xref: /freebsd/tests/sys/netpfil/pf/scrub.sh (revision 7ef62cebc2f965b0f640263e179276928885e33d)
1# $FreeBSD$
2#
3# SPDX-License-Identifier: BSD-2-Clause
4#
5# Copyright (c) 2020 Kristof Provost <kp@FreeBSD.org>
6# Copyright (c) 2023 Kajetan Staszkiewicz <vegeta@tuxpowered.net>
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11# 1. Redistributions of source code must retain the above copyright
12#    notice, this list of conditions and the following disclaimer.
13# 2. Redistributions in binary form must reproduce the above copyright
14#    notice, this list of conditions and the following disclaimer in the
15#    documentation and/or other materials provided with the distribution.
16#
17# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27# SUCH DAMAGE.
28
29. $(atf_get_srcdir)/utils.subr
30
31atf_test_case "max_mss_v4" "cleanup"
32max_mss_v4_head()
33{
34	atf_set descr 'Test IPv4 scrub "mss" rule'
35	atf_set require.user root
36	atf_set require.progs scapy
37}
38
39max_mss_v4_body()
40{
41	setup_router_dummy_ipv4
42	pft_set_rules router "scrub on ${epair_tester}b max-mss 1300"
43	# Check aligned
44	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300
45	# And unaligned
46	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300 \
47	    --send-tcpopt-unaligned
48}
49
50max_mss_v4_cleanup()
51{
52	pft_cleanup
53}
54
55
56atf_test_case "max_mss_v6" "cleanup"
57max_mss_v6_head()
58{
59	atf_set descr 'Test IPv6 scrub "mss" rule'
60	atf_set require.user root
61	atf_set require.progs scapy
62}
63
64max_mss_v6_body()
65{
66	setup_router_dummy_ipv6
67	pft_set_rules router "scrub on ${epair_tester}b max-mss 1300"
68	# Check aligned
69	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300
70	# And unaligned
71	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300 \
72	    --send-tcpopt-unaligned
73}
74
75max_mss_v6_cleanup()
76{
77	pft_cleanup
78}
79
80
81atf_test_case "set_tos_v4" "cleanup"
82set_tos_v4_head()
83{
84	atf_set descr 'Test IPv4 scub "set-tos" rule'
85	atf_set require.user root
86	atf_set require.progs scapy
87}
88
89set_tos_v4_body()
90{
91	setup_router_dummy_ipv4
92	pft_set_rules router "scrub on ${epair_tester}b set-tos 0x42"
93	ping_dummy_check_request exit:0 --send-tc=0 --expect-tc=66
94}
95
96set_tos_v4_cleanup()
97{
98	pft_cleanup
99}
100
101
102atf_test_case "set_tos_v6" "cleanup"
103set_tos_v6_head()
104{
105	atf_set descr 'Test IPv6 scub "set-tos" rule'
106	atf_set require.user root
107	atf_set require.progs scapy
108}
109
110set_tos_v6_body()
111{
112	setup_router_dummy_ipv6
113	pft_set_rules router "scrub on ${epair_tester}b set-tos 0x42"
114	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-tc=0 --expect-tc=66
115}
116
117set_tos_v6_cleanup()
118{
119	pft_cleanup
120}
121
122
123atf_test_case "min_ttl_v4" "cleanup"
124min_ttl_v4_head()
125{
126	atf_set descr 'Test IPv4 scub "min-ttl" rule'
127	atf_set require.user root
128	atf_set require.progs scapy
129}
130
131min_ttl_v4_body()
132{
133	setup_router_dummy_ipv4
134	pft_set_rules router "scrub on ${epair_tester}b min-ttl 50"
135	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-hlim=40 --expect-hlim=49
136}
137
138min_ttl_v4_cleanup()
139{
140	pft_cleanup
141}
142
143
144atf_test_case "min_ttl_v6" "cleanup"
145min_ttl_v6_head()
146{
147	atf_set descr 'Test IPv6 scub "min-ttl" rule'
148	atf_set require.user root
149	atf_set require.progs scapy
150}
151
152min_ttl_v6_body()
153{
154	setup_router_dummy_ipv6
155	pft_set_rules router "scrub on ${epair_tester}b min-ttl 50"
156	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-hlim=40 --expect-hlim=49
157}
158
159min_ttl_v6_cleanup()
160{
161	pft_cleanup
162}
163
164
165atf_test_case "no_scrub_v4" "cleanup"
166no_scrub_v4_head()
167{
168	atf_set descr 'Test IPv4 "no scrub" rule'
169	atf_set require.user root
170	atf_set require.progs scapy
171}
172
173no_scrub_v4_body()
174{
175	setup_router_dummy_ipv4
176	pft_set_rules router\
177		"no scrub on ${epair_tester}b to ${net_server_host_server}"
178		"scrub on ${epair_tester}b set-tos 0x42"
179	ping_dummy_check_request exit:0 --send-tc=0 --expect-tc=0
180}
181
182no_scrub_v4_cleanup()
183{
184	pft_cleanup
185}
186
187
188atf_test_case "no_scrub_v6" "cleanup"
189no_scrub_v6_head()
190{
191	atf_set descr 'Test IPv6 "no scrub" rule'
192	atf_set require.user root
193	atf_set require.progs scapy
194}
195
196no_scrub_v6_body()
197{
198	setup_router_dummy_ipv6
199	pft_set_rules router \
200		"no scrub on ${epair_tester}b to ${net_server_host_server}"
201		"scrub on ${epair_tester}b set-tos 0x42"
202	ping_dummy_check_request exit:0 --send-tc=0 --expect-tc=0
203}
204
205no_scrub_v6_cleanup()
206{
207	pft_cleanup
208}
209
210
211atf_init_test_cases()
212{
213	atf_add_test_case "max_mss_v4"
214	atf_add_test_case "max_mss_v6"
215	atf_add_test_case "set_tos_v4"
216	atf_add_test_case "set_tos_v6"
217	atf_add_test_case "min_ttl_v4"
218	atf_add_test_case "min_ttl_v6"
219	atf_add_test_case "no_scrub_v4"
220	atf_add_test_case "no_scrub_v6"
221}
222