1# $FreeBSD$ 2# 3# SPDX-License-Identifier: BSD-2-Clause 4# 5# Copyright (c) 2021 KUROSAWA Takahiro <takahiro.kurosawa@gmail.com> 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted provided that the following conditions 9# are met: 10# 1. Redistributions of source code must retain the above copyright 11# notice, this list of conditions and the following disclaimer. 12# 2. Redistributions in binary form must reproduce the above copyright 13# notice, this list of conditions and the following disclaimer in the 14# documentation and/or other materials provided with the distribution. 15# 16# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26# SUCH DAMAGE. 27 28. $(atf_get_srcdir)/utils.subr 29 30atf_test_case "map_e" "cleanup" 31map_e_head() 32{ 33 atf_set descr 'map-e-portset test' 34 atf_set require.user root 35} 36 37map_e_body() 38{ 39 NC_TRY_COUNT=12 40 41 pft_init 42 43 epair_map_e=$(vnet_mkepair) 44 epair_echo=$(vnet_mkepair) 45 46 vnet_mkjail map_e ${epair_map_e}b ${epair_echo}a 47 vnet_mkjail echo ${epair_echo}b 48 49 ifconfig ${epair_map_e}a 192.0.2.2/24 up 50 route add -net 198.51.100.0/24 192.0.2.1 51 52 jexec map_e ifconfig ${epair_map_e}b 192.0.2.1/24 up 53 jexec map_e ifconfig ${epair_echo}a 198.51.100.1/24 up 54 jexec map_e sysctl net.inet.ip.forwarding=1 55 56 jexec echo ifconfig ${epair_echo}b 198.51.100.2/24 up 57 jexec echo /usr/sbin/inetd -p inetd-echo.pid $(atf_get_srcdir)/echo_inetd.conf 58 59 # Enable pf! 60 jexec map_e pfctl -e 61 pft_set_rules map_e \ 62 "nat pass on ${epair_echo}a inet from 192.0.2.0/24 to any -> (${epair_echo}a) map-e-portset 2/12/0x342" 63 64 # Only allow specified ports. 65 jexec echo pfctl -e 66 pft_set_rules echo "block return all" \ 67 "pass in on ${epair_echo}b inet proto tcp from 198.51.100.1 port 19720:19723 to (${epair_echo}b) port 7" \ 68 "pass in on ${epair_echo}b inet proto tcp from 198.51.100.1 port 36104:36107 to (${epair_echo}b) port 7" \ 69 "pass in on ${epair_echo}b inet proto tcp from 198.51.100.1 port 52488:52491 to (${epair_echo}b) port 7" \ 70 "set skip on lo" 71 72 i=0 73 while [ ${i} -lt ${NC_TRY_COUNT} ] 74 do 75 echo "foo ${i}" | timeout 2 nc -N 198.51.100.2 7 76 if [ $? -ne 0 ]; then 77 atf_fail "nc failed (${i})" 78 fi 79 i=$((${i}+1)) 80 done 81} 82 83map_e_cleanup() 84{ 85 rm -f inetd-echo.pid 86 pft_cleanup 87} 88 89atf_init_test_cases() 90{ 91 atf_add_test_case "map_e" 92} 93