1# 2# Copyright (c) 2025 Dag-Erling Smørgrav <des@FreeBSD.org> 3# 4# SPDX-License-Identifier: BSD-2-Clause 5# 6 7. $(atf_get_srcdir)/../../sys/common/vnet.subr 8 9atf_test_case nptv6 cleanup 10nptv6_head() 11{ 12 atf_set "descr" "Test creation of NPTv6 rules" 13 atf_set "require.user" "root" 14 atf_set "require.kmods" "ipfw_nptv6" 15} 16nptv6_body() 17{ 18 vnet_init 19 local jail=ipfw_$(atf_get ident) 20 local epair=$(vnet_mkepair) 21 vnet_mkjail ${jail} ${epair}a 22 23 local rule="xyzzy" 24 local int="2001:db8:1::" 25 local ext="2001:db8:2::" 26 27 atf_check jexec ${jail} \ 28 ifconfig "${epair}"a inet6 ${ext}1/64 up 29 30 # This is how it's supposed to be used 31 atf_check jexec ${jail} ipfw nptv6 ${rule} create \ 32 int_prefix ${int} ext_prefix ${ext} prefixlen 64 33 atf_check -o inline:\ 34"nptv6 $rule int_prefix $int ext_prefix $ext prefixlen 64\n" \ 35 jexec ${jail} ipfw nptv6 all list 36 atf_check jexec ${jail} ipfw nptv6 all destroy 37 38 # Specify external interface rather than network 39 atf_check jexec ${jail} ipfw nptv6 ${rule} create \ 40 int_prefix ${int} ext_if ${epair}a prefixlen 64 41 atf_check -o inline:\ 42"nptv6 $rule int_prefix $int ext_if ${epair}a prefixlen 64\n" \ 43 jexec ${jail} ipfw nptv6 all list 44 atf_check jexec ${jail} ipfw nptv6 all destroy 45 46 # This should also work 47 atf_check jexec ${jail} ipfw nptv6 ${rule} create \ 48 int_prefix ${int}/64 ext_prefix ${ext}/64 prefixlen 64 49 atf_check -o inline:\ 50"nptv6 $rule int_prefix $int ext_prefix $ext prefixlen 64\n" \ 51 jexec ${jail} ipfw nptv6 all list 52 atf_check jexec ${jail} ipfw nptv6 all destroy 53 54 # This should also work, although it's not encouraged 55 atf_check -e match:"use prefixlen instead" \ 56 jexec ${jail} ipfw nptv6 ${rule} create \ 57 int_prefix ${int}/64 ext_prefix ${ext}/64 58 atf_check -o inline:\ 59"nptv6 $rule int_prefix $int ext_prefix $ext prefixlen 64\n" \ 60 jexec ${jail} ipfw nptv6 all list 61 atf_check jexec ${jail} ipfw nptv6 all destroy 62 63 # These should all fail 64 atf_check -s not-exit:0 -e match:"one ext_prefix or ext_if" \ 65 jexec ${jail} ipfw nptv6 ${rule} create \ 66 int_prefix ${int} ext_prefix ${ext} ext_if ${epair}a 67 atf_check -o empty jexec ${jail} ipfw nptv6 all list 68 69 atf_check -s not-exit:0 -e match:"one ext_prefix or ext_if" \ 70 jexec ${jail} ipfw nptv6 ${rule} create \ 71 int_prefix ${int} ext_if ${epair}a ext_prefix ${ext} 72 atf_check -o empty jexec ${jail} ipfw nptv6 all list 73 74 atf_check -s not-exit:0 -e match:"prefix length mismatch" \ 75 jexec ${jail} ipfw nptv6 ${rule} create \ 76 int_prefix ${int}/48 ext_prefix ${ext}/64 77 atf_check -o empty jexec ${jail} ipfw nptv6 all list 78 79 atf_check -s not-exit:0 -e match:"prefix length mismatch" \ 80 jexec ${jail} ipfw nptv6 ${rule} create \ 81 int_prefix ${int}/64 ext_prefix ${ext}/64 prefixlen 48 82 atf_check -o empty jexec ${jail} ipfw nptv6 all list 83 84 atf_check -s not-exit:0 -e match:"prefix length mismatch" \ 85 jexec ${jail} ipfw nptv6 ${rule} create \ 86 int_prefix ${int}/64 ext_prefix ${ext} prefixlen 48 87 atf_check -o empty jexec ${jail} ipfw nptv6 all list 88 89 atf_check -s not-exit:0 -e match:"prefix length mismatch" \ 90 jexec ${jail} ipfw nptv6 ${rule} create \ 91 int_prefix ${int} ext_prefix ${ext}/64 prefixlen 48 92 atf_check -o empty jexec ${jail} ipfw nptv6 all list 93 94 atf_check -s not-exit:0 -e match:"prefix length mismatch" \ 95 jexec ${jail} ipfw nptv6 ${rule} create \ 96 int_prefix ${int}/64 ext_if ${epair}a prefixlen 48 97 atf_check -o empty jexec ${jail} ipfw nptv6 all list 98} 99nptv6_cleanup() 100{ 101 vnet_cleanup 102} 103 104atf_init_test_cases() 105{ 106 atf_add_test_case nptv6 107} 108