10656a680SKristof Provost# 20656a680SKristof Provost# SPDX-License-Identifier: BSD-2-Clause 30656a680SKristof Provost# 40656a680SKristof Provost# Copyright (c) 2024 Rubicon Communications, LLC (Netgate) 50656a680SKristof Provost# 60656a680SKristof Provost# Redistribution and use in source and binary forms, with or without 70656a680SKristof Provost# modification, are permitted provided that the following conditions 80656a680SKristof Provost# are met: 90656a680SKristof Provost# 1. Redistributions of source code must retain the above copyright 100656a680SKristof Provost# notice, this list of conditions and the following disclaimer. 110656a680SKristof Provost# 2. Redistributions in binary form must reproduce the above copyright 120656a680SKristof Provost# notice, this list of conditions and the following disclaimer in the 130656a680SKristof Provost# documentation and/or other materials provided with the distribution. 140656a680SKristof Provost# 150656a680SKristof Provost# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 160656a680SKristof Provost# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 170656a680SKristof Provost# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 180656a680SKristof Provost# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 190656a680SKristof Provost# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 200656a680SKristof Provost# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 210656a680SKristof Provost# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 220656a680SKristof Provost# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 230656a680SKristof Provost# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 240656a680SKristof Provost# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 250656a680SKristof Provost# SUCH DAMAGE. 260656a680SKristof Provost 270656a680SKristof Provost. $(atf_get_srcdir)/utils.subr 280656a680SKristof Provost 2922c63490SKristof Provostnat64_setup() 300656a680SKristof Provost{ 310656a680SKristof Provost pft_init 320656a680SKristof Provost 330656a680SKristof Provost epair_link=$(vnet_mkepair) 340656a680SKristof Provost epair=$(vnet_mkepair) 350656a680SKristof Provost 360656a680SKristof Provost ifconfig ${epair}a inet6 2001:db8::2/64 up no_dad 370656a680SKristof Provost route -6 add default 2001:db8::1 380656a680SKristof Provost 390656a680SKristof Provost vnet_mkjail rtr ${epair}b ${epair_link}a 400656a680SKristof Provost jexec rtr ifconfig ${epair}b inet6 2001:db8::1/64 up no_dad 410656a680SKristof Provost jexec rtr ifconfig ${epair_link}a 192.0.2.1/24 up 420656a680SKristof Provost 430656a680SKristof Provost vnet_mkjail dst ${epair_link}b 440656a680SKristof Provost jexec dst ifconfig ${epair_link}b 192.0.2.2/24 up 450656a680SKristof Provost jexec dst route add default 192.0.2.1 460656a680SKristof Provost 470656a680SKristof Provost # Sanity checks 480656a680SKristof Provost atf_check -s exit:0 -o ignore \ 490656a680SKristof Provost ping6 -c 1 2001:db8::1 500656a680SKristof Provost atf_check -s exit:0 -o ignore \ 510656a680SKristof Provost jexec dst ping -c 1 192.0.2.1 520656a680SKristof Provost 530656a680SKristof Provost jexec rtr pfctl -e 540656a680SKristof Provost pft_set_rules rtr \ 55e128e988SKristof Provost "set reassemble yes" \ 56c6210cfdSKristof Provost "set state-policy if-bound" \ 570656a680SKristof Provost "pass in on ${epair}b inet6 from any to 64:ff9b::/96 af-to inet from (${epair_link}a)" 5822c63490SKristof Provost} 5922c63490SKristof Provost 6022c63490SKristof Provostatf_test_case "icmp_echo" "cleanup" 6122c63490SKristof Provosticmp_echo_head() 6222c63490SKristof Provost{ 6322c63490SKristof Provost atf_set descr 'Basic NAT64 ICMP echo test' 6422c63490SKristof Provost atf_set require.user root 6522c63490SKristof Provost} 6622c63490SKristof Provost 6722c63490SKristof Provosticmp_echo_body() 6822c63490SKristof Provost{ 6922c63490SKristof Provost nat64_setup 700656a680SKristof Provost 710656a680SKristof Provost # One ping 720656a680SKristof Provost atf_check -s exit:0 -o ignore \ 730656a680SKristof Provost ping6 -c 1 64:ff9b::192.0.2.2 740656a680SKristof Provost 750656a680SKristof Provost # Make sure packets make it even when state is established 760656a680SKristof Provost atf_check -s exit:0 \ 770656a680SKristof Provost -o match:'5 packets transmitted, 5 packets received, 0.0% packet loss' \ 780656a680SKristof Provost ping6 -c 5 64:ff9b::192.0.2.2 790656a680SKristof Provost} 800656a680SKristof Provost 810656a680SKristof Provosticmp_echo_cleanup() 820656a680SKristof Provost{ 830656a680SKristof Provost pft_cleanup 840656a680SKristof Provost} 850656a680SKristof Provost 86e128e988SKristof Provostatf_test_case "fragmentation" "cleanup" 87e128e988SKristof Provostfragmentation_head() 88e128e988SKristof Provost{ 89e128e988SKristof Provost atf_set descr 'Test fragmented packets' 90e128e988SKristof Provost atf_set require.user root 91e128e988SKristof Provost} 92e128e988SKristof Provost 93e128e988SKristof Provostfragmentation_body() 94e128e988SKristof Provost{ 95e128e988SKristof Provost nat64_setup 96e128e988SKristof Provost 97e128e988SKristof Provost atf_check -s exit:0 -o ignore \ 98e128e988SKristof Provost ping6 -c 1 -s 1280 64:ff9b::192.0.2.2 99e128e988SKristof Provost 100e128e988SKristof Provost atf_check -s exit:0 \ 101e128e988SKristof Provost -o match:'3 packets transmitted, 3 packets received, 0.0% packet loss' \ 102e128e988SKristof Provost ping6 -c 3 -s 2000 64:ff9b::192.0.2.2 103e128e988SKristof Provost atf_check -s exit:0 \ 104e128e988SKristof Provost -o match:'3 packets transmitted, 3 packets received, 0.0% packet loss' \ 105e128e988SKristof Provost ping6 -c 3 -s 10000 -b 20000 64:ff9b::192.0.2.2 106e128e988SKristof Provost} 107e128e988SKristof Provost 108e128e988SKristof Provostfragmentation_cleanup() 109e128e988SKristof Provost{ 110e128e988SKristof Provost pft_cleanup 111e128e988SKristof Provost} 112e128e988SKristof Provost 11322c63490SKristof Provostatf_test_case "tcp" "cleanup" 11422c63490SKristof Provosttcp_head() 11522c63490SKristof Provost{ 11622c63490SKristof Provost atf_set descr 'TCP NAT64 test' 11722c63490SKristof Provost atf_set require.user root 11822c63490SKristof Provost} 11922c63490SKristof Provost 12022c63490SKristof Provosttcp_body() 12122c63490SKristof Provost{ 12222c63490SKristof Provost nat64_setup 12322c63490SKristof Provost 12422c63490SKristof Provost echo "foo" | jexec dst nc -l 1234 & 12522c63490SKristof Provost 12622c63490SKristof Provost # Sanity check & delay for nc startup 12722c63490SKristof Provost atf_check -s exit:0 -o ignore \ 12822c63490SKristof Provost ping6 -c 1 64:ff9b::192.0.2.2 12922c63490SKristof Provost 13022c63490SKristof Provost rcv=$(nc -w 3 -6 64:ff9b::c000:202 1234) 13122c63490SKristof Provost if [ "${rcv}" != "foo" ]; 13222c63490SKristof Provost then 13322c63490SKristof Provost echo "rcv=${rcv}" 13422c63490SKristof Provost atf_fail "Failed to connect to TCP server" 13522c63490SKristof Provost fi 13622c63490SKristof Provost} 13722c63490SKristof Provost 13822c63490SKristof Provosttcp_cleanup() 13922c63490SKristof Provost{ 14022c63490SKristof Provost pft_cleanup 14122c63490SKristof Provost} 14222c63490SKristof Provost 1437e309356SKristof Provostatf_test_case "udp" "cleanup" 1447e309356SKristof Provostudp_head() 1457e309356SKristof Provost{ 1467e309356SKristof Provost atf_set descr 'UDP NAT64 test' 1477e309356SKristof Provost atf_set require.user root 1487e309356SKristof Provost} 1497e309356SKristof Provost 1507e309356SKristof Provostudp_body() 1517e309356SKristof Provost{ 1527e309356SKristof Provost nat64_setup 1537e309356SKristof Provost 1547e309356SKristof Provost echo "foo" | jexec dst nc -u -l 1234 & 1557e309356SKristof Provost 1567e309356SKristof Provost # Sanity check & delay for nc startup 1577e309356SKristof Provost atf_check -s exit:0 -o ignore \ 1587e309356SKristof Provost ping6 -c 1 64:ff9b::192.0.2.2 1597e309356SKristof Provost 1607e309356SKristof Provost rcv=$(echo bar | nc -w 3 -6 -u 64:ff9b::c000:202 1234) 1617e309356SKristof Provost if [ "${rcv}" != "foo" ]; 1627e309356SKristof Provost then 1637e309356SKristof Provost echo "rcv=${rcv}" 1647e309356SKristof Provost atf_fail "Failed to connect to UDP server" 1657e309356SKristof Provost fi 1667e309356SKristof Provost} 1677e309356SKristof Provost 1687e309356SKristof Provostudp_cleanup() 1697e309356SKristof Provost{ 1707e309356SKristof Provost pft_cleanup 1717e309356SKristof Provost} 1727e309356SKristof Provost 173a43589dcSKristof Provostatf_test_case "sctp" "cleanup" 174a43589dcSKristof Provostsctp_head() 175a43589dcSKristof Provost{ 176a43589dcSKristof Provost atf_set descr 'SCTP NAT64 test' 177a43589dcSKristof Provost atf_set require.user root 178a43589dcSKristof Provost} 179a43589dcSKristof Provost 180a43589dcSKristof Provostsctp_body() 181a43589dcSKristof Provost{ 182a43589dcSKristof Provost nat64_setup 183a43589dcSKristof Provost if ! kldstat -q -m sctp; then 184a43589dcSKristof Provost atf_skip "This test requires SCTP" 185a43589dcSKristof Provost fi 186a43589dcSKristof Provost 187a43589dcSKristof Provost echo "foo" | jexec dst nc --sctp -N -l 1234 & 188a43589dcSKristof Provost 189a43589dcSKristof Provost # Sanity check & delay for nc startup 190a43589dcSKristof Provost atf_check -s exit:0 -o ignore \ 191a43589dcSKristof Provost ping6 -c 1 64:ff9b::192.0.2.2 192a43589dcSKristof Provost 193a43589dcSKristof Provost rcv=$(echo bar | nc --sctp -w 3 -6 64:ff9b::c000:202 1234) 194a43589dcSKristof Provost if [ "${rcv}" != "foo" ]; 195a43589dcSKristof Provost then 196a43589dcSKristof Provost echo "rcv=${rcv}" 197a43589dcSKristof Provost atf_fail "Failed to connect to SCTP server" 198a43589dcSKristof Provost fi 199a43589dcSKristof Provost} 200a43589dcSKristof Provost 201a43589dcSKristof Provostsctp_cleanup() 202a43589dcSKristof Provost{ 203a43589dcSKristof Provost pft_cleanup 204a43589dcSKristof Provost} 205a43589dcSKristof Provost 20627fca150SKristof Provostatf_test_case "tos" "cleanup" 20727fca150SKristof Provosttos_head() 20827fca150SKristof Provost{ 20927fca150SKristof Provost atf_set descr 'ToS translation test' 21027fca150SKristof Provost atf_set require.user root 21127fca150SKristof Provost} 21227fca150SKristof Provost 21327fca150SKristof Provosttos_body() 21427fca150SKristof Provost{ 21527fca150SKristof Provost nat64_setup 21627fca150SKristof Provost 21727fca150SKristof Provost # Ensure we can distinguish ToS on the destination 21827fca150SKristof Provost jexec dst pfctl -e 21927fca150SKristof Provost pft_set_rules dst \ 22027fca150SKristof Provost "pass" \ 22127fca150SKristof Provost "block in inet tos 8" 22227fca150SKristof Provost 22327fca150SKristof Provost atf_check -s exit:0 -o ignore \ 22427fca150SKristof Provost ping6 -c 1 -z 4 64:ff9b::192.0.2.2 22527fca150SKristof Provost atf_check -s exit:2 -o ignore \ 22627fca150SKristof Provost ping6 -c 1 -z 8 64:ff9b::192.0.2.2 22727fca150SKristof Provost atf_check -s exit:0 -o ignore \ 22827fca150SKristof Provost ping6 -c 1 -z 16 64:ff9b::192.0.2.2 22927fca150SKristof Provost 23027fca150SKristof Provost jexec dst pfctl -sr -vv 23127fca150SKristof Provost} 23227fca150SKristof Provost 23327fca150SKristof Provosttos_cleanup() 23427fca150SKristof Provost{ 23527fca150SKristof Provost pft_cleanup 23627fca150SKristof Provost} 23727fca150SKristof Provost 238*125e3952SKristof Provostatf_test_case "no_v4" "cleanup" 239*125e3952SKristof Provostno_v4_head() 240*125e3952SKristof Provost{ 241*125e3952SKristof Provost atf_set descr 'Test error handling when there is no IPv4 address to translate to' 242*125e3952SKristof Provost atf_set require.user root 243*125e3952SKristof Provost} 244*125e3952SKristof Provost 245*125e3952SKristof Provostno_v4_body() 246*125e3952SKristof Provost{ 247*125e3952SKristof Provost pft_init 248*125e3952SKristof Provost 249*125e3952SKristof Provost epair_link=$(vnet_mkepair) 250*125e3952SKristof Provost epair=$(vnet_mkepair) 251*125e3952SKristof Provost 252*125e3952SKristof Provost ifconfig ${epair}a inet6 2001:db8::2/64 up no_dad 253*125e3952SKristof Provost route -6 add default 2001:db8::1 254*125e3952SKristof Provost 255*125e3952SKristof Provost vnet_mkjail rtr ${epair}b ${epair_link}a 256*125e3952SKristof Provost jexec rtr ifconfig ${epair}b inet6 2001:db8::1/64 up no_dad 257*125e3952SKristof Provost 258*125e3952SKristof Provost vnet_mkjail dst ${epair_link}b 259*125e3952SKristof Provost jexec dst ifconfig ${epair_link}b 192.0.2.2/24 up 260*125e3952SKristof Provost jexec dst route add default 192.0.2.1 261*125e3952SKristof Provost 262*125e3952SKristof Provost # Sanity check 263*125e3952SKristof Provost atf_check -s exit:0 -o ignore \ 264*125e3952SKristof Provost ping6 -c 1 2001:db8::1 265*125e3952SKristof Provost 266*125e3952SKristof Provost jexec rtr pfctl -e 267*125e3952SKristof Provost pft_set_rules rtr \ 268*125e3952SKristof Provost "pass in on ${epair}b inet6 from any to 64:ff9b::/96 af-to inet from (${epair_link}a)" 269*125e3952SKristof Provost 270*125e3952SKristof Provost atf_check -s exit:2 -o ignore \ 271*125e3952SKristof Provost ping6 -c 3 64:ff9b::192.0.2.2 272*125e3952SKristof Provost} 273*125e3952SKristof Provost 274*125e3952SKristof Provostno_v4_cleanup() 275*125e3952SKristof Provost{ 276*125e3952SKristof Provost pft_cleanup 277*125e3952SKristof Provost} 2780656a680SKristof Provostatf_init_test_cases() 2790656a680SKristof Provost{ 2800656a680SKristof Provost atf_add_test_case "icmp_echo" 281e128e988SKristof Provost atf_add_test_case "fragmentation" 28222c63490SKristof Provost atf_add_test_case "tcp" 2837e309356SKristof Provost atf_add_test_case "udp" 284a43589dcSKristof Provost atf_add_test_case "sctp" 28527fca150SKristof Provost atf_add_test_case "tos" 286*125e3952SKristof Provost atf_add_test_case "no_v4" 2870656a680SKristof Provost} 288