.*ridentifier 4321' ${PWD}/tcpdump.log } basic_cleanup() { pft_cleanup - rm -f inetd-alcatraz.pid - rm -f tcpdump.log } atf_init_test_cases() diff --git a/tests/sys/netpfil/pf/route_to.sh b/tests/sys/netpfil/pf/route_to.sh index d8cfb1b22d8..7b446a89681 100644 --- a/tests/sys/netpfil/pf/route_to.sh +++ b/tests/sys/netpfil/pf/route_to.sh @@ -140,7 +140,7 @@ multiwan_body() jexec srv sysctl net.inet.ip.forwarding=1 # Run echo server in srv jail - jexec srv /usr/sbin/inetd -p multiwan.pid $(atf_get_srcdir)/echo_inetd.conf + jexec srv /usr/sbin/inetd -p ${PWD}/multiwan.pid $(atf_get_srcdir)/echo_inetd.conf jexec srv pfctl -e pft_set_rules srv \ @@ -178,7 +178,6 @@ multiwan_body() multiwan_cleanup() { - rm -f multiwan.pid pft_cleanup } diff --git a/tests/sys/netpfil/pf/syncookie.sh b/tests/sys/netpfil/pf/syncookie.sh index 8feb2816f58..ac7483bc258 100644 --- a/tests/sys/netpfil/pf/syncookie.sh +++ b/tests/sys/netpfil/pf/syncookie.sh @@ -51,7 +51,7 @@ basic_body() vnet_mkjail alcatraz ${epair}b jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up - jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/echo_inetd.conf ifconfig ${epair}a 192.0.2.2/24 up @@ -81,7 +81,7 @@ basic_body() basic_cleanup() { - rm -f inetd-alcatraz.pid + rm -f ${PWD}/inetd-alcatraz.pid pft_cleanup } @@ -100,7 +100,7 @@ basic_v6_body() vnet_mkjail alcatraz ${epair}b jexec alcatraz ifconfig ${epair}b inet6 2001:db8::1/64 up no_dad - jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/echo_inetd.conf ifconfig ${epair}a inet6 2001:db8::2/64 up no_dad @@ -130,7 +130,6 @@ basic_v6_body() basic_v6_cleanup() { - rm -f inetd-alcatraz.pid pft_cleanup } @@ -157,7 +156,7 @@ forward_body() jexec srv ifconfig ${epair_out}b 198.51.100.2/24 up jexec srv route add default 198.51.100.1 - jexec srv /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec srv /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/echo_inetd.conf ifconfig ${epair_in}a 192.0.2.2/24 up @@ -181,7 +180,6 @@ forward_body() forward_cleanup() { - rm -f inetd-alcatraz.pid pft_cleanup } @@ -208,7 +206,7 @@ forward_v6_body() jexec srv ifconfig ${epair_out}b inet6 2001:db8:1::2/64 up no_dad jexec srv route -6 add default 2001:db8:1::1 - jexec srv /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec srv /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/echo_inetd.conf ifconfig ${epair_in}a inet6 2001:db8::2/64 up no_dad @@ -232,7 +230,6 @@ forward_v6_body() forward_v6_cleanup() { - rm -f inetd-alcatraz.pid pft_cleanup } @@ -440,7 +437,7 @@ port_reuse_body() vnet_mkjail alcatraz ${epair}b vnet_mkjail singsing jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up - jexec alcatraz /usr/sbin/inetd -p ${HOME}/inetd-alcatraz.pid \ + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/echo_inetd.conf ifconfig ${epair}a 192.0.2.2/24 up diff --git a/tests/sys/netpfil/pf/synproxy.sh b/tests/sys/netpfil/pf/synproxy.sh index 3b3dc62b899..617fa6ba2af 100644 --- a/tests/sys/netpfil/pf/synproxy.sh +++ b/tests/sys/netpfil/pf/synproxy.sh @@ -52,7 +52,7 @@ synproxy_body() jexec singsing ifconfig ${link}b 198.51.100.2/24 up jexec singsing route add default 198.51.100.1 - jexec singsing /usr/sbin/inetd -p inetd-singsing.pid $(atf_get_srcdir)/echo_inetd.conf + jexec singsing /usr/sbin/inetd -p ${PWD}/inetd-singsing.pid $(atf_get_srcdir)/echo_inetd.conf jexec alcatraz pfctl -e pft_set_rules alcatraz "set fail-policy return" \ @@ -74,7 +74,6 @@ synproxy_body() synproxy_cleanup() { - rm -f inetd-singsing.pid pft_cleanup } @@ -94,7 +93,7 @@ local_body() vnet_mkjail alcatraz ${epair}b jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up - jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/echo_inetd.conf jexec alcatraz pfctl -e @@ -115,7 +114,6 @@ local_body() local_cleanup() { - rm -f inetd-alcatraz.pid pft_cleanup } @@ -135,7 +133,7 @@ local_v6_body() vnet_mkjail alcatraz ${epair}b jexec alcatraz ifconfig ${epair}b inet6 2001:db8:42::2/64 up - jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid \ + jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \ $(atf_get_srcdir)/echo_inetd.conf jexec alcatraz pfctl -e @@ -155,7 +153,6 @@ local_v6_body() local_v6_cleanup() { - rm -f inetd-alcatraz.pid pft_cleanup }