summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorClaudio Jeker <claudio@cvs.openbsd.org>2022-10-31 18:34:12 +0000
committerClaudio Jeker <claudio@cvs.openbsd.org>2022-10-31 18:34:12 +0000
commitdc2be189e9c2d2a367329981458d27d9852df6a3 (patch)
tree685432ef8981e3817cb9e7fee123ffe57b3dc575
parentc89f4207c50a71d59238b100de860ed01c12aae5 (diff)
Add a intergration test that checks if the pftable feature works.
-rw-r--r--regress/usr.sbin/bgpd/integrationtests/Makefile7
-rw-r--r--regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain1.conf18
-rw-r--r--regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain2_1.conf24
-rw-r--r--regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain2_2.conf26
-rw-r--r--regress/usr.sbin/bgpd/integrationtests/pftable.sh109
5 files changed, 182 insertions, 2 deletions
diff --git a/regress/usr.sbin/bgpd/integrationtests/Makefile b/regress/usr.sbin/bgpd/integrationtests/Makefile
index bacc2622228..c7489f9cf86 100644
--- a/regress/usr.sbin/bgpd/integrationtests/Makefile
+++ b/regress/usr.sbin/bgpd/integrationtests/Makefile
@@ -1,6 +1,6 @@
-# $OpenBSD: Makefile,v 1.17 2022/10/31 18:31:36 claudio Exp $
+# $OpenBSD: Makefile,v 1.18 2022/10/31 18:34:11 claudio Exp $
-REGRESS_TARGETS = network_statement md5 ovs mrt \
+REGRESS_TARGETS = network_statement md5 ovs mrt pftable \
maxprefix maxprefixout maxcomm \
as0 med eval_all policy
@@ -23,6 +23,9 @@ ovs:
policy:
${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12
+pftable:
+ ${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12
+
mrt:
${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11
diff --git a/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain1.conf b/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain1.conf
new file mode 100644
index 00000000000..b8beec906e6
--- /dev/null
+++ b/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain1.conf
@@ -0,0 +1,18 @@
+AS 4200000001
+router-id 10.12.57.1
+fib-update no
+
+log updates
+
+neighbor 10.12.57.2 {
+ descr "RDOMAIN2_1"
+ remote-as 4200000002
+}
+neighbor 10.12.57.3 {
+ descr "RDOMAIN2_2"
+ remote-as 4200000003
+}
+
+
+allow from any set pftable "bgpd_integ_test"
+deny to any
diff --git a/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain2_1.conf b/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain2_1.conf
new file mode 100644
index 00000000000..9ba5dc27f61
--- /dev/null
+++ b/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain2_1.conf
@@ -0,0 +1,24 @@
+AS 4200000002
+router-id 10.12.57.2
+fib-update no
+
+log updates
+
+listen on 10.12.57.2
+
+prefix-set mynetworks {
+ 10.12.62.0/24
+ 10.12.63.0/24
+ 10.12.64.0/24
+}
+
+network prefix-set mynetworks
+
+neighbor 10.12.57.1 {
+ descr "RDOMAIN1"
+ remote-as 4200000001
+ local-address 10.12.57.2
+}
+
+deny from any
+allow to any
diff --git a/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain2_2.conf b/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain2_2.conf
new file mode 100644
index 00000000000..879ab3a9c2e
--- /dev/null
+++ b/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain2_2.conf
@@ -0,0 +1,26 @@
+AS 4200000003
+router-id 10.12.57.3
+fib-update no
+
+log updates
+
+listen on 10.12.57.3
+
+socket "/var/run/bgpd.sock.12_2"
+
+prefix-set mynetworks {
+ 10.12.62.0/24
+ 10.12.63.0/24
+ 10.12.64.0/24
+}
+
+network prefix-set mynetworks
+
+neighbor 10.12.57.1 {
+ descr "RDOMAIN1"
+ remote-as 4200000001
+ local-address 10.12.57.3
+}
+
+deny from any
+allow to any
diff --git a/regress/usr.sbin/bgpd/integrationtests/pftable.sh b/regress/usr.sbin/bgpd/integrationtests/pftable.sh
new file mode 100644
index 00000000000..0e9ded3128d
--- /dev/null
+++ b/regress/usr.sbin/bgpd/integrationtests/pftable.sh
@@ -0,0 +1,109 @@
+#!/bin/ksh
+# $OpenBSD: pftable.sh,v 1.1 2022/10/31 18:34:11 claudio Exp $
+
+set -e
+
+BGPD=$1
+BGPDCONFIGDIR=$2
+RDOMAIN1=$3
+RDOMAIN2=$4
+PAIR1=$5
+PAIR2=$6
+
+RDOMAINS="${RDOMAIN1} ${RDOMAIN2}"
+PAIRS="${PAIR1} ${PAIR2}"
+PAIR1IP=10.12.57.1
+PAIR2IP=10.12.57.2
+PAIR2IP2=10.12.57.3
+
+error_notify() {
+ echo cleanup
+ pfctl -q -t bgpd_integ_test -T kill
+ pkill -T ${RDOMAIN1} bgpd || true
+ pkill -T ${RDOMAIN2} bgpd || true
+ sleep 1
+ ifconfig ${PAIR2} destroy || true
+ ifconfig ${PAIR1} destroy || true
+ route -qn -T ${RDOMAIN1} flush || true
+ route -qn -T ${RDOMAIN2} flush || true
+ ifconfig lo${RDOMAIN1} destroy || true
+ ifconfig lo${RDOMAIN2} destroy || true
+ if [ $1 -ne 0 ]; then
+ echo FAILED
+ exit 1
+ else
+ echo SUCCESS
+ fi
+}
+
+if [ "$(id -u)" -ne 0 ]; then
+ echo need root privileges >&2
+ exit 1
+fi
+
+trap 'error_notify $?' EXIT
+
+echo check if rdomains are busy
+for n in ${RDOMAINS}; do
+ if /sbin/ifconfig | grep -v "^lo${n}:" | grep " rdomain ${n} "; then
+ echo routing domain ${n} is already used >&2
+ exit 1
+ fi
+done
+
+echo check if interfaces are busy
+for n in ${PAIRS}; do
+ /sbin/ifconfig "${n}" >/dev/null 2>&1 && \
+ ( echo interface ${n} is already used >&2; exit 1 )
+done
+
+set -x
+
+echo setup
+ifconfig ${PAIR1} rdomain ${RDOMAIN1} ${PAIR1IP}/29 up
+ifconfig ${PAIR2} rdomain ${RDOMAIN2} ${PAIR2IP}/29 up
+ifconfig ${PAIR2} alias ${PAIR2IP2}/32
+ifconfig ${PAIR1} patch ${PAIR2}
+ifconfig lo${RDOMAIN1} inet 127.0.0.1/8
+ifconfig lo${RDOMAIN2} inet 127.0.0.1/8
+
+# create an empty table
+pfctl -q -t bgpd_integ_test -T add 1.1.1.1
+pfctl -q -t bgpd_integ_test -T del 1.1.1.1
+
+echo run bgpds
+route -T ${RDOMAIN1} exec ${BGPD} \
+ -v -f ${BGPDCONFIGDIR}/bgpd.pftable.rdomain1.conf
+sleep 2
+route -T ${RDOMAIN2} exec ${BGPD} \
+ -v -f ${BGPDCONFIGDIR}/bgpd.pftable.rdomain2_1.conf
+route -T ${RDOMAIN2} exec ${BGPD} \
+ -v -f ${BGPDCONFIGDIR}/bgpd.pftable.rdomain2_2.conf
+
+sleep 3
+
+echo Check default prefixes
+route -T ${RDOMAIN1} exec bgpctl show
+echo List pf table
+pfctl -t bgpd_integ_test -T show
+pfctl -t bgpd_integ_test -T test 10.12.62.1
+pfctl -t bgpd_integ_test -T test 10.12.63.1
+pfctl -t bgpd_integ_test -T test 10.12.64.1
+
+echo Add prefix
+route -T ${RDOMAIN2} exec bgpctl network add 10.12.69.0/24
+sleep 1
+pfctl -t bgpd_integ_test -T test 10.12.69.1
+route -T ${RDOMAIN2} exec bgpctl -s /var/run/bgpd.sock.12_2 network add 10.12.69.0/24
+sleep 1
+pfctl -t bgpd_integ_test -T test 10.12.69.1
+
+echo Remove prefix
+route -T ${RDOMAIN2} exec bgpctl network del 10.12.69.0/24
+sleep 1
+pfctl -t bgpd_integ_test -T test 10.12.69.1
+route -T ${RDOMAIN2} exec bgpctl -s /var/run/bgpd.sock.12_2 network del 10.12.69.0/24
+sleep 1
+! pfctl -t bgpd_integ_test -T test 10.12.69.1
+
+exit 0