|
Added
Link Here
|
| 1 |
# $FreeBSD$ |
| 2 |
|
| 3 |
. $(atf_get_srcdir)/utils.subr |
| 4 |
|
| 5 |
atf_test_case "exhaust" "cleanup" |
| 6 |
exhaust_head() |
| 7 |
{ |
| 8 |
atf_set descr 'Test exhausting the NAT pool' |
| 9 |
atf_set require.user root |
| 10 |
} |
| 11 |
|
| 12 |
exhaust_body() |
| 13 |
{ |
| 14 |
pft_init |
| 15 |
|
| 16 |
epair_nat=$(pft_mkepair) |
| 17 |
epair_echo=$(pft_mkepair) |
| 18 |
|
| 19 |
pft_mkjail nat ${epair_nat}b ${epair_echo}a |
| 20 |
pft_mkjail echo ${epair_echo}b |
| 21 |
|
| 22 |
ifconfig ${epair_nat}a 192.0.2.2/24 up |
| 23 |
route add -net 198.51.100.0/24 192.0.2.1 |
| 24 |
|
| 25 |
jexec nat ifconfig ${epair_nat}b 192.0.2.1/24 up |
| 26 |
jexec nat ifconfig ${epair_echo}a 198.51.100.1/24 up |
| 27 |
jexec nat sysctl net.inet.ip.forwarding=1 |
| 28 |
|
| 29 |
jexec echo ifconfig ${epair_echo}b 198.51.100.2/24 up |
| 30 |
jexec echo /usr/sbin/inetd $(atf_get_srcdir)/echo_inetd.conf |
| 31 |
|
| 32 |
# Enable pf! |
| 33 |
jexec nat pfctl -e |
| 34 |
pft_set_rules nat \ |
| 35 |
"nat pass on ${epair_echo}a inet from 192.0.2.0/24 to any -> (${epair_echo}a) port 30000:30001 sticky-address" |
| 36 |
|
| 37 |
# Sanity check |
| 38 |
atf_check -s exit:0 -o ignore ping -c 3 198.51.100.2 |
| 39 |
|
| 40 |
echo "foo" | nc -N 198.51.100.2 7 |
| 41 |
echo "foo" | nc -N 198.51.100.2 7 |
| 42 |
|
| 43 |
# This one will fail, but that's expected |
| 44 |
echo "foo" | nc -N 198.51.100.2 7 & |
| 45 |
|
| 46 |
sleep 1 |
| 47 |
|
| 48 |
# If the kernel is stuck in pf_get_sport() this will not succeed either. |
| 49 |
timeout 2 jexec nat pfctl -sa |
| 50 |
if [ $? -eq 124 ]; then |
| 51 |
# Timed out |
| 52 |
atf_fail "pfctl timeout" |
| 53 |
fi |
| 54 |
} |
| 55 |
|
| 56 |
exhaust_cleanup() |
| 57 |
{ |
| 58 |
pft_cleanup |
| 59 |
} |
| 60 |
|
| 61 |
atf_init_test_cases() |
| 62 |
{ |
| 63 |
atf_add_test_case "exhaust" |
| 64 |
} |