xref: /freebsd/tests/sys/netpfil/pf/set_tos.sh (revision bdafb02fcb88389fd1ab684cfe734cb429d35618) 
1# $FreeBSD$
2
3. $(atf_get_srcdir)/utils.subr
4
5atf_test_case "v4" "cleanup"
6v4_head()
7{
8	atf_set descr 'set-tos test'
9	atf_set require.user root
10
11	# We need scapy to be installed for out test scripts to work
12	atf_set require.progs scapy
13}
14
15v4_body()
16{
17	pft_init
18
19	epair_send=$(pft_mkepair)
20	ifconfig ${epair_send}a 192.0.2.1/24 up
21
22	epair_recv=$(pft_mkepair)
23	ifconfig ${epair_recv}a up
24
25	pft_mkjail alcatraz ${epair_send}b ${epair_recv}b
26	jexec alcatraz ifconfig ${epair_send}b 192.0.2.2/24 up
27	jexec alcatraz ifconfig ${epair_recv}b 198.51.100.2/24 up
28	jexec alcatraz sysctl net.inet.ip.forwarding=1
29	jexec alcatraz arp -s 198.51.100.3 00:01:02:03:04:05
30	route add -net 198.51.100.0/24 192.0.2.2
31
32	jexec alcatraz pfctl -e
33
34	# No change is done if not requested
35	pft_set_rules alcatraz "scrub out proto icmp"
36	atf_check -s exit:1 -o ignore $(atf_get_srcdir)/pft_ping.py \
37		--sendif ${epair_send}a \
38		--to 198.51.100.3 \
39		--recvif ${epair_recv}a \
40		--expect-tos 42
41
42	# The requested ToS is set
43	pft_set_rules alcatraz "scrub out proto icmp set-tos 42"
44	atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
45		--sendif ${epair_send}a \
46		--to 198.51.100.3 \
47		--recvif ${epair_recv}a \
48		--expect-tos 42
49
50	# ToS is not changed if the scrub rule does not match
51	pft_set_rules alcatraz "scrub out proto tcp set-tos 42"
52	atf_check -s exit:1 -o ignore $(atf_get_srcdir)/pft_ping.py \
53		--sendif ${epair_send}a \
54		--to 198.51.100.3 \
55		--recvif ${epair_recv}a \
56		--expect-tos 42
57
58	# Multiple scrub rules match as expected
59	pft_set_rules alcatraz "scrub out proto tcp set-tos 13" \
60		"scrub out proto icmp set-tos 14"
61	atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
62		--sendif ${epair_send}a \
63		--to 198.51.100.3 \
64		--recvif ${epair_recv}a \
65		--expect-tos 14
66
67	# And this works even if the packet already has ToS values set
68	atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
69		--sendif ${epair_send}a \
70		--to 198.51.100.3 \
71		--recvif ${epair_recv}a \
72		--send-tos 42 \
73		--expect-tos 14
74
75	# ToS values are unmolested if the packets do not match a scrub rule
76	pft_set_rules alcatraz "scrub out proto tcp set-tos 13"
77	atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
78		--sendif ${epair_send}a \
79		--to 198.51.100.3 \
80		--recvif ${epair_recv}a \
81		--send-tos 42 \
82		--expect-tos 42
83}
84
85v4_cleanup()
86{
87	pft_cleanup
88}
89
90atf_init_test_cases()
91{
92	atf_add_test_case "v4"
93}
94