xref: /freebsd/tests/sys/netpfil/common/utils.subr (revision e6bfd18d21b225af6a0ed67ceeaf1293b7b9eba5)
1#-
2# SPDX-License-Identifier: BSD-2-Clause
3#
4# Copyright (c) 2019 Ahsan Barkati
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD$
28#
29
30. $(atf_get_srcdir)/../../common/vnet.subr
31
32firewall_config()
33{
34	jname=$1
35	shift
36	fw=$1
37	shift
38
39	while [ $# -gt 0 ]; do
40		if [ $(is_firewall "$1") -eq  1 ]; then
41			current_fw="$1"
42			shift
43			filename=${current_fw}.rule
44			cwd=$(pwd)
45			if [ -f ${current_fw}.rule ]; then
46				rm ${current_fw}.rule
47			fi
48		fi
49		rule=$1
50		echo $rule >> $filename
51		shift
52	done
53
54	if [ ${fw} == "ipfw" ]; then
55		jexec ${jname} ipfw -q -f flush
56		jexec ${jname} /bin/sh $cwd/ipfw.rule
57	elif [ ${fw} == "pf" ]; then
58		jexec ${jname} pfctl -e
59		jexec ${jname} pfctl -F all
60		jexec ${jname} pfctl -f $cwd/pf.rule
61		jexec ${jname} pfilctl link -o pf:default-out inet-local
62		jexec ${jname} pfilctl link -o pf:default-out6 inet6-local
63	elif [ ${fw} == "ipf" ]; then
64		jexec ${jname} ipf -E
65		jexec ${jname} ipf -Fa -f $cwd/ipf.rule
66	elif [ ${fw} == "ipfnat" ]; then
67		jexec ${jname} service ipfilter start
68		jexec ${jname} ipnat -CF -f $cwd/ipfnat.rule
69		jexec ${jname} pfilctl link -o ipfilter:default-ip4 inet-local
70		jexec ${jname} pfilctl link -o ipfilter:default-ip6 inet6-local
71	else
72		atf_fail "$fw is not a valid firewall to configure"
73	fi
74}
75
76firewall_cleanup()
77{
78	firewall=$1
79	echo "Cleaning $firewall"
80	vnet_cleanup
81}
82
83firewall_init()
84{
85	firewall=$1
86	vnet_init
87
88	if [ ${firewall} == "ipfw" ]; then
89		if ! kldstat -q -m ipfw; then
90			atf_skip "This test requires ipfw"
91		fi
92	elif [ ${firewall} == "pf" ]; then
93		if [ ! -c /dev/pf ]; then
94			atf_skip "This test requires pf"
95		fi
96	elif [ ${firewall} == "ipf" ]; then
97		if ! kldstat -q -m ipfilter; then
98			atf_skip "This test requires ipf"
99		fi
100	elif [ ${firewall} == "ipfnat" ]; then
101		if ! kldstat -q -m ipfilter; then
102			atf_skip "This test requires ipf"
103		fi
104	else
105		atf_fail "$fw is not a valid firewall to initialize"
106	fi
107
108}
109
110dummynet_init()
111{
112	firewall=$1
113
114	if ! kldstat -q -m dummynet; then
115		atf_skip "This test requires dummynet"
116	fi
117
118	case $firewall in
119	ipfw|pf)
120		# Nothing. This is okay.
121		;;
122	*)
123		atf_skip "${firewall} does not support dummynet"
124		;;
125	esac
126}
127
128nat_init()
129{
130	firewall=$1
131	if [ ${firewall} == "ipfw" ]; then
132		if ! kldstat -q -m ipfw_nat; then
133			atf_skip "This test requires ipfw_nat"
134		fi
135	fi
136}
137
138is_firewall()
139{
140	if [ "$1" = "pf" -o "$1" = "ipfw" -o "$1" = "ipf" -o "$1" = "ipfnat" ]; then
141		echo 1
142	else
143		echo 0
144	fi
145}
146