if_ovpn tests: fix route_to test case

* Move the .254 address to the tunnel device so we reply through the tunnel. * Remove the network route to 'break' routing, which we then 'fix' with pf's route-to, which is the functionality we wanted to test in the first place. Reported by: markj Sponsored by: Rubicon Communications, LLC ("Netgate")
2023-05-08 17:44:47 +02:00 · 2023-05-08 17:44:47 +02:00 · f76df4718d
commit f76df4718d
parent f7ee28e755
1 changed files with 11 additions and 13 deletions
--- a/tests/sys/net/if_ovpn/if_ovpn.sh
+++ b/tests/sys/net/if_ovpn/if_ovpn.sh
@ -91,6 +91,8 @@ atf_test_case "4in4" "cleanup"
 	# Give the tunnel time to come up
 	sleep 10

+	atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.1
+
 	echo 'foo' | jexec b nc -u -w 2 192.0.2.1 1194
 	atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
 }
@ -702,7 +704,6 @@ route_to_body()

 	vnet_mkjail a ${l}a
 	jexec a ifconfig ${l}a 192.0.2.1/24 up
-	jexec a ifconfig ${l}a inet alias 198.51.100.254/24
 	vnet_mkjail b ${l}b ${n}a
 	jexec b ifconfig ${l}b 192.0.2.2/24 up
 	jexec b ifconfig ${n}a up
@ -751,26 +752,23 @@ route_to_body()

 	# Give the tunnel time to come up
 	sleep 10
+	jexec a ifconfig ovpn0 inet alias 198.51.100.254/24

 	# Check the tunnel
-	atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.1
-	atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.254
+	atf_check -s exit:0 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.1
+	atf_check -s exit:0 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.254

-	# Break our routes so that we need a route-to to make things work.
-	jexec b ifconfig ${n}a 198.51.100.3/24
-	atf_check -s exit:2 -o ignore jexec b ping -c 1 -t 1 -S 198.51.100.2 198.51.100.254
+	# Break our route to .254 so that we need a route-to to make things work.
+	jexec b ifconfig ${n}a 203.0.113.1/24 up
+	jexec b route add 198.51.100.254 -interface ${n}a
+
+	# Make sure it's broken.
+	atf_check -s exit:2 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.254

 	jexec b pfctl -e
 	pft_set_rules b \
 		"pass out route-to (tun0 198.51.100.1) proto icmp from 198.51.100.2 "
 	atf_check -s exit:0 -o ignore jexec b ping -c 3 -S 198.51.100.2 198.51.100.254
-
-	# And this keeps working even if we don't have a route to 198.51.100.0/24 via if_ovpn
-	jexec b route del -net 198.51.100.0/24
-	jexec b route add -net 198.51.100.0/24 -interface ${n}a
-	pft_set_rules b \
-		"pass out route-to (tun0 198.51.100.3) proto icmp from 198.51.100.2 "
-	atf_check -s exit:0 -o ignore jexec b ping -c 3 -S 198.51.100.2 198.51.100.254
 }

 route_to_cleanup()