1#- 2# SPDX-License-Identifier: BSD-2-Clause 3# 4# Copyright (c) 2019 Netflix, Inc. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# 27 28. $(atf_get_srcdir)/frag6.subr 29 30frag6_06_pre_test_0() { 31 32 local jname ifname 33 jname=$1 34 35 case "${jname}" in 36 "") echo "ERROR: jname is empty"; return ;; 37 esac 38 39 # Never accept fragments. 40 jexec ${jname} sysctl net.inet6.ip6.maxfragbucketsize=0 41} 42 43 44frag6_06_check_stats_0() { 45 46 local jname ifname 47 jname=$1 48 ifname=$2 49 50 case "${jname}" in 51 "") echo "ERROR: jname is empty"; return ;; 52 esac 53 case "${ifname}" in 54 "") echo "ERROR: ifname is empty"; return ;; 55 esac 56 57 # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. 58 # pfslowtimo() is run at hz/2. So this takes 60s. 59 # This is awefully long for a test case. 60 # The Python script has to wait for this already to get the ICMPv6 61 # hence we do not sleep here anymore. 62 63 nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` 64 case ${nf} in 65 0) break ;; 66 *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; 67 esac 68 nf=`sysctl -n net.inet6.ip6.frag6_nfrags` 69 case ${nf} in 70 0) break ;; 71 *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; 72 esac 73 74 # 75 # Check that the sysctl is set to what we expect. 76 # 77 sn=`jexec ${jname} sysctl -n net.inet6.ip6.maxfragbucketsize` 78 case "${sn}" in 79 0) ;; 80 *) atf_fail "Sysctl net.inet6.ip6.maxfragbucketsize is ${sn} and not 0" ;; 81 esac 82 83 # 84 # Check selection of global UDP stats. 85 # 86 cat <<EOF > ${HOME}/filter-${jname}.txt 87 <received-datagrams>0</received-datagrams> 88 <dropped-incomplete-headers>0</dropped-incomplete-headers> 89 <dropped-bad-data-length>0</dropped-bad-data-length> 90 <dropped-bad-checksum>0</dropped-bad-checksum> 91 <dropped-no-checksum>0</dropped-no-checksum> 92 <dropped-no-socket>0</dropped-no-socket> 93 <dropped-broadcast-multicast>0</dropped-broadcast-multicast> 94 <dropped-full-socket-buffer>0</dropped-full-socket-buffer> 95 <not-for-hashed-pcb>0</not-for-hashed-pcb> 96EOF 97 count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 98 rm -f ${HOME}/filter-${jname}.txt 99 case ${count} in 100 9) ;; 101 *) jexec ${jname} netstat -s -p udp --libxo xml,pretty 102 atf_fail "Global UDP statistics do not match: ${count} != 9" ;; 103 esac 104 105 106 # 107 # Check selection of global IPv6 stats. 108 # 109 cat <<EOF > ${HOME}/filter-${jname}.txt 110 <dropped-below-minimum-size>0</dropped-below-minimum-size> 111 <dropped-short-packets>0</dropped-short-packets> 112 <dropped-bad-options>0</dropped-bad-options> 113 <dropped-bad-version>0</dropped-bad-version> 114 <received-fragments>20</received-fragments> 115 <dropped-fragment>20</dropped-fragment> 116 <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout> 117 <dropped-fragments-overflow>0</dropped-fragments-overflow> 118 <atomic-fragments>0</atomic-fragments> 119 <reassembled-packets>0</reassembled-packets> 120 <forwarded-packets>0</forwarded-packets> 121 <packets-not-forwardable>0</packets-not-forwardable> 122 <sent-redirects>0</sent-redirects> 123 <send-packets-fabricated-header>0</send-packets-fabricated-header> 124 <discard-no-mbufs>0</discard-no-mbufs> 125 <discard-no-route>0</discard-no-route> 126 <sent-fragments>0</sent-fragments> 127 <fragments-created>0</fragments-created> 128 <discard-cannot-fragment>0</discard-cannot-fragment> 129 <discard-scope-violations>0</discard-scope-violations> 130EOF 131 count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 132 rm -f ${HOME}/filter-${jname}.txt 133 case ${count} in 134 20) ;; 135 *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty 136 atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; 137 esac 138 139 # 140 # Check selection of global ICMPv6 stats. 141 # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) 142 # 143 cat <<EOF > ${HOME}/filter-${jname}.txt 144 <icmp6-calls>0</icmp6-calls> 145 <no-route>0</no-route> 146 <admin-prohibited>0</admin-prohibited> 147 <beyond-scope>0</beyond-scope> 148 <address-unreachable>0</address-unreachable> 149 <port-unreachable>0</port-unreachable> 150 <packet-too-big>0</packet-too-big> 151 <time-exceed-transmit>0</time-exceed-transmit> 152 <time-exceed-reassembly>0</time-exceed-reassembly> 153 <bad-header>0</bad-header> 154 <bad-next-header>0</bad-next-header> 155 <bad-option>0</bad-option> 156 <redirects>0</redirects> 157 <unknown>0</unknown> 158 <reflect>0</reflect> 159 <too-many-nd-options>0</too-many-nd-options> 160 <bad-nd-options>0</bad-nd-options> 161 <bad-neighbor-solicitation>0</bad-neighbor-solicitation> 162 <bad-neighbor-advertisement>0</bad-neighbor-advertisement> 163 <bad-router-solicitation>0</bad-router-solicitation> 164 <bad-router-advertisement>0</bad-router-advertisement> 165 <bad-redirect>0</bad-redirect> 166EOF 167 count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 168 rm -f ${HOME}/filter-${jname}.txt 169 case ${count} in 170 22) ;; 171 *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty 172 atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; 173 esac 174 175 # 176 # Check selection of interface IPv6 stats. 177 # 178 cat <<EOF > ${HOME}/filter-${jname}.txt 179 <dropped-invalid-header>0</dropped-invalid-header> 180 <dropped-mtu-exceeded>0</dropped-mtu-exceeded> 181 <dropped-no-route>0</dropped-no-route> 182 <dropped-invalid-destination>0</dropped-invalid-destination> 183 <dropped-unknown-protocol>0</dropped-unknown-protocol> 184 <dropped-truncated>0</dropped-truncated> 185 <sent-forwarded>0</sent-forwarded> 186 <discard-packets>0</discard-packets> 187 <discard-fragments>0</discard-fragments> 188 <fragments-failed>0</fragments-failed> 189 <fragments-created>0</fragments-created> 190 <reassembly-required>20</reassembly-required> 191 <reassembled-packets>0</reassembled-packets> 192 <reassembly-failed>20</reassembly-failed> 193EOF 194 count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 195 rm -f ${HOME}/filter-${jname}.txt 196 case ${count} in 197 14) ;; 198 *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty 199 atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; 200 esac 201 202 # 203 # Check selection of interface ICMPv6 stats. 204 # 205 cat <<EOF > ${HOME}/filter-${jname}.txt 206 <received-errors>0</received-errors> 207 <received-destination-unreachable>0</received-destination-unreachable> 208 <received-admin-prohibited>0</received-admin-prohibited> 209 <received-time-exceeded>0</received-time-exceeded> 210 <received-bad-parameter>0</received-bad-parameter> 211 <received-packet-too-big>0</received-packet-too-big> 212 <received-echo-requests>0</received-echo-requests> 213 <received-echo-replies>0</received-echo-replies> 214 <received-router-solicitation>0</received-router-solicitation> 215 <received-router-advertisement>0</received-router-advertisement> 216 <sent-errors>0</sent-errors> 217 <sent-destination-unreachable>0</sent-destination-unreachable> 218 <sent-admin-prohibited>0</sent-admin-prohibited> 219 <sent-time-exceeded>0</sent-time-exceeded> 220 <sent-bad-parameter>0</sent-bad-parameter> 221 <sent-packet-too-big>0</sent-packet-too-big> 222 <sent-echo-requests>0</sent-echo-requests> 223 <sent-echo-replies>0</sent-echo-replies> 224 <sent-router-solicitation>0</sent-router-solicitation> 225 <sent-router-advertisement>0</sent-router-advertisement> 226 <sent-redirects>0</sent-redirects> 227EOF 228 count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 229 rm -f ${HOME}/filter-${jname}.txt 230 case ${count} in 231 21) ;; 232 *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty 233 atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; 234 esac 235} 236 237atf_test_case "frag6_06_0" "cleanup" 238frag6_06_0_head() { 239 frag6_head 6_0 240} 241 242frag6_06_0_body() { 243 frag6_body 6 frag6_06_check_stats_0 frag6_06_pre_test_0 244} 245 246frag6_06_0_cleanup() { 247 frag6_cleanup 6_0 248 249 # No need to restore the sysctl back to default as the jail is gone. 250} 251 252 253#atf_test_case "frag6_06_1" "cleanup" 254# There is no point in testing a != 0 value for net.inet6.ip6.maxfragbucketsize. 255# We would have to be able to generate hash collisions to end up in the same 256# bucket (or re-compile a kernel with only 1 bucket). 257 258 259atf_init_test_cases() 260{ 261 atf_add_test_case "frag6_06_0" 262} 263