xref: /freebsd/tests/sys/netpfil/pf/scrub_pass.sh (revision b2d2a78ad80ec68d4a17f5aef97d21686cb1e29b)
1# SPDX-License-Identifier: BSD-2-Clause
2#
3# Copyright (c) 2020 Kristof Provost <kp@FreeBSD.org>
4# Copyright (c) 2023 Kajetan Staszkiewicz <vegeta@tuxpowered.net>
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26
27. $(atf_get_srcdir)/utils.subr
28
29common_dir=$(atf_get_srcdir)/../common
30
31atf_test_case "max_mss_v4" "cleanup"
32max_mss_v4_head()
33{
34	atf_set descr 'Test IPv4 pass "mss" rule'
35	atf_set require.user root
36	atf_set require.progs scapy
37}
38
39max_mss_v4_body()
40{
41	setup_router_dummy_ipv4
42	pft_set_rules router "pass on ${epair_tester}b scrub ( max-mss 1300 )"
43	# Check aligned
44	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300
45	# And unaligned
46	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300 \
47	    --send-tcpopt-unaligned
48}
49
50max_mss_v4_cleanup()
51{
52	pft_cleanup
53}
54
55
56atf_test_case "max_mss_v6" "cleanup"
57max_mss_v6_head()
58{
59	atf_set descr 'Test IPv6 pass "mss" rule'
60	atf_set require.user root
61	atf_set require.progs scapy
62}
63
64max_mss_v6_body()
65{
66	setup_router_dummy_ipv6
67	pft_set_rules router "pass on ${epair_tester}b scrub ( max-mss 1300 )"
68	# Check aligned
69	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300
70	# And unaligned
71	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-mss=1400 --expect-mss=1300 \
72	    --send-tcpopt-unaligned
73}
74
75max_mss_v6_cleanup()
76{
77	pft_cleanup
78}
79
80
81atf_test_case "set_tos_v4" "cleanup"
82set_tos_v4_head()
83{
84	atf_set descr 'Test IPv4 pass "set-tos" rule'
85	atf_set require.user root
86	atf_set require.progs scapy
87}
88
89set_tos_v4_body()
90{
91	setup_router_dummy_ipv4
92	pft_set_rules router "pass on ${epair_tester}b set ( tos 0x42 )"
93	ping_dummy_check_request exit:0 --send-tc=66 --expect-tc=66
94}
95
96set_tos_v4_cleanup()
97{
98	pft_cleanup
99}
100
101
102atf_test_case "set_tos_v6" "cleanup"
103set_tos_v6_head()
104{
105	atf_set descr 'Test IPv6 pass "set-tos" rule'
106	atf_set require.user root
107	atf_set require.progs scapy
108}
109
110set_tos_v6_body()
111{
112	setup_router_dummy_ipv4
113	pft_set_rules router "pass on ${epair_tester}b set ( tos 0x42 )"
114	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-tc=66 --expect-tc=66
115}
116
117set_tos_v6_cleanup()
118{
119	pft_cleanup
120}
121
122
123atf_test_case "min_ttl_v4" "cleanup"
124min_ttl_v4_head()
125{
126	atf_set descr 'Test IPv4 pass "min-ttl" rule'
127	atf_set require.user root
128	atf_set require.progs scapy
129}
130
131min_ttl_v4_body()
132{
133	setup_router_dummy_ipv4
134	pft_set_rules router "pass on ${epair_tester}b scrub ( min-ttl 50 )"
135	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-hlim=40 --expect-hlim=49
136}
137
138min_ttl_v4_cleanup()
139{
140	pft_cleanup
141}
142
143
144atf_test_case "min_ttl_v6" "cleanup"
145min_ttl_v6_head()
146{
147	atf_set descr 'Test IPv6 pass "min-ttl" rule'
148	atf_set require.user root
149	atf_set require.progs scapy
150}
151
152min_ttl_v6_body()
153{
154	setup_router_dummy_ipv6
155	pft_set_rules router "pass on ${epair_tester}b scrub ( min-ttl 50 )"
156	ping_dummy_check_request exit:0 --ping-type=tcpsyn --send-hlim=40 --expect-hlim=49
157}
158
159min_ttl_v6_cleanup()
160{
161	pft_cleanup
162}
163
164
165atf_init_test_cases()
166{
167	atf_add_test_case "max_mss_v4"
168	atf_add_test_case "max_mss_v6"
169	atf_add_test_case "set_tos_v4"
170	atf_add_test_case "set_tos_v6"
171	atf_add_test_case "min_ttl_v4"
172	atf_add_test_case "min_ttl_v6"
173}
174