pf: Fix state handling when ICMP packets are diverted
Commit 66f2f1c832 ("pf: handle divert packets") missed a case that I
happened to hit while testing something.
Add a regression test for the ICMP case, based on the existing test.
Fix a buglet in the existing test (missing whitespace after "[").
Reviewed by: kp
Sponsored by: OPNsense
Sponsored by: Klara, Inc.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54321
This commit is contained in:
@@ -402,8 +402,7 @@ pr260867_body()
|
||||
"pass in on ${epair}b proto tcp from any to port 7 divert-to 0.0.0.0 port 1001"
|
||||
|
||||
reply=$(echo "foo" | nc -N 192.0.2.2 7)
|
||||
if ["${reply}" != "foo" ];
|
||||
then
|
||||
if [ "${reply}" != "foo" ]; then
|
||||
atf_fail "Did not receive echo reply"
|
||||
fi
|
||||
}
|
||||
@@ -413,6 +412,42 @@ pr260867_cleanup()
|
||||
pft_cleanup
|
||||
}
|
||||
|
||||
atf_test_case "pr260867_icmp" "cleanup"
|
||||
pr260867_icmp_head()
|
||||
{
|
||||
atf_set descr 'Variant of the PR260867 test'
|
||||
atf_set require.user root
|
||||
}
|
||||
|
||||
pr260867_icmp_body()
|
||||
{
|
||||
pft_init
|
||||
divert_init
|
||||
|
||||
epair=$(vnet_mkepair)
|
||||
|
||||
atf_check ifconfig ${epair}a 192.0.2.1/24 up
|
||||
|
||||
vnet_mkjail alcatraz ${epair}b
|
||||
jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up
|
||||
|
||||
# Sanity check
|
||||
atf_check -s exit:0 -o ignore ping -c3 192.0.2.2
|
||||
|
||||
jexec alcatraz $(atf_get_srcdir)/../common/divapp 1001 divert-back &
|
||||
|
||||
jexec alcatraz pfctl -e
|
||||
pft_set_rules alcatraz \
|
||||
"pass in on ${epair}b proto icmp from any to any divert-to 0.0.0.0 port 1001"
|
||||
|
||||
atf_check -o ignore ping -c 3 192.0.2.2
|
||||
}
|
||||
|
||||
pr260867_icmp_cleanup()
|
||||
{
|
||||
pft_cleanup
|
||||
}
|
||||
|
||||
atf_init_test_cases()
|
||||
{
|
||||
atf_add_test_case "in_div"
|
||||
@@ -426,4 +461,5 @@ atf_init_test_cases()
|
||||
atf_add_test_case "in_dn_in_div_in_out_div_out_dn_out"
|
||||
|
||||
atf_add_test_case "pr260867"
|
||||
atf_add_test_case "pr260867_icmp"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user