netpfil/pf/max_states.sh

67bd1d07SKajetan Staszkiewicz#
67bd1d07SKajetan Staszkiewicz# SPDX-License-Identifier: BSD-2-Clause
67bd1d07SKajetan Staszkiewicz#
67bd1d07SKajetan Staszkiewicz# Copyright (c) 2024 Kajetan Staszkiewicz <vegeta@tuxpowered.net>
67bd1d07SKajetan Staszkiewicz#
67bd1d07SKajetan Staszkiewicz# Redistribution and use in source and binary forms, with or without
67bd1d07SKajetan Staszkiewicz# modification, are permitted provided that the following conditions
67bd1d07SKajetan Staszkiewicz# are met:
67bd1d07SKajetan Staszkiewicz# 1. Redistributions of source code must retain the above copyright
67bd1d07SKajetan Staszkiewicz#    notice, this list of conditions and the following disclaimer.
67bd1d07SKajetan Staszkiewicz# 2. Redistributions in binary form must reproduce the above copyright
67bd1d07SKajetan Staszkiewicz#    notice, this list of conditions and the following disclaimer in the
67bd1d07SKajetan Staszkiewicz#    documentation and/or other materials provided with the distribution.
67bd1d07SKajetan Staszkiewicz#
67bd1d07SKajetan Staszkiewicz# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
67bd1d07SKajetan Staszkiewicz# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
67bd1d07SKajetan Staszkiewicz# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
67bd1d07SKajetan Staszkiewicz# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
67bd1d07SKajetan Staszkiewicz# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
67bd1d07SKajetan Staszkiewicz# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
67bd1d07SKajetan Staszkiewicz# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
67bd1d07SKajetan Staszkiewicz# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
67bd1d07SKajetan Staszkiewicz# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
67bd1d07SKajetan Staszkiewicz# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
67bd1d07SKajetan Staszkiewicz# SUCH DAMAGE.
67bd1d07SKajetan Staszkiewicz
67bd1d07SKajetan Staszkiewicz. $(atf_get_srcdir)/utils.subr
67bd1d07SKajetan Staszkiewicz
67bd1d07SKajetan Staszkiewicz
67bd1d07SKajetan Staszkiewiczmax_states_head()
67bd1d07SKajetan Staszkiewicz{
67bd1d07SKajetan Staszkiewicz	atf_set descr 'Max states per rule'
67bd1d07SKajetan Staszkiewicz	atf_set require.user root
*c46af893SJose Luis Duran	atf_set require.progs python3 scapy
67bd1d07SKajetan Staszkiewicz}
67bd1d07SKajetan Staszkiewicz
67bd1d07SKajetan Staszkiewiczmax_states_body()
67bd1d07SKajetan Staszkiewicz{
67bd1d07SKajetan Staszkiewicz	setup_router_dummy_ipv6
67bd1d07SKajetan Staszkiewicz
67bd1d07SKajetan Staszkiewicz	pft_set_rules router \
67bd1d07SKajetan Staszkiewicz		"block" \
f28d5ac5SKajetan Staszkiewicz		"pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv }" \
f28d5ac5SKajetan Staszkiewicz		"pass in  on ${epair_tester}b inet6 proto tcp keep state (max 3)" \
f28d5ac5SKajetan Staszkiewicz		"pass out on ${epair_server}a inet6 proto tcp keep state"
67bd1d07SKajetan Staszkiewicz
67bd1d07SKajetan Staszkiewicz	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-sport=4201
67bd1d07SKajetan Staszkiewicz	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-sport=4202
f28d5ac5SKajetan Staszkiewicz	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-sport=4203
f28d5ac5SKajetan Staszkiewicz	ping_dummy_check_request exit:1 --ping-type=tcpsyn --send-sport=4204
67bd1d07SKajetan Staszkiewicz}
67bd1d07SKajetan Staszkiewicz
67bd1d07SKajetan Staszkiewiczmax_states_cleanup()
67bd1d07SKajetan Staszkiewicz{
67bd1d07SKajetan Staszkiewicz	pft_cleanup
67bd1d07SKajetan Staszkiewicz}
67bd1d07SKajetan Staszkiewicz
67bd1d07SKajetan Staszkiewicz
67bd1d07SKajetan Staszkiewiczatf_init_test_cases()
67bd1d07SKajetan Staszkiewicz{
67bd1d07SKajetan Staszkiewicz	atf_add_test_case "max_states"
67bd1d07SKajetan Staszkiewicz}