| icmp.sh (d0b2dbfa0ecf2bbc9709efc5e20baf8e4b44bbbf) | icmp.sh (34063cb714602972b6d985ad747fc8f66a8daae1) |
|---|---|
| 1# 2# SPDX-License-Identifier: BSD-2-Clause 3# 4# Copyright (c) 2019 Kristof Provost <kp@FreeBSD.org> 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: --- 57 unchanged lines hidden (view full) --- 66 --to 198.51.100.3 67} 68 69cve_2019_5598_cleanup() 70{ 71 pft_cleanup 72} 73 | 1# 2# SPDX-License-Identifier: BSD-2-Clause 3# 4# Copyright (c) 2019 Kristof Provost <kp@FreeBSD.org> 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: --- 57 unchanged lines hidden (view full) --- 66 --to 198.51.100.3 67} 68 69cve_2019_5598_cleanup() 70{ 71 pft_cleanup 72} 73 |
| 74atf_test_case "ttl_exceeded" "cleanup" 75ttl_exceeded_head() 76{ 77 atf_set descr 'Test that we correctly translate TTL exceeded back' 78 atf_set require.user root 79} 80 81ttl_exceeded_body() 82{ 83 pft_init 84 85 epair_srv=$(vnet_mkepair) 86 epair_int=$(vnet_mkepair) 87 epair_cl=$(vnet_mkepair) 88 89 vnet_mkjail srv ${epair_srv}a 90 jexec srv ifconfig ${epair_srv}a 192.0.2.1/24 up 91 jexec srv route add default 192.0.2.2 92 93 vnet_mkjail int ${epair_srv}b ${epair_int}a 94 jexec int sysctl net.inet.ip.forwarding=1 95 jexec int ifconfig ${epair_srv}b 192.0.2.2/24 up 96 jexec int ifconfig ${epair_int}a 203.0.113.2/24 up 97 98 vnet_mkjail nat ${epair_int}b ${epair_cl}b 99 jexec nat ifconfig ${epair_int}b 203.0.113.1/24 up 100 jexec nat ifconfig ${epair_cl}b 198.51.100.2/24 up 101 jexec nat sysctl net.inet.ip.forwarding=1 102 jexec nat route add default 203.0.113.2 103 104 vnet_mkjail cl ${epair_cl}a 105 jexec cl ifconfig ${epair_cl}a 198.51.100.1/24 up 106 jexec cl route add default 198.51.100.2 107 108 jexec nat pfctl -e 109 pft_set_rules nat \ 110 "nat on ${epair_int}b from 198.51.100.0/24 -> (${epair_int}b)" \ 111 "pass" 112 113 # Sanity checks 114 atf_check -s exit:0 -o ignore \ 115 jexec cl ping -c 1 198.51.100.2 116 atf_check -s exit:0 -o ignore \ 117 jexec cl ping -c 1 203.0.113.1 118 atf_check -s exit:0 -o ignore \ 119 jexec cl ping -c 1 203.0.113.2 120 atf_check -s exit:0 -o ignore \ 121 jexec cl ping -c 1 192.0.2.1 122 123 echo "UDP" 124 atf_check -s exit:0 -e ignore -o match:".*203.0.113.2.*" \ 125 jexec cl traceroute 192.0.2.1 126 jexec nat pfctl -Fs 127 128 echo "ICMP" 129 atf_check -s exit:0 -e ignore -o match:".*203.0.113.2.*" \ 130 jexec cl traceroute -I 192.0.2.1 131} 132 133ttl_exceeded_cleanup() 134{ 135 pft_cleanup 136} 137 |
|
| 74atf_init_test_cases() 75{ 76 atf_add_test_case "cve_2019_5598" | 138atf_init_test_cases() 139{ 140 atf_add_test_case "cve_2019_5598" |
| 141 atf_add_test_case "ttl_exceeded" |
|
| 77} | 142} |