xref: /freebsd/tests/sys/netpfil/common/utils.subr (revision 7ef62cebc2f965b0f640263e179276928885e33d) 
1#-
2# SPDX-License-Identifier: BSD-2-Clause
3#
4# Copyright (c) 2019 Ahsan Barkati
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD$
28#
29
30. $(atf_get_srcdir)/../../common/vnet.subr
31
32firewall_config()
33{
34	jname=$1
35	shift
36	fw=$1
37	shift
38
39	while [ $# -gt 0 ]; do
40		if [ $(is_firewall "$1") -eq  1 ]; then
41			current_fw="$1"
42			shift
43			filename=${current_fw}.rule
44			cwd=$(pwd)
45			if [ -f ${current_fw}.rule ]; then
46				rm ${current_fw}.rule
47			fi
48		fi
49		rule=$1
50		echo $rule >> $filename
51		shift
52	done
53
54	if [ ${fw} == "ipfw" ]; then
55		jexec ${jname} ipfw -q -f flush
56		jexec ${jname} /bin/sh $cwd/ipfw.rule
57	elif [ ${fw} == "pf" ]; then
58		jexec ${jname} sysctl net.pf.filter_local=1
59		jexec ${jname} pfctl -e
60		jexec ${jname} pfctl -F all
61		jexec ${jname} pfctl -f $cwd/pf.rule
62	elif [ ${fw} == "ipf" ]; then
63		jexec ${jname} ipf -E
64		jexec ${jname} ipf -Fa -f $cwd/ipf.rule
65	elif [ ${fw} == "ipfnat" ]; then
66		jexec ${jname} service ipfilter start
67		jexec ${jname} ipnat -CF -f $cwd/ipfnat.rule
68		jexec ${jname} pfilctl link -o ipfilter:default-ip4 inet-local
69		jexec ${jname} pfilctl link -o ipfilter:default-ip6 inet6-local
70	else
71		atf_fail "$fw is not a valid firewall to configure"
72	fi
73}
74
75firewall_cleanup()
76{
77	firewall=$1
78	echo "Cleaning $firewall"
79	vnet_cleanup
80}
81
82firewall_init()
83{
84	firewall=$1
85	vnet_init
86
87	if [ ${firewall} == "ipfw" ]; then
88		if ! kldstat -q -m ipfw; then
89			atf_skip "This test requires ipfw"
90		fi
91	elif [ ${firewall} == "pf" ]; then
92		if [ ! -c /dev/pf ]; then
93			atf_skip "This test requires pf"
94		fi
95	elif [ ${firewall} == "ipf" ]; then
96		if ! kldstat -q -m ipfilter; then
97			atf_skip "This test requires ipf"
98		fi
99	elif [ ${firewall} == "ipfnat" ]; then
100		if ! kldstat -q -m ipfilter; then
101			atf_skip "This test requires ipf"
102		fi
103	else
104		atf_fail "$fw is not a valid firewall to initialize"
105	fi
106
107}
108
109dummynet_init()
110{
111	firewall=$1
112
113	if ! kldstat -q -m dummynet; then
114		atf_skip "This test requires dummynet"
115	fi
116
117	case $firewall in
118	ipfw|pf)
119		# Nothing. This is okay.
120		;;
121	*)
122		atf_skip "${firewall} does not support dummynet"
123		;;
124	esac
125}
126
127nat_init()
128{
129	firewall=$1
130	if [ ${firewall} == "ipfw" ]; then
131		if ! kldstat -q -m ipfw_nat; then
132			atf_skip "This test requires ipfw_nat"
133		fi
134	fi
135}
136
137is_firewall()
138{
139	if [ "$1" = "pf" -o "$1" = "ipfw" -o "$1" = "ipf" -o "$1" = "ipfnat" ]; then
140		echo 1
141	else
142		echo 0
143	fi
144}
145