xref: /freebsd/tests/sys/netpfil/pf/max_pkt_size.sh (revision 0c273335b2deac7cf7dadbcb5cd43d35127eb3f0) 
1#
2# SPDX-License-Identifier: BSD-2-Clause
3#
4# Copyright (c) 2025 Rubicon Communications, LLC (Netgate)
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26
27. $(atf_get_srcdir)/utils.subr
28
29common_setup()
30{
31	epair=$(vnet_mkepair)
32
33	ifconfig ${epair}b 192.0.2.2/24 up
34
35	vnet_mkjail alcatraz ${epair}a
36	jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up
37
38	jexec alcatraz pfctl -e
39}
40
41common_test()
42{
43	# Small packets pass
44	atf_check -s exit:0 -o ignore \
45	    ping -c 1 192.0.2.1
46	atf_check -s exit:0 -o ignore \
47	    ping -c 1 -s 100 192.0.2.1
48
49	# Larger packets do not
50	atf_check -s exit:2 -o ignore \
51	    ping -c 3 -s 101 192.0.2.1
52	atf_check -s exit:2 -o ignore \
53	    ping -c 3 -s 128 192.0.2.1
54}
55
56atf_test_case "basic" "cleanup"
57basic_head()
58{
59	atf_set descr 'Basic max-pkt-size test'
60	atf_set require.user root
61}
62
63basic_body()
64{
65	pft_init
66
67	common_setup
68
69	pft_set_rules alcatraz \
70	    "pass max-pkt-size 128"
71
72	common_test
73
74	# We can enforce this on fragmented packets too
75	pft_set_rules alcatraz \
76	    "pass max-pkt-size 2000"
77
78	atf_check -s exit:0 -o ignore \
79	    ping -c 1 -s 1400 192.0.2.1
80	atf_check -s exit:0 -o ignore \
81	    ping -c 1 -s 1972 192.0.2.1
82	atf_check -s exit:2 -o ignore \
83	    ping -c 1 -s 1973 192.0.2.1
84	atf_check -s exit:2 -o ignore \
85	    ping -c 3 -s 3000 192.0.2.1
86}
87
88basic_cleanup()
89{
90	pft_cleanup
91}
92
93atf_test_case "match" "cleanup"
94match_head()
95{
96	atf_set descr 'max-pkt-size on match rules'
97	atf_set require.user root
98}
99
100match_body()
101{
102	pft_init
103
104	common_setup
105
106	pft_set_rules alcatraz \
107	    "match in max-pkt-size 128" \
108	    "pass"
109
110	common_test
111}
112
113match_cleanup()
114{
115	pft_cleanup
116}
117
118atf_init_test_cases()
119{
120	atf_add_test_case "basic"
121	atf_add_test_case "match"
122}
123