1#- 2# SPDX-License-Identifier: BSD-2-Clause 3# 4# Copyright (c) 2019 Netflix, Inc. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# 27 28. $(atf_get_srcdir)/frag6.subr 29 30frag6_15_pre_test() { 31 32 local jname ifname 33 jname=$1 34 35 case "${jname}" in 36 "") echo "ERROR: jname is empty"; return ;; 37 esac 38 39 # Accept 3 fragments per fragmented packet. 40 jexec ${jname} sysctl net.inet6.ip6.maxfragsperpacket=3 41} 42 43 44frag6_15_check_stats() { 45 46 local jname ifname 47 jname=$1 48 ifname=$2 49 50 case "${jname}" in 51 "") echo "ERROR: jname is empty"; return ;; 52 esac 53 case "${ifname}" in 54 "") echo "ERROR: ifname is empty"; return ;; 55 esac 56 57 # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. 58 # pfslowtimo() is run at hz/2. So this takes 60s. 59 # This is awefully long for a test case. 60 # The Python script has to wait for this already to get the ICMPv6 61 # hence we do not sleep here anymore. 62 63 nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` 64 case ${nf} in 65 0) break ;; 66 *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; 67 esac 68 nf=`sysctl -n net.inet6.ip6.frag6_nfrags` 69 case ${nf} in 70 0) break ;; 71 *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; 72 esac 73 74 # 75 # Check that the sysctl is set to what we expect. 76 # 77 sn=`jexec ${jname} sysctl -n net.inet6.ip6.maxfragsperpacket` 78 case "${sn}" in 79 3) ;; 80 *) atf_fail "Sysctl net.inet6.ip6.maxfragsperpacket is ${sn} and not 3" ;; 81 esac 82 83 # 84 # Check selection of global UDP stats. 85 # 86 cat <<EOF > ${HOME}/filter-${jname}.txt 87 <received-datagrams>0</received-datagrams> 88 <dropped-incomplete-headers>0</dropped-incomplete-headers> 89 <dropped-bad-data-length>0</dropped-bad-data-length> 90 <dropped-bad-checksum>0</dropped-bad-checksum> 91 <dropped-no-checksum>0</dropped-no-checksum> 92 <dropped-no-socket>0</dropped-no-socket> 93 <dropped-broadcast-multicast>0</dropped-broadcast-multicast> 94 <dropped-full-socket-buffer>0</dropped-full-socket-buffer> 95 <not-for-hashed-pcb>0</not-for-hashed-pcb> 96EOF 97 count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 98 rm -f ${HOME}/filter-${jname}.txt 99 case ${count} in 100 9) ;; 101 *) jexec ${jname} netstat -s -p udp --libxo xml,pretty 102 atf_fail "Global UDP statistics do not match: ${count} != 9" ;; 103 esac 104 105 106 # 107 # Check selection of global IPv6 stats. 108 # 109 cat <<EOF > ${HOME}/filter-${jname}.txt 110 <dropped-below-minimum-size>0</dropped-below-minimum-size> 111 <dropped-short-packets>0</dropped-short-packets> 112 <dropped-bad-options>0</dropped-bad-options> 113 <dropped-bad-version>0</dropped-bad-version> 114 <received-fragments>8</received-fragments> 115 <dropped-fragment>8</dropped-fragment> 116 <dropped-fragment-after-timeout>0</dropped-fragment-after-timeout> 117 <dropped-fragments-overflow>0</dropped-fragments-overflow> 118 <atomic-fragments>0</atomic-fragments> 119 <reassembled-packets>0</reassembled-packets> 120 <forwarded-packets>0</forwarded-packets> 121 <packets-not-forwardable>0</packets-not-forwardable> 122 <sent-redirects>0</sent-redirects> 123 <send-packets-fabricated-header>0</send-packets-fabricated-header> 124 <discard-no-mbufs>0</discard-no-mbufs> 125 <discard-no-route>0</discard-no-route> 126 <sent-fragments>0</sent-fragments> 127 <fragments-created>0</fragments-created> 128 <discard-cannot-fragment>0</discard-cannot-fragment> 129 <discard-scope-violations>0</discard-scope-violations> 130EOF 131 count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 132 rm -f ${HOME}/filter-${jname}.txt 133 case ${count} in 134 20) ;; 135 *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty 136 atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; 137 esac 138 139 # 140 # Check selection of global ICMPv6 stats. 141 # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) 142 # 143 cat <<EOF > ${HOME}/filter-${jname}.txt 144 <icmp6-calls>1</icmp6-calls> 145 <no-route>0</no-route> 146 <admin-prohibited>0</admin-prohibited> 147 <beyond-scope>0</beyond-scope> 148 <address-unreachable>0</address-unreachable> 149 <port-unreachable>0</port-unreachable> 150 <packet-too-big>0</packet-too-big> 151 <time-exceed-transmit>0</time-exceed-transmit> 152 <time-exceed-reassembly>1</time-exceed-reassembly> 153 <bad-header>0</bad-header> 154 <bad-next-header>0</bad-next-header> 155 <bad-option>0</bad-option> 156 <redirects>0</redirects> 157 <unknown>0</unknown> 158 <reflect>0</reflect> 159 <too-many-nd-options>0</too-many-nd-options> 160 <bad-nd-options>0</bad-nd-options> 161 <bad-neighbor-solicitation>0</bad-neighbor-solicitation> 162 <bad-neighbor-advertisement>0</bad-neighbor-advertisement> 163 <bad-router-solicitation>0</bad-router-solicitation> 164 <bad-router-advertisement>0</bad-router-advertisement> 165 <bad-redirect>0</bad-redirect> 166EOF 167 count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 168 rm -f ${HOME}/filter-${jname}.txt 169 case ${count} in 170 22) ;; 171 *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty 172 atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; 173 esac 174 175 # 176 # Check selection of interface IPv6 stats. 177 # XXX-BZ no reassembly failed stats.# 178 # 179 cat <<EOF > ${HOME}/filter-${jname}.txt 180 <dropped-invalid-header>0</dropped-invalid-header> 181 <dropped-mtu-exceeded>0</dropped-mtu-exceeded> 182 <dropped-no-route>0</dropped-no-route> 183 <dropped-invalid-destination>0</dropped-invalid-destination> 184 <dropped-unknown-protocol>0</dropped-unknown-protocol> 185 <dropped-truncated>0</dropped-truncated> 186 <sent-forwarded>0</sent-forwarded> 187 <discard-packets>0</discard-packets> 188 <discard-fragments>0</discard-fragments> 189 <fragments-failed>0</fragments-failed> 190 <fragments-created>0</fragments-created> 191 <reassembly-required>8</reassembly-required> 192 <reassembled-packets>0</reassembled-packets> 193 <reassembly-failed>0</reassembly-failed> 194EOF 195 count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 196 rm -f ${HOME}/filter-${jname}.txt 197 case ${count} in 198 14) ;; 199 *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty 200 atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; 201 esac 202 203 # 204 # Check selection of interface ICMPv6 stats. 205 # 206 cat <<EOF > ${HOME}/filter-${jname}.txt 207 <received-errors>0</received-errors> 208 <received-destination-unreachable>0</received-destination-unreachable> 209 <received-admin-prohibited>0</received-admin-prohibited> 210 <received-time-exceeded>0</received-time-exceeded> 211 <received-bad-parameter>0</received-bad-parameter> 212 <received-packet-too-big>0</received-packet-too-big> 213 <received-echo-requests>0</received-echo-requests> 214 <received-echo-replies>0</received-echo-replies> 215 <received-router-solicitation>0</received-router-solicitation> 216 <received-router-advertisement>0</received-router-advertisement> 217 <sent-errors>1</sent-errors> 218 <sent-destination-unreachable>0</sent-destination-unreachable> 219 <sent-admin-prohibited>0</sent-admin-prohibited> 220 <sent-time-exceeded>1</sent-time-exceeded> 221 <sent-bad-parameter>0</sent-bad-parameter> 222 <sent-packet-too-big>0</sent-packet-too-big> 223 <sent-echo-requests>0</sent-echo-requests> 224 <sent-echo-replies>0</sent-echo-replies> 225 <sent-router-solicitation>0</sent-router-solicitation> 226 <sent-router-advertisement>0</sent-router-advertisement> 227 <sent-redirects>0</sent-redirects> 228EOF 229 count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` 230 rm -f ${HOME}/filter-${jname}.txt 231 case ${count} in 232 21) ;; 233 *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty 234 atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; 235 esac 236} 237 238atf_test_case "frag6_15" "cleanup" 239frag6_15_head() { 240 frag6_head 15 241} 242 243frag6_15_body() { 244 frag6_body 15 frag6_15_check_stats frag6_15_pre_test 245} 246 247frag6_15_cleanup() { 248 frag6_cleanup 15 249 250 # No need to restore the sysctl back to default as the jail is gone. 251} 252 253atf_init_test_cases() 254{ 255 atf_add_test_case "frag6_15" 256} 257