1# $FreeBSD$ 2#- 3# SPDX-License-Identifier: BSD-2-Clause 4# 5# Copyright (c) 2019 Netflix, Inc. 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted provided that the following conditions 9# are met: 10# 1. Redistributions of source code must retain the above copyright 11# notice, this list of conditions and the following disclaimer. 12# 2. Redistributions in binary form must reproduce the above copyright 13# notice, this list of conditions and the following disclaimer in the 14# documentation and/or other materials provided with the distribution. 15# 16# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26# SUCH DAMAGE. 27# 28 29. $(atf_get_srcdir)/frag6.subr 30 31frag6_05_check_stats_0() { 32 33 local jname ifname 34 jname=$1 35 ifname=$2 36 37 case "${jname}" in 38 "") echo "ERROR: jname is empty"; return ;; 39 esac 40 case "${ifname}" in 41 "") echo "ERROR: ifname is empty"; return ;; 42 esac 43 44 # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. 45 # pfslowtimo() is run at hz/2. So this takes 60s. 46 # This is awefully long for a test case. 47 # The Python script has to wait for this already to get the ICMPv6 48 # hence we do not sleep here anymore. 49 50 nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` 51 case ${nf} in 52 0) break ;; 53 *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; 54 esac 55 nf=`sysctl -n net.inet6.ip6.frag6_nfrags` 56 case ${nf} in 57 0) break ;; 58 *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; 59 esac 60 61 # 62 # Check that the sysctl is set to what we expect. 63 # 64 sn=`sysctl -n net.inet6.ip6.maxfrags` 65 case "${sn}" in 66 0) ;; 67 *) atf_fail "Sysctl net.inet6.ip6.maxfrags is ${sn} and not 0" ;; 68 esac 69 70 # 71 # Check selection of global UDP stats. 72 # 73 cat <<EOF > ${HOME}/filter-${jname}.txt 74 <received-datagrams>0</received-datagrams> 75 <dropped-incomplete-headers>0</dropped-incomplete-headers> 76 <dropped-bad-data-length>0</dropped-bad-data-length> 77 <dropped-bad-checksum>0</dropped-bad-checksum> 78 <dropped-no-checksum>0</dropped-no-checksum> 79 <dropped-no-socket>0</dropped-no-socket> 80 <dropped-broadcast-multicast>0</dropped-broadcast-multicast> 81 <dropped-full-socket-buffer>0</dropped-full-socket-buffer> 82 <not-for-hashed-pcb>0</not-for-hashed-pcb> 83EOF 84 count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 85 rm -f ${HOME}/filter-${jname}.txt 86 case ${count} in 87 9) ;; 88 *) jexec ${jname} netstat -s -p udp --libxo xml,pretty 89 atf_fail "Global UDP statistics do not match: ${count} != 9" ;; 90 esac 91 92 93 # 94 # Check selection of global IPv6 stats. 95 # 96 cat <<EOF > ${HOME}/filter-${jname}.txt 97 <dropped-below-minimum-size>0</dropped-below-minimum-size> 98 <dropped-short-packets>0</dropped-short-packets> 99 <dropped-bad-options>0</dropped-bad-options> 100 <dropped-bad-version>0</dropped-bad-version> 101 <received-fragments>20</received-fragments> 102 <dropped-fragment>20</dropped-fragment> 103 <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout> 104 <dropped-fragments-overflow>0</dropped-fragments-overflow> 105 <atomic-fragments>0</atomic-fragments> 106 <reassembled-packets>0</reassembled-packets> 107 <forwarded-packets>0</forwarded-packets> 108 <packets-not-forwardable>0</packets-not-forwardable> 109 <sent-redirects>0</sent-redirects> 110 <send-packets-fabricated-header>0</send-packets-fabricated-header> 111 <discard-no-mbufs>0</discard-no-mbufs> 112 <discard-no-route>0</discard-no-route> 113 <sent-fragments>0</sent-fragments> 114 <fragments-created>0</fragments-created> 115 <discard-cannot-fragment>0</discard-cannot-fragment> 116 <discard-scope-violations>0</discard-scope-violations> 117EOF 118 count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 119 rm -f ${HOME}/filter-${jname}.txt 120 case ${count} in 121 20) ;; 122 *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty 123 atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; 124 esac 125 126 # 127 # Check selection of global ICMPv6 stats. 128 # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) 129 # 130 cat <<EOF > ${HOME}/filter-${jname}.txt 131 <icmp6-calls>0</icmp6-calls> 132 <no-route>0</no-route> 133 <admin-prohibited>0</admin-prohibited> 134 <beyond-scope>0</beyond-scope> 135 <address-unreachable>0</address-unreachable> 136 <port-unreachable>0</port-unreachable> 137 <packet-too-big>0</packet-too-big> 138 <time-exceed-transmit>0</time-exceed-transmit> 139 <time-exceed-reassembly>0</time-exceed-reassembly> 140 <bad-header>0</bad-header> 141 <bad-next-header>0</bad-next-header> 142 <bad-option>0</bad-option> 143 <redirects>0</redirects> 144 <unknown>0</unknown> 145 <reflect>0</reflect> 146 <too-many-nd-options>0</too-many-nd-options> 147 <bad-nd-options>0</bad-nd-options> 148 <bad-neighbor-solicitation>0</bad-neighbor-solicitation> 149 <bad-neighbor-advertisement>0</bad-neighbor-advertisement> 150 <bad-router-solicitation>0</bad-router-solicitation> 151 <bad-router-advertisement>0</bad-router-advertisement> 152 <bad-redirect>0</bad-redirect> 153EOF 154 count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 155 rm -f ${HOME}/filter-${jname}.txt 156 case ${count} in 157 22) ;; 158 *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty 159 atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; 160 esac 161 162 # 163 # Check selection of interface IPv6 stats. 164 # 165 cat <<EOF > ${HOME}/filter-${jname}.txt 166 <dropped-invalid-header>0</dropped-invalid-header> 167 <dropped-mtu-exceeded>0</dropped-mtu-exceeded> 168 <dropped-no-route>0</dropped-no-route> 169 <dropped-invalid-destination>0</dropped-invalid-destination> 170 <dropped-unknown-protocol>0</dropped-unknown-protocol> 171 <dropped-truncated>0</dropped-truncated> 172 <sent-forwarded>0</sent-forwarded> 173 <discard-packets>0</discard-packets> 174 <discard-fragments>0</discard-fragments> 175 <fragments-failed>0</fragments-failed> 176 <fragments-created>0</fragments-created> 177 <reassembly-required>20</reassembly-required> 178 <reassembled-packets>0</reassembled-packets> 179 <reassembly-failed>20</reassembly-failed> 180EOF 181 count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 182 rm -f ${HOME}/filter-${jname}.txt 183 case ${count} in 184 14) ;; 185 *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty 186 atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; 187 esac 188 189 # 190 # Check selection of interface ICMPv6 stats. 191 # 192 cat <<EOF > ${HOME}/filter-${jname}.txt 193 <received-errors>0</received-errors> 194 <received-destination-unreachable>0</received-destination-unreachable> 195 <received-admin-prohibited>0</received-admin-prohibited> 196 <received-time-exceeded>0</received-time-exceeded> 197 <received-bad-parameter>0</received-bad-parameter> 198 <received-packet-too-big>0</received-packet-too-big> 199 <received-echo-requests>0</received-echo-requests> 200 <received-echo-replies>0</received-echo-replies> 201 <received-router-solicitation>0</received-router-solicitation> 202 <received-router-advertisement>0</received-router-advertisement> 203 <sent-errors>0</sent-errors> 204 <sent-destination-unreachable>0</sent-destination-unreachable> 205 <sent-admin-prohibited>0</sent-admin-prohibited> 206 <sent-time-exceeded>0</sent-time-exceeded> 207 <sent-bad-parameter>0</sent-bad-parameter> 208 <sent-packet-too-big>0</sent-packet-too-big> 209 <sent-echo-requests>0</sent-echo-requests> 210 <sent-echo-replies>0</sent-echo-replies> 211 <sent-router-solicitation>0</sent-router-solicitation> 212 <sent-router-advertisement>0</sent-router-advertisement> 213 <sent-redirects>0</sent-redirects> 214EOF 215 count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 216 rm -f ${HOME}/filter-${jname}.txt 217 case ${count} in 218 21) ;; 219 *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty 220 atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; 221 esac 222} 223 224frag6_05_check_stats_1() { 225 226 local jname ifname 227 jname=$1 228 ifname=$2 229 230 case "${jname}" in 231 "") echo "ERROR: jname is empty"; return ;; 232 esac 233 case "${ifname}" in 234 "") echo "ERROR: ifname is empty"; return ;; 235 esac 236 237 # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. 238 # pfslowtimo() is run at hz/2. So this takes 60s. 239 # This is awefully long for a test case. 240 # The Python script has to wait for this already to get the ICMPv6 241 # hence we do not sleep here anymore. 242 243 nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` 244 case ${nf} in 245 0) break ;; 246 *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; 247 esac 248 nf=`sysctl -n net.inet6.ip6.frag6_nfrags` 249 case ${nf} in 250 0) break ;; 251 *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; 252 esac 253 254 # 255 # Check that the sysctl is set to what we expect. 256 # 257 sn=`sysctl -n net.inet6.ip6.maxfrags` 258 case "${sn}" in 259 10) ;; 260 *) atf_fail "Sysctl net.inet6.ip6.maxfrags is ${sn} and not 10" ;; 261 esac 262 263 # 264 # Check selection of global UDP stats. 265 # 266 cat <<EOF > ${HOME}/filter-${jname}.txt 267 <received-datagrams>0</received-datagrams> 268 <dropped-incomplete-headers>0</dropped-incomplete-headers> 269 <dropped-bad-data-length>0</dropped-bad-data-length> 270 <dropped-bad-checksum>0</dropped-bad-checksum> 271 <dropped-no-checksum>0</dropped-no-checksum> 272 <dropped-no-socket>0</dropped-no-socket> 273 <dropped-broadcast-multicast>0</dropped-broadcast-multicast> 274 <dropped-full-socket-buffer>0</dropped-full-socket-buffer> 275 <not-for-hashed-pcb>0</not-for-hashed-pcb> 276EOF 277 count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 278 rm -f ${HOME}/filter-${jname}.txt 279 case ${count} in 280 9) ;; 281 *) jexec ${jname} netstat -s -p udp --libxo xml,pretty 282 atf_fail "Global UDP statistics do not match: ${count} != 9" ;; 283 esac 284 285 286 # 287 # Check selection of global IPv6 stats. 288 # 289 cat <<EOF > ${HOME}/filter-${jname}.txt 290 <dropped-below-minimum-size>0</dropped-below-minimum-size> 291 <dropped-short-packets>0</dropped-short-packets> 292 <dropped-bad-options>0</dropped-bad-options> 293 <dropped-bad-version>0</dropped-bad-version> 294 <received-fragments>20</received-fragments> 295 <dropped-fragment>10</dropped-fragment> 296 <dropped-fragment-after-timeout>10</dropped-fragment-after-timeout> 297 <dropped-fragments-overflow>0</dropped-fragments-overflow> 298 <atomic-fragments>0</atomic-fragments> 299 <reassembled-packets>0</reassembled-packets> 300 <forwarded-packets>0</forwarded-packets> 301 <packets-not-forwardable>0</packets-not-forwardable> 302 <sent-redirects>0</sent-redirects> 303 <send-packets-fabricated-header>0</send-packets-fabricated-header> 304 <discard-no-mbufs>0</discard-no-mbufs> 305 <discard-no-route>0</discard-no-route> 306 <sent-fragments>0</sent-fragments> 307 <fragments-created>0</fragments-created> 308 <discard-cannot-fragment>0</discard-cannot-fragment> 309 <discard-scope-violations>0</discard-scope-violations> 310EOF 311 count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 312 rm -f ${HOME}/filter-${jname}.txt 313 case ${count} in 314 20) ;; 315 *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty 316 atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; 317 esac 318 319 # 320 # Check selection of global ICMPv6 stats. 321 # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) 322 # 323 cat <<EOF > ${HOME}/filter-${jname}.txt 324 <icmp6-calls>10</icmp6-calls> 325 <no-route>0</no-route> 326 <admin-prohibited>0</admin-prohibited> 327 <beyond-scope>0</beyond-scope> 328 <address-unreachable>0</address-unreachable> 329 <port-unreachable>0</port-unreachable> 330 <packet-too-big>0</packet-too-big> 331 <time-exceed-transmit>0</time-exceed-transmit> 332 <time-exceed-reassembly>10</time-exceed-reassembly> 333 <bad-header>0</bad-header> 334 <bad-next-header>0</bad-next-header> 335 <bad-option>0</bad-option> 336 <redirects>0</redirects> 337 <unknown>0</unknown> 338 <reflect>0</reflect> 339 <too-many-nd-options>0</too-many-nd-options> 340 <bad-nd-options>0</bad-nd-options> 341 <bad-neighbor-solicitation>0</bad-neighbor-solicitation> 342 <bad-neighbor-advertisement>0</bad-neighbor-advertisement> 343 <bad-router-solicitation>0</bad-router-solicitation> 344 <bad-router-advertisement>0</bad-router-advertisement> 345 <bad-redirect>0</bad-redirect> 346EOF 347 count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 348 rm -f ${HOME}/filter-${jname}.txt 349 case ${count} in 350 22) ;; 351 *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty 352 atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; 353 esac 354 355 # 356 # Check selection of interface IPv6 stats. 357 # 358 cat <<EOF > ${HOME}/filter-${jname}.txt 359 <dropped-invalid-header>0</dropped-invalid-header> 360 <dropped-mtu-exceeded>0</dropped-mtu-exceeded> 361 <dropped-no-route>0</dropped-no-route> 362 <dropped-invalid-destination>0</dropped-invalid-destination> 363 <dropped-unknown-protocol>0</dropped-unknown-protocol> 364 <dropped-truncated>0</dropped-truncated> 365 <sent-forwarded>0</sent-forwarded> 366 <discard-packets>0</discard-packets> 367 <discard-fragments>0</discard-fragments> 368 <fragments-failed>0</fragments-failed> 369 <fragments-created>0</fragments-created> 370 <reassembly-required>20</reassembly-required> 371 <reassembled-packets>0</reassembled-packets> 372 <reassembly-failed>10</reassembly-failed> 373EOF 374 count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 375 rm -f ${HOME}/filter-${jname}.txt 376 case ${count} in 377 14) ;; 378 *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty 379 atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; 380 esac 381 382 # 383 # Check selection of interface ICMPv6 stats. 384 # 385 cat <<EOF > ${HOME}/filter-${jname}.txt 386 <received-errors>0</received-errors> 387 <received-destination-unreachable>0</received-destination-unreachable> 388 <received-admin-prohibited>0</received-admin-prohibited> 389 <received-time-exceeded>0</received-time-exceeded> 390 <received-bad-parameter>0</received-bad-parameter> 391 <received-packet-too-big>0</received-packet-too-big> 392 <received-echo-requests>0</received-echo-requests> 393 <received-echo-replies>0</received-echo-replies> 394 <received-router-solicitation>0</received-router-solicitation> 395 <received-router-advertisement>0</received-router-advertisement> 396 <sent-errors>10</sent-errors> 397 <sent-destination-unreachable>0</sent-destination-unreachable> 398 <sent-admin-prohibited>0</sent-admin-prohibited> 399 <sent-time-exceeded>10</sent-time-exceeded> 400 <sent-bad-parameter>0</sent-bad-parameter> 401 <sent-packet-too-big>0</sent-packet-too-big> 402 <sent-echo-requests>0</sent-echo-requests> 403 <sent-echo-replies>0</sent-echo-replies> 404 <sent-router-solicitation>0</sent-router-solicitation> 405 <sent-router-advertisement>0</sent-router-advertisement> 406 <sent-redirects>0</sent-redirects> 407EOF 408 count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 409 rm -f ${HOME}/filter-${jname}.txt 410 case ${count} in 411 21) ;; 412 *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty 413 atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; 414 esac 415} 416 417atf_test_case "frag6_05_0" "cleanup" 418frag6_05_0_head() { 419 frag6_head 5_0 420} 421 422frag6_05_0_body() { 423 424 # Save current sysctl value. 425 ov=`sysctl -n net.inet6.ip6.maxfrags` 426 echo "${ov}" > ${HOME}/sysctl-$(atf_get ident).txt 427 428 # Never accept fragments. 429 sysctl net.inet6.ip6.maxfrags=0 430 431 frag6_body 5 frag6_05_check_stats_0 432} 433 434frag6_05_0_cleanup() { 435 frag6_cleanup 5_0 436 437 # Restore sysctl back to default. 438 ov=`cat ${HOME}/sysctl-$(atf_get ident).txt` 439 rm -f ${HOME}/sysctl-$(atf_get ident).txt 440 sysctl net.inet6.ip6.maxfrags=${ov} 441} 442 443 444atf_test_case "frag6_05_1" "cleanup" 445frag6_05_1_head() { 446 frag6_head 5_1 447} 448 449frag6_05_1_body() { 450 451 # Save current sysctl value. 452 ov=`sysctl -n net.inet6.ip6.maxfrags` 453 echo "${ov}" > ${HOME}/sysctl-$(atf_get ident).txt 454 455 # Maximum of 10 global system-wide fragments. 456 sysctl net.inet6.ip6.maxfrags=10 457 458 frag6_body 5 frag6_05_check_stats_1 459} 460 461frag6_05_1_cleanup() { 462 frag6_cleanup 5_1 463 464 # Restore sysctl back to default. 465 ov=`cat ${HOME}/sysctl-$(atf_get ident).txt` 466 rm -f ${HOME}/sysctl-$(atf_get ident).txt 467 sysctl net.inet6.ip6.maxfrags=${ov} 468} 469 470 471atf_init_test_cases() 472{ 473 atf_add_test_case "frag6_05_0" 474 atf_add_test_case "frag6_05_1" 475} 476