1*3d39eadcSBoris Lytochkin# 2*3d39eadcSBoris Lytochkin# Copyright (c) 2026 Boris Lytochkin 3*3d39eadcSBoris Lytochkin# 4*3d39eadcSBoris Lytochkin# SPDX-License-Identifier: BSD-2-Clause 5*3d39eadcSBoris Lytochkin# 6*3d39eadcSBoris Lytochkin 7*3d39eadcSBoris Lytochkincommon_dir="$(atf_get_srcdir)/../common" 8*3d39eadcSBoris Lytochkin. ${common_dir}/utils.subr 9*3d39eadcSBoris Lytochkin 10*3d39eadcSBoris LytochkinNC="nc -w 1 -dnN" 11*3d39eadcSBoris Lytochkin 12*3d39eadcSBoris Lytochkinsetup_network_v6() 13*3d39eadcSBoris Lytochkin{ 14*3d39eadcSBoris Lytochkin epair="$1" 15*3d39eadcSBoris Lytochkin 16*3d39eadcSBoris Lytochkin ifconfig ${epair}a inet6 2001:db8:42::1/64 up no_dad -ifdisabled 17*3d39eadcSBoris Lytochkin 18*3d39eadcSBoris Lytochkin vnet_mkjail alcatraz ${epair}b 19*3d39eadcSBoris Lytochkin 20*3d39eadcSBoris Lytochkin ifconfig -j alcatraz ${epair}b inet6 2001:db8:42::2/64 up no_dad -ifdisabled 21*3d39eadcSBoris Lytochkin 22*3d39eadcSBoris Lytochkin jexec alcatraz /usr/sbin/inetd -p /dev/null $(atf_get_srcdir)/lookup_inetd.conf 23*3d39eadcSBoris Lytochkin 24*3d39eadcSBoris Lytochkin # Sanity checks 25*3d39eadcSBoris Lytochkin atf_check -s exit:0 -o ignore ping6 -i .1 -c 3 -s 1200 2001:db8:42::2 26*3d39eadcSBoris Lytochkin atf_check -o "inline:GOOD 82\n" ${NC} 2001:db8:42::2 82 27*3d39eadcSBoris Lytochkin} 28*3d39eadcSBoris Lytochkin 29*3d39eadcSBoris Lytochkinatf_test_case "ipv6fl" "cleanup" 30*3d39eadcSBoris Lytochkin 31*3d39eadcSBoris Lytochkinipv6fl_head() 32*3d39eadcSBoris Lytochkin{ 33*3d39eadcSBoris Lytochkin atf_set descr 'flow-id test' 34*3d39eadcSBoris Lytochkin atf_set require.user root 35*3d39eadcSBoris Lytochkin atf_set require.progs python3 scapy 36*3d39eadcSBoris Lytochkin} 37*3d39eadcSBoris Lytochkin 38*3d39eadcSBoris Lytochkinipv6fl_body() 39*3d39eadcSBoris Lytochkin{ 40*3d39eadcSBoris Lytochkin 41*3d39eadcSBoris Lytochkin firewall_init "ipfw" 42*3d39eadcSBoris Lytochkin 43*3d39eadcSBoris Lytochkin epair=$(vnet_mkepair) 44*3d39eadcSBoris Lytochkin 45*3d39eadcSBoris Lytochkin setup_network_v6 ${epair} 46*3d39eadcSBoris Lytochkin 47*3d39eadcSBoris Lytochkin # Check if the firewall is able to match exact IPv6 flow label 48*3d39eadcSBoris Lytochkin firewall_config "alcatraz" ipfw ipfw \ 49*3d39eadcSBoris Lytochkin "ipfw -q add 100 allow ip6 from any to any flow-id 0xbaad" \ 50*3d39eadcSBoris Lytochkin "ipfw -q add 200 deny ipv6-icmp from any to any icmp6types 128 in" 51*3d39eadcSBoris Lytochkin 52*3d39eadcSBoris Lytochkin # Check Flow Label matches 53*3d39eadcSBoris Lytochkin atf_check -s exit:0 ${common_dir}/pft_ping.py \ 54*3d39eadcSBoris Lytochkin --sendif ${epair}a \ 55*3d39eadcSBoris Lytochkin --fromaddr 2001:db8:42::1 \ 56*3d39eadcSBoris Lytochkin --to 2001:db8:42::2 \ 57*3d39eadcSBoris Lytochkin --send-fl $((0xbaad)) \ 58*3d39eadcSBoris Lytochkin --replyif ${epair}a 59*3d39eadcSBoris Lytochkin 60*3d39eadcSBoris Lytochkin # Check Flow Label mismatch 61*3d39eadcSBoris Lytochkin atf_check -s exit:1 ${common_dir}/pft_ping.py \ 62*3d39eadcSBoris Lytochkin --sendif ${epair}a \ 63*3d39eadcSBoris Lytochkin --fromaddr 2001:db8:42::1 \ 64*3d39eadcSBoris Lytochkin --to 2001:db8:42::2 \ 65*3d39eadcSBoris Lytochkin --send-fl $((0xf001)) \ 66*3d39eadcSBoris Lytochkin --replyif ${epair}a 67*3d39eadcSBoris Lytochkin 68*3d39eadcSBoris Lytochkin} 69*3d39eadcSBoris Lytochkin 70*3d39eadcSBoris Lytochkinipv6fl_cleanup() 71*3d39eadcSBoris Lytochkin{ 72*3d39eadcSBoris Lytochkin firewall_cleanup $1 73*3d39eadcSBoris Lytochkin} 74*3d39eadcSBoris Lytochkin 75*3d39eadcSBoris Lytochkinatf_init_test_cases() 76*3d39eadcSBoris Lytochkin{ 77*3d39eadcSBoris Lytochkin atf_add_test_case "ipv6fl" 78*3d39eadcSBoris Lytochkin} 79