diff options
Diffstat (limited to 'tools')
-rwxr-xr-x | tools/regression/ipfw/fwd/vimage-fwd.sh | 369 |
1 files changed, 369 insertions, 0 deletions
diff --git a/tools/regression/ipfw/fwd/vimage-fwd.sh b/tools/regression/ipfw/fwd/vimage-fwd.sh new file mode 100755 index 0000000..5dbfcd7 --- /dev/null +++ b/tools/regression/ipfw/fwd/vimage-fwd.sh @@ -0,0 +1,369 @@ +#!/bin/sh +#- +# Copyright (c) 2010, "Bjoern A. Zeeb" <bz@FreeBSD.org> +# Copyright (c) 2011, Sandvine Incorporated ULC. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# +# Test ipfw fwd for IPv4 and IPv6 using VIMAGE, testing that as well. +# For no test the packet header contents must be changed but always +# keeping the original destination. +# + +case `id -u` in +0) ;; +*) echo "ERROR: Must be run as superuser." >&2 + exit 2 +esac + +epair_base() +{ + local ep + + ep=`ifconfig epair create` + expr ${ep} : '\(.*\).' +} + +debug_err() +{ + local _p + _p="$1" + + case "${DEBUG}" in + "") ;; + *) + echo " ~~ start of debug ~~" + echo " ~~ left:" + jexec ${ljid} /sbin/ipfw show + echo " ~~ middle:" + jexec ${mjid} /sbin/ipfw show + echo " ~~ right:" + jexec ${rjid} /sbin/ipfw show + echo " ~~ result file:" + cat ${_p}.1 + echo " ~~ log file:" + cat ${_p} + echo " ~~ end of debug ~~" + ;; + esac +} + +check_cleanup_result_file() +{ + local _p + _p="$1" + + if test ! -s ${_p}.1; then + echo "FAIL (output file empty)." + debug_err ${_p} + else + read line < ${_p}.1 + # Netcat adds 'X's in udp mode. + l="/${line#*/}" + if test "${l}" = "${_p}"; then + echo "PASS." + else + echo "FAIL (expected: '${_p}' got '${l}')." + debug_err ${_p} + fi + fi + + rm -f ${_p}.1 + rm -f ${_p} +} + +# Transparent proxy scenario (local address). +run_test_tp() +{ + local _descr + local _sip _dip _fip _fport _dport _p + local _nc_af _nc_p + local _lport + descr="$1" + _sip="$2" + _dip="$3" + _fip="$4" + _fport="$5" + _dport="$6" + _p="$7" + _nc_af="$8" + + _lport=${_dport} + case "${_fport}" in + "") _lport="${_dport}" ;; + *) _lport="${_fport#,}" ;; + esac + + case "${_p}" in + udp) _nc_p="-u" ;; + esac + + OUT=`mktemp -t "ipfwfwd$$-XXXXXX"` + echo -n "${descr} (${OUT}).." + ( + jexec ${ljid} /sbin/ipfw -f flush + jexec ${ljid} /sbin/ipfw -f zero + jexec ${mjid} /sbin/ipfw -f flush + jexec ${mjid} /sbin/ipfw -f zero + jexec ${rjid} /sbin/ipfw -f flush + jexec ${rjid} /sbin/ipfw -f zero + jexec ${mjid} /sbin/ipfw add 100 fwd ${_fip}${_fport} ${_p} from ${_sip} to ${_dip} + + jexec ${mjid} /bin/sh -c "nc -w 10 ${_nc_af} -n ${_nc_p} -l ${_fip} ${_lport} > ${OUT}.1 &" + jexec ${rjid} /bin/sh -c "echo '${OUT}' | nc -w 1 -v ${_nc_af} -n ${_nc_p} ${_dip} ${_dport}" + ) > ${OUT} 2>&1 + check_cleanup_result_file "${OUT}" +} + +# Transparent redirect scenario (non-local address). +run_test_nh() +{ + local _descr + local _sip _dip _fip _fport _dport _p + local _nc_af _nc_p + local _lport + descr="$1" + _sip="$2" + _dip="$3" + _fip="$4" + _fport="$5" + _dport="$6" + _p="$7" + _nc_af="$8" + + _lport=${_dport} + case "${_fport}" in + "") _lport="${_dport}" ;; + *) _lport="${_fport#,}" ;; + esac + + case "${_p}" in + udp) _nc_p="-u" ;; + esac + + OUT=`mktemp -t "ipfwfwd$$-XXXXXX"` + echo -n "${descr} (${OUT}).." + ( + jexec ${ljid} /sbin/ipfw -f flush + jexec ${ljid} /sbin/ipfw -f zero + jexec ${mjid} /sbin/ipfw -f flush + jexec ${mjid} /sbin/ipfw -f zero + jexec ${rjid} /sbin/ipfw -f flush + jexec ${rjid} /sbin/ipfw -f zero + jexec ${mjid} /sbin/ipfw add 100 fwd ${_fip} ${_p} from ${_sip} to ${_dip} + + jexec ${ljid} /bin/sh -c "nc -w 10 ${_nc_af} -n ${_nc_p} -l ${_dip} ${_lport} > ${OUT}.1 &" + jexec ${rjid} /bin/sh -c "echo '${OUT}' | nc -w 1 -v ${_nc_af} -n ${_nc_p} ${_dip} ${_dport}" + ) > ${OUT} 2>&1 + check_cleanup_result_file "${OUT}" +} + +echo "==> Setting up test network" +kldload -q ipfw > /dev/null 2>&1 + +# Start left (sender) jail. +ljid=`jail -i -c -n lef$$ host.hostname=left.example.net vnet persist` + +# Start middle (ipfw) jail. +mjid=`jail -i -c -n mid$$ host.hostname=center.example.net vnet persist` + +# Start right (non-local ip redirects go to here) jail. +rjid=`jail -i -c -n right$$ host.hostname=right.example.net vnet persist` + +echo "left ${ljid} middle ${mjid} right ${rjid}" + +# Create networking. +# +# jail: left middle right +# ifaces: lmep:a ---- lmep:b mrep:a ---- mrep:b +# + +jexec ${mjid} sysctl net.inet.ip.forwarding=1 +jexec ${mjid} sysctl net.inet6.ip6.forwarding=1 +jexec ${mjid} sysctl net.inet6.ip6.accept_rtadv=0 + +lmep=$(epair_base) +ifconfig ${lmep}a vnet ${ljid} +ifconfig ${lmep}b vnet ${mjid} + +jexec ${ljid} ifconfig lo0 inet 127.0.0.1/8 +jexec ${ljid} ifconfig lo0 inet 192.0.2.5/32 alias # Test 9-10 +jexec ${ljid} ifconfig lo0 inet6 2001:db8:1::1/128 alias # Test 11-12 +jexec ${ljid} ifconfig ${lmep}a inet 192.0.2.1/30 up +jexec ${ljid} ifconfig ${lmep}a inet6 2001:db8::1/64 alias + +jexec ${ljid} route add default 192.0.2.2 +jexec ${ljid} route add -inet6 default 2001:db8::2 + +jexec ${mjid} ifconfig lo0 inet 127.0.0.1/8 +jexec ${mjid} ifconfig lo0 inet 192.0.2.255/32 alias # Test 1-4 +jexec ${mjid} ifconfig lo0 inet6 2001:db8:ffff::1/128 alias # Test 5-8 +jexec ${mjid} ifconfig ${lmep}b inet 192.0.2.2/30 up +jexec ${mjid} ifconfig ${lmep}b inet6 2001:db8::2/64 alias +jexec ${mjid} route add default 192.0.2.1 + +mrep=$(epair_base) +ifconfig ${mrep}a vnet ${mjid} +ifconfig ${mrep}b vnet ${rjid} + +jexec ${mjid} ifconfig ${mrep}a inet 192.0.2.5/30 up +jexec ${mjid} ifconfig ${mrep}a inet6 2001:db8:1::1/64 alias + +jexec ${rjid} ifconfig lo0 inet 127.0.0.1/8 +jexec ${rjid} ifconfig ${mrep}b inet 192.0.2.6/30 up +jexec ${rjid} ifconfig ${mrep}b inet6 2001:db8:1::2/64 alias + +jexec ${rjid} route add default 192.0.2.5 +jexec ${rjid} route add -inet6 default 2001:db8:1::1 + +# ------------------------------------------------------------------------------ +# Tests +# +# The jails are not chrooted to they all share the same base filesystem. +# This means we can put results into /tmp and just collect them from here. +# +echo "==> Running tests" + +#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +i=1 +run_test_tp "TEST ${i} IPv4 UDP redirect local to other local address, same port" \ + 192.0.2.6 192.0.2.5 192.0.2.255 "" 12345 udp "-4" + +i=$((i + 1)) +run_test_tp "TEST ${i} IPv4 UDP redirect local to other local address, different port" \ + 192.0.2.6 192.0.2.5 192.0.2.255 ",65534" 12345 udp "-4" + +#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +i=$((i + 1)) +run_test_tp "TEST ${i} IPv4 TCP redirect local to other local address, same port" \ + 192.0.2.6 192.0.2.5 192.0.2.255 "" 12345 tcp "-4" + +i=$((i + 1)) +run_test_tp "TEST ${i} IPv4 TCP redirect local to other local address, different port" \ + 192.0.2.6 192.0.2.5 192.0.2.255 ",65534" 12345 tcp "-4" + +#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +i=$((i + 1)) +run_test_tp "TEST ${i} IPv4 UDP redirect foreign to local address, same port" \ + 192.0.2.6 192.0.2.1 192.0.2.255 "" 12345 udp "-4" + +i=$((i + 1)) +run_test_tp "TEST ${i} IPv4 UDP redirect foreign to local address, different port" \ + 192.0.2.6 192.0.2.1 192.0.2.255 ",65534" 12345 udp "-4" + +#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +i=$((i + 1)) +run_test_tp "TEST ${i} IPv4 TCP redirect foreign to local address, same port" \ + 192.0.2.6 192.0.2.1 192.0.2.255 "" 12345 tcp "-4" + +i=$((i + 1)) +run_test_tp "TEST ${i} IPv4 TCP redirect foreign to local address, different port" \ + 192.0.2.6 192.0.2.1 192.0.2.255 ",65534" 12345 tcp "-4" + +#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +i=$((i + 1)) +run_test_tp "TEST ${i} IPv6 UDP redirect local to other local address, same port" \ + 2001:db8:1::2 2001:db8::1 2001:db8:ffff::1 "" 12345 udp "-6" + +i=$((i + 1)) +run_test_tp "TEST ${i} IPv6 UDP redirect local to other local address, different port" \ + 2001:db8:1::2 2001:db8::1 2001:db8:ffff::1 ",65534" 12345 udp "-6" + +#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +i=$((i + 1)) +run_test_tp "TEST ${i} IPv6 TCP redirect local to other local address, same port" \ + 2001:db8:1::2 2001:db8::1 2001:db8:ffff::1 "" 12345 tcp "-6" + +i=$((i + 1)) +run_test_tp "TEST ${i} IPv6 TCP redirect local to other local address, different port" \ + 2001:db8:1::2 2001:db8::1 2001:db8:ffff::1 ",65534" 12345 tcp "-6" + +#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +i=$((i + 1)) +run_test_tp "TEST ${i} IPv6 UDP redirect foreign to local address, same port" \ + 2001:db8:1::2 2001:db8::1 2001:db8:ffff::1 "" 12345 udp "-6" + +i=$((i + 1)) +run_test_tp "TEST ${i} IPv6 UDP redirect foreign to local address, different port" \ + 2001:db8:1::2 2001:db8::1 2001:db8:ffff::1 ",65534" 12345 udp "-6" + +#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +i=$((i + 1)) +run_test_tp "TEST ${i} IPv6 TCP redirect foreign to local address, same port" \ + 2001:db8:1::2 2001:db8::1 2001:db8:ffff::1 "" 12345 tcp "-6" + +i=$((i + 1)) +run_test_tp "TEST ${i} IPv6 TCP redirect foreign to local address, different port" \ + 2001:db8:1::2 2001:db8::1 2001:db8:ffff::1 ",65534" 12345 tcp "-6" + +#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +i=$((i + 1)) +run_test_nh "TEST ${i} IPv4 UDP redirect to foreign address" \ + 192.0.2.6 192.0.2.5 192.0.2.1 "" 12345 udp "-4" + +i=$((i + 1)) +run_test_nh "TEST ${i} IPv4 TCP redirect to foreign address" \ + 192.0.2.6 192.0.2.5 192.0.2.1 "" 12345 tcp "-4" + +#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +i=$((i + 1)) +run_test_nh "TEST ${i} IPv6 UDP redirect to foreign address" \ + 2001:db8:1::2 2001:db8:1::1 2001:db8::1 "" 12345 udp "-6" + +i=$((i + 1)) +run_test_nh "TEST ${i} IPv6 TCP redirect to foreign address" \ + 2001:db8:1::2 2001:db8:1::1 2001:db8::1 "" 12345 tcp "-6" + +################################################################################ +# +# Cleanup +# +echo "==> Cleaning up in 3 seconds" +# Let VIMAGE network stacks settle to avoid panics while still "experimental". +sleep 3 + +jail -r ${rjid} +jail -r ${mjid} +jail -r ${ljid} + +for jid in ${rjid} ${mjid} ${ljid}; do + while : ; do + x=`jls -as -j ${jid} jid 2>/dev/null` + case "${x}" in + jid=*) echo "Waiting for jail ${jid} to stop." >&2 + sleep 1 + continue + ;; + esac + break + done +done + +ifconfig ${lmep}a destroy +ifconfig ${mrep}a destroy + +# end |