diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2022-10-31 18:34:12 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2022-10-31 18:34:12 +0000 |
| commit | dc2be189e9c2d2a367329981458d27d9852df6a3 (patch) | |
| tree | 685432ef8981e3817cb9e7fee123ffe57b3dc575 /regress/usr.sbin | |
| parent | c89f4207c50a71d59238b100de860ed01c12aae5 (diff) | |
Add a intergration test that checks if the pftable feature works.
Diffstat (limited to 'regress/usr.sbin')
5 files changed, 182 insertions, 2 deletions
diff --git a/regress/usr.sbin/bgpd/integrationtests/Makefile b/regress/usr.sbin/bgpd/integrationtests/Makefile index bacc2622228..c7489f9cf86 100644 --- a/regress/usr.sbin/bgpd/integrationtests/Makefile +++ b/regress/usr.sbin/bgpd/integrationtests/Makefile @@ -1,6 +1,6 @@ -# $OpenBSD: Makefile,v 1.17 2022/10/31 18:31:36 claudio Exp $ +# $OpenBSD: Makefile,v 1.18 2022/10/31 18:34:11 claudio Exp $ -REGRESS_TARGETS = network_statement md5 ovs mrt \ +REGRESS_TARGETS = network_statement md5 ovs mrt pftable \ maxprefix maxprefixout maxcomm \ as0 med eval_all policy @@ -23,6 +23,9 @@ ovs: policy: ${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12 +pftable: + ${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12 + mrt: ${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 diff --git a/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain1.conf b/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain1.conf new file mode 100644 index 00000000000..b8beec906e6 --- /dev/null +++ b/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain1.conf @@ -0,0 +1,18 @@ +AS 4200000001 +router-id 10.12.57.1 +fib-update no + +log updates + +neighbor 10.12.57.2 { + descr "RDOMAIN2_1" + remote-as 4200000002 +} +neighbor 10.12.57.3 { + descr "RDOMAIN2_2" + remote-as 4200000003 +} + + +allow from any set pftable "bgpd_integ_test" +deny to any diff --git a/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain2_1.conf b/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain2_1.conf new file mode 100644 index 00000000000..9ba5dc27f61 --- /dev/null +++ b/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain2_1.conf @@ -0,0 +1,24 @@ +AS 4200000002 +router-id 10.12.57.2 +fib-update no + +log updates + +listen on 10.12.57.2 + +prefix-set mynetworks { + 10.12.62.0/24 + 10.12.63.0/24 + 10.12.64.0/24 +} + +network prefix-set mynetworks + +neighbor 10.12.57.1 { + descr "RDOMAIN1" + remote-as 4200000001 + local-address 10.12.57.2 +} + +deny from any +allow to any diff --git a/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain2_2.conf b/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain2_2.conf new file mode 100644 index 00000000000..879ab3a9c2e --- /dev/null +++ b/regress/usr.sbin/bgpd/integrationtests/bgpd.pftable.rdomain2_2.conf @@ -0,0 +1,26 @@ +AS 4200000003 +router-id 10.12.57.3 +fib-update no + +log updates + +listen on 10.12.57.3 + +socket "/var/run/bgpd.sock.12_2" + +prefix-set mynetworks { + 10.12.62.0/24 + 10.12.63.0/24 + 10.12.64.0/24 +} + +network prefix-set mynetworks + +neighbor 10.12.57.1 { + descr "RDOMAIN1" + remote-as 4200000001 + local-address 10.12.57.3 +} + +deny from any +allow to any diff --git a/regress/usr.sbin/bgpd/integrationtests/pftable.sh b/regress/usr.sbin/bgpd/integrationtests/pftable.sh new file mode 100644 index 00000000000..0e9ded3128d --- /dev/null +++ b/regress/usr.sbin/bgpd/integrationtests/pftable.sh @@ -0,0 +1,109 @@ +#!/bin/ksh +# $OpenBSD: pftable.sh,v 1.1 2022/10/31 18:34:11 claudio Exp $ + +set -e + +BGPD=$1 +BGPDCONFIGDIR=$2 +RDOMAIN1=$3 +RDOMAIN2=$4 +PAIR1=$5 +PAIR2=$6 + +RDOMAINS="${RDOMAIN1} ${RDOMAIN2}" +PAIRS="${PAIR1} ${PAIR2}" +PAIR1IP=10.12.57.1 +PAIR2IP=10.12.57.2 +PAIR2IP2=10.12.57.3 + +error_notify() { + echo cleanup + pfctl -q -t bgpd_integ_test -T kill + pkill -T ${RDOMAIN1} bgpd || true + pkill -T ${RDOMAIN2} bgpd || true + sleep 1 + ifconfig ${PAIR2} destroy || true + ifconfig ${PAIR1} destroy || true + route -qn -T ${RDOMAIN1} flush || true + route -qn -T ${RDOMAIN2} flush || true + ifconfig lo${RDOMAIN1} destroy || true + ifconfig lo${RDOMAIN2} destroy || true + if [ $1 -ne 0 ]; then + echo FAILED + exit 1 + else + echo SUCCESS + fi +} + +if [ "$(id -u)" -ne 0 ]; then + echo need root privileges >&2 + exit 1 +fi + +trap 'error_notify $?' EXIT + +echo check if rdomains are busy +for n in ${RDOMAINS}; do + if /sbin/ifconfig | grep -v "^lo${n}:" | grep " rdomain ${n} "; then + echo routing domain ${n} is already used >&2 + exit 1 + fi +done + +echo check if interfaces are busy +for n in ${PAIRS}; do + /sbin/ifconfig "${n}" >/dev/null 2>&1 && \ + ( echo interface ${n} is already used >&2; exit 1 ) +done + +set -x + +echo setup +ifconfig ${PAIR1} rdomain ${RDOMAIN1} ${PAIR1IP}/29 up +ifconfig ${PAIR2} rdomain ${RDOMAIN2} ${PAIR2IP}/29 up +ifconfig ${PAIR2} alias ${PAIR2IP2}/32 +ifconfig ${PAIR1} patch ${PAIR2} +ifconfig lo${RDOMAIN1} inet 127.0.0.1/8 +ifconfig lo${RDOMAIN2} inet 127.0.0.1/8 + +# create an empty table +pfctl -q -t bgpd_integ_test -T add 1.1.1.1 +pfctl -q -t bgpd_integ_test -T del 1.1.1.1 + +echo run bgpds +route -T ${RDOMAIN1} exec ${BGPD} \ + -v -f ${BGPDCONFIGDIR}/bgpd.pftable.rdomain1.conf +sleep 2 +route -T ${RDOMAIN2} exec ${BGPD} \ + -v -f ${BGPDCONFIGDIR}/bgpd.pftable.rdomain2_1.conf +route -T ${RDOMAIN2} exec ${BGPD} \ + -v -f ${BGPDCONFIGDIR}/bgpd.pftable.rdomain2_2.conf + +sleep 3 + +echo Check default prefixes +route -T ${RDOMAIN1} exec bgpctl show +echo List pf table +pfctl -t bgpd_integ_test -T show +pfctl -t bgpd_integ_test -T test 10.12.62.1 +pfctl -t bgpd_integ_test -T test 10.12.63.1 +pfctl -t bgpd_integ_test -T test 10.12.64.1 + +echo Add prefix +route -T ${RDOMAIN2} exec bgpctl network add 10.12.69.0/24 +sleep 1 +pfctl -t bgpd_integ_test -T test 10.12.69.1 +route -T ${RDOMAIN2} exec bgpctl -s /var/run/bgpd.sock.12_2 network add 10.12.69.0/24 +sleep 1 +pfctl -t bgpd_integ_test -T test 10.12.69.1 + +echo Remove prefix +route -T ${RDOMAIN2} exec bgpctl network del 10.12.69.0/24 +sleep 1 +pfctl -t bgpd_integ_test -T test 10.12.69.1 +route -T ${RDOMAIN2} exec bgpctl -s /var/run/bgpd.sock.12_2 network del 10.12.69.0/24 +sleep 1 +! pfctl -t bgpd_integ_test -T test 10.12.69.1 + +exit 0 |