1# SPDX-License-Identifier: BSD-2-Clause 2# 3# Copyright (c) 2020 Kristof Provost <kp@FreeBSD.org> 4# Copyright (c) 2023 Kajetan Staszkiewicz <vegeta@tuxpowered.net> 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26 27. $(atf_get_srcdir)/utils.subr 28 29common_dir=$(atf_get_srcdir)/../common 30 31atf_test_case "max_mss_v4" "cleanup" 32max_mss_v4_head() 33{ 34 atf_set descr 'Test IPv4 scrub "mss" rule' 35 atf_set require.user root 36 atf_set require.progs scapy 37} 38 39max_mss_v4_body() 40{ 41 setup_router_dummy_ipv4 42 pft_set_rules router "scrub on ${epair_tester}b max-mss 1300" 43 # Check aligned 44 ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300 45 # And unaligned 46 ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300 \ 47 --send-tcpopt-unaligned 48} 49 50max_mss_v4_cleanup() 51{ 52 pft_cleanup 53} 54 55 56atf_test_case "max_mss_v6" "cleanup" 57max_mss_v6_head() 58{ 59 atf_set descr 'Test IPv6 scrub "mss" rule' 60 atf_set require.user root 61 atf_set require.progs scapy 62} 63 64max_mss_v6_body() 65{ 66 setup_router_dummy_ipv6 67 pft_set_rules router "scrub on ${epair_tester}b max-mss 1300" 68 # Check aligned 69 ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300 70 # And unaligned 71 ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300 \ 72 --send-tcpopt-unaligned 73} 74 75max_mss_v6_cleanup() 76{ 77 pft_cleanup 78} 79 80 81atf_test_case "set_tos_v4" "cleanup" 82set_tos_v4_head() 83{ 84 atf_set descr 'Test IPv4 scub "set-tos" rule' 85 atf_set require.user root 86 atf_set require.progs scapy 87} 88 89set_tos_v4_body() 90{ 91 setup_router_dummy_ipv4 92 pft_set_rules router "scrub on ${epair_tester}b set-tos 0x42" 93 ping_dummy_check_request exit:0 --send-tc=0 --expect-tc=66 94} 95 96set_tos_v4_cleanup() 97{ 98 pft_cleanup 99} 100 101 102atf_test_case "set_tos_v6" "cleanup" 103set_tos_v6_head() 104{ 105 atf_set descr 'Test IPv6 scub "set-tos" rule' 106 atf_set require.user root 107 atf_set require.progs scapy 108} 109 110set_tos_v6_body() 111{ 112 setup_router_dummy_ipv6 113 pft_set_rules router "scrub on ${epair_tester}b set-tos 0x42" 114 ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-tc=0 --expect-tc=66 115} 116 117set_tos_v6_cleanup() 118{ 119 pft_cleanup 120} 121 122 123atf_test_case "min_ttl_v4" "cleanup" 124min_ttl_v4_head() 125{ 126 atf_set descr 'Test IPv4 scub "min-ttl" rule' 127 atf_set require.user root 128 atf_set require.progs scapy 129} 130 131min_ttl_v4_body() 132{ 133 setup_router_dummy_ipv4 134 pft_set_rules router "scrub on ${epair_tester}b min-ttl 50" 135 ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-hlim=40 --expect-hlim=49 136} 137 138min_ttl_v4_cleanup() 139{ 140 pft_cleanup 141} 142 143 144atf_test_case "min_ttl_v6" "cleanup" 145min_ttl_v6_head() 146{ 147 atf_set descr 'Test IPv6 scub "min-ttl" rule' 148 atf_set require.user root 149 atf_set require.progs scapy 150} 151 152min_ttl_v6_body() 153{ 154 setup_router_dummy_ipv6 155 pft_set_rules router "scrub on ${epair_tester}b min-ttl 50" 156 ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-hlim=40 --expect-hlim=49 157} 158 159min_ttl_v6_cleanup() 160{ 161 pft_cleanup 162} 163 164 165atf_test_case "no_scrub_v4" "cleanup" 166no_scrub_v4_head() 167{ 168 atf_set descr 'Test IPv4 "no scrub" rule' 169 atf_set require.user root 170 atf_set require.progs scapy 171} 172 173no_scrub_v4_body() 174{ 175 setup_router_dummy_ipv4 176 pft_set_rules router\ 177 "no scrub on ${epair_tester}b to ${net_server_host_server}" 178 "scrub on ${epair_tester}b set-tos 0x42" 179 ping_dummy_check_request exit:0 --send-tc=0 --expect-tc=0 180} 181 182no_scrub_v4_cleanup() 183{ 184 pft_cleanup 185} 186 187 188atf_test_case "no_scrub_v6" "cleanup" 189no_scrub_v6_head() 190{ 191 atf_set descr 'Test IPv6 "no scrub" rule' 192 atf_set require.user root 193 atf_set require.progs scapy 194} 195 196no_scrub_v6_body() 197{ 198 setup_router_dummy_ipv6 199 pft_set_rules router \ 200 "no scrub on ${epair_tester}b to ${net_server_host_server}" 201 "scrub on ${epair_tester}b set-tos 0x42" 202 ping_dummy_check_request exit:0 --send-tc=0 --expect-tc=0 203} 204 205no_scrub_v6_cleanup() 206{ 207 pft_cleanup 208} 209 210 211atf_init_test_cases() 212{ 213 atf_add_test_case "max_mss_v4" 214 atf_add_test_case "max_mss_v6" 215 atf_add_test_case "set_tos_v4" 216 atf_add_test_case "set_tos_v6" 217 atf_add_test_case "min_ttl_v4" 218 atf_add_test_case "min_ttl_v6" 219 atf_add_test_case "no_scrub_v4" 220 atf_add_test_case "no_scrub_v6" 221} 222