xref: /freebsd/tests/sys/netpfil/common/utils.subr (revision ec4deee4e4f2aef1b97d9424f25d04e91fd7dc10)
1#-
2# SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3#
4# Copyright (c) 2019 Ahsan Barkati
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD$
28#
29
30. $(atf_get_srcdir)/../../common/vnet.subr
31
32firewall_config()
33{
34	jname=$1
35	shift
36	fw=$1
37	shift
38
39	while [ $# -gt 0 ]; do
40		if [ $(is_firewall "$1") -eq  1 ]; then
41			current_fw="$1"
42			shift
43			filename=${current_fw}.rule
44			cwd=$(pwd)
45			if [ -f ${current_fw}.rule ]; then
46				rm ${current_fw}.rule
47			fi
48		fi
49		rule=$1
50		echo $rule >> $filename
51		shift
52	done
53
54	if [ ${fw} == "ipfw" ]; then
55		jexec ${jname} ipfw -q -f flush
56		jexec ${jname} /bin/sh $cwd/ipfw.rule
57	elif [ ${fw} == "pf" ]; then
58		jexec ${jname} pfctl -e
59		jexec ${jname} pfctl -F all
60		jexec ${jname} pfctl -f $cwd/pf.rule
61	elif [ ${fw} == "ipf" ]; then
62		jexec ${jname} ipf -E
63		jexec ${jname} ipf -Fa -f $cwd/ipf.rule
64	elif [ ${fw} == "ipfnat" ]; then
65		jexec ${jname} service ipfilter start
66		jexec ${jname} ipnat -CF -f $cwd/ipfnat.rule
67	else
68		atf_fail "$fw is not a valid firewall to configure"
69	fi
70}
71
72firewall_cleanup()
73{
74	firewall=$1
75	echo "Cleaning $firewall"
76	vnet_cleanup
77}
78
79firewall_init()
80{
81	firewall=$1
82	vnet_init
83
84	if [ ${firewall} == "ipfw" ]; then
85		if ! kldstat -q -m ipfw; then
86			atf_skip "This test requires ipfw"
87		fi
88	elif [ ${firewall} == "pf" ]; then
89		if [ ! -c /dev/pf ]; then
90			atf_skip "This test requires pf"
91		fi
92	elif [ ${firewall} == "ipf" ]; then
93		if ! kldstat -q -m ipfilter; then
94			atf_skip "This test requires ipf"
95		fi
96	elif [ ${firewall} == "ipfnat" ]; then
97		if ! kldstat -q -m ipfilter; then
98			atf_skip "This test requires ipf"
99		fi
100	else
101		atf_fail "$fw is not a valid firewall to initialize"
102	fi
103
104}
105
106nat_init()
107{
108	firewall=$1
109	if [ ${firewall} == "ipfw" ]; then
110		if ! kldstat -q -m ipfw_nat; then
111			atf_skip "This test requires ipfw_nat"
112		fi
113	fi
114}
115
116is_firewall()
117{
118	if [ "$1" = "pf" -o "$1" = "ipfw" -o "$1" = "ipf" -o "$1" = "ipfnat" ]; then
119		echo 1
120	else
121		echo 0
122	fi
123}
124