xref: /freebsd/tests/sys/netpfil/pf/scrub.sh (revision 59144db3fca192c4637637dfe6b5a5d98632cd47)
1#
2# SPDX-License-Identifier: BSD-2-Clause
3#
4# Copyright (c) 2020 Kristof Provost <kp@FreeBSD.org>
5# Copyright (c) 2023 Kajetan Staszkiewicz <vegeta@tuxpowered.net>
6#
7# Redistribution and use in source and binary forms, with or without
8# modification, are permitted provided that the following conditions
9# are met:
10# 1. Redistributions of source code must retain the above copyright
11#    notice, this list of conditions and the following disclaimer.
12# 2. Redistributions in binary form must reproduce the above copyright
13#    notice, this list of conditions and the following disclaimer in the
14#    documentation and/or other materials provided with the distribution.
15#
16# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26# SUCH DAMAGE.
27
28. $(atf_get_srcdir)/utils.subr
29
30atf_test_case "max_mss_v4" "cleanup"
31max_mss_v4_head()
32{
33	atf_set descr 'Test IPv4 scrub "mss" rule'
34	atf_set require.user root
35	atf_set require.progs scapy
36}
37
38max_mss_v4_body()
39{
40	setup_router_dummy_ipv4
41	pft_set_rules router "scrub on ${epair_tester}b max-mss 1300"
42	# Check aligned
43	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300
44	# And unaligned
45	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300 \
46	    --send-tcpopt-unaligned
47}
48
49max_mss_v4_cleanup()
50{
51	pft_cleanup
52}
53
54
55atf_test_case "max_mss_v6" "cleanup"
56max_mss_v6_head()
57{
58	atf_set descr 'Test IPv6 scrub "mss" rule'
59	atf_set require.user root
60	atf_set require.progs scapy
61}
62
63max_mss_v6_body()
64{
65	setup_router_dummy_ipv6
66	pft_set_rules router "scrub on ${epair_tester}b max-mss 1300"
67	# Check aligned
68	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300
69	# And unaligned
70	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300 \
71	    --send-tcpopt-unaligned
72}
73
74max_mss_v6_cleanup()
75{
76	pft_cleanup
77}
78
79
80atf_test_case "set_tos_v4" "cleanup"
81set_tos_v4_head()
82{
83	atf_set descr 'Test IPv4 scub "set-tos" rule'
84	atf_set require.user root
85	atf_set require.progs scapy
86}
87
88set_tos_v4_body()
89{
90	setup_router_dummy_ipv4
91	pft_set_rules router "scrub on ${epair_tester}b set-tos 0x42"
92	ping_dummy_check_request exit:0 --send-tc=0 --expect-tc=66
93}
94
95set_tos_v4_cleanup()
96{
97	pft_cleanup
98}
99
100
101atf_test_case "set_tos_v6" "cleanup"
102set_tos_v6_head()
103{
104	atf_set descr 'Test IPv6 scub "set-tos" rule'
105	atf_set require.user root
106	atf_set require.progs scapy
107}
108
109set_tos_v6_body()
110{
111	setup_router_dummy_ipv6
112	pft_set_rules router "scrub on ${epair_tester}b set-tos 0x42"
113	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-tc=0 --expect-tc=66
114}
115
116set_tos_v6_cleanup()
117{
118	pft_cleanup
119}
120
121
122atf_test_case "min_ttl_v4" "cleanup"
123min_ttl_v4_head()
124{
125	atf_set descr 'Test IPv4 scub "min-ttl" rule'
126	atf_set require.user root
127	atf_set require.progs scapy
128}
129
130min_ttl_v4_body()
131{
132	setup_router_dummy_ipv4
133	pft_set_rules router "scrub on ${epair_tester}b min-ttl 50"
134	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-hlim=40 --expect-hlim=49
135}
136
137min_ttl_v4_cleanup()
138{
139	pft_cleanup
140}
141
142
143atf_test_case "min_ttl_v6" "cleanup"
144min_ttl_v6_head()
145{
146	atf_set descr 'Test IPv6 scub "min-ttl" rule'
147	atf_set require.user root
148	atf_set require.progs scapy
149}
150
151min_ttl_v6_body()
152{
153	setup_router_dummy_ipv6
154	pft_set_rules router "scrub on ${epair_tester}b min-ttl 50"
155	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-hlim=40 --expect-hlim=49
156}
157
158min_ttl_v6_cleanup()
159{
160	pft_cleanup
161}
162
163
164atf_test_case "no_scrub_v4" "cleanup"
165no_scrub_v4_head()
166{
167	atf_set descr 'Test IPv4 "no scrub" rule'
168	atf_set require.user root
169	atf_set require.progs scapy
170}
171
172no_scrub_v4_body()
173{
174	setup_router_dummy_ipv4
175	pft_set_rules router\
176		"no scrub on ${epair_tester}b to ${net_server_host_server}"
177		"scrub on ${epair_tester}b set-tos 0x42"
178	ping_dummy_check_request exit:0 --send-tc=0 --expect-tc=0
179}
180
181no_scrub_v4_cleanup()
182{
183	pft_cleanup
184}
185
186
187atf_test_case "no_scrub_v6" "cleanup"
188no_scrub_v6_head()
189{
190	atf_set descr 'Test IPv6 "no scrub" rule'
191	atf_set require.user root
192	atf_set require.progs scapy
193}
194
195no_scrub_v6_body()
196{
197	setup_router_dummy_ipv6
198	pft_set_rules router \
199		"no scrub on ${epair_tester}b to ${net_server_host_server}"
200		"scrub on ${epair_tester}b set-tos 0x42"
201	ping_dummy_check_request exit:0 --send-tc=0 --expect-tc=0
202}
203
204no_scrub_v6_cleanup()
205{
206	pft_cleanup
207}
208
209
210atf_init_test_cases()
211{
212	atf_add_test_case "max_mss_v4"
213	atf_add_test_case "max_mss_v6"
214	atf_add_test_case "set_tos_v4"
215	atf_add_test_case "set_tos_v6"
216	atf_add_test_case "min_ttl_v4"
217	atf_add_test_case "min_ttl_v6"
218	atf_add_test_case "no_scrub_v4"
219	atf_add_test_case "no_scrub_v6"
220}
221