1*f97a8a36STom Jones#- 2*f97a8a36STom Jones# SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3*f97a8a36STom Jones# 4*f97a8a36STom Jones# Copyright (c) 2019 Ahsan Barkati 5*f97a8a36STom Jones# 6*f97a8a36STom Jones# Redistribution and use in source and binary forms, with or without 7*f97a8a36STom Jones# modification, are permitted provided that the following conditions 8*f97a8a36STom Jones# are met: 9*f97a8a36STom Jones# 1. Redistributions of source code must retain the above copyright 10*f97a8a36STom Jones# notice, this list of conditions and the following disclaimer. 11*f97a8a36STom Jones# 2. Redistributions in binary form must reproduce the above copyright 12*f97a8a36STom Jones# notice, this list of conditions and the following disclaimer in the 13*f97a8a36STom Jones# documentation and/or other materials provided with the distribution. 14*f97a8a36STom Jones# 15*f97a8a36STom Jones# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16*f97a8a36STom Jones# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17*f97a8a36STom Jones# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18*f97a8a36STom Jones# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19*f97a8a36STom Jones# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20*f97a8a36STom Jones# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21*f97a8a36STom Jones# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22*f97a8a36STom Jones# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23*f97a8a36STom Jones# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24*f97a8a36STom Jones# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25*f97a8a36STom Jones# SUCH DAMAGE. 26*f97a8a36STom Jones# 27*f97a8a36STom Jones# $FreeBSD$ 28*f97a8a36STom Jones# 29*f97a8a36STom Jones 30*f97a8a36STom Jones. $(atf_get_srcdir)/utils.subr 31*f97a8a36STom Jones. $(atf_get_srcdir)/runner.subr 32*f97a8a36STom Jones 33*f97a8a36STom Jonesv4_head() 34*f97a8a36STom Jones{ 35*f97a8a36STom Jones atf_set require.user root 36*f97a8a36STom Jones} 37*f97a8a36STom Jones 38*f97a8a36STom Jonesv4_body() 39*f97a8a36STom Jones{ 40*f97a8a36STom Jones firewall=$1 41*f97a8a36STom Jones firewall_init $firewall 42*f97a8a36STom Jones 43*f97a8a36STom Jones epair=$(vnet_mkepair) 44*f97a8a36STom Jones ifconfig ${epair}a 192.0.2.1/24 up 45*f97a8a36STom Jones vnet_mkjail iron ${epair}b 46*f97a8a36STom Jones jexec iron ifconfig ${epair}b 192.0.2.2/24 up 47*f97a8a36STom Jones 48*f97a8a36STom Jones # Block All 49*f97a8a36STom Jones firewall_config "iron" ${firewall} \ 50*f97a8a36STom Jones "pf" \ 51*f97a8a36STom Jones "block in" \ 52*f97a8a36STom Jones "ipfw" \ 53*f97a8a36STom Jones "ipfw -q add 100 deny all from any to any" \ 54*f97a8a36STom Jones "ipf" \ 55*f97a8a36STom Jones "block in all" 56*f97a8a36STom Jones 57*f97a8a36STom Jones atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2 58*f97a8a36STom Jones 59*f97a8a36STom Jones # Pass All 60*f97a8a36STom Jones firewall_config "iron" ${firewall} \ 61*f97a8a36STom Jones "pf" \ 62*f97a8a36STom Jones "pass in" \ 63*f97a8a36STom Jones "ipfw" \ 64*f97a8a36STom Jones "ipfw -q add 100 allow all from any to any" \ 65*f97a8a36STom Jones "ipf" \ 66*f97a8a36STom Jones "pass in all" 67*f97a8a36STom Jones 68*f97a8a36STom Jones atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2 69*f97a8a36STom Jones} 70*f97a8a36STom Jones 71*f97a8a36STom Jonesv4_cleanup() 72*f97a8a36STom Jones{ 73*f97a8a36STom Jones firewall=$1 74*f97a8a36STom Jones firewall_cleanup $firewall 75*f97a8a36STom Jones} 76*f97a8a36STom Jones 77*f97a8a36STom Jonesv6_head() 78*f97a8a36STom Jones{ 79*f97a8a36STom Jones atf_set require.user root 80*f97a8a36STom Jones} 81*f97a8a36STom Jones 82*f97a8a36STom Jonesv6_body() 83*f97a8a36STom Jones{ 84*f97a8a36STom Jones firewall=$1 85*f97a8a36STom Jones firewall_init $firewall 86*f97a8a36STom Jones 87*f97a8a36STom Jones epair=$(vnet_mkepair) 88*f97a8a36STom Jones ifconfig ${epair}a inet6 fd7a:803f:cc4b::1/64 up no_dad 89*f97a8a36STom Jones 90*f97a8a36STom Jones vnet_mkjail iron ${epair}b 91*f97a8a36STom Jones jexec iron ifconfig ${epair}b inet6 fd7a:803f:cc4b::2/64 up no_dad 92*f97a8a36STom Jones 93*f97a8a36STom Jones # Block All 94*f97a8a36STom Jones firewall_config "iron" ${firewall} \ 95*f97a8a36STom Jones "pf" \ 96*f97a8a36STom Jones "block in" \ 97*f97a8a36STom Jones "ipfw" \ 98*f97a8a36STom Jones "ipfw -q add 100 deny all from any to any" \ 99*f97a8a36STom Jones "ipf" \ 100*f97a8a36STom Jones "block in all" 101*f97a8a36STom Jones 102*f97a8a36STom Jones atf_check -s exit:2 -o ignore ping6 -c 1 -x 1 fd7a:803f:cc4b::2 103*f97a8a36STom Jones 104*f97a8a36STom Jones # Pass All 105*f97a8a36STom Jones firewall_config "iron" ${firewall} \ 106*f97a8a36STom Jones "pf" \ 107*f97a8a36STom Jones "pass in" \ 108*f97a8a36STom Jones "ipfw" \ 109*f97a8a36STom Jones "ipfw -q add 100 allow all from any to any" \ 110*f97a8a36STom Jones "ipf" \ 111*f97a8a36STom Jones "pass in all" 112*f97a8a36STom Jones 113*f97a8a36STom Jones atf_check -s exit:0 -o ignore ping6 -c 1 -x 1 fd7a:803f:cc4b::2 114*f97a8a36STom Jones} 115*f97a8a36STom Jones 116*f97a8a36STom Jonesv6_cleanup() 117*f97a8a36STom Jones{ 118*f97a8a36STom Jones firewall=$1 119*f97a8a36STom Jones firewall_cleanup $firewall 120*f97a8a36STom Jones} 121*f97a8a36STom Jones 122*f97a8a36STom Jonessetup_tests "v4" \ 123*f97a8a36STom Jones "pf" \ 124*f97a8a36STom Jones "ipfw" \ 125*f97a8a36STom Jones "ipf" \ 126*f97a8a36STom Jones "v6" \ 127*f97a8a36STom Jones "pf" \ 128*f97a8a36STom Jones "ipfw" \ 129*f97a8a36STom Jones "ipf"