From f76df4718d27f512a7f02cccc12b9b10cf6ad13a Mon Sep 17 00:00:00 2001
From: Kristof Provost <kp@FreeBSD.org>
Date: Mon, 8 May 2023 17:44:47 +0200
Subject: [PATCH] if_ovpn tests: fix route_to test case

* Move the .254 address to the tunnel device so we reply through the
  tunnel.
* Remove the network route to 'break' routing, which we then 'fix' with
  pf's route-to, which is the functionality we wanted to test in the
  first place.

Reported by:	markj
Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 tests/sys/net/if_ovpn/if_ovpn.sh | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/tests/sys/net/if_ovpn/if_ovpn.sh b/tests/sys/net/if_ovpn/if_ovpn.sh
index 51d21b826e72..5500dd9f1f41 100644
--- a/tests/sys/net/if_ovpn/if_ovpn.sh
+++ b/tests/sys/net/if_ovpn/if_ovpn.sh
@@ -91,6 +91,8 @@ atf_test_case "4in4" "cleanup"
 	# Give the tunnel time to come up
 	sleep 10
 
+	atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.1
+
 	echo 'foo' | jexec b nc -u -w 2 192.0.2.1 1194
 	atf_check -s exit:0 -o ignore jexec b ping -c 3 198.51.100.1
 }
@@ -702,7 +704,6 @@ route_to_body()
 
 	vnet_mkjail a ${l}a
 	jexec a ifconfig ${l}a 192.0.2.1/24 up
-	jexec a ifconfig ${l}a inet alias 198.51.100.254/24
 	vnet_mkjail b ${l}b ${n}a
 	jexec b ifconfig ${l}b 192.0.2.2/24 up
 	jexec b ifconfig ${n}a up
@@ -751,26 +752,23 @@ route_to_body()
 
 	# Give the tunnel time to come up
 	sleep 10
+	jexec a ifconfig ovpn0 inet alias 198.51.100.254/24
 
 	# Check the tunnel
-	atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.1
-	atf_check -s exit:0 -o ignore jexec b ping -c 1 198.51.100.254
+	atf_check -s exit:0 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.1
+	atf_check -s exit:0 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.254
 
-	# Break our routes so that we need a route-to to make things work.
-	jexec b ifconfig ${n}a 198.51.100.3/24
-	atf_check -s exit:2 -o ignore jexec b ping -c 1 -t 1 -S 198.51.100.2 198.51.100.254
+	# Break our route to .254 so that we need a route-to to make things work.
+	jexec b ifconfig ${n}a 203.0.113.1/24 up
+	jexec b route add 198.51.100.254 -interface ${n}a
+
+	# Make sure it's broken.
+	atf_check -s exit:2 -o ignore jexec b ping -c 1 -S 198.51.100.2 198.51.100.254
 
 	jexec b pfctl -e
 	pft_set_rules b \
 		"pass out route-to (tun0 198.51.100.1) proto icmp from 198.51.100.2 "
 	atf_check -s exit:0 -o ignore jexec b ping -c 3 -S 198.51.100.2 198.51.100.254
-
-	# And this keeps working even if we don't have a route to 198.51.100.0/24 via if_ovpn
-	jexec b route del -net 198.51.100.0/24
-	jexec b route add -net 198.51.100.0/24 -interface ${n}a
-	pft_set_rules b \
-		"pass out route-to (tun0 198.51.100.3) proto icmp from 198.51.100.2 "
-	atf_check -s exit:0 -o ignore jexec b ping -c 3 -S 198.51.100.2 198.51.100.254
 }
 
 route_to_cleanup()