141fd03c0SKristof Provost# 241fd03c0SKristof Provost# SPDX-License-Identifier: BSD-2-Clause 341fd03c0SKristof Provost# 441fd03c0SKristof Provost# Copyright (c) 2025 Rubicon Communications, LLC (Netgate) 541fd03c0SKristof Provost# 641fd03c0SKristof Provost# Redistribution and use in source and binary forms, with or without 741fd03c0SKristof Provost# modification, are permitted provided that the following conditions 841fd03c0SKristof Provost# are met: 941fd03c0SKristof Provost# 1. Redistributions of source code must retain the above copyright 1041fd03c0SKristof Provost# notice, this list of conditions and the following disclaimer. 1141fd03c0SKristof Provost# 2. Redistributions in binary form must reproduce the above copyright 1241fd03c0SKristof Provost# notice, this list of conditions and the following disclaimer in the 1341fd03c0SKristof Provost# documentation and/or other materials provided with the distribution. 1441fd03c0SKristof Provost# 1541fd03c0SKristof Provost# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1641fd03c0SKristof Provost# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1741fd03c0SKristof Provost# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1841fd03c0SKristof Provost# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1941fd03c0SKristof Provost# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2041fd03c0SKristof Provost# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2141fd03c0SKristof Provost# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2241fd03c0SKristof Provost# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2341fd03c0SKristof Provost# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2441fd03c0SKristof Provost# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2541fd03c0SKristof Provost# SUCH DAMAGE. 2641fd03c0SKristof Provost 2741fd03c0SKristof Provost. $(atf_get_srcdir)/utils.subr 2841fd03c0SKristof Provost 29*0c273335SKristof Provostcommon_setup() 3041fd03c0SKristof Provost{ 3141fd03c0SKristof Provost epair=$(vnet_mkepair) 3241fd03c0SKristof Provost 3341fd03c0SKristof Provost ifconfig ${epair}b 192.0.2.2/24 up 3441fd03c0SKristof Provost 3541fd03c0SKristof Provost vnet_mkjail alcatraz ${epair}a 3641fd03c0SKristof Provost jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up 3741fd03c0SKristof Provost 3841fd03c0SKristof Provost jexec alcatraz pfctl -e 39*0c273335SKristof Provost} 4041fd03c0SKristof Provost 41*0c273335SKristof Provostcommon_test() 42*0c273335SKristof Provost{ 4341fd03c0SKristof Provost # Small packets pass 4441fd03c0SKristof Provost atf_check -s exit:0 -o ignore \ 4541fd03c0SKristof Provost ping -c 1 192.0.2.1 4641fd03c0SKristof Provost atf_check -s exit:0 -o ignore \ 4741fd03c0SKristof Provost ping -c 1 -s 100 192.0.2.1 4841fd03c0SKristof Provost 4941fd03c0SKristof Provost # Larger packets do not 5041fd03c0SKristof Provost atf_check -s exit:2 -o ignore \ 5141fd03c0SKristof Provost ping -c 3 -s 101 192.0.2.1 5241fd03c0SKristof Provost atf_check -s exit:2 -o ignore \ 5341fd03c0SKristof Provost ping -c 3 -s 128 192.0.2.1 54*0c273335SKristof Provost} 55*0c273335SKristof Provost 56*0c273335SKristof Provostatf_test_case "basic" "cleanup" 57*0c273335SKristof Provostbasic_head() 58*0c273335SKristof Provost{ 59*0c273335SKristof Provost atf_set descr 'Basic max-pkt-size test' 60*0c273335SKristof Provost atf_set require.user root 61*0c273335SKristof Provost} 62*0c273335SKristof Provost 63*0c273335SKristof Provostbasic_body() 64*0c273335SKristof Provost{ 65*0c273335SKristof Provost pft_init 66*0c273335SKristof Provost 67*0c273335SKristof Provost common_setup 68*0c273335SKristof Provost 69*0c273335SKristof Provost pft_set_rules alcatraz \ 70*0c273335SKristof Provost "pass max-pkt-size 128" 71*0c273335SKristof Provost 72*0c273335SKristof Provost common_test 7341fd03c0SKristof Provost 7441fd03c0SKristof Provost # We can enforce this on fragmented packets too 7541fd03c0SKristof Provost pft_set_rules alcatraz \ 7641fd03c0SKristof Provost "pass max-pkt-size 2000" 7741fd03c0SKristof Provost 7841fd03c0SKristof Provost atf_check -s exit:0 -o ignore \ 7941fd03c0SKristof Provost ping -c 1 -s 1400 192.0.2.1 8041fd03c0SKristof Provost atf_check -s exit:0 -o ignore \ 8141fd03c0SKristof Provost ping -c 1 -s 1972 192.0.2.1 8241fd03c0SKristof Provost atf_check -s exit:2 -o ignore \ 8341fd03c0SKristof Provost ping -c 1 -s 1973 192.0.2.1 8441fd03c0SKristof Provost atf_check -s exit:2 -o ignore \ 8541fd03c0SKristof Provost ping -c 3 -s 3000 192.0.2.1 8641fd03c0SKristof Provost} 8741fd03c0SKristof Provost 8841fd03c0SKristof Provostbasic_cleanup() 8941fd03c0SKristof Provost{ 9041fd03c0SKristof Provost pft_cleanup 9141fd03c0SKristof Provost} 9241fd03c0SKristof Provost 93*0c273335SKristof Provostatf_test_case "match" "cleanup" 94*0c273335SKristof Provostmatch_head() 95*0c273335SKristof Provost{ 96*0c273335SKristof Provost atf_set descr 'max-pkt-size on match rules' 97*0c273335SKristof Provost atf_set require.user root 98*0c273335SKristof Provost} 99*0c273335SKristof Provost 100*0c273335SKristof Provostmatch_body() 101*0c273335SKristof Provost{ 102*0c273335SKristof Provost pft_init 103*0c273335SKristof Provost 104*0c273335SKristof Provost common_setup 105*0c273335SKristof Provost 106*0c273335SKristof Provost pft_set_rules alcatraz \ 107*0c273335SKristof Provost "match in max-pkt-size 128" \ 108*0c273335SKristof Provost "pass" 109*0c273335SKristof Provost 110*0c273335SKristof Provost common_test 111*0c273335SKristof Provost} 112*0c273335SKristof Provost 113*0c273335SKristof Provostmatch_cleanup() 114*0c273335SKristof Provost{ 115*0c273335SKristof Provost pft_cleanup 116*0c273335SKristof Provost} 117*0c273335SKristof Provost 11841fd03c0SKristof Provostatf_init_test_cases() 11941fd03c0SKristof Provost{ 12041fd03c0SKristof Provost atf_add_test_case "basic" 121*0c273335SKristof Provost atf_add_test_case "match" 12241fd03c0SKristof Provost} 123