# $FreeBSD$ #- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr frag6_05_check_stats_0() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` case ${nf} in 0) break ;; *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; esac nf=`sysctl -n net.inet6.ip6.frag6_nfrags` case ${nf} in 0) break ;; *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; esac # # Check that the sysctl is set to what we expect. # sn=`sysctl -n net.inet6.ip6.maxfrags` case "${sn}" in 0) ;; *) atf_fail "Sysctl net.inet6.ip6.maxfrags is ${sn} and not 0" ;; esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 20 20 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 20 0 20 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } frag6_05_check_stats_1() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` case ${nf} in 0) break ;; *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; esac nf=`sysctl -n net.inet6.ip6.frag6_nfrags` case ${nf} in 0) break ;; *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; esac # # Check that the sysctl is set to what we expect. # sn=`sysctl -n net.inet6.ip6.maxfrags` case "${sn}" in 10) ;; *) atf_fail "Sysctl net.inet6.ip6.maxfrags is ${sn} and not 10" ;; esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 20 10 10 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) # cat < ${HOME}/filter-${jname}.txt 10 0 0 0 0 0 0 0 10 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 20 0 10 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 10 0 0 10 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } atf_test_case "frag6_05_0" "cleanup" frag6_05_0_head() { frag6_head 5_0 } frag6_05_0_body() { # Save current sysctl value. ov=`sysctl -n net.inet6.ip6.maxfrags` echo "${ov}" > ${HOME}/sysctl-$(atf_get ident).txt # Never accept fragments. sysctl net.inet6.ip6.maxfrags=0 frag6_body 5 frag6_05_check_stats_0 } frag6_05_0_cleanup() { frag6_cleanup 5_0 # Restore sysctl back to default. ov=`cat ${HOME}/sysctl-$(atf_get ident).txt` rm -f ${HOME}/sysctl-$(atf_get ident).txt sysctl net.inet6.ip6.maxfrags=${ov} } atf_test_case "frag6_05_1" "cleanup" frag6_05_1_head() { frag6_head 5_1 } frag6_05_1_body() { # Save current sysctl value. ov=`sysctl -n net.inet6.ip6.maxfrags` echo "${ov}" > ${HOME}/sysctl-$(atf_get ident).txt # Maximum of 10 global system-wide fragments. sysctl net.inet6.ip6.maxfrags=10 frag6_body 5 frag6_05_check_stats_1 } frag6_05_1_cleanup() { frag6_cleanup 5_1 # Restore sysctl back to default. ov=`cat ${HOME}/sysctl-$(atf_get ident).txt` rm -f ${HOME}/sysctl-$(atf_get ident).txt sysctl net.inet6.ip6.maxfrags=${ov} } atf_init_test_cases() { atf_add_test_case "frag6_05_0" atf_add_test_case "frag6_05_1" }