xref: /freebsd/tests/sys/netpfil/common/utils.subr (revision 59c8e88e72633afbc47a4ace0d2170d00d51f7dc) 
1#-
2# SPDX-License-Identifier: BSD-2-Clause
3#
4# Copyright (c) 2019 Ahsan Barkati
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27#
28
29. $(atf_get_srcdir)/../../common/vnet.subr
30
31firewall_config()
32{
33	jname=$1
34	shift
35	fw=$1
36	shift
37
38	while [ $# -gt 0 ]; do
39		if [ $(is_firewall "$1") -eq  1 ]; then
40			current_fw="$1"
41			shift
42			filename=${current_fw}.rule
43			cwd=$(pwd)
44			if [ -f ${current_fw}.rule ]; then
45				rm ${current_fw}.rule
46			fi
47		fi
48		rule=$1
49		echo $rule >> $filename
50		shift
51	done
52
53	if [ ${fw} == "ipfw" ]; then
54		jexec ${jname} ipfw -q -f flush
55		jexec ${jname} /bin/sh $cwd/ipfw.rule
56	elif [ ${fw} == "pf" ]; then
57		jexec ${jname} sysctl net.pf.filter_local=1
58		jexec ${jname} pfctl -e
59		jexec ${jname} pfctl -F all
60		jexec ${jname} pfctl -f $cwd/pf.rule
61	elif [ ${fw} == "ipf" ]; then
62		jexec ${jname} ipf -E
63		jexec ${jname} ipf -Fa -f $cwd/ipf.rule
64	elif [ ${fw} == "ipfnat" ]; then
65		jexec ${jname} service ipfilter start
66		jexec ${jname} ipnat -CF -f $cwd/ipfnat.rule
67		jexec ${jname} pfilctl link -o ipfilter:default-ip4 inet-local
68		jexec ${jname} pfilctl link -o ipfilter:default-ip6 inet6-local
69	else
70		atf_fail "$fw is not a valid firewall to configure"
71	fi
72}
73
74firewall_cleanup()
75{
76	firewall=$1
77	echo "Cleaning $firewall"
78	vnet_cleanup
79}
80
81firewall_init()
82{
83	firewall=$1
84	vnet_init
85
86	if [ ${firewall} == "ipfw" ]; then
87		if ! kldstat -q -m ipfw; then
88			atf_skip "This test requires ipfw"
89		fi
90	elif [ ${firewall} == "pf" ]; then
91		if [ ! -c /dev/pf ]; then
92			atf_skip "This test requires pf"
93		fi
94	elif [ ${firewall} == "ipf" ]; then
95		if ! kldstat -q -m ipfilter; then
96			atf_skip "This test requires ipf"
97		fi
98	elif [ ${firewall} == "ipfnat" ]; then
99		if ! kldstat -q -m ipfilter; then
100			atf_skip "This test requires ipf"
101		fi
102	else
103		atf_fail "$fw is not a valid firewall to initialize"
104	fi
105
106}
107
108dummynet_init()
109{
110	firewall=$1
111
112	if ! kldstat -q -m dummynet; then
113		atf_skip "This test requires dummynet"
114	fi
115
116	case $firewall in
117	ipfw|pf)
118		# Nothing. This is okay.
119		;;
120	*)
121		atf_skip "${firewall} does not support dummynet"
122		;;
123	esac
124}
125
126nat_init()
127{
128	firewall=$1
129	if [ ${firewall} == "ipfw" ]; then
130		if ! kldstat -q -m ipfw_nat; then
131			atf_skip "This test requires ipfw_nat"
132		fi
133	fi
134}
135
136is_firewall()
137{
138	if [ "$1" = "pf" -o "$1" = "ipfw" -o "$1" = "ipf" -o "$1" = "ipfnat" ]; then
139		echo 1
140	else
141		echo 0
142	fi
143}
144