1f97a8a36STom Jones#- 2*4d846d26SWarner Losh# SPDX-License-Identifier: BSD-2-Clause 3f97a8a36STom Jones# 4f97a8a36STom Jones# Copyright (c) 2019 Ahsan Barkati 5f97a8a36STom Jones# 6f97a8a36STom Jones# Redistribution and use in source and binary forms, with or without 7f97a8a36STom Jones# modification, are permitted provided that the following conditions 8f97a8a36STom Jones# are met: 9f97a8a36STom Jones# 1. Redistributions of source code must retain the above copyright 10f97a8a36STom Jones# notice, this list of conditions and the following disclaimer. 11f97a8a36STom Jones# 2. Redistributions in binary form must reproduce the above copyright 12f97a8a36STom Jones# notice, this list of conditions and the following disclaimer in the 13f97a8a36STom Jones# documentation and/or other materials provided with the distribution. 14f97a8a36STom Jones# 15f97a8a36STom Jones# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16f97a8a36STom Jones# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17f97a8a36STom Jones# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18f97a8a36STom Jones# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19f97a8a36STom Jones# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20f97a8a36STom Jones# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21f97a8a36STom Jones# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22f97a8a36STom Jones# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23f97a8a36STom Jones# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24f97a8a36STom Jones# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25f97a8a36STom Jones# SUCH DAMAGE. 26f97a8a36STom Jones# 27f97a8a36STom Jones# 28f97a8a36STom Jones 29f97a8a36STom Jones. $(atf_get_srcdir)/utils.subr 30f97a8a36STom Jones. $(atf_get_srcdir)/runner.subr 31f97a8a36STom Jones 32f97a8a36STom Jonesv4_head() 33f97a8a36STom Jones{ 34f97a8a36STom Jones atf_set require.user root 35f97a8a36STom Jones} 36f97a8a36STom Jones 37f97a8a36STom Jonesv4_body() 38f97a8a36STom Jones{ 39f97a8a36STom Jones firewall=$1 40f97a8a36STom Jones firewall_init $firewall 41f97a8a36STom Jones 42f97a8a36STom Jones epair=$(vnet_mkepair) 43f97a8a36STom Jones ifconfig ${epair}a 192.0.2.1/24 up 44f97a8a36STom Jones vnet_mkjail iron ${epair}b 45f97a8a36STom Jones jexec iron ifconfig ${epair}b 192.0.2.2/24 up 46f97a8a36STom Jones 47f97a8a36STom Jones # Block All 48f97a8a36STom Jones firewall_config "iron" ${firewall} \ 49f97a8a36STom Jones "pf" \ 50f97a8a36STom Jones "block in" \ 51f97a8a36STom Jones "ipfw" \ 52f97a8a36STom Jones "ipfw -q add 100 deny all from any to any" \ 53f97a8a36STom Jones "ipf" \ 54f97a8a36STom Jones "block in all" 55f97a8a36STom Jones 56f97a8a36STom Jones atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2 57f97a8a36STom Jones 58f97a8a36STom Jones # Pass All 59f97a8a36STom Jones firewall_config "iron" ${firewall} \ 60f97a8a36STom Jones "pf" \ 61f97a8a36STom Jones "pass in" \ 62f97a8a36STom Jones "ipfw" \ 63f97a8a36STom Jones "ipfw -q add 100 allow all from any to any" \ 64f97a8a36STom Jones "ipf" \ 65f97a8a36STom Jones "pass in all" 66f97a8a36STom Jones 67f97a8a36STom Jones atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2 68f97a8a36STom Jones} 69f97a8a36STom Jones 70f97a8a36STom Jonesv4_cleanup() 71f97a8a36STom Jones{ 72f97a8a36STom Jones firewall=$1 73f97a8a36STom Jones firewall_cleanup $firewall 74f97a8a36STom Jones} 75f97a8a36STom Jones 76f97a8a36STom Jonesv6_head() 77f97a8a36STom Jones{ 78f97a8a36STom Jones atf_set require.user root 79f97a8a36STom Jones} 80f97a8a36STom Jones 81f97a8a36STom Jonesv6_body() 82f97a8a36STom Jones{ 83f97a8a36STom Jones firewall=$1 84f97a8a36STom Jones firewall_init $firewall 85f97a8a36STom Jones 86f97a8a36STom Jones epair=$(vnet_mkepair) 87f97a8a36STom Jones ifconfig ${epair}a inet6 fd7a:803f:cc4b::1/64 up no_dad 88f97a8a36STom Jones 89f97a8a36STom Jones vnet_mkjail iron ${epair}b 90f97a8a36STom Jones jexec iron ifconfig ${epair}b inet6 fd7a:803f:cc4b::2/64 up no_dad 91f97a8a36STom Jones 92f97a8a36STom Jones # Block All 93f97a8a36STom Jones firewall_config "iron" ${firewall} \ 94f97a8a36STom Jones "pf" \ 95f97a8a36STom Jones "block in" \ 96f97a8a36STom Jones "ipfw" \ 97f97a8a36STom Jones "ipfw -q add 100 deny all from any to any" \ 98f97a8a36STom Jones "ipf" \ 99f97a8a36STom Jones "block in all" 100f97a8a36STom Jones 10101f3f354SAlan Somers atf_check -s exit:2 -o ignore ping -6 -c 1 -W 1 fd7a:803f:cc4b::2 102f97a8a36STom Jones 103f97a8a36STom Jones # Pass All 104f97a8a36STom Jones firewall_config "iron" ${firewall} \ 105f97a8a36STom Jones "pf" \ 106f97a8a36STom Jones "pass in" \ 107f97a8a36STom Jones "ipfw" \ 108f97a8a36STom Jones "ipfw -q add 100 allow all from any to any" \ 109f97a8a36STom Jones "ipf" \ 110f97a8a36STom Jones "pass in all" 111f97a8a36STom Jones 11201f3f354SAlan Somers atf_check -s exit:0 -o ignore ping -6 -c 1 -W 1 fd7a:803f:cc4b::2 113f97a8a36STom Jones} 114f97a8a36STom Jones 115f97a8a36STom Jonesv6_cleanup() 116f97a8a36STom Jones{ 117f97a8a36STom Jones firewall=$1 118f97a8a36STom Jones firewall_cleanup $firewall 119f97a8a36STom Jones} 120f97a8a36STom Jones 121f97a8a36STom Jonessetup_tests "v4" \ 122f97a8a36STom Jones "pf" \ 123f97a8a36STom Jones "ipfw" \ 124f97a8a36STom Jones "ipf" \ 125f97a8a36STom Jones "v6" \ 126f97a8a36STom Jones "pf" \ 127f97a8a36STom Jones "ipfw" \ 128f97a8a36STom Jones "ipf" 129