#- # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2019 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # . $(atf_get_srcdir)/frag6.subr frag6_06_pre_test_0() { local jname ifname jname=$1 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac # Never accept fragments. jexec ${jname} sysctl net.inet6.ip6.maxfragbucketsize=0 } frag6_06_check_stats_0() { local jname ifname jname=$1 ifname=$2 case "${jname}" in "") echo "ERROR: jname is empty"; return ;; esac case "${ifname}" in "") echo "ERROR: ifname is empty"; return ;; esac # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. # pfslowtimo() is run at hz/2. So this takes 60s. # This is awefully long for a test case. # The Python script has to wait for this already to get the ICMPv6 # hence we do not sleep here anymore. nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` case ${nf} in 0) break ;; *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; esac nf=`sysctl -n net.inet6.ip6.frag6_nfrags` case ${nf} in 0) break ;; *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; esac # # Check that the sysctl is set to what we expect. # sn=`jexec ${jname} sysctl -n net.inet6.ip6.maxfragbucketsize` case "${sn}" in 0) ;; *) atf_fail "Sysctl net.inet6.ip6.maxfragbucketsize is ${sn} and not 0" ;; esac # # Check selection of global UDP stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 9) ;; *) jexec ${jname} netstat -s -p udp --libxo xml,pretty atf_fail "Global UDP statistics do not match: ${count} != 9" ;; esac # # Check selection of global IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 20 20 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 20) ;; *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; esac # # Check selection of global ICMPv6 stats. # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 22) ;; *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; esac # # Check selection of interface IPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 20 0 20 EOF count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 14) ;; *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; esac # # Check selection of interface ICMPv6 stats. # cat < ${HOME}/filter-${jname}.txt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EOF count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` rm -f ${HOME}/filter-${jname}.txt case ${count} in 21) ;; *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; esac } atf_test_case "frag6_06_0" "cleanup" frag6_06_0_head() { frag6_head 6_0 } frag6_06_0_body() { frag6_body 6 frag6_06_check_stats_0 frag6_06_pre_test_0 } frag6_06_0_cleanup() { frag6_cleanup 6_0 # No need to restore the sysctl back to default as the jail is gone. } #atf_test_case "frag6_06_1" "cleanup" # There is no point in testing a != 0 value for net.inet6.ip6.maxfragbucketsize. # We would have to be able to generate hash collisions to end up in the same # bucket (or re-compile a kernel with only 1 bucket). atf_init_test_cases() { atf_add_test_case "frag6_06_0" }