1# $FreeBSD$ 2#- 3# SPDX-License-Identifier: BSD-2-Clause 4# 5# Copyright (c) 2019 Netflix, Inc. 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted provided that the following conditions 9# are met: 10# 1. Redistributions of source code must retain the above copyright 11# notice, this list of conditions and the following disclaimer. 12# 2. Redistributions in binary form must reproduce the above copyright 13# notice, this list of conditions and the following disclaimer in the 14# documentation and/or other materials provided with the distribution. 15# 16# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26# SUCH DAMAGE. 27# 28 29. $(atf_get_srcdir)/frag6.subr 30 31frag6_06_pre_test_0() { 32 33 local jname ifname 34 jname=$1 35 36 case "${jname}" in 37 "") echo "ERROR: jname is empty"; return ;; 38 esac 39 40 # Never accept fragments. 41 jexec ${jname} sysctl net.inet6.ip6.maxfragbucketsize=0 42} 43 44 45frag6_06_check_stats_0() { 46 47 local jname ifname 48 jname=$1 49 ifname=$2 50 51 case "${jname}" in 52 "") echo "ERROR: jname is empty"; return ;; 53 esac 54 case "${ifname}" in 55 "") echo "ERROR: ifname is empty"; return ;; 56 esac 57 58 # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. 59 # pfslowtimo() is run at hz/2. So this takes 60s. 60 # This is awefully long for a test case. 61 # The Python script has to wait for this already to get the ICMPv6 62 # hence we do not sleep here anymore. 63 64 nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` 65 case ${nf} in 66 0) break ;; 67 *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; 68 esac 69 nf=`sysctl -n net.inet6.ip6.frag6_nfrags` 70 case ${nf} in 71 0) break ;; 72 *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; 73 esac 74 75 # 76 # Check that the sysctl is set to what we expect. 77 # 78 sn=`jexec ${jname} sysctl -n net.inet6.ip6.maxfragbucketsize` 79 case "${sn}" in 80 0) ;; 81 *) atf_fail "Sysctl net.inet6.ip6.maxfragbucketsize is ${sn} and not 0" ;; 82 esac 83 84 # 85 # Check selection of global UDP stats. 86 # 87 cat <<EOF > ${HOME}/filter-${jname}.txt 88 <received-datagrams>0</received-datagrams> 89 <dropped-incomplete-headers>0</dropped-incomplete-headers> 90 <dropped-bad-data-length>0</dropped-bad-data-length> 91 <dropped-bad-checksum>0</dropped-bad-checksum> 92 <dropped-no-checksum>0</dropped-no-checksum> 93 <dropped-no-socket>0</dropped-no-socket> 94 <dropped-broadcast-multicast>0</dropped-broadcast-multicast> 95 <dropped-full-socket-buffer>0</dropped-full-socket-buffer> 96 <not-for-hashed-pcb>0</not-for-hashed-pcb> 97EOF 98 count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 99 rm -f ${HOME}/filter-${jname}.txt 100 case ${count} in 101 9) ;; 102 *) jexec ${jname} netstat -s -p udp --libxo xml,pretty 103 atf_fail "Global UDP statistics do not match: ${count} != 9" ;; 104 esac 105 106 107 # 108 # Check selection of global IPv6 stats. 109 # 110 cat <<EOF > ${HOME}/filter-${jname}.txt 111 <dropped-below-minimum-size>0</dropped-below-minimum-size> 112 <dropped-short-packets>0</dropped-short-packets> 113 <dropped-bad-options>0</dropped-bad-options> 114 <dropped-bad-version>0</dropped-bad-version> 115 <received-fragments>20</received-fragments> 116 <dropped-fragment>20</dropped-fragment> 117 <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout> 118 <dropped-fragments-overflow>0</dropped-fragments-overflow> 119 <atomic-fragments>0</atomic-fragments> 120 <reassembled-packets>0</reassembled-packets> 121 <forwarded-packets>0</forwarded-packets> 122 <packets-not-forwardable>0</packets-not-forwardable> 123 <sent-redirects>0</sent-redirects> 124 <send-packets-fabricated-header>0</send-packets-fabricated-header> 125 <discard-no-mbufs>0</discard-no-mbufs> 126 <discard-no-route>0</discard-no-route> 127 <sent-fragments>0</sent-fragments> 128 <fragments-created>0</fragments-created> 129 <discard-cannot-fragment>0</discard-cannot-fragment> 130 <discard-scope-violations>0</discard-scope-violations> 131EOF 132 count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 133 rm -f ${HOME}/filter-${jname}.txt 134 case ${count} in 135 20) ;; 136 *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty 137 atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; 138 esac 139 140 # 141 # Check selection of global ICMPv6 stats. 142 # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) 143 # 144 cat <<EOF > ${HOME}/filter-${jname}.txt 145 <icmp6-calls>0</icmp6-calls> 146 <no-route>0</no-route> 147 <admin-prohibited>0</admin-prohibited> 148 <beyond-scope>0</beyond-scope> 149 <address-unreachable>0</address-unreachable> 150 <port-unreachable>0</port-unreachable> 151 <packet-too-big>0</packet-too-big> 152 <time-exceed-transmit>0</time-exceed-transmit> 153 <time-exceed-reassembly>0</time-exceed-reassembly> 154 <bad-header>0</bad-header> 155 <bad-next-header>0</bad-next-header> 156 <bad-option>0</bad-option> 157 <redirects>0</redirects> 158 <unknown>0</unknown> 159 <reflect>0</reflect> 160 <too-many-nd-options>0</too-many-nd-options> 161 <bad-nd-options>0</bad-nd-options> 162 <bad-neighbor-solicitation>0</bad-neighbor-solicitation> 163 <bad-neighbor-advertisement>0</bad-neighbor-advertisement> 164 <bad-router-solicitation>0</bad-router-solicitation> 165 <bad-router-advertisement>0</bad-router-advertisement> 166 <bad-redirect>0</bad-redirect> 167EOF 168 count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 169 rm -f ${HOME}/filter-${jname}.txt 170 case ${count} in 171 22) ;; 172 *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty 173 atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; 174 esac 175 176 # 177 # Check selection of interface IPv6 stats. 178 # 179 cat <<EOF > ${HOME}/filter-${jname}.txt 180 <dropped-invalid-header>0</dropped-invalid-header> 181 <dropped-mtu-exceeded>0</dropped-mtu-exceeded> 182 <dropped-no-route>0</dropped-no-route> 183 <dropped-invalid-destination>0</dropped-invalid-destination> 184 <dropped-unknown-protocol>0</dropped-unknown-protocol> 185 <dropped-truncated>0</dropped-truncated> 186 <sent-forwarded>0</sent-forwarded> 187 <discard-packets>0</discard-packets> 188 <discard-fragments>0</discard-fragments> 189 <fragments-failed>0</fragments-failed> 190 <fragments-created>0</fragments-created> 191 <reassembly-required>20</reassembly-required> 192 <reassembled-packets>0</reassembled-packets> 193 <reassembly-failed>20</reassembly-failed> 194EOF 195 count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 196 rm -f ${HOME}/filter-${jname}.txt 197 case ${count} in 198 14) ;; 199 *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty 200 atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; 201 esac 202 203 # 204 # Check selection of interface ICMPv6 stats. 205 # 206 cat <<EOF > ${HOME}/filter-${jname}.txt 207 <received-errors>0</received-errors> 208 <received-destination-unreachable>0</received-destination-unreachable> 209 <received-admin-prohibited>0</received-admin-prohibited> 210 <received-time-exceeded>0</received-time-exceeded> 211 <received-bad-parameter>0</received-bad-parameter> 212 <received-packet-too-big>0</received-packet-too-big> 213 <received-echo-requests>0</received-echo-requests> 214 <received-echo-replies>0</received-echo-replies> 215 <received-router-solicitation>0</received-router-solicitation> 216 <received-router-advertisement>0</received-router-advertisement> 217 <sent-errors>0</sent-errors> 218 <sent-destination-unreachable>0</sent-destination-unreachable> 219 <sent-admin-prohibited>0</sent-admin-prohibited> 220 <sent-time-exceeded>0</sent-time-exceeded> 221 <sent-bad-parameter>0</sent-bad-parameter> 222 <sent-packet-too-big>0</sent-packet-too-big> 223 <sent-echo-requests>0</sent-echo-requests> 224 <sent-echo-replies>0</sent-echo-replies> 225 <sent-router-solicitation>0</sent-router-solicitation> 226 <sent-router-advertisement>0</sent-router-advertisement> 227 <sent-redirects>0</sent-redirects> 228EOF 229 count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 230 rm -f ${HOME}/filter-${jname}.txt 231 case ${count} in 232 21) ;; 233 *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty 234 atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; 235 esac 236} 237 238atf_test_case "frag6_06_0" "cleanup" 239frag6_06_0_head() { 240 frag6_head 6_0 241} 242 243frag6_06_0_body() { 244 frag6_body 6 frag6_06_check_stats_0 frag6_06_pre_test_0 245} 246 247frag6_06_0_cleanup() { 248 frag6_cleanup 6_0 249 250 # No need to restore the sysctl back to default as the jail is gone. 251} 252 253 254#atf_test_case "frag6_06_1" "cleanup" 255# There is no point in testing a != 0 value for net.inet6.ip6.maxfragbucketsize. 256# We would have to be able to generate hash collisions to end up in the same 257# bucket (or re-compile a kernel with only 1 bucket). 258 259 260atf_init_test_cases() 261{ 262 atf_add_test_case "frag6_06_0" 263} 264