155177f18SKristof Provost# $FreeBSD$ 265d553b0SKristof Provost# 365d553b0SKristof Provost# SPDX-License-Identifier: BSD-2-Clause-FreeBSD 465d553b0SKristof Provost# 565d553b0SKristof Provost# Copyright (c) 2018 Kristof Provost <kp@FreeBSD.org> 665d553b0SKristof Provost# 765d553b0SKristof Provost# Redistribution and use in source and binary forms, with or without 865d553b0SKristof Provost# modification, are permitted provided that the following conditions 965d553b0SKristof Provost# are met: 1065d553b0SKristof Provost# 1. Redistributions of source code must retain the above copyright 1165d553b0SKristof Provost# notice, this list of conditions and the following disclaimer. 1265d553b0SKristof Provost# 2. Redistributions in binary form must reproduce the above copyright 1365d553b0SKristof Provost# notice, this list of conditions and the following disclaimer in the 1465d553b0SKristof Provost# documentation and/or other materials provided with the distribution. 1565d553b0SKristof Provost# 1665d553b0SKristof Provost# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1765d553b0SKristof Provost# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1865d553b0SKristof Provost# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1965d553b0SKristof Provost# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2065d553b0SKristof Provost# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2165d553b0SKristof Provost# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2265d553b0SKristof Provost# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2365d553b0SKristof Provost# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2465d553b0SKristof Provost# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2565d553b0SKristof Provost# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2665d553b0SKristof Provost# SUCH DAMAGE. 2755177f18SKristof Provost 2855177f18SKristof Provost. $(atf_get_srcdir)/utils.subr 2955177f18SKristof Provost 3055177f18SKristof Provostatf_test_case "pr183198" "cleanup" 3155177f18SKristof Provostpr183198_head() 3255177f18SKristof Provost{ 3355177f18SKristof Provost atf_set descr 'Test tables referenced by rules in anchors' 3455177f18SKristof Provost atf_set require.user root 3555177f18SKristof Provost} 3655177f18SKristof Provost 3755177f18SKristof Provostpr183198_body() 3855177f18SKristof Provost{ 3955177f18SKristof Provost pft_init 4055177f18SKristof Provost 4106aac31aSKristof Provost epair=$(vnet_mkepair) 4206aac31aSKristof Provost vnet_mkjail alcatraz ${epair}b 4355177f18SKristof Provost jexec alcatraz pfctl -e 4455177f18SKristof Provost 4555177f18SKristof Provost # Forward with pf enabled 4655177f18SKristof Provost pft_set_rules alcatraz \ 4755177f18SKristof Provost "table <test> { 10.0.0.1, 10.0.0.2, 10.0.0.3 }" \ 4855177f18SKristof Provost "block in" \ 4955177f18SKristof Provost "anchor \"epair\" on ${epair}b { \n\ 5055177f18SKristof Provost pass in from <test> \n\ 5155177f18SKristof Provost }" 5255177f18SKristof Provost 5355177f18SKristof Provost atf_check -s exit:0 -o ignore jexec alcatraz pfctl -sr -a '*' 5455177f18SKristof Provost atf_check -s exit:0 -o ignore jexec alcatraz pfctl -t test -T show 5555177f18SKristof Provost} 5655177f18SKristof Provost 5755177f18SKristof Provostpr183198_cleanup() 5855177f18SKristof Provost{ 5955177f18SKristof Provost pft_cleanup 6055177f18SKristof Provost} 6155177f18SKristof Provost 62*d58d2e40SKristof Provostatf_test_case "nested_anchor" "cleanup" 63*d58d2e40SKristof Provostnested_anchor_head() 64*d58d2e40SKristof Provost{ 65*d58d2e40SKristof Provost atf_set descr 'Test setting and retrieving nested anchors' 66*d58d2e40SKristof Provost atf_set require.user root 67*d58d2e40SKristof Provost} 68*d58d2e40SKristof Provost 69*d58d2e40SKristof Provostnested_anchor_body() 70*d58d2e40SKristof Provost{ 71*d58d2e40SKristof Provost pft_init 72*d58d2e40SKristof Provost 73*d58d2e40SKristof Provost epair=$(vnet_mkepair) 74*d58d2e40SKristof Provost vnet_mkjail alcatraz ${epair}a 75*d58d2e40SKristof Provost 76*d58d2e40SKristof Provost pft_set_rules alcatraz \ 77*d58d2e40SKristof Provost "anchor \"foo\" { \n\ 78*d58d2e40SKristof Provost anchor \"bar\" { \n\ 79*d58d2e40SKristof Provost pass on ${epair}a \n\ 80*d58d2e40SKristof Provost } \n\ 81*d58d2e40SKristof Provost }" 82*d58d2e40SKristof Provost 83*d58d2e40SKristof Provost atf_check -s exit:0 -o inline:"anchor \"foo\" all { 84*d58d2e40SKristof Provost anchor \"bar\" all { 85*d58d2e40SKristof Provost pass on ${epair}a all flags S/SA keep state 86*d58d2e40SKristof Provost } 87*d58d2e40SKristof Provost} 88*d58d2e40SKristof Provost" jexec alcatraz pfctl -sr -a "*" 89*d58d2e40SKristof Provost} 90*d58d2e40SKristof Provost 91*d58d2e40SKristof Provostnested_anchor_cleanup() 92*d58d2e40SKristof Provost{ 93*d58d2e40SKristof Provost pft_cleanup 94*d58d2e40SKristof Provost} 95*d58d2e40SKristof Provost 9655177f18SKristof Provostatf_init_test_cases() 9755177f18SKristof Provost{ 9855177f18SKristof Provost atf_add_test_case "pr183198" 99*d58d2e40SKristof Provost atf_add_test_case "nested_anchor" 10055177f18SKristof Provost} 101