xref: /freebsd/tests/sys/netpfil/ipfw/log.sh (revision 38edf96b1787ce3d8c00e4466348dab891c7a9ea) 
1# SPDX-License-Identifier: BSD-2-Clause
2#
3# Copyright (c) 2026 Gleb Smirnoff <glebius@FreeBSD.org>
4#
5# Redistribution and use in source and binary forms, with or without
6# modification, are permitted provided that the following conditions
7# are met:
8# 1. Redistributions of source code must retain the above copyright
9#    notice, this list of conditions and the following disclaimer.
10# 2. Redistributions in binary form must reproduce the above copyright
11#    notice, this list of conditions and the following disclaimer in the
12#    documentation and/or other materials provided with the distribution.
13#
14# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24# SUCH DAMAGE.
25
26. $(atf_get_srcdir)/../common/utils.subr
27
28atf_test_case "bpf" "cleanup"
29bpf_head()
30{
31	atf_set descr 'Creates several rules with log and probes bpf taps'
32	atf_set require.user root
33}
34
35bpf_body()
36{
37	firewall_init "ipfw"
38
39	epair=$(vnet_mkepair)
40	vnet_mkjail alcatraz ${epair}b
41	ifconfig ${epair}a 192.0.2.0/31 up
42	jexec alcatraz ifconfig ${epair}b 192.0.2.1/31 up
43
44	# Create a bunch of statically and auto numbered logging rules
45	rules="100 200 201"
46	for r in ${rules}; do
47		jexec alcatraz \
48		    ipfw add ${r} count log udp from any to any 10${r}
49	done
50	auto=$(jexec alcatraz ipfw add count log udp from any to any 10666 \
51	    | awk '{print $1}' | sed -Ee 's/^0+//')
52
53	pids=""
54	for r in ${rules} ${auto}; do
55		jexec alcatraz tcpdump --immediate-mode -i ipfw${r} \
56		    -w ${PWD}/${r}.pcap -c 1 &
57		pids="${pids} $!"
58	done
59
60	# wait for tcpdumps to fully attach and block in bpfread()
61	for p in ${pids}; do
62		while [ $(ps -o wchan ${p} | tr "\n" " " | cut -w -f 2) != \
63		    "bpf" ]; do
64			sleep 0.01;
65		done
66	done
67
68	for p in ${rules} 666; do
69		echo foo | nc -u 192.0.2.1 10${p}
70	done
71
72	for p in ${pids}; do
73		wait ${p}
74		atf_check_equal 0 $?
75	done
76
77	# statically numbered taps
78	for p in ${rules}; do
79		atf_check -o match:"192.0.2.0.[0-9]+ > 192.0.2.1.10${p}: UDP" \
80		    -e match:"reading from file [a-zA-Z0-9/.]+${p}.pcap" \
81		    tcpdump -qnr ${PWD}/${p}.pcap
82	done
83
84	# autonumbered tap with 10666 port
85	atf_check -o match:"192.0.2.0.[0-9]+ > 192.0.2.1.10666: UDP" \
86	    -e match:"reading from file [a-zA-Z0-9/.]+${auto}.pcap" \
87	    tcpdump -qnr ${PWD}/${auto}.pcap
88}
89
90bpf_cleanup()
91{
92	firewall_cleanup $1
93}
94
95atf_init_test_cases()
96{
97	atf_add_test_case "bpf"
98}
99