xref: /freebsd/tests/sys/netpfil/pf/set_tos.sh (revision 036d2e814bf0f5d88ffb4b24c159320894541757) 
1# $FreeBSD$
2
3. $(atf_get_srcdir)/utils.subr
4
5common_dir=$(atf_get_srcdir)/../common
6
7atf_test_case "v4" "cleanup"
8v4_head()
9{
10	atf_set descr 'set-tos test'
11	atf_set require.user root
12
13	# We need scapy to be installed for out test scripts to work
14	atf_set require.progs scapy
15}
16
17v4_body()
18{
19	if [ `uname -p` = "i386" ]; then
20		atf_skip "https://bugs.freebsd.org/239380"
21	fi
22
23	pft_init
24
25	epair_send=$(vnet_mkepair)
26	ifconfig ${epair_send}a 192.0.2.1/24 up
27
28	epair_recv=$(vnet_mkepair)
29	ifconfig ${epair_recv}a up
30
31	vnet_mkjail alcatraz ${epair_send}b ${epair_recv}b
32	jexec alcatraz ifconfig ${epair_send}b 192.0.2.2/24 up
33	jexec alcatraz ifconfig ${epair_recv}b 198.51.100.2/24 up
34	jexec alcatraz sysctl net.inet.ip.forwarding=1
35	jexec alcatraz arp -s 198.51.100.3 00:01:02:03:04:05
36	route add -net 198.51.100.0/24 192.0.2.2
37
38	jexec alcatraz pfctl -e
39
40	# No change is done if not requested
41	pft_set_rules alcatraz "scrub out proto icmp"
42	atf_check -s exit:1 -o ignore ${common_dir}/pft_ping.py \
43		--sendif ${epair_send}a \
44		--to 198.51.100.3 \
45		--recvif ${epair_recv}a \
46		--expect-tos 42
47
48	# The requested ToS is set
49	pft_set_rules alcatraz "scrub out proto icmp set-tos 42"
50	atf_check -s exit:0 ${common_dir}/pft_ping.py \
51		--sendif ${epair_send}a \
52		--to 198.51.100.3 \
53		--recvif ${epair_recv}a \
54		--expect-tos 42
55
56	# ToS is not changed if the scrub rule does not match
57	pft_set_rules alcatraz "scrub out proto tcp set-tos 42"
58	atf_check -s exit:1 -o ignore ${common_dir}/pft_ping.py \
59		--sendif ${epair_send}a \
60		--to 198.51.100.3 \
61		--recvif ${epair_recv}a \
62		--expect-tos 42
63
64	# Multiple scrub rules match as expected
65	pft_set_rules alcatraz "scrub out proto tcp set-tos 13" \
66		"scrub out proto icmp set-tos 14"
67	atf_check -s exit:0 ${common_dir}/pft_ping.py \
68		--sendif ${epair_send}a \
69		--to 198.51.100.3 \
70		--recvif ${epair_recv}a \
71		--expect-tos 14
72
73	# And this works even if the packet already has ToS values set
74	atf_check -s exit:0 ${common_dir}/pft_ping.py \
75		--sendif ${epair_send}a \
76		--to 198.51.100.3 \
77		--recvif ${epair_recv}a \
78		--send-tos 42 \
79		--expect-tos 14
80
81	# ToS values are unmolested if the packets do not match a scrub rule
82	pft_set_rules alcatraz "scrub out proto tcp set-tos 13"
83	atf_check -s exit:0 ${common_dir}/pft_ping.py \
84		--sendif ${epair_send}a \
85		--to 198.51.100.3 \
86		--recvif ${epair_recv}a \
87		--send-tos 42 \
88		--expect-tos 42
89}
90
91v4_cleanup()
92{
93	pft_cleanup
94}
95
96atf_init_test_cases()
97{
98	atf_add_test_case "v4"
99}
100