1*f74e6e49SBjoern A. Zeeb# $FreeBSD$ 2*f74e6e49SBjoern A. Zeeb#- 3*f74e6e49SBjoern A. Zeeb# SPDX-License-Identifier: BSD-2-Clause 4*f74e6e49SBjoern A. Zeeb# 5*f74e6e49SBjoern A. Zeeb# Copyright (c) 2019 Netflix, Inc. 6*f74e6e49SBjoern A. Zeeb# 7*f74e6e49SBjoern A. Zeeb# Redistribution and use in source and binary forms, with or without 8*f74e6e49SBjoern A. Zeeb# modification, are permitted provided that the following conditions 9*f74e6e49SBjoern A. Zeeb# are met: 10*f74e6e49SBjoern A. Zeeb# 1. Redistributions of source code must retain the above copyright 11*f74e6e49SBjoern A. Zeeb# notice, this list of conditions and the following disclaimer. 12*f74e6e49SBjoern A. Zeeb# 2. Redistributions in binary form must reproduce the above copyright 13*f74e6e49SBjoern A. Zeeb# notice, this list of conditions and the following disclaimer in the 14*f74e6e49SBjoern A. Zeeb# documentation and/or other materials provided with the distribution. 15*f74e6e49SBjoern A. Zeeb# 16*f74e6e49SBjoern A. Zeeb# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17*f74e6e49SBjoern A. Zeeb# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18*f74e6e49SBjoern A. Zeeb# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19*f74e6e49SBjoern A. Zeeb# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20*f74e6e49SBjoern A. Zeeb# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21*f74e6e49SBjoern A. Zeeb# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22*f74e6e49SBjoern A. Zeeb# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23*f74e6e49SBjoern A. Zeeb# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24*f74e6e49SBjoern A. Zeeb# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25*f74e6e49SBjoern A. Zeeb# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26*f74e6e49SBjoern A. Zeeb# SUCH DAMAGE. 27*f74e6e49SBjoern A. Zeeb# 28*f74e6e49SBjoern A. Zeeb 29*f74e6e49SBjoern A. Zeeb. $(atf_get_srcdir)/frag6.subr 30*f74e6e49SBjoern A. Zeeb 31*f74e6e49SBjoern A. Zeebfrag6_06_pre_test_0() { 32*f74e6e49SBjoern A. Zeeb 33*f74e6e49SBjoern A. Zeeb local jname ifname 34*f74e6e49SBjoern A. Zeeb jname=$1 35*f74e6e49SBjoern A. Zeeb 36*f74e6e49SBjoern A. Zeeb case "${jname}" in 37*f74e6e49SBjoern A. Zeeb "") echo "ERROR: jname is empty"; return ;; 38*f74e6e49SBjoern A. Zeeb esac 39*f74e6e49SBjoern A. Zeeb 40*f74e6e49SBjoern A. Zeeb # Never accept fragments. 41*f74e6e49SBjoern A. Zeeb jexec ${jname} sysctl net.inet6.ip6.maxfragbucketsize=0 42*f74e6e49SBjoern A. Zeeb} 43*f74e6e49SBjoern A. Zeeb 44*f74e6e49SBjoern A. Zeeb 45*f74e6e49SBjoern A. Zeebfrag6_06_check_stats_0() { 46*f74e6e49SBjoern A. Zeeb 47*f74e6e49SBjoern A. Zeeb local jname ifname 48*f74e6e49SBjoern A. Zeeb jname=$1 49*f74e6e49SBjoern A. Zeeb ifname=$2 50*f74e6e49SBjoern A. Zeeb 51*f74e6e49SBjoern A. Zeeb case "${jname}" in 52*f74e6e49SBjoern A. Zeeb "") echo "ERROR: jname is empty"; return ;; 53*f74e6e49SBjoern A. Zeeb esac 54*f74e6e49SBjoern A. Zeeb case "${ifname}" in 55*f74e6e49SBjoern A. Zeeb "") echo "ERROR: ifname is empty"; return ;; 56*f74e6e49SBjoern A. Zeeb esac 57*f74e6e49SBjoern A. Zeeb 58*f74e6e49SBjoern A. Zeeb # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. 59*f74e6e49SBjoern A. Zeeb # pfslowtimo() is run at hz/2. So this takes 60s. 60*f74e6e49SBjoern A. Zeeb # This is awefully long for a test case. 61*f74e6e49SBjoern A. Zeeb # The Python script has to wait for this already to get the ICMPv6 62*f74e6e49SBjoern A. Zeeb # hence we do not sleep here anymore. 63*f74e6e49SBjoern A. Zeeb 64*f74e6e49SBjoern A. Zeeb # 65*f74e6e49SBjoern A. Zeeb # Check that the sysctl is set to what we expect. 66*f74e6e49SBjoern A. Zeeb # 67*f74e6e49SBjoern A. Zeeb sn=`jexec ${jname} sysctl -n net.inet6.ip6.maxfragbucketsize` 68*f74e6e49SBjoern A. Zeeb case "${sn}" in 69*f74e6e49SBjoern A. Zeeb 0) ;; 70*f74e6e49SBjoern A. Zeeb *) atf_fail "Sysctl net.inet6.ip6.maxfragbucketsize is ${sn} and not 0" ;; 71*f74e6e49SBjoern A. Zeeb esac 72*f74e6e49SBjoern A. Zeeb 73*f74e6e49SBjoern A. Zeeb # 74*f74e6e49SBjoern A. Zeeb # Check selection of global UDP stats. 75*f74e6e49SBjoern A. Zeeb # 76*f74e6e49SBjoern A. Zeeb cat <<EOF > ${HOME}/filter-${jname}.txt 77*f74e6e49SBjoern A. Zeeb <received-datagrams>0</received-datagrams> 78*f74e6e49SBjoern A. Zeeb <dropped-incomplete-headers>0</dropped-incomplete-headers> 79*f74e6e49SBjoern A. Zeeb <dropped-bad-data-length>0</dropped-bad-data-length> 80*f74e6e49SBjoern A. Zeeb <dropped-bad-checksum>0</dropped-bad-checksum> 81*f74e6e49SBjoern A. Zeeb <dropped-no-checksum>0</dropped-no-checksum> 82*f74e6e49SBjoern A. Zeeb <dropped-no-socket>0</dropped-no-socket> 83*f74e6e49SBjoern A. Zeeb <dropped-broadcast-multicast>0</dropped-broadcast-multicast> 84*f74e6e49SBjoern A. Zeeb <dropped-full-socket-buffer>0</dropped-full-socket-buffer> 85*f74e6e49SBjoern A. Zeeb <not-for-hashed-pcb>0</not-for-hashed-pcb> 86*f74e6e49SBjoern A. ZeebEOF 87*f74e6e49SBjoern A. Zeeb count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 88*f74e6e49SBjoern A. Zeeb rm -f ${HOME}/filter-${jname}.txt 89*f74e6e49SBjoern A. Zeeb case ${count} in 90*f74e6e49SBjoern A. Zeeb 9) ;; 91*f74e6e49SBjoern A. Zeeb *) jexec ${jname} netstat -s -p udp --libxo xml,pretty 92*f74e6e49SBjoern A. Zeeb atf_fail "Global UDP statistics do not match: ${count} != 9" ;; 93*f74e6e49SBjoern A. Zeeb esac 94*f74e6e49SBjoern A. Zeeb 95*f74e6e49SBjoern A. Zeeb 96*f74e6e49SBjoern A. Zeeb # 97*f74e6e49SBjoern A. Zeeb # Check selection of global IPv6 stats. 98*f74e6e49SBjoern A. Zeeb # 99*f74e6e49SBjoern A. Zeeb cat <<EOF > ${HOME}/filter-${jname}.txt 100*f74e6e49SBjoern A. Zeeb <dropped-below-minimum-size>0</dropped-below-minimum-size> 101*f74e6e49SBjoern A. Zeeb <dropped-short-packets>0</dropped-short-packets> 102*f74e6e49SBjoern A. Zeeb <dropped-bad-options>0</dropped-bad-options> 103*f74e6e49SBjoern A. Zeeb <dropped-bad-version>0</dropped-bad-version> 104*f74e6e49SBjoern A. Zeeb <received-fragments>20</received-fragments> 105*f74e6e49SBjoern A. Zeeb <dropped-fragment>20</dropped-fragment> 106*f74e6e49SBjoern A. Zeeb <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout> 107*f74e6e49SBjoern A. Zeeb <dropped-fragments-overflow>0</dropped-fragments-overflow> 108*f74e6e49SBjoern A. Zeeb <atomic-fragments>0</atomic-fragments> 109*f74e6e49SBjoern A. Zeeb <reassembled-packets>0</reassembled-packets> 110*f74e6e49SBjoern A. Zeeb <forwarded-packets>0</forwarded-packets> 111*f74e6e49SBjoern A. Zeeb <packets-not-forwardable>0</packets-not-forwardable> 112*f74e6e49SBjoern A. Zeeb <sent-redirects>0</sent-redirects> 113*f74e6e49SBjoern A. Zeeb <send-packets-fabricated-header>0</send-packets-fabricated-header> 114*f74e6e49SBjoern A. Zeeb <discard-no-mbufs>0</discard-no-mbufs> 115*f74e6e49SBjoern A. Zeeb <discard-no-route>0</discard-no-route> 116*f74e6e49SBjoern A. Zeeb <sent-fragments>0</sent-fragments> 117*f74e6e49SBjoern A. Zeeb <fragments-created>0</fragments-created> 118*f74e6e49SBjoern A. Zeeb <discard-cannot-fragment>0</discard-cannot-fragment> 119*f74e6e49SBjoern A. Zeeb <discard-scope-violations>0</discard-scope-violations> 120*f74e6e49SBjoern A. ZeebEOF 121*f74e6e49SBjoern A. Zeeb count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 122*f74e6e49SBjoern A. Zeeb rm -f ${HOME}/filter-${jname}.txt 123*f74e6e49SBjoern A. Zeeb case ${count} in 124*f74e6e49SBjoern A. Zeeb 20) ;; 125*f74e6e49SBjoern A. Zeeb *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty 126*f74e6e49SBjoern A. Zeeb atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; 127*f74e6e49SBjoern A. Zeeb esac 128*f74e6e49SBjoern A. Zeeb 129*f74e6e49SBjoern A. Zeeb # 130*f74e6e49SBjoern A. Zeeb # Check selection of global ICMPv6 stats. 131*f74e6e49SBjoern A. Zeeb # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) 132*f74e6e49SBjoern A. Zeeb # 133*f74e6e49SBjoern A. Zeeb cat <<EOF > ${HOME}/filter-${jname}.txt 134*f74e6e49SBjoern A. Zeeb <icmp6-calls>0</icmp6-calls> 135*f74e6e49SBjoern A. Zeeb <no-route>0</no-route> 136*f74e6e49SBjoern A. Zeeb <admin-prohibited>0</admin-prohibited> 137*f74e6e49SBjoern A. Zeeb <beyond-scope>0</beyond-scope> 138*f74e6e49SBjoern A. Zeeb <address-unreachable>0</address-unreachable> 139*f74e6e49SBjoern A. Zeeb <port-unreachable>0</port-unreachable> 140*f74e6e49SBjoern A. Zeeb <packet-too-big>0</packet-too-big> 141*f74e6e49SBjoern A. Zeeb <time-exceed-transmit>0</time-exceed-transmit> 142*f74e6e49SBjoern A. Zeeb <time-exceed-reassembly>0</time-exceed-reassembly> 143*f74e6e49SBjoern A. Zeeb <bad-header>0</bad-header> 144*f74e6e49SBjoern A. Zeeb <bad-next-header>0</bad-next-header> 145*f74e6e49SBjoern A. Zeeb <bad-option>0</bad-option> 146*f74e6e49SBjoern A. Zeeb <redirects>0</redirects> 147*f74e6e49SBjoern A. Zeeb <unknown>0</unknown> 148*f74e6e49SBjoern A. Zeeb <reflect>0</reflect> 149*f74e6e49SBjoern A. Zeeb <too-many-nd-options>0</too-many-nd-options> 150*f74e6e49SBjoern A. Zeeb <bad-nd-options>0</bad-nd-options> 151*f74e6e49SBjoern A. Zeeb <bad-neighbor-solicitation>0</bad-neighbor-solicitation> 152*f74e6e49SBjoern A. Zeeb <bad-neighbor-advertisement>0</bad-neighbor-advertisement> 153*f74e6e49SBjoern A. Zeeb <bad-router-solicitation>0</bad-router-solicitation> 154*f74e6e49SBjoern A. Zeeb <bad-router-advertisement>0</bad-router-advertisement> 155*f74e6e49SBjoern A. Zeeb <bad-redirect>0</bad-redirect> 156*f74e6e49SBjoern A. ZeebEOF 157*f74e6e49SBjoern A. Zeeb count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 158*f74e6e49SBjoern A. Zeeb rm -f ${HOME}/filter-${jname}.txt 159*f74e6e49SBjoern A. Zeeb case ${count} in 160*f74e6e49SBjoern A. Zeeb 22) ;; 161*f74e6e49SBjoern A. Zeeb *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty 162*f74e6e49SBjoern A. Zeeb atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; 163*f74e6e49SBjoern A. Zeeb esac 164*f74e6e49SBjoern A. Zeeb 165*f74e6e49SBjoern A. Zeeb # 166*f74e6e49SBjoern A. Zeeb # Check selection of interface IPv6 stats. 167*f74e6e49SBjoern A. Zeeb # 168*f74e6e49SBjoern A. Zeeb cat <<EOF > ${HOME}/filter-${jname}.txt 169*f74e6e49SBjoern A. Zeeb <dropped-invalid-header>0</dropped-invalid-header> 170*f74e6e49SBjoern A. Zeeb <dropped-mtu-exceeded>0</dropped-mtu-exceeded> 171*f74e6e49SBjoern A. Zeeb <dropped-no-route>0</dropped-no-route> 172*f74e6e49SBjoern A. Zeeb <dropped-invalid-destination>0</dropped-invalid-destination> 173*f74e6e49SBjoern A. Zeeb <dropped-unknown-protocol>0</dropped-unknown-protocol> 174*f74e6e49SBjoern A. Zeeb <dropped-truncated>0</dropped-truncated> 175*f74e6e49SBjoern A. Zeeb <sent-forwarded>0</sent-forwarded> 176*f74e6e49SBjoern A. Zeeb <discard-packets>0</discard-packets> 177*f74e6e49SBjoern A. Zeeb <discard-fragments>0</discard-fragments> 178*f74e6e49SBjoern A. Zeeb <fragments-failed>0</fragments-failed> 179*f74e6e49SBjoern A. Zeeb <fragments-created>0</fragments-created> 180*f74e6e49SBjoern A. Zeeb <reassembly-required>20</reassembly-required> 181*f74e6e49SBjoern A. Zeeb <reassembled-packets>0</reassembled-packets> 182*f74e6e49SBjoern A. Zeeb <reassembly-failed>20</reassembly-failed> 183*f74e6e49SBjoern A. ZeebEOF 184*f74e6e49SBjoern A. Zeeb count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 185*f74e6e49SBjoern A. Zeeb rm -f ${HOME}/filter-${jname}.txt 186*f74e6e49SBjoern A. Zeeb case ${count} in 187*f74e6e49SBjoern A. Zeeb 14) ;; 188*f74e6e49SBjoern A. Zeeb *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty 189*f74e6e49SBjoern A. Zeeb atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; 190*f74e6e49SBjoern A. Zeeb esac 191*f74e6e49SBjoern A. Zeeb 192*f74e6e49SBjoern A. Zeeb # 193*f74e6e49SBjoern A. Zeeb # Check selection of interface ICMPv6 stats. 194*f74e6e49SBjoern A. Zeeb # 195*f74e6e49SBjoern A. Zeeb cat <<EOF > ${HOME}/filter-${jname}.txt 196*f74e6e49SBjoern A. Zeeb <received-errors>0</received-errors> 197*f74e6e49SBjoern A. Zeeb <received-destination-unreachable>0</received-destination-unreachable> 198*f74e6e49SBjoern A. Zeeb <received-admin-prohibited>0</received-admin-prohibited> 199*f74e6e49SBjoern A. Zeeb <received-time-exceeded>0</received-time-exceeded> 200*f74e6e49SBjoern A. Zeeb <received-bad-parameter>0</received-bad-parameter> 201*f74e6e49SBjoern A. Zeeb <received-packet-too-big>0</received-packet-too-big> 202*f74e6e49SBjoern A. Zeeb <received-echo-requests>0</received-echo-requests> 203*f74e6e49SBjoern A. Zeeb <received-echo-replies>0</received-echo-replies> 204*f74e6e49SBjoern A. Zeeb <received-router-solicitation>0</received-router-solicitation> 205*f74e6e49SBjoern A. Zeeb <received-router-advertisement>0</received-router-advertisement> 206*f74e6e49SBjoern A. Zeeb <sent-errors>0</sent-errors> 207*f74e6e49SBjoern A. Zeeb <sent-destination-unreachable>0</sent-destination-unreachable> 208*f74e6e49SBjoern A. Zeeb <sent-admin-prohibited>0</sent-admin-prohibited> 209*f74e6e49SBjoern A. Zeeb <sent-time-exceeded>0</sent-time-exceeded> 210*f74e6e49SBjoern A. Zeeb <sent-bad-parameter>0</sent-bad-parameter> 211*f74e6e49SBjoern A. Zeeb <sent-packet-too-big>0</sent-packet-too-big> 212*f74e6e49SBjoern A. Zeeb <sent-echo-requests>0</sent-echo-requests> 213*f74e6e49SBjoern A. Zeeb <sent-echo-replies>0</sent-echo-replies> 214*f74e6e49SBjoern A. Zeeb <sent-router-solicitation>0</sent-router-solicitation> 215*f74e6e49SBjoern A. Zeeb <sent-router-advertisement>0</sent-router-advertisement> 216*f74e6e49SBjoern A. Zeeb <sent-redirects>0</sent-redirects> 217*f74e6e49SBjoern A. ZeebEOF 218*f74e6e49SBjoern A. Zeeb count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 219*f74e6e49SBjoern A. Zeeb rm -f ${HOME}/filter-${jname}.txt 220*f74e6e49SBjoern A. Zeeb case ${count} in 221*f74e6e49SBjoern A. Zeeb 21) ;; 222*f74e6e49SBjoern A. Zeeb *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty 223*f74e6e49SBjoern A. Zeeb atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; 224*f74e6e49SBjoern A. Zeeb esac 225*f74e6e49SBjoern A. Zeeb} 226*f74e6e49SBjoern A. Zeeb 227*f74e6e49SBjoern A. Zeebatf_test_case "frag6_06_0" "cleanup" 228*f74e6e49SBjoern A. Zeebfrag6_06_0_head() { 229*f74e6e49SBjoern A. Zeeb frag6_head 6_0 230*f74e6e49SBjoern A. Zeeb} 231*f74e6e49SBjoern A. Zeeb 232*f74e6e49SBjoern A. Zeebfrag6_06_0_body() { 233*f74e6e49SBjoern A. Zeeb frag6_body 6 frag6_06_check_stats_0 frag6_06_pre_test_0 234*f74e6e49SBjoern A. Zeeb} 235*f74e6e49SBjoern A. Zeeb 236*f74e6e49SBjoern A. Zeebfrag6_06_0_cleanup() { 237*f74e6e49SBjoern A. Zeeb frag6_cleanup 6_0 238*f74e6e49SBjoern A. Zeeb 239*f74e6e49SBjoern A. Zeeb # No need to restore the sysctl back to default as the jail is gone. 240*f74e6e49SBjoern A. Zeeb} 241*f74e6e49SBjoern A. Zeeb 242*f74e6e49SBjoern A. Zeeb 243*f74e6e49SBjoern A. Zeeb#atf_test_case "frag6_06_1" "cleanup" 244*f74e6e49SBjoern A. Zeeb# There is no point in testing a != 0 value for net.inet6.ip6.maxfragbucketsize. 245*f74e6e49SBjoern A. Zeeb# We would have to be able to generate hash collisions to end up in the same 246*f74e6e49SBjoern A. Zeeb# bucket (or re-compile a kernel with only 1 bucket). 247*f74e6e49SBjoern A. Zeeb 248*f74e6e49SBjoern A. Zeeb 249*f74e6e49SBjoern A. Zeebatf_init_test_cases() 250*f74e6e49SBjoern A. Zeeb{ 251*f74e6e49SBjoern A. Zeeb atf_add_test_case "frag6_06_0" 252*f74e6e49SBjoern A. Zeeb} 253