xref: /freebsd/tests/sys/netpfil/pf/ioctl/validation.c (revision 78cd75393ec79565c63927bf200f06f839a1dc05)
1 /*-
2  * Copyright (c) 2018	Kristof Provost <kp@FreeBSD.org>
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23  * SUCH DAMAGE.
24  */
25 
26 #include <sys/param.h>
27 #include <sys/module.h>
28 #include <sys/types.h>
29 #include <sys/ioctl.h>
30 #include <sys/socket.h>
31 
32 #include <net/if.h>
33 #include <net/pfvar.h>
34 
35 #include <fcntl.h>
36 #include <stdio.h>
37 
38 #include <atf-c.h>
39 
40 static int dev;
41 
42 #define COMMON_HEAD() \
43 	if (modfind("pf") == -1) \
44 		atf_tc_skip("pf not loaded"); \
45 	dev = open("/dev/pf", O_RDWR); \
46 	if (dev == -1) \
47 		atf_tc_skip("Failed to open /dev/pf");
48 
49 #define COMMON_CLEANUP() \
50 	close(dev);
51 
52 static void
53 common_init_tbl(struct pfr_table *tbl)
54 {
55 	bzero(tbl, sizeof(struct pfr_table));
56 	strcpy(tbl->pfrt_anchor, "anchor");
57 	strcpy(tbl->pfrt_name, "name");
58 	tbl->pfrt_flags = 0;
59 	tbl->pfrt_fback = 0;
60 }
61 
62 ATF_TC_WITH_CLEANUP(addtables);
63 ATF_TC_HEAD(addtables, tc)
64 {
65 	atf_tc_set_md_var(tc, "require.user", "root");
66 }
67 
68 ATF_TC_BODY(addtables, tc)
69 {
70 	struct pfioc_table io;
71 	struct pfr_table tbl;
72 	struct pfr_table tbls[4];
73 	int flags;
74 
75 	COMMON_HEAD();
76 
77 	flags = 0;
78 
79 	bzero(&io, sizeof(io));
80 	io.pfrio_flags = flags;
81 	io.pfrio_buffer = &tbl;
82 	io.pfrio_esize = sizeof(tbl);
83 
84 	/* Negative size */
85 	io.pfrio_size = -1;
86 	if (ioctl(dev, DIOCRADDTABLES, &io) == 0)
87 		atf_tc_fail("Request with size -1 succeeded");
88 
89 	/* Overly large size */
90 	io.pfrio_size = 1 << 24;
91 	if (ioctl(dev, DIOCRADDTABLES, &io) == 0)
92 		atf_tc_fail("Request with size 1 << 24 succeeded");
93 
94 	/* NULL buffer */
95 	io.pfrio_size = 1;
96 	io.pfrio_buffer = NULL;
97 	if (ioctl(dev, DIOCRADDTABLES, &io) == 0)
98 		atf_tc_fail("Request with NULL buffer succeeded");
99 
100 	/* This can provoke a memory leak, see r331225. */
101 	io.pfrio_size = 4;
102 	for (int i = 0; i < io.pfrio_size; i++)
103 		common_init_tbl(&tbls[i]);
104 
105 	io.pfrio_buffer = &tbls;
106 	ioctl(dev, DIOCRADDTABLES, &io);
107 }
108 
109 ATF_TC_CLEANUP(addtables, tc)
110 {
111 	COMMON_CLEANUP();
112 }
113 
114 ATF_TC_WITH_CLEANUP(deltables);
115 ATF_TC_HEAD(deltables, tc)
116 {
117 	atf_tc_set_md_var(tc, "require.user", "root");
118 }
119 
120 ATF_TC_BODY(deltables, tc)
121 {
122 	struct pfioc_table io;
123 	struct pfr_table tbl;
124 	int flags;
125 
126 	COMMON_HEAD();
127 
128 	flags = 0;
129 
130 	bzero(&io, sizeof(io));
131 	io.pfrio_flags = flags;
132 	io.pfrio_buffer = &tbl;
133 	io.pfrio_esize = sizeof(tbl);
134 
135 	/* Negative size */
136 	io.pfrio_size = -1;
137 	if (ioctl(dev, DIOCRDELTABLES, &io) == 0)
138 		atf_tc_fail("Request with size -1 succeeded");
139 
140 	/* Overly large size */
141 	io.pfrio_size = 1 << 24;
142 	if (ioctl(dev, DIOCRDELTABLES, &io) == 0)
143 		atf_tc_fail("Request with size 1 << 24 succeeded");
144 
145 	/* NULL buffer */
146 	io.pfrio_size = 1;
147 	io.pfrio_buffer = NULL;
148 	if (ioctl(dev, DIOCRDELTABLES, &io) == 0)
149 		atf_tc_fail("Request with NULL buffer succeeded");
150 }
151 
152 ATF_TC_CLEANUP(deltables, tc)
153 {
154 	COMMON_CLEANUP();
155 }
156 
157 ATF_TC_WITH_CLEANUP(gettables);
158 ATF_TC_HEAD(gettables, tc)
159 {
160 	atf_tc_set_md_var(tc, "require.user", "root");
161 }
162 
163 ATF_TC_BODY(gettables, tc)
164 {
165 	struct pfioc_table io;
166 	struct pfr_table tbl;
167 	int flags;
168 
169 	COMMON_HEAD();
170 
171 	flags = 0;
172 
173 	bzero(&io, sizeof(io));
174 	io.pfrio_flags = flags;
175 	io.pfrio_buffer = &tbl;
176 	io.pfrio_esize = sizeof(tbl);
177 
178 	/* Negative size. This will succeed, because the kernel will not copy
179 	 * tables than it has. */
180 	io.pfrio_size = -1;
181 	if (ioctl(dev, DIOCRGETTABLES, &io) != 0)
182 		atf_tc_fail("Request with size -1 failed");
183 
184 	/* Overly large size. See above. */
185 	io.pfrio_size = 1 << 24;
186 	if (ioctl(dev, DIOCRGETTABLES, &io) != 0)
187 		atf_tc_fail("Request with size 1 << 24 failed");
188 }
189 
190 ATF_TC_CLEANUP(gettables, tc)
191 {
192 	COMMON_CLEANUP();
193 }
194 
195 ATF_TC_WITH_CLEANUP(gettstats);
196 ATF_TC_HEAD(gettstats, tc)
197 {
198 	atf_tc_set_md_var(tc, "require.user", "root");
199 }
200 
201 ATF_TC_BODY(gettstats, tc)
202 {
203 	struct pfioc_table io;
204 	struct pfr_tstats stats;
205 	int flags;
206 
207 	COMMON_HEAD();
208 
209 	flags = 0;
210 
211 	bzero(&io, sizeof(io));
212 	io.pfrio_flags = flags;
213 	io.pfrio_buffer = &stats;
214 	io.pfrio_esize = sizeof(stats);
215 
216 	/* Negative size. This will succeed, because the kernel will not copy
217 	 * tables than it has. */
218 	io.pfrio_size = -1;
219 	if (ioctl(dev, DIOCRGETTSTATS, &io) != 0)
220 		atf_tc_fail("Request with size -1 failed");
221 
222 	/* Overly large size. See above. */
223 	io.pfrio_size = 1 << 24;
224 	if (ioctl(dev, DIOCRGETTSTATS, &io) != 0)
225 		atf_tc_fail("Request with size 1 << 24 failed");
226 }
227 
228 ATF_TC_CLEANUP(gettstats, tc)
229 {
230 	COMMON_CLEANUP();
231 }
232 
233 ATF_TC_WITH_CLEANUP(clrtstats);
234 ATF_TC_HEAD(clrtstats, tc)
235 {
236 	atf_tc_set_md_var(tc, "require.user", "root");
237 }
238 
239 ATF_TC_BODY(clrtstats, tc)
240 {
241 	struct pfioc_table io;
242 	struct pfr_table tbl;
243 	int flags;
244 
245 	COMMON_HEAD();
246 
247 	flags = 0;
248 
249 	common_init_tbl(&tbl);
250 
251 	bzero(&io, sizeof(io));
252 	io.pfrio_flags = flags;
253 	io.pfrio_buffer = &tbl;
254 	io.pfrio_esize = sizeof(tbl);
255 
256 	/* Negative size. This will succeed, because the kernel will not copy
257 	 * tables than it has. */
258 	io.pfrio_size = -1;
259 	if (ioctl(dev, DIOCRCLRTSTATS, &io) != 0)
260 		atf_tc_fail("Request with size -1 failed ");
261 
262 	/* Overly large size. See above. */
263 	io.pfrio_size = 1 << 24;
264 	if (ioctl(dev, DIOCRCLRTSTATS, &io) != 0)
265 		atf_tc_fail("Request with size 1 << 24 failed");
266 
267 	io.pfrio_size = sizeof(tbl);
268 	io.pfrio_buffer = NULL;
269 	if (ioctl(dev, DIOCRCLRTSTATS, &io) == 0)
270 		atf_tc_fail("Request with NULL buffer succeeded");
271 }
272 
273 ATF_TC_CLEANUP(clrtstats, tc)
274 {
275 	COMMON_CLEANUP();
276 }
277 
278 ATF_TC_WITH_CLEANUP(settflags);
279 ATF_TC_HEAD(settflags, tc)
280 {
281 	atf_tc_set_md_var(tc, "require.user", "root");
282 }
283 
284 ATF_TC_BODY(settflags, tc)
285 {
286 	struct pfioc_table io;
287 	struct pfr_table tbl;
288 	int flags;
289 
290 	COMMON_HEAD();
291 
292 	flags = 0;
293 
294 	common_init_tbl(&tbl);
295 
296 	bzero(&io, sizeof(io));
297 	io.pfrio_flags = flags;
298 	io.pfrio_buffer = &tbl;
299 	io.pfrio_esize = sizeof(tbl);
300 
301 	/* Negative size. This will succeed, because the kernel will not copy
302 	 * tables than it has. */
303 	io.pfrio_size = -1;
304 	if (ioctl(dev, DIOCRSETTFLAGS, &io) != 0)
305 		atf_tc_fail("Request with size -1 failed");
306 
307 	/* Overly large size. See above. */
308 	io.pfrio_size = 1 << 28;
309 	if (ioctl(dev, DIOCRSETTFLAGS, &io) != 0)
310 		atf_tc_fail("Request with size 1 << 24 failed");
311 
312 	/* NULL buffer */
313 	io.pfrio_buffer = NULL;
314 	if (ioctl(dev, DIOCRSETTFLAGS, &io) != -1)
315 		atf_tc_fail("Request with NULL buffer succeeded");
316 }
317 
318 ATF_TC_CLEANUP(settflags, tc)
319 {
320 	COMMON_CLEANUP();
321 }
322 
323 ATF_TC_WITH_CLEANUP(addaddrs);
324 ATF_TC_HEAD(addaddrs, tc)
325 {
326 	atf_tc_set_md_var(tc, "require.user", "root");
327 }
328 
329 ATF_TC_BODY(addaddrs, tc)
330 {
331 	struct pfioc_table io;
332 	struct pfr_addr addr;
333 
334 	COMMON_HEAD();
335 
336 	bzero(&addr, sizeof(addr));
337 	bzero(&io, sizeof(io));
338 	io.pfrio_flags = 0;
339 	io.pfrio_buffer = &addr;
340 	io.pfrio_esize = sizeof(addr);
341 
342 	/* Negative size. */
343 	io.pfrio_size = -1;
344 	if (ioctl(dev, DIOCRADDADDRS, &io) == 0)
345 		atf_tc_fail("Request with size -1 succeeded");
346 
347 	/* Overly large size. */
348 	io.pfrio_size = 1 << 28;
349 	if (ioctl(dev, DIOCRADDADDRS, &io) == 0)
350 		atf_tc_fail("Reuqest with size 1 << 28 failed");
351 }
352 
353 ATF_TC_CLEANUP(addaddrs, tc)
354 {
355 	COMMON_CLEANUP();
356 }
357 
358 ATF_TC_WITH_CLEANUP(deladdrs);
359 ATF_TC_HEAD(deladdrs, tc)
360 {
361 	atf_tc_set_md_var(tc, "require.user", "root");
362 }
363 
364 ATF_TC_BODY(deladdrs, tc)
365 {
366 	struct pfioc_table io;
367 	struct pfr_addr addr;
368 
369 	COMMON_HEAD();
370 
371 	bzero(&addr, sizeof(addr));
372 	bzero(&io, sizeof(io));
373 	io.pfrio_flags = 0;
374 	io.pfrio_buffer = &addr;
375 	io.pfrio_esize = sizeof(addr);
376 
377 	/* Negative size. */
378 	io.pfrio_size = -1;
379 	if (ioctl(dev, DIOCRDELADDRS, &io) == 0)
380 		atf_tc_fail("Request with size -1 succeeded");
381 
382 	/* Overly large size. */
383 	io.pfrio_size = 1 << 28;
384 	if (ioctl(dev, DIOCRDELADDRS, &io) == 0)
385 		atf_tc_fail("Reuqest with size 1 << 28 failed");
386 }
387 
388 ATF_TC_CLEANUP(deladdrs, tc)
389 {
390 	COMMON_CLEANUP();
391 }
392 
393 ATF_TC_WITH_CLEANUP(setaddrs);
394 ATF_TC_HEAD(setaddrs, tc)
395 {
396 	atf_tc_set_md_var(tc, "require.user", "root");
397 }
398 
399 ATF_TC_BODY(setaddrs, tc)
400 {
401 	struct pfioc_table io;
402 	struct pfr_addr addr;
403 
404 	COMMON_HEAD();
405 
406 	bzero(&addr, sizeof(addr));
407 	bzero(&io, sizeof(io));
408 	io.pfrio_flags = 0;
409 	io.pfrio_buffer = &addr;
410 	io.pfrio_esize = sizeof(addr);
411 
412 	/* Negative size. */
413 	io.pfrio_size = -1;
414 	if (ioctl(dev, DIOCRSETADDRS, &io) == 0)
415 		atf_tc_fail("Request with size -1 succeeded");
416 
417 	/* Overly large size. */
418 	io.pfrio_size = 1 << 28;
419 	if (ioctl(dev, DIOCRSETADDRS, &io) == 0)
420 		atf_tc_fail("Reuqest with size 1 << 28 failed");
421 }
422 
423 ATF_TC_CLEANUP(setaddrs, tc)
424 {
425 	COMMON_CLEANUP();
426 }
427 
428 ATF_TC_WITH_CLEANUP(getaddrs);
429 ATF_TC_HEAD(getaddrs, tc)
430 {
431 	atf_tc_set_md_var(tc, "require.user", "root");
432 }
433 
434 ATF_TC_BODY(getaddrs, tc)
435 {
436 	struct pfioc_table io;
437 	struct pfr_addr addr;
438 
439 	COMMON_HEAD();
440 
441 	bzero(&addr, sizeof(addr));
442 	bzero(&io, sizeof(io));
443 	io.pfrio_flags = 0;
444 	io.pfrio_buffer = &addr;
445 	io.pfrio_esize = sizeof(addr);
446 
447 	common_init_tbl(&io.pfrio_table);
448 
449 	/* Negative size. */
450 	io.pfrio_size = -1;
451 	if (ioctl(dev, DIOCRGETADDRS, &io) == 0)
452 		atf_tc_fail("Request with size -1 succeeded");
453 
454 	/* Overly large size. */
455 	io.pfrio_size = 1 << 24;
456 	if (ioctl(dev, DIOCRGETADDRS, &io) == 0)
457 		atf_tc_fail("Request with size 1 << 24 failed");
458 }
459 
460 ATF_TC_CLEANUP(getaddrs, tc)
461 {
462 	COMMON_CLEANUP();
463 }
464 
465 ATF_TC_WITH_CLEANUP(getastats);
466 ATF_TC_HEAD(getastats, tc)
467 {
468 	atf_tc_set_md_var(tc, "require.user", "root");
469 }
470 
471 ATF_TC_BODY(getastats, tc)
472 {
473 	struct pfioc_table io;
474 	struct pfr_astats astats;
475 
476 	COMMON_HEAD();
477 
478 	bzero(&astats, sizeof(astats));
479 	bzero(&io, sizeof(io));
480 	io.pfrio_flags = 0;
481 	io.pfrio_buffer = &astats;
482 	io.pfrio_esize = sizeof(astats);
483 
484 	common_init_tbl(&io.pfrio_table);
485 
486 	/* Negative size. */
487 	io.pfrio_size = -1;
488 	if (ioctl(dev, DIOCRGETASTATS, &io) == 0)
489 		atf_tc_fail("Request with size -1 succeeded");
490 
491 	/* Overly large size. */
492 	io.pfrio_size = 1 << 24;
493 	if (ioctl(dev, DIOCRGETASTATS, &io) == 0)
494 		atf_tc_fail("Request with size 1 << 24 failed");
495 }
496 
497 ATF_TC_CLEANUP(getastats, tc)
498 {
499 	COMMON_CLEANUP();
500 }
501 
502 ATF_TC_WITH_CLEANUP(clrastats);
503 ATF_TC_HEAD(clrastats, tc)
504 {
505 	atf_tc_set_md_var(tc, "require.user", "root");
506 }
507 
508 ATF_TC_BODY(clrastats, tc)
509 {
510 	struct pfioc_table io;
511 	struct pfr_addr addr;
512 
513 	COMMON_HEAD();
514 
515 	bzero(&addr, sizeof(addr));
516 	bzero(&io, sizeof(io));
517 	io.pfrio_flags = 0;
518 	io.pfrio_buffer = &addr;
519 	io.pfrio_esize = sizeof(addr);
520 
521 	common_init_tbl(&io.pfrio_table);
522 
523 	/* Negative size. */
524 	io.pfrio_size = -1;
525 	if (ioctl(dev, DIOCRCLRASTATS, &io) == 0)
526 		atf_tc_fail("Request with size -1 succeeded");
527 
528 	/* Overly large size. */
529 	io.pfrio_size = 1 << 24;
530 	if (ioctl(dev, DIOCRCLRASTATS, &io) == 0)
531 		atf_tc_fail("Request with size 1 << 24 failed");
532 }
533 
534 ATF_TC_CLEANUP(clrastats, tc)
535 {
536 	COMMON_CLEANUP();
537 }
538 
539 ATF_TC_WITH_CLEANUP(tstaddrs);
540 ATF_TC_HEAD(tstaddrs, tc)
541 {
542 	atf_tc_set_md_var(tc, "require.user", "root");
543 }
544 
545 ATF_TC_BODY(tstaddrs, tc)
546 {
547 	struct pfioc_table io;
548 	struct pfr_addr addr;
549 
550 	COMMON_HEAD();
551 
552 	bzero(&addr, sizeof(addr));
553 	bzero(&io, sizeof(io));
554 	io.pfrio_flags = 0;
555 	io.pfrio_buffer = &addr;
556 	io.pfrio_esize = sizeof(addr);
557 
558 	common_init_tbl(&io.pfrio_table);
559 
560 	/* Negative size. */
561 	io.pfrio_size = -1;
562 	if (ioctl(dev, DIOCRTSTADDRS, &io) == 0)
563 		atf_tc_fail("Request with size -1 succeeded");
564 
565 	/* Overly large size. */
566 	io.pfrio_size = 1 << 24;
567 	if (ioctl(dev, DIOCRTSTADDRS, &io) == 0)
568 		atf_tc_fail("Request with size 1 << 24 failed");
569 }
570 
571 ATF_TC_CLEANUP(tstaddrs, tc)
572 {
573 	COMMON_CLEANUP();
574 }
575 
576 ATF_TC_WITH_CLEANUP(inadefine);
577 ATF_TC_HEAD(inadefine, tc)
578 {
579 	atf_tc_set_md_var(tc, "require.user", "root");
580 }
581 
582 ATF_TC_BODY(inadefine, tc)
583 {
584 	struct pfioc_table io;
585 	struct pfr_addr addr;
586 
587 	COMMON_HEAD();
588 
589 	bzero(&addr, sizeof(addr));
590 	bzero(&io, sizeof(io));
591 	io.pfrio_flags = 0;
592 	io.pfrio_buffer = &addr;
593 	io.pfrio_esize = sizeof(addr);
594 
595 	common_init_tbl(&io.pfrio_table);
596 
597 	/* Negative size. */
598 	io.pfrio_size = -1;
599 	if (ioctl(dev, DIOCRINADEFINE, &io) == 0)
600 		atf_tc_fail("Request with size -1 succeeded");
601 
602 	/* Overly large size. */
603 	io.pfrio_size = 1 << 24;
604 	if (ioctl(dev, DIOCRINADEFINE, &io) == 0)
605 		atf_tc_fail("Request with size 1 << 24 failed");
606 }
607 
608 ATF_TC_CLEANUP(inadefine, tc)
609 {
610 	COMMON_CLEANUP();
611 }
612 
613 ATF_TC_WITH_CLEANUP(igetifaces);
614 ATF_TC_HEAD(igetifaces, tc)
615 {
616 	atf_tc_set_md_var(tc, "require.user", "root");
617 }
618 
619 ATF_TC_BODY(igetifaces, tc)
620 {
621 	struct pfioc_iface io;
622 	struct pfi_kif kif;
623 
624 	COMMON_HEAD();
625 
626 	bzero(&io, sizeof(io));
627 	io.pfiio_flags = 0;
628 	io.pfiio_buffer = &kif;
629 	io.pfiio_esize = sizeof(kif);
630 
631 	/* Negative size */
632 	io.pfiio_size = -1;
633 	if (ioctl(dev, DIOCIGETIFACES, &io) == 0)
634 		atf_tc_fail("request with size -1 succeeded");
635 
636 	/* Overflow size */
637 	io.pfiio_size = 1 << 31;
638 	if (ioctl(dev, DIOCIGETIFACES, &io) == 0)
639 		atf_tc_fail("request with size 1 << 31 succeeded");
640 }
641 
642 ATF_TC_CLEANUP(igetifaces, tc)
643 {
644 	COMMON_CLEANUP();
645 }
646 
647 ATF_TC_WITH_CLEANUP(cxbegin);
648 ATF_TC_HEAD(cxbegin, tc)
649 {
650 	atf_tc_set_md_var(tc, "require.user", "root");
651 }
652 
653 ATF_TC_BODY(cxbegin, tc)
654 {
655 	struct pfioc_trans io;
656 	struct pfioc_trans_e ioe;
657 
658 	COMMON_HEAD();
659 
660 	bzero(&io, sizeof(io));
661 	io.esize = sizeof(ioe);
662 	io.array = &ioe;
663 
664 	/* Negative size */
665 	io.size = -1;
666 	if (ioctl(dev, DIOCXBEGIN, &io) == 0)
667 		atf_tc_fail("request with size -1 succeeded");
668 
669 	/* Overflow size */
670 	io.size = 1 << 30;
671 	if (ioctl(dev, DIOCXBEGIN, &io) == 0)
672 		atf_tc_fail("request with size 1 << 30 succeeded");
673 
674 	/* NULL buffer */
675 	io.size = 1;
676 	io.array = NULL;
677 	if (ioctl(dev, DIOCXBEGIN, &io) == 0)
678 		atf_tc_fail("request with size -1 succeeded");
679 }
680 
681 ATF_TC_CLEANUP(cxbegin, tc)
682 {
683 	COMMON_CLEANUP();
684 }
685 
686 ATF_TC_WITH_CLEANUP(cxrollback);
687 ATF_TC_HEAD(cxrollback, tc)
688 {
689 	atf_tc_set_md_var(tc, "require.user", "root");
690 }
691 
692 ATF_TC_BODY(cxrollback, tc)
693 {
694 	struct pfioc_trans io;
695 	struct pfioc_trans_e ioe;
696 
697 	COMMON_HEAD();
698 
699 	bzero(&io, sizeof(io));
700 	io.esize = sizeof(ioe);
701 	io.array = &ioe;
702 
703 	/* Negative size */
704 	io.size = -1;
705 	if (ioctl(dev, DIOCXROLLBACK, &io) == 0)
706 		atf_tc_fail("request with size -1 succeeded");
707 
708 	/* Overflow size */
709 	io.size = 1 << 30;
710 	if (ioctl(dev, DIOCXROLLBACK, &io) == 0)
711 		atf_tc_fail("request with size 1 << 30 succeeded");
712 
713 	/* NULL buffer */
714 	io.size = 1;
715 	io.array = NULL;
716 	if (ioctl(dev, DIOCXROLLBACK, &io) == 0)
717 		atf_tc_fail("request with size -1 succeeded");
718 }
719 
720 ATF_TC_CLEANUP(cxrollback, tc)
721 {
722 	COMMON_CLEANUP();
723 }
724 
725 ATF_TC_WITH_CLEANUP(commit);
726 ATF_TC_HEAD(commit, tc)
727 {
728 	atf_tc_set_md_var(tc, "require.user", "root");
729 }
730 
731 ATF_TC_BODY(commit, tc)
732 {
733 	struct pfioc_trans io;
734 	struct pfioc_trans_e ioe;
735 
736 	COMMON_HEAD();
737 
738 	bzero(&io, sizeof(io));
739 	io.esize = sizeof(ioe);
740 	io.array = &ioe;
741 
742 	/* Negative size */
743 	io.size = -1;
744 	if (ioctl(dev, DIOCXCOMMIT, &io) == 0)
745 		atf_tc_fail("request with size -1 succeeded");
746 
747 	/* Overflow size */
748 	io.size = 1 << 30;
749 	if (ioctl(dev, DIOCXCOMMIT, &io) == 0)
750 		atf_tc_fail("request with size 1 << 30 succeeded");
751 
752 	/* NULL buffer */
753 	io.size = 1;
754 	io.array = NULL;
755 	if (ioctl(dev, DIOCXCOMMIT, &io) == 0)
756 		atf_tc_fail("request with size -1 succeeded");
757 }
758 
759 ATF_TC_CLEANUP(commit, tc)
760 {
761 	COMMON_CLEANUP();
762 }
763 
764 ATF_TC_WITH_CLEANUP(getsrcnodes);
765 ATF_TC_HEAD(getsrcnodes, tc)
766 {
767 	atf_tc_set_md_var(tc, "require.user", "root");
768 }
769 
770 ATF_TC_BODY(getsrcnodes, tc)
771 {
772 	struct pfioc_src_nodes psn;
773 
774 	COMMON_HEAD();
775 
776 	bzero(&psn, sizeof(psn));
777 
778 	psn.psn_len = -1;
779 	if (ioctl(dev, DIOCGETSRCNODES, &psn) != 0)
780 		atf_tc_fail("request with size -1 failed");
781 
782 	psn.psn_len = 1 << 30;
783 	if (ioctl(dev, DIOCGETSRCNODES, &psn) != 0)
784 		atf_tc_fail("request with size << 30 failed");
785 
786 	psn.psn_len = 1 << 31;
787 	if (ioctl(dev, DIOCGETSRCNODES, &psn) != 0)
788 		atf_tc_fail("request with size << 30 failed");
789 }
790 
791 ATF_TC_CLEANUP(getsrcnodes, tc)
792 {
793 	COMMON_CLEANUP();
794 }
795 
796 ATF_TC_WITH_CLEANUP(tag);
797 ATF_TC_HEAD(tag, tc)
798 {
799 	atf_tc_set_md_var(tc, "require.user", "root");
800 }
801 
802 ATF_TC_BODY(tag, tc)
803 {
804 	struct pfioc_rule rule;
805 
806 	COMMON_HEAD();
807 
808 	memset(&rule, 0x42, sizeof(rule));
809 
810 	rule.ticket = 0;
811 	rule.pool_ticket = 0;
812 	rule.anchor[0] = 0;
813 
814 	rule.rule.return_icmp = 0;
815 	bzero(&rule.rule.src, sizeof(rule.rule.src));
816 	bzero(&rule.rule.dst, sizeof(rule.rule.dst));
817 
818 	rule.rule.ifname[0] = 0;
819 	rule.rule.action = 0;
820 	rule.rule.rtableid = 0;
821 
822 	rule.rule.tagname[0] = 0;
823 
824 	for (int i = 0; i < 10; i++)
825 		ioctl(dev, DIOCADDRULE, &rule);
826 }
827 
828 ATF_TC_CLEANUP(tag, tc)
829 {
830 	COMMON_CLEANUP();
831 }
832 
833 ATF_TC_WITH_CLEANUP(rpool_mtx);
834 ATF_TC_HEAD(rpool_mtx, tc)
835 {
836 	atf_tc_set_md_var(tc, "require.user", "root");
837 }
838 
839 ATF_TC_BODY(rpool_mtx, tc)
840 {
841 	struct pfioc_rule rule;
842 
843 	COMMON_HEAD();
844 
845 	memset(&rule, 0, sizeof(rule));
846 
847 	rule.ticket = 0;
848 	rule.pool_ticket = 0;
849 	rule.anchor[0] = 0;
850 
851 	rule.rule.return_icmp = 0;
852 	bzero(&rule.rule.src, sizeof(rule.rule.src));
853 	bzero(&rule.rule.dst, sizeof(rule.rule.dst));
854 
855 	rule.rule.ifname[0] = 0;
856 	rule.rule.action = 0;
857 	rule.rule.rtableid = 0;
858 
859 	rule.rule.tagname[0] = 0;
860 	rule.rule.action = 42;
861 
862 	ioctl(dev, DIOCADDRULE, &rule);
863 }
864 
865 ATF_TC_CLEANUP(rpool_mtx, tc)
866 {
867 	COMMON_CLEANUP();
868 }
869 
870 ATF_TC_WITH_CLEANUP(rpool_mtx2);
871 ATF_TC_HEAD(rpool_mtx2, tc)
872 {
873 	atf_tc_set_md_var(tc, "require.user", "root");
874 }
875 
876 ATF_TC_BODY(rpool_mtx2, tc)
877 {
878 	struct pfioc_rule rule;
879 
880 	COMMON_HEAD();
881 
882 	memset(&rule, 0, sizeof(rule));
883 
884 	rule.pool_ticket = 1000000;
885 	rule.action = PF_CHANGE_ADD_HEAD;
886 	rule.rule.af = AF_INET;
887 
888 	ioctl(dev, DIOCCHANGERULE, &rule);
889 }
890 
891 ATF_TC_CLEANUP(rpool_mtx2, tc)
892 {
893 	COMMON_CLEANUP();
894 }
895 
896 
897 ATF_TP_ADD_TCS(tp)
898 {
899 	ATF_TP_ADD_TC(tp, addtables);
900 	ATF_TP_ADD_TC(tp, deltables);
901 	ATF_TP_ADD_TC(tp, gettables);
902 	ATF_TP_ADD_TC(tp, getastats);
903 	ATF_TP_ADD_TC(tp, gettstats);
904 	ATF_TP_ADD_TC(tp, clrtstats);
905 	ATF_TP_ADD_TC(tp, settflags);
906 	ATF_TP_ADD_TC(tp, addaddrs);
907 	ATF_TP_ADD_TC(tp, deladdrs);
908 	ATF_TP_ADD_TC(tp, setaddrs);
909 	ATF_TP_ADD_TC(tp, getaddrs);
910 	ATF_TP_ADD_TC(tp, clrastats);
911 	ATF_TP_ADD_TC(tp, tstaddrs);
912 	ATF_TP_ADD_TC(tp, inadefine);
913 	ATF_TP_ADD_TC(tp, igetifaces);
914 	ATF_TP_ADD_TC(tp, cxbegin);
915 	ATF_TP_ADD_TC(tp, cxrollback);
916 	ATF_TP_ADD_TC(tp, commit);
917 	ATF_TP_ADD_TC(tp, getsrcnodes);
918 	ATF_TP_ADD_TC(tp, tag);
919 	ATF_TP_ADD_TC(tp, rpool_mtx);
920 	ATF_TP_ADD_TC(tp, rpool_mtx2);
921 
922 	return (atf_no_error());
923 }
924