Path: blob/main/tools/regression/ipfw/fwd/vimage-fwd.sh
48260 views
#!/bin/sh1#-2# Copyright (c) 2010, "Bjoern A. Zeeb" <[email protected]>3# Copyright (c) 2011, Sandvine Incorporated ULC.4# All rights reserved.5#6# Redistribution and use in source and binary forms, with or without7# modification, are permitted provided that the following conditions8# are met:9# 1. Redistributions of source code must retain the above copyright10# notice, this list of conditions and the following disclaimer.11# 2. Redistributions in binary form must reproduce the above copyright12# notice, this list of conditions and the following disclaimer in the13# documentation and/or other materials provided with the distribution.14#15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF25# SUCH DAMAGE.26#27#2829#30# Test ipfw fwd for IPv4 and IPv6 using VIMAGE, testing that as well.31# For no test the packet header contents must be changed but always32# keeping the original destination.33#3435case `id -u` in360) ;;37*) echo "ERROR: Must be run as superuser." >&238exit 239esac4041epair_base()42{43local ep4445ep=`ifconfig epair create`46expr ${ep} : '\(.*\).'47}4849debug_err()50{51local _p52_p="$1"5354case "${DEBUG}" in55"") ;;56*)57echo " ~~ start of debug ~~"58echo " ~~ left:"59jexec ${ljid} /sbin/ipfw show60echo " ~~ middle:"61jexec ${mjid} /sbin/ipfw show62echo " ~~ right:"63jexec ${rjid} /sbin/ipfw show64echo " ~~ result file:"65cat ${_p}.166echo " ~~ log file:"67cat ${_p}68echo " ~~ end of debug ~~"69;;70esac71}7273check_cleanup_result_file()74{75local _p76_p="$1"7778if test ! -s ${_p}.1; then79echo "FAIL (output file empty)."80debug_err ${_p}81else82read line < ${_p}.183# Netcat adds 'X's in udp mode.84l="/${line#*/}"85if test "${l}" = "${_p}"; then86echo "PASS."87else88echo "FAIL (expected: '${_p}' got '${l}')."89debug_err ${_p}90fi91fi9293rm -f ${_p}.194rm -f ${_p}95}9697# Transparent proxy scenario (local address).98run_test_tp()99{100local _descr101local _sip _dip _fip _fport _dport _p102local _nc_af _nc_p103local _lport104descr="$1"105_sip="$2"106_dip="$3"107_fip="$4"108_fport="$5"109_dport="$6"110_p="$7"111_nc_af="$8"112113_lport=${_dport}114case "${_fport}" in115"") _lport="${_dport}" ;;116*) _lport="${_fport#,}" ;;117esac118119case "${_p}" in120udp) _nc_p="-u" ;;121esac122123OUT=`mktemp -t "ipfwfwd$$-XXXXXX"`124echo -n "${descr} (${OUT}).."125(126jexec ${ljid} /sbin/ipfw -f flush127jexec ${ljid} /sbin/ipfw -f zero128jexec ${mjid} /sbin/ipfw -f flush129jexec ${mjid} /sbin/ipfw -f zero130jexec ${rjid} /sbin/ipfw -f flush131jexec ${rjid} /sbin/ipfw -f zero132jexec ${mjid} /sbin/ipfw add 100 fwd ${_fip}${_fport} ${_p} from ${_sip} to ${_dip}133134jexec ${mjid} /bin/sh -c "nc -w 10 ${_nc_af} -n ${_nc_p} -l ${_fip} ${_lport} > ${OUT}.1 &"135jexec ${rjid} /bin/sh -c "echo '${OUT}' | nc -w 1 -v ${_nc_af} -n ${_nc_p} ${_dip} ${_dport}"136) > ${OUT} 2>&1137check_cleanup_result_file "${OUT}"138}139140# Transparent redirect scenario (non-local address).141run_test_nh()142{143local _descr144local _sip _dip _fip _fport _dport _p145local _nc_af _nc_p146local _lport147descr="$1"148_sip="$2"149_dip="$3"150_fip="$4"151_fport="$5"152_dport="$6"153_p="$7"154_nc_af="$8"155156_lport=${_dport}157case "${_fport}" in158"") _lport="${_dport}" ;;159*) _lport="${_fport#,}" ;;160esac161162case "${_p}" in163udp) _nc_p="-u" ;;164esac165166OUT=`mktemp -t "ipfwfwd$$-XXXXXX"`167echo -n "${descr} (${OUT}).."168(169jexec ${ljid} /sbin/ipfw -f flush170jexec ${ljid} /sbin/ipfw -f zero171jexec ${mjid} /sbin/ipfw -f flush172jexec ${mjid} /sbin/ipfw -f zero173jexec ${rjid} /sbin/ipfw -f flush174jexec ${rjid} /sbin/ipfw -f zero175jexec ${mjid} /sbin/ipfw add 100 fwd ${_fip} ${_p} from ${_sip} to ${_dip}176177jexec ${ljid} /bin/sh -c "nc -w 10 ${_nc_af} -n ${_nc_p} -l ${_dip} ${_lport} > ${OUT}.1 &"178jexec ${rjid} /bin/sh -c "echo '${OUT}' | nc -w 1 -v ${_nc_af} -n ${_nc_p} ${_dip} ${_dport}"179) > ${OUT} 2>&1180check_cleanup_result_file "${OUT}"181}182183echo "==> Setting up test network"184kldload -q ipfw > /dev/null 2>&1185186# Start left (sender) jail.187ljid=`jail -i -c -n lef$$ host.hostname=left.example.net vnet persist`188189# Start middle (ipfw) jail.190mjid=`jail -i -c -n mid$$ host.hostname=center.example.net vnet persist`191192# Start right (non-local ip redirects go to here) jail.193rjid=`jail -i -c -n right$$ host.hostname=right.example.net vnet persist`194195echo "left ${ljid} middle ${mjid} right ${rjid}"196197# Create networking.198#199# jail: left middle right200# ifaces: lmep:a ---- lmep:b mrep:a ---- mrep:b201#202203jexec ${mjid} sysctl net.inet.ip.forwarding=1204jexec ${mjid} sysctl net.inet6.ip6.forwarding=1205jexec ${mjid} sysctl net.inet6.ip6.accept_rtadv=0206207lmep=$(epair_base)208ifconfig ${lmep}a vnet ${ljid}209ifconfig ${lmep}b vnet ${mjid}210211jexec ${ljid} ifconfig lo0 inet 127.0.0.1/8212jexec ${ljid} ifconfig lo0 inet 192.0.2.5/32 alias # Test 9-10213jexec ${ljid} ifconfig lo0 inet6 2001:db8:1::1/128 alias # Test 11-12214jexec ${ljid} ifconfig ${lmep}a inet 192.0.2.1/30 up215jexec ${ljid} ifconfig ${lmep}a inet6 2001:db8::1/64 alias216217jexec ${ljid} route add default 192.0.2.2218jexec ${ljid} route add -inet6 default 2001:db8::2219220jexec ${mjid} ifconfig lo0 inet 127.0.0.1/8221jexec ${mjid} ifconfig lo0 inet 192.0.2.255/32 alias # Test 1-4222jexec ${mjid} ifconfig lo0 inet6 2001:db8:ffff::1/128 alias # Test 5-8223jexec ${mjid} ifconfig ${lmep}b inet 192.0.2.2/30 up224jexec ${mjid} ifconfig ${lmep}b inet6 2001:db8::2/64 alias225jexec ${mjid} route add default 192.0.2.1226227mrep=$(epair_base)228ifconfig ${mrep}a vnet ${mjid}229ifconfig ${mrep}b vnet ${rjid}230231jexec ${mjid} ifconfig ${mrep}a inet 192.0.2.5/30 up232jexec ${mjid} ifconfig ${mrep}a inet6 2001:db8:1::1/64 alias233234jexec ${rjid} ifconfig lo0 inet 127.0.0.1/8235jexec ${rjid} ifconfig ${mrep}b inet 192.0.2.6/30 up236jexec ${rjid} ifconfig ${mrep}b inet6 2001:db8:1::2/64 alias237238jexec ${rjid} route add default 192.0.2.5239jexec ${rjid} route add -inet6 default 2001:db8:1::1240241# ------------------------------------------------------------------------------242# Tests243#244# The jails are not chrooted to they all share the same base filesystem.245# This means we can put results into /tmp and just collect them from here.246#247echo "==> Running tests"248249#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -250i=1251run_test_tp "TEST ${i} IPv4 UDP redirect local to other local address, same port" \252192.0.2.6 192.0.2.5 192.0.2.255 "" 12345 udp "-4"253254i=$((i + 1))255run_test_tp "TEST ${i} IPv4 UDP redirect local to other local address, different port" \256192.0.2.6 192.0.2.5 192.0.2.255 ",65534" 12345 udp "-4"257258#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -259i=$((i + 1))260run_test_tp "TEST ${i} IPv4 TCP redirect local to other local address, same port" \261192.0.2.6 192.0.2.5 192.0.2.255 "" 12345 tcp "-4"262263i=$((i + 1))264run_test_tp "TEST ${i} IPv4 TCP redirect local to other local address, different port" \265192.0.2.6 192.0.2.5 192.0.2.255 ",65534" 12345 tcp "-4"266267#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -268i=$((i + 1))269run_test_tp "TEST ${i} IPv4 UDP redirect foreign to local address, same port" \270192.0.2.6 192.0.2.1 192.0.2.255 "" 12345 udp "-4"271272i=$((i + 1))273run_test_tp "TEST ${i} IPv4 UDP redirect foreign to local address, different port" \274192.0.2.6 192.0.2.1 192.0.2.255 ",65534" 12345 udp "-4"275276#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -277i=$((i + 1))278run_test_tp "TEST ${i} IPv4 TCP redirect foreign to local address, same port" \279192.0.2.6 192.0.2.1 192.0.2.255 "" 12345 tcp "-4"280281i=$((i + 1))282run_test_tp "TEST ${i} IPv4 TCP redirect foreign to local address, different port" \283192.0.2.6 192.0.2.1 192.0.2.255 ",65534" 12345 tcp "-4"284285#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -286i=$((i + 1))287run_test_tp "TEST ${i} IPv6 UDP redirect local to other local address, same port" \2882001:db8:1::2 2001:db8::1 2001:db8:ffff::1 "" 12345 udp "-6"289290i=$((i + 1))291run_test_tp "TEST ${i} IPv6 UDP redirect local to other local address, different port" \2922001:db8:1::2 2001:db8::1 2001:db8:ffff::1 ",65534" 12345 udp "-6"293294#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -295i=$((i + 1))296run_test_tp "TEST ${i} IPv6 TCP redirect local to other local address, same port" \2972001:db8:1::2 2001:db8::1 2001:db8:ffff::1 "" 12345 tcp "-6"298299i=$((i + 1))300run_test_tp "TEST ${i} IPv6 TCP redirect local to other local address, different port" \3012001:db8:1::2 2001:db8::1 2001:db8:ffff::1 ",65534" 12345 tcp "-6"302303#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -304i=$((i + 1))305run_test_tp "TEST ${i} IPv6 UDP redirect foreign to local address, same port" \3062001:db8:1::2 2001:db8::1 2001:db8:ffff::1 "" 12345 udp "-6"307308i=$((i + 1))309run_test_tp "TEST ${i} IPv6 UDP redirect foreign to local address, different port" \3102001:db8:1::2 2001:db8::1 2001:db8:ffff::1 ",65534" 12345 udp "-6"311312#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -313i=$((i + 1))314run_test_tp "TEST ${i} IPv6 TCP redirect foreign to local address, same port" \3152001:db8:1::2 2001:db8::1 2001:db8:ffff::1 "" 12345 tcp "-6"316317i=$((i + 1))318run_test_tp "TEST ${i} IPv6 TCP redirect foreign to local address, different port" \3192001:db8:1::2 2001:db8::1 2001:db8:ffff::1 ",65534" 12345 tcp "-6"320321#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -322i=$((i + 1))323run_test_nh "TEST ${i} IPv4 UDP redirect to foreign address" \324192.0.2.6 192.0.2.5 192.0.2.1 "" 12345 udp "-4"325326i=$((i + 1))327run_test_nh "TEST ${i} IPv4 TCP redirect to foreign address" \328192.0.2.6 192.0.2.5 192.0.2.1 "" 12345 tcp "-4"329330#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -331i=$((i + 1))332run_test_nh "TEST ${i} IPv6 UDP redirect to foreign address" \3332001:db8:1::2 2001:db8:1::1 2001:db8::1 "" 12345 udp "-6"334335i=$((i + 1))336run_test_nh "TEST ${i} IPv6 TCP redirect to foreign address" \3372001:db8:1::2 2001:db8:1::1 2001:db8::1 "" 12345 tcp "-6"338339################################################################################340#341# Cleanup342#343echo "==> Cleaning up in 3 seconds"344# Let VIMAGE network stacks settle to avoid panics while still "experimental".345sleep 3346347jail -r ${rjid}348jail -r ${mjid}349jail -r ${ljid}350351for jid in ${rjid} ${mjid} ${ljid}; do352while : ; do353x=`jls -as -j ${jid} jid 2>/dev/null`354case "${x}" in355jid=*) echo "Waiting for jail ${jid} to stop." >&2356sleep 1357continue358;;359esac360break361done362done363364ifconfig ${lmep}a destroy365ifconfig ${mrep}a destroy366367# end368369370