1#- 2# SPDX-License-Identifier: BSD-2-Clause 3# 4# Copyright (c) 2019 Netflix, Inc. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# 27 28. $(atf_get_srcdir)/frag6.subr 29 30frag6_05_check_stats_0() { 31 32 local jname ifname 33 jname=$1 34 ifname=$2 35 36 case "${jname}" in 37 "") echo "ERROR: jname is empty"; return ;; 38 esac 39 case "${ifname}" in 40 "") echo "ERROR: ifname is empty"; return ;; 41 esac 42 43 # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. 44 # pfslowtimo() is run at hz/2. So this takes 60s. 45 # This is awefully long for a test case. 46 # The Python script has to wait for this already to get the ICMPv6 47 # hence we do not sleep here anymore. 48 49 nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` 50 case ${nf} in 51 0) break ;; 52 *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; 53 esac 54 nf=`sysctl -n net.inet6.ip6.frag6_nfrags` 55 case ${nf} in 56 0) break ;; 57 *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; 58 esac 59 60 # 61 # Check that the sysctl is set to what we expect. 62 # 63 sn=`sysctl -n net.inet6.ip6.maxfrags` 64 case "${sn}" in 65 0) ;; 66 *) atf_fail "Sysctl net.inet6.ip6.maxfrags is ${sn} and not 0" ;; 67 esac 68 69 # 70 # Check selection of global UDP stats. 71 # 72 cat <<EOF > ${HOME}/filter-${jname}.txt 73 <received-datagrams>0</received-datagrams> 74 <dropped-incomplete-headers>0</dropped-incomplete-headers> 75 <dropped-bad-data-length>0</dropped-bad-data-length> 76 <dropped-bad-checksum>0</dropped-bad-checksum> 77 <dropped-no-checksum>0</dropped-no-checksum> 78 <dropped-no-socket>0</dropped-no-socket> 79 <dropped-broadcast-multicast>0</dropped-broadcast-multicast> 80 <dropped-full-socket-buffer>0</dropped-full-socket-buffer> 81 <not-for-hashed-pcb>0</not-for-hashed-pcb> 82EOF 83 count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 84 rm -f ${HOME}/filter-${jname}.txt 85 case ${count} in 86 9) ;; 87 *) jexec ${jname} netstat -s -p udp --libxo xml,pretty 88 atf_fail "Global UDP statistics do not match: ${count} != 9" ;; 89 esac 90 91 92 # 93 # Check selection of global IPv6 stats. 94 # 95 cat <<EOF > ${HOME}/filter-${jname}.txt 96 <dropped-below-minimum-size>0</dropped-below-minimum-size> 97 <dropped-short-packets>0</dropped-short-packets> 98 <dropped-bad-options>0</dropped-bad-options> 99 <dropped-bad-version>0</dropped-bad-version> 100 <received-fragments>20</received-fragments> 101 <dropped-fragment>20</dropped-fragment> 102 <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout> 103 <dropped-fragments-overflow>0</dropped-fragments-overflow> 104 <atomic-fragments>0</atomic-fragments> 105 <reassembled-packets>0</reassembled-packets> 106 <forwarded-packets>0</forwarded-packets> 107 <packets-not-forwardable>0</packets-not-forwardable> 108 <sent-redirects>0</sent-redirects> 109 <send-packets-fabricated-header>0</send-packets-fabricated-header> 110 <discard-no-mbufs>0</discard-no-mbufs> 111 <discard-no-route>0</discard-no-route> 112 <sent-fragments>0</sent-fragments> 113 <fragments-created>0</fragments-created> 114 <discard-cannot-fragment>0</discard-cannot-fragment> 115 <discard-scope-violations>0</discard-scope-violations> 116EOF 117 count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 118 rm -f ${HOME}/filter-${jname}.txt 119 case ${count} in 120 20) ;; 121 *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty 122 atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; 123 esac 124 125 # 126 # Check selection of global ICMPv6 stats. 127 # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) 128 # 129 cat <<EOF > ${HOME}/filter-${jname}.txt 130 <icmp6-calls>0</icmp6-calls> 131 <no-route>0</no-route> 132 <admin-prohibited>0</admin-prohibited> 133 <beyond-scope>0</beyond-scope> 134 <address-unreachable>0</address-unreachable> 135 <port-unreachable>0</port-unreachable> 136 <packet-too-big>0</packet-too-big> 137 <time-exceed-transmit>0</time-exceed-transmit> 138 <time-exceed-reassembly>0</time-exceed-reassembly> 139 <bad-header>0</bad-header> 140 <bad-next-header>0</bad-next-header> 141 <bad-option>0</bad-option> 142 <redirects>0</redirects> 143 <unknown>0</unknown> 144 <reflect>0</reflect> 145 <too-many-nd-options>0</too-many-nd-options> 146 <bad-nd-options>0</bad-nd-options> 147 <bad-neighbor-solicitation>0</bad-neighbor-solicitation> 148 <bad-neighbor-advertisement>0</bad-neighbor-advertisement> 149 <bad-router-solicitation>0</bad-router-solicitation> 150 <bad-router-advertisement>0</bad-router-advertisement> 151 <bad-redirect>0</bad-redirect> 152EOF 153 count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 154 rm -f ${HOME}/filter-${jname}.txt 155 case ${count} in 156 22) ;; 157 *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty 158 atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; 159 esac 160 161 # 162 # Check selection of interface IPv6 stats. 163 # 164 cat <<EOF > ${HOME}/filter-${jname}.txt 165 <dropped-invalid-header>0</dropped-invalid-header> 166 <dropped-mtu-exceeded>0</dropped-mtu-exceeded> 167 <dropped-no-route>0</dropped-no-route> 168 <dropped-invalid-destination>0</dropped-invalid-destination> 169 <dropped-unknown-protocol>0</dropped-unknown-protocol> 170 <dropped-truncated>0</dropped-truncated> 171 <sent-forwarded>0</sent-forwarded> 172 <discard-packets>0</discard-packets> 173 <discard-fragments>0</discard-fragments> 174 <fragments-failed>0</fragments-failed> 175 <fragments-created>0</fragments-created> 176 <reassembly-required>20</reassembly-required> 177 <reassembled-packets>0</reassembled-packets> 178 <reassembly-failed>20</reassembly-failed> 179EOF 180 count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 181 rm -f ${HOME}/filter-${jname}.txt 182 case ${count} in 183 14) ;; 184 *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty 185 atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; 186 esac 187 188 # 189 # Check selection of interface ICMPv6 stats. 190 # 191 cat <<EOF > ${HOME}/filter-${jname}.txt 192 <received-errors>0</received-errors> 193 <received-destination-unreachable>0</received-destination-unreachable> 194 <received-admin-prohibited>0</received-admin-prohibited> 195 <received-time-exceeded>0</received-time-exceeded> 196 <received-bad-parameter>0</received-bad-parameter> 197 <received-packet-too-big>0</received-packet-too-big> 198 <received-echo-requests>0</received-echo-requests> 199 <received-echo-replies>0</received-echo-replies> 200 <received-router-solicitation>0</received-router-solicitation> 201 <received-router-advertisement>0</received-router-advertisement> 202 <sent-errors>0</sent-errors> 203 <sent-destination-unreachable>0</sent-destination-unreachable> 204 <sent-admin-prohibited>0</sent-admin-prohibited> 205 <sent-time-exceeded>0</sent-time-exceeded> 206 <sent-bad-parameter>0</sent-bad-parameter> 207 <sent-packet-too-big>0</sent-packet-too-big> 208 <sent-echo-requests>0</sent-echo-requests> 209 <sent-echo-replies>0</sent-echo-replies> 210 <sent-router-solicitation>0</sent-router-solicitation> 211 <sent-router-advertisement>0</sent-router-advertisement> 212 <sent-redirects>0</sent-redirects> 213EOF 214 count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 215 rm -f ${HOME}/filter-${jname}.txt 216 case ${count} in 217 21) ;; 218 *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty 219 atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; 220 esac 221} 222 223frag6_05_check_stats_1() { 224 225 local jname ifname 226 jname=$1 227 ifname=$2 228 229 case "${jname}" in 230 "") echo "ERROR: jname is empty"; return ;; 231 esac 232 case "${ifname}" in 233 "") echo "ERROR: ifname is empty"; return ;; 234 esac 235 236 # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. 237 # pfslowtimo() is run at hz/2. So this takes 60s. 238 # This is awefully long for a test case. 239 # The Python script has to wait for this already to get the ICMPv6 240 # hence we do not sleep here anymore. 241 242 nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` 243 case ${nf} in 244 0) break ;; 245 *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; 246 esac 247 nf=`sysctl -n net.inet6.ip6.frag6_nfrags` 248 case ${nf} in 249 0) break ;; 250 *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; 251 esac 252 253 # 254 # Check that the sysctl is set to what we expect. 255 # 256 sn=`sysctl -n net.inet6.ip6.maxfrags` 257 case "${sn}" in 258 10) ;; 259 *) atf_fail "Sysctl net.inet6.ip6.maxfrags is ${sn} and not 10" ;; 260 esac 261 262 # 263 # Check selection of global UDP stats. 264 # 265 cat <<EOF > ${HOME}/filter-${jname}.txt 266 <received-datagrams>0</received-datagrams> 267 <dropped-incomplete-headers>0</dropped-incomplete-headers> 268 <dropped-bad-data-length>0</dropped-bad-data-length> 269 <dropped-bad-checksum>0</dropped-bad-checksum> 270 <dropped-no-checksum>0</dropped-no-checksum> 271 <dropped-no-socket>0</dropped-no-socket> 272 <dropped-broadcast-multicast>0</dropped-broadcast-multicast> 273 <dropped-full-socket-buffer>0</dropped-full-socket-buffer> 274 <not-for-hashed-pcb>0</not-for-hashed-pcb> 275EOF 276 count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 277 rm -f ${HOME}/filter-${jname}.txt 278 case ${count} in 279 9) ;; 280 *) jexec ${jname} netstat -s -p udp --libxo xml,pretty 281 atf_fail "Global UDP statistics do not match: ${count} != 9" ;; 282 esac 283 284 285 # 286 # Check selection of global IPv6 stats. 287 # 288 cat <<EOF > ${HOME}/filter-${jname}.txt 289 <dropped-below-minimum-size>0</dropped-below-minimum-size> 290 <dropped-short-packets>0</dropped-short-packets> 291 <dropped-bad-options>0</dropped-bad-options> 292 <dropped-bad-version>0</dropped-bad-version> 293 <received-fragments>20</received-fragments> 294 <dropped-fragment>10</dropped-fragment> 295 <dropped-fragment-after-timeout>10</dropped-fragment-after-timeout> 296 <dropped-fragments-overflow>0</dropped-fragments-overflow> 297 <atomic-fragments>0</atomic-fragments> 298 <reassembled-packets>0</reassembled-packets> 299 <forwarded-packets>0</forwarded-packets> 300 <packets-not-forwardable>0</packets-not-forwardable> 301 <sent-redirects>0</sent-redirects> 302 <send-packets-fabricated-header>0</send-packets-fabricated-header> 303 <discard-no-mbufs>0</discard-no-mbufs> 304 <discard-no-route>0</discard-no-route> 305 <sent-fragments>0</sent-fragments> 306 <fragments-created>0</fragments-created> 307 <discard-cannot-fragment>0</discard-cannot-fragment> 308 <discard-scope-violations>0</discard-scope-violations> 309EOF 310 count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 311 rm -f ${HOME}/filter-${jname}.txt 312 case ${count} in 313 20) ;; 314 *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty 315 atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; 316 esac 317 318 # 319 # Check selection of global ICMPv6 stats. 320 # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) 321 # 322 cat <<EOF > ${HOME}/filter-${jname}.txt 323 <icmp6-calls>10</icmp6-calls> 324 <no-route>0</no-route> 325 <admin-prohibited>0</admin-prohibited> 326 <beyond-scope>0</beyond-scope> 327 <address-unreachable>0</address-unreachable> 328 <port-unreachable>0</port-unreachable> 329 <packet-too-big>0</packet-too-big> 330 <time-exceed-transmit>0</time-exceed-transmit> 331 <time-exceed-reassembly>10</time-exceed-reassembly> 332 <bad-header>0</bad-header> 333 <bad-next-header>0</bad-next-header> 334 <bad-option>0</bad-option> 335 <redirects>0</redirects> 336 <unknown>0</unknown> 337 <reflect>0</reflect> 338 <too-many-nd-options>0</too-many-nd-options> 339 <bad-nd-options>0</bad-nd-options> 340 <bad-neighbor-solicitation>0</bad-neighbor-solicitation> 341 <bad-neighbor-advertisement>0</bad-neighbor-advertisement> 342 <bad-router-solicitation>0</bad-router-solicitation> 343 <bad-router-advertisement>0</bad-router-advertisement> 344 <bad-redirect>0</bad-redirect> 345EOF 346 count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 347 rm -f ${HOME}/filter-${jname}.txt 348 case ${count} in 349 22) ;; 350 *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty 351 atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; 352 esac 353 354 # 355 # Check selection of interface IPv6 stats. 356 # 357 cat <<EOF > ${HOME}/filter-${jname}.txt 358 <dropped-invalid-header>0</dropped-invalid-header> 359 <dropped-mtu-exceeded>0</dropped-mtu-exceeded> 360 <dropped-no-route>0</dropped-no-route> 361 <dropped-invalid-destination>0</dropped-invalid-destination> 362 <dropped-unknown-protocol>0</dropped-unknown-protocol> 363 <dropped-truncated>0</dropped-truncated> 364 <sent-forwarded>0</sent-forwarded> 365 <discard-packets>0</discard-packets> 366 <discard-fragments>0</discard-fragments> 367 <fragments-failed>0</fragments-failed> 368 <fragments-created>0</fragments-created> 369 <reassembly-required>20</reassembly-required> 370 <reassembled-packets>0</reassembled-packets> 371 <reassembly-failed>10</reassembly-failed> 372EOF 373 count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 374 rm -f ${HOME}/filter-${jname}.txt 375 case ${count} in 376 14) ;; 377 *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty 378 atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; 379 esac 380 381 # 382 # Check selection of interface ICMPv6 stats. 383 # 384 cat <<EOF > ${HOME}/filter-${jname}.txt 385 <received-errors>0</received-errors> 386 <received-destination-unreachable>0</received-destination-unreachable> 387 <received-admin-prohibited>0</received-admin-prohibited> 388 <received-time-exceeded>0</received-time-exceeded> 389 <received-bad-parameter>0</received-bad-parameter> 390 <received-packet-too-big>0</received-packet-too-big> 391 <received-echo-requests>0</received-echo-requests> 392 <received-echo-replies>0</received-echo-replies> 393 <received-router-solicitation>0</received-router-solicitation> 394 <received-router-advertisement>0</received-router-advertisement> 395 <sent-errors>10</sent-errors> 396 <sent-destination-unreachable>0</sent-destination-unreachable> 397 <sent-admin-prohibited>0</sent-admin-prohibited> 398 <sent-time-exceeded>10</sent-time-exceeded> 399 <sent-bad-parameter>0</sent-bad-parameter> 400 <sent-packet-too-big>0</sent-packet-too-big> 401 <sent-echo-requests>0</sent-echo-requests> 402 <sent-echo-replies>0</sent-echo-replies> 403 <sent-router-solicitation>0</sent-router-solicitation> 404 <sent-router-advertisement>0</sent-router-advertisement> 405 <sent-redirects>0</sent-redirects> 406EOF 407 count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 408 rm -f ${HOME}/filter-${jname}.txt 409 case ${count} in 410 21) ;; 411 *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty 412 atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; 413 esac 414} 415 416atf_test_case "frag6_05_0" "cleanup" 417frag6_05_0_head() { 418 frag6_head 5_0 419} 420 421frag6_05_0_body() { 422 423 # Save current sysctl value. 424 ov=`sysctl -n net.inet6.ip6.maxfrags` 425 echo "${ov}" > ${HOME}/sysctl-$(atf_get ident).txt 426 427 # Never accept fragments. 428 sysctl net.inet6.ip6.maxfrags=0 429 430 frag6_body 5 frag6_05_check_stats_0 431} 432 433frag6_05_0_cleanup() { 434 frag6_cleanup 5_0 435 436 # Restore sysctl back to default. 437 ov=`cat ${HOME}/sysctl-$(atf_get ident).txt` 438 rm -f ${HOME}/sysctl-$(atf_get ident).txt 439 sysctl net.inet6.ip6.maxfrags=${ov} 440} 441 442 443atf_test_case "frag6_05_1" "cleanup" 444frag6_05_1_head() { 445 frag6_head 5_1 446} 447 448frag6_05_1_body() { 449 450 # Save current sysctl value. 451 ov=`sysctl -n net.inet6.ip6.maxfrags` 452 echo "${ov}" > ${HOME}/sysctl-$(atf_get ident).txt 453 454 # Maximum of 10 global system-wide fragments. 455 sysctl net.inet6.ip6.maxfrags=10 456 457 frag6_body 5 frag6_05_check_stats_1 458} 459 460frag6_05_1_cleanup() { 461 frag6_cleanup 5_1 462 463 # Restore sysctl back to default. 464 ov=`cat ${HOME}/sysctl-$(atf_get ident).txt` 465 rm -f ${HOME}/sysctl-$(atf_get ident).txt 466 sysctl net.inet6.ip6.maxfrags=${ov} 467} 468 469 470atf_init_test_cases() 471{ 472 atf_add_test_case "frag6_05_0" 473 atf_add_test_case "frag6_05_1" 474} 475