xref: /freebsd/tests/sys/netpfil/ipfw/log.sh (revision 35caa56a329deb0d13aa48ea1a6f7c1d5ebdb073) 
1# SPDX-License-Identifier: BSD-2-Clause
2#
3# Copyright (c) 2026 Gleb Smirnoff <glebius@FreeBSD.org>
4#
5# Redistribution and use in source and binary forms, with or without
6# modification, are permitted provided that the following conditions
7# are met:
8# 1. Redistributions of source code must retain the above copyright
9#    notice, this list of conditions and the following disclaimer.
10# 2. Redistributions in binary form must reproduce the above copyright
11#    notice, this list of conditions and the following disclaimer in the
12#    documentation and/or other materials provided with the distribution.
13#
14# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24# SUCH DAMAGE.
25
26. $(atf_get_srcdir)/../common/utils.subr
27
28atf_test_case "bpf" "cleanup"
29bpf_head()
30{
31	atf_set descr 'Creates several rules with log and probes bpf taps'
32	atf_set require.user root
33}
34
35bpf_body()
36{
37	firewall_init "ipfw"
38
39	epair=$(vnet_mkepair)
40	vnet_mkjail alcatraz ${epair}b
41	ifconfig ${epair}a 192.0.2.0/31 up
42	jexec alcatraz ifconfig ${epair}b 192.0.2.1/31 up
43
44	# Create a bunch of statically and auto numbered logging rules
45	rules="100 200 201"
46	for r in ${rules}; do
47		jexec alcatraz \
48		    ipfw add ${r} count log udp from any to any 10${r}
49	done
50	auto=$(jexec alcatraz ipfw add count log udp from any to any 10666 \
51	    | awk '{print $1}' | sed -Ee 's/^0+//')
52
53	pids=""
54	for r in ${rules} ${auto}; do
55		jexec alcatraz tcpdump --immediate-mode -i ipfw${r} \
56		    -w ${PWD}/${r}.pcap -c 1 &
57		pids="${pids} $!"
58	done
59
60	# wait for tcpdumps to attach, include netstat(1) header in ${count}
61	count=$(( $(echo ${rules} ${auto} | wc -w) + 1))
62	while [ $(jexec alcatraz netstat -B | wc -l) -ne ${count} ]; do
63		sleep 0.01;
64	done
65
66	for p in ${rules} 666; do
67		echo foo | nc -u 192.0.2.1 10${p} -w 0
68	done
69
70	for p in ${pids}; do
71		atf_check -s exit:0 sh -c "wait $pid; exit $?"
72	done
73
74	# statically numbered taps
75	for p in ${rules}; do
76		atf_check -o match:"192.0.2.0.[0-9]+ > 192.0.2.1.10${p}: UDP" \
77		    -e match:"reading from file [a-zA-Z0-9/.]+${p}.pcap" \
78		    tcpdump -nr ${PWD}/${p}.pcap
79	done
80
81	# autonumbered tap with 10666 port
82	atf_check -o match:"192.0.2.0.[0-9]+ > 192.0.2.1.10666: UDP" \
83	    -e match:"reading from file [a-zA-Z0-9/.]+${auto}.pcap" \
84	    tcpdump -nr ${PWD}/${auto}.pcap
85}
86
87bpf_cleanup()
88{
89	firewall_cleanup $1
90}
91
92atf_init_test_cases()
93{
94	atf_add_test_case "bpf"
95}
96