1c5f21023SKristof Provost# 2c5f21023SKristof Provost# SPDX-License-Identifier: BSD-2-Clause 3c5f21023SKristof Provost# 4c5f21023SKristof Provost# Copyright (c) 2025 Rubicon Communications, LLC (Netgate) 5c5f21023SKristof Provost# 6c5f21023SKristof Provost# Redistribution and use in source and binary forms, with or without 7c5f21023SKristof Provost# modification, are permitted provided that the following conditions 8c5f21023SKristof Provost# are met: 9c5f21023SKristof Provost# 1. Redistributions of source code must retain the above copyright 10c5f21023SKristof Provost# notice, this list of conditions and the following disclaimer. 11c5f21023SKristof Provost# 2. Redistributions in binary form must reproduce the above copyright 12c5f21023SKristof Provost# notice, this list of conditions and the following disclaimer in the 13c5f21023SKristof Provost# documentation and/or other materials provided with the distribution. 14c5f21023SKristof Provost# 15c5f21023SKristof Provost# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16c5f21023SKristof Provost# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17c5f21023SKristof Provost# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18c5f21023SKristof Provost# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19c5f21023SKristof Provost# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20c5f21023SKristof Provost# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21c5f21023SKristof Provost# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22c5f21023SKristof Provost# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23c5f21023SKristof Provost# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24c5f21023SKristof Provost# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25c5f21023SKristof Provost# SUCH DAMAGE. 26c5f21023SKristof Provost 27c5f21023SKristof Provost. $(atf_get_srcdir)/utils.subr 28c5f21023SKristof Provost 29*23c17bd6SKristof Provostcommon_setup() 30c5f21023SKristof Provost{ 31c5f21023SKristof Provost epair=$(vnet_mkepair) 32c5f21023SKristof Provost 33c5f21023SKristof Provost ifconfig ${epair}a inet 192.0.2.2/24 up 34c5f21023SKristof Provost 35c5f21023SKristof Provost vnet_mkjail alcatraz ${epair}b 36c5f21023SKristof Provost jexec alcatraz ifconfig ${epair}b inet 192.0.2.1/24 up 37c5f21023SKristof Provost 38c5f21023SKristof Provost # Sanity check 39c5f21023SKristof Provost atf_check -s exit:0 -o ignore \ 40c5f21023SKristof Provost ping -c 1 192.0.2.1 41c5f21023SKristof Provost 42c5f21023SKristof Provost jexec alcatraz pfctl -e 43*23c17bd6SKristof Provost} 44c5f21023SKristof Provost 45*23c17bd6SKristof Provostcommon_test() 46*23c17bd6SKristof Provost{ 47c5f21023SKristof Provost # One ping will pass 48c5f21023SKristof Provost atf_check -s exit:0 -o ignore \ 49c5f21023SKristof Provost ping -c 1 192.0.2.1 50c5f21023SKristof Provost 51c5f21023SKristof Provost # As will a second 52c5f21023SKristof Provost atf_check -s exit:0 -o ignore \ 53c5f21023SKristof Provost ping -c 1 192.0.2.1 54c5f21023SKristof Provost 55c5f21023SKristof Provost # But the third should fail 56c5f21023SKristof Provost atf_check -s exit:2 -o ignore \ 57c5f21023SKristof Provost ping -c 1 192.0.2.1 58c5f21023SKristof Provost 59c5f21023SKristof Provost # But three seconds later we can ping again 60c5f21023SKristof Provost sleep 3 61c5f21023SKristof Provost atf_check -s exit:0 -o ignore \ 62c5f21023SKristof Provost ping -c 1 192.0.2.1 63c5f21023SKristof Provost} 64c5f21023SKristof Provost 65*23c17bd6SKristof Provostatf_test_case "basic" "cleanup" 66*23c17bd6SKristof Provostbasic_head() 67*23c17bd6SKristof Provost{ 68*23c17bd6SKristof Provost atf_set descr 'Basic maximum packet rate test' 69*23c17bd6SKristof Provost atf_set require.user root 70*23c17bd6SKristof Provost} 71*23c17bd6SKristof Provost 72*23c17bd6SKristof Provostbasic_body() 73*23c17bd6SKristof Provost{ 74*23c17bd6SKristof Provost pft_init 75*23c17bd6SKristof Provost 76*23c17bd6SKristof Provost common_setup 77*23c17bd6SKristof Provost 78*23c17bd6SKristof Provost pft_set_rules alcatraz \ 79*23c17bd6SKristof Provost "block" \ 80*23c17bd6SKristof Provost "pass in proto icmp max-pkt-rate 2/2" 81*23c17bd6SKristof Provost 82*23c17bd6SKristof Provost common_test 83*23c17bd6SKristof Provost} 84*23c17bd6SKristof Provost 85c5f21023SKristof Provostbasic_cleanup() 86c5f21023SKristof Provost{ 87c5f21023SKristof Provost pft_cleanup 88c5f21023SKristof Provost} 89c5f21023SKristof Provost 90*23c17bd6SKristof Provostatf_test_case "anchor" "cleanup" 91*23c17bd6SKristof Provostanchor_head() 92*23c17bd6SKristof Provost{ 93*23c17bd6SKristof Provost atf_set descr 'maximum packet rate on anchor' 94*23c17bd6SKristof Provost atf_set require.user root 95*23c17bd6SKristof Provost} 96*23c17bd6SKristof Provost 97*23c17bd6SKristof Provostanchor_body() 98*23c17bd6SKristof Provost{ 99*23c17bd6SKristof Provost pft_init 100*23c17bd6SKristof Provost 101*23c17bd6SKristof Provost common_setup 102*23c17bd6SKristof Provost 103*23c17bd6SKristof Provost pft_set_rules alcatraz \ 104*23c17bd6SKristof Provost "block" \ 105*23c17bd6SKristof Provost "anchor \"foo\" proto icmp max-pkt-rate 2/2 {\n \ 106*23c17bd6SKristof Provost pass \n \ 107*23c17bd6SKristof Provost }" 108*23c17bd6SKristof Provost 109*23c17bd6SKristof Provost common_test 110*23c17bd6SKristof Provost} 111*23c17bd6SKristof Provost 112*23c17bd6SKristof Provostanchor_cleanup() 113*23c17bd6SKristof Provost{ 114*23c17bd6SKristof Provost pft_cleanup 115*23c17bd6SKristof Provost} 116*23c17bd6SKristof Provost 117c5f21023SKristof Provostatf_init_test_cases() 118c5f21023SKristof Provost{ 119c5f21023SKristof Provost atf_add_test_case "basic" 120*23c17bd6SKristof Provost atf_add_test_case "anchor" 121c5f21023SKristof Provost} 122