1fcace290SJake Freeland#- 2fcace290SJake Freeland# SPDX-License-Identifier: BSD-2-Clause 3fcace290SJake Freeland# 4fcace290SJake Freeland# Copyright (c) 2021, 2023 The FreeBSD Foundation 5ae4f708fSMark Johnston# Copyright (c) 2024 Mark Johnston <markj@FreeBSD.org> 6fcace290SJake Freeland# 7fcace290SJake Freeland# This software was developed by Mark Johnston under sponsorship from 8fcace290SJake Freeland# the FreeBSD Foundation. 9fcace290SJake Freeland# 10fcace290SJake Freeland# This software was developed by Jake Freeland under sponsorship from 11fcace290SJake Freeland# the FreeBSD Foundation. 12fcace290SJake Freeland# 13fcace290SJake Freeland 14fcace290SJake Freeland# Tests to-do: 158b63477eSJake Freeland# actions: users 16fcace290SJake Freeland 1766a022a3SMichal Scigocki. $(atf_get_srcdir)/syslogd_test_common.sh 18fcace290SJake Freeland 19b872bb72SJake Freelandatf_test_case "unix" "cleanup" 20b872bb72SJake Freelandunix_head() 21fcace290SJake Freeland{ 22b872bb72SJake Freeland atf_set descr "Messages are logged over UNIX transport" 23fcace290SJake Freeland} 24b872bb72SJake Freelandunix_body() 25fcace290SJake Freeland{ 26b872bb72SJake Freeland local logfile="${PWD}/unix.log" 27b872bb72SJake Freeland 28fcace290SJake Freeland printf "user.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}" 29fcace290SJake Freeland syslogd_start 30fcace290SJake Freeland 31b872bb72SJake Freeland syslogd_log -p user.debug -t unix -h "${SYSLOGD_LOCAL_SOCKET}" \ 32fcace290SJake Freeland "hello, world (unix)" 33b872bb72SJake Freeland atf_check -s exit:0 -o match:"unix: hello, world \(unix\)" \ 34fcace290SJake Freeland tail -n 1 "${logfile}" 35b872bb72SJake Freeland} 36b872bb72SJake Freelandunix_cleanup() 37b872bb72SJake Freeland{ 38b872bb72SJake Freeland syslogd_stop 39b872bb72SJake Freeland} 40fcace290SJake Freeland 41b872bb72SJake Freelandatf_test_case "inet" "cleanup" 42b872bb72SJake Freelandinet_head() 43b872bb72SJake Freeland{ 44b872bb72SJake Freeland atf_set descr "Messages are logged over INET transport" 45b872bb72SJake Freeland} 46b872bb72SJake Freelandinet_body() 47b872bb72SJake Freeland{ 48b872bb72SJake Freeland local logfile="${PWD}/inet.log" 49b872bb72SJake Freeland 50b872bb72SJake Freeland [ "$(sysctl -n kern.features.inet)" != "1" ] && 51b872bb72SJake Freeland atf_skip "Kernel does not support INET" 52b872bb72SJake Freeland 53b872bb72SJake Freeland printf "user.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}" 54b872bb72SJake Freeland syslogd_start 55fcace290SJake Freeland 56fcace290SJake Freeland # We have INET transport; make sure we can use it. 57b872bb72SJake Freeland syslogd_log -4 -p user.debug -t inet -h 127.0.0.1 -P "${SYSLOGD_UDP_PORT}" \ 58fcace290SJake Freeland "hello, world (v4)" 59b872bb72SJake Freeland atf_check -s exit:0 -o match:"inet: hello, world \(v4\)" \ 60fcace290SJake Freeland tail -n 1 "${logfile}" 61fcace290SJake Freeland} 62b872bb72SJake Freelandinet_cleanup() 63b872bb72SJake Freeland{ 64b872bb72SJake Freeland syslogd_stop 65b872bb72SJake Freeland} 66b872bb72SJake Freeland 67b872bb72SJake Freelandatf_test_case "inet6" "cleanup" 68b872bb72SJake Freelandinet6_head() 69b872bb72SJake Freeland{ 70b872bb72SJake Freeland atf_set descr "Messages are logged over INET6 transport" 71b872bb72SJake Freeland} 72b872bb72SJake Freelandinet6_body() 73b872bb72SJake Freeland{ 74b872bb72SJake Freeland local logfile="${PWD}/inet6.log" 75b872bb72SJake Freeland 76b872bb72SJake Freeland [ "$(sysctl -n kern.features.inet6)" != "1" ] && 77b872bb72SJake Freeland atf_skip "Kernel does not support INET6" 78b872bb72SJake Freeland 79b872bb72SJake Freeland printf "user.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}" 80b872bb72SJake Freeland syslogd_start 81b872bb72SJake Freeland 82b872bb72SJake Freeland # We have INET6 transport; make sure we can use it. 83b872bb72SJake Freeland syslogd_log -6 -p user.debug -t unix -h ::1 -P "${SYSLOGD_UDP_PORT}" \ 84b872bb72SJake Freeland "hello, world (v6)" 85b872bb72SJake Freeland atf_check -s exit:0 -o match:"unix: hello, world \(v6\)" \ 86b872bb72SJake Freeland tail -n 1 "${logfile}" 87b872bb72SJake Freeland} 88b872bb72SJake Freelandinet6_cleanup() 89fcace290SJake Freeland{ 90fcace290SJake Freeland syslogd_stop 91fcace290SJake Freeland} 92fcace290SJake Freeland 93fcace290SJake Freelandatf_test_case "reload" "cleanup" 94fcace290SJake Freelandreload_head() 95fcace290SJake Freeland{ 96fcace290SJake Freeland atf_set descr "SIGHUP correctly refreshes configuration" 97fcace290SJake Freeland} 98fcace290SJake Freelandreload_body() 99fcace290SJake Freeland{ 100fcace290SJake Freeland logfile="${PWD}/reload.log" 101fcace290SJake Freeland printf "user.debug\t/${logfile}\n" > "${SYSLOGD_CONFIG}" 102fcace290SJake Freeland syslogd_start 103fcace290SJake Freeland 104fcace290SJake Freeland syslogd_log -p user.debug -t reload -h "${SYSLOGD_LOCAL_SOCKET}" \ 105fcace290SJake Freeland "pre-reload" 106fcace290SJake Freeland atf_check -s exit:0 -o match:"reload: pre-reload" tail -n 1 "${logfile}" 107fcace290SJake Freeland 108fcace290SJake Freeland # Override the old rule. 109fcace290SJake Freeland truncate -s 0 "${logfile}" 110fcace290SJake Freeland printf "news.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}" 111fcace290SJake Freeland syslogd_reload 112fcace290SJake Freeland 113fcace290SJake Freeland syslogd_log -p user.debug -t reload -h "${SYSLOGD_LOCAL_SOCKET}" \ 114fcace290SJake Freeland "post-reload user" 115fcace290SJake Freeland syslogd_log -p news.debug -t reload -h "${SYSLOGD_LOCAL_SOCKET}" \ 116fcace290SJake Freeland "post-reload news" 117fcace290SJake Freeland atf_check -s exit:0 -o not-match:"reload: post-reload user" cat ${logfile} 118fcace290SJake Freeland atf_check -s exit:0 -o match:"reload: post-reload news" cat ${logfile} 119fcace290SJake Freeland} 120fcace290SJake Freelandreload_cleanup() 121fcace290SJake Freeland{ 122fcace290SJake Freeland syslogd_stop 123fcace290SJake Freeland} 124fcace290SJake Freeland 125fcace290SJake Freelandatf_test_case "prog_filter" "cleanup" 126fcace290SJake Freelandprog_filter_head() 127fcace290SJake Freeland{ 128fcace290SJake Freeland atf_set descr "Messages are only received from programs in the filter" 129fcace290SJake Freeland} 130fcace290SJake Freelandprog_filter_body() 131fcace290SJake Freeland{ 132fcace290SJake Freeland logfile="${PWD}/prog_filter.log" 133fcace290SJake Freeland printf "!prog1,prog2\nuser.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}" 134fcace290SJake Freeland syslogd_start 135fcace290SJake Freeland 136fcace290SJake Freeland for i in 1 2 3; do 137fcace290SJake Freeland syslogd_log -p user.debug -t "prog${i}" -h "${SYSLOGD_LOCAL_SOCKET}" \ 138fcace290SJake Freeland "hello this is prog${i}" 139fcace290SJake Freeland done 140fcace290SJake Freeland atf_check -s exit:0 -o match:"prog1: hello this is prog1" cat "${logfile}" 141fcace290SJake Freeland atf_check -s exit:0 -o match:"prog2: hello this is prog2" cat "${logfile}" 142fcace290SJake Freeland atf_check -s exit:0 -o not-match:"prog3: hello this is prog3" cat "${logfile}" 143fcace290SJake Freeland 144fcace290SJake Freeland # Override the old rule. 145fcace290SJake Freeland truncate -s 0 ${logfile} 146fcace290SJake Freeland printf "!-prog1,prog2\nuser.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}" 147fcace290SJake Freeland syslogd_reload 148fcace290SJake Freeland 149fcace290SJake Freeland for i in 1 2 3; do 150fcace290SJake Freeland syslogd_log -p user.debug -t "prog${i}" -h "${SYSLOGD_LOCAL_SOCKET}" \ 151fcace290SJake Freeland "hello this is prog${i}" 152fcace290SJake Freeland done 153fcace290SJake Freeland atf_check -s exit:0 -o not-match:"prog1: hello this is prog1" cat "${logfile}" 154fcace290SJake Freeland atf_check -s exit:0 -o not-match:"prog2: hello this is prog2" cat "${logfile}" 155fcace290SJake Freeland atf_check -s exit:0 -o match:"prog3: hello this is prog3" cat "${logfile}" 156fcace290SJake Freeland} 157fcace290SJake Freelandprog_filter_cleanup() 158fcace290SJake Freeland{ 159fcace290SJake Freeland syslogd_stop 160fcace290SJake Freeland} 161fcace290SJake Freeland 162fcace290SJake Freelandatf_test_case "host_filter" "cleanup" 163fcace290SJake Freelandhost_filter_head() 164fcace290SJake Freeland{ 165fcace290SJake Freeland atf_set descr "Messages are only received from hostnames in the filter" 166fcace290SJake Freeland} 167fcace290SJake Freelandhost_filter_body() 168fcace290SJake Freeland{ 169fcace290SJake Freeland logfile="${PWD}/host_filter.log" 170fcace290SJake Freeland printf "+host1,host2\nuser.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}" 171fcace290SJake Freeland syslogd_start 172fcace290SJake Freeland 173fcace290SJake Freeland for i in 1 2 3; do 174fcace290SJake Freeland syslogd_log -p user.debug -t "host${i}" -H "host${i}" \ 175fcace290SJake Freeland -h "${SYSLOGD_LOCAL_SOCKET}" "hello this is host${i}" 176fcace290SJake Freeland done 177fcace290SJake Freeland atf_check -s exit:0 -o match:"host1: hello this is host1" cat "${logfile}" 178fcace290SJake Freeland atf_check -s exit:0 -o match:"host2: hello this is host2" cat "${logfile}" 179fcace290SJake Freeland atf_check -s exit:0 -o not-match:"host3: hello this is host3" cat "${logfile}" 180fcace290SJake Freeland 181fcace290SJake Freeland # Override the old rule. 182fcace290SJake Freeland truncate -s 0 ${logfile} 183fcace290SJake Freeland printf "\-host1,host2\nuser.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}" 184fcace290SJake Freeland syslogd_reload 185fcace290SJake Freeland 186fcace290SJake Freeland for i in 1 2 3; do 187fcace290SJake Freeland syslogd_log -p user.debug -t "host${i}" -H "host${i}" \ 188fcace290SJake Freeland -h "${SYSLOGD_LOCAL_SOCKET}" "hello this is host${i}" 189fcace290SJake Freeland done 190fcace290SJake Freeland atf_check -s exit:0 -o not-match:"host1: hello this is host1" cat "${logfile}" 191fcace290SJake Freeland atf_check -s exit:0 -o not-match:"host2: hello this is host2" cat "${logfile}" 192fcace290SJake Freeland atf_check -s exit:0 -o match:"host3: hello this is host3" cat "${logfile}" 193fcace290SJake Freeland} 194fcace290SJake Freelandhost_filter_cleanup() 195fcace290SJake Freeland{ 196fcace290SJake Freeland syslogd_stop 197fcace290SJake Freeland} 198fcace290SJake Freeland 199fcace290SJake Freelandatf_test_case "prop_filter" "cleanup" 200fcace290SJake Freelandprop_filter_head() 201fcace290SJake Freeland{ 202fcace290SJake Freeland atf_set descr "Messages are received based on conditions in the propery based filter" 203fcace290SJake Freeland} 204fcace290SJake Freelandprop_filter_body() 205fcace290SJake Freeland{ 206fcace290SJake Freeland logfile="${PWD}/prop_filter.log" 207fcace290SJake Freeland printf ":msg,contains,\"FreeBSD\"\nuser.debug\t${logfile}\n" \ 208fcace290SJake Freeland > "${SYSLOGD_CONFIG}" 209fcace290SJake Freeland syslogd_start 210fcace290SJake Freeland 211fcace290SJake Freeland syslogd_log -p user.debug -t "prop1" -h "${SYSLOGD_LOCAL_SOCKET}" "FreeBSD" 212fcace290SJake Freeland syslogd_log -p user.debug -t "prop2" -h "${SYSLOGD_LOCAL_SOCKET}" "freebsd" 213fcace290SJake Freeland atf_check -s exit:0 -o match:"prop1: FreeBSD" cat "${logfile}" 214fcace290SJake Freeland atf_check -s exit:0 -o not-match:"prop2: freebsd" cat "${logfile}" 215fcace290SJake Freeland 216fcace290SJake Freeland truncate -s 0 ${logfile} 217fcace290SJake Freeland printf ":msg,!contains,\"FreeBSD\"\nuser.debug\t${logfile}\n" \ 218fcace290SJake Freeland > "${SYSLOGD_CONFIG}" 219fcace290SJake Freeland syslogd_reload 220fcace290SJake Freeland 221fcace290SJake Freeland syslogd_log -p user.debug -t "prop1" -h "${SYSLOGD_LOCAL_SOCKET}" "FreeBSD" 222fcace290SJake Freeland syslogd_log -p user.debug -t "prop2" -h "${SYSLOGD_LOCAL_SOCKET}" "freebsd" 223fcace290SJake Freeland atf_check -s exit:0 -o not-match:"prop1: FreeBSD" cat "${logfile}" 224fcace290SJake Freeland atf_check -s exit:0 -o match:"prop2: freebsd" cat "${logfile}" 225fcace290SJake Freeland 226fcace290SJake Freeland truncate -s 0 ${logfile} 227fcace290SJake Freeland printf ":msg,icase_contains,\"FreeBSD\"\nuser.debug\t${logfile}\n" \ 228fcace290SJake Freeland > "${SYSLOGD_CONFIG}" 229fcace290SJake Freeland syslogd_reload 230fcace290SJake Freeland 231fcace290SJake Freeland syslogd_log -p user.debug -t "prop1" -h "${SYSLOGD_LOCAL_SOCKET}" "FreeBSD" 232fcace290SJake Freeland syslogd_log -p user.debug -t "prop2" -h "${SYSLOGD_LOCAL_SOCKET}" "freebsd" 233fcace290SJake Freeland atf_check -s exit:0 -o match:"prop1: FreeBSD" cat "${logfile}" 234fcace290SJake Freeland atf_check -s exit:0 -o match:"prop2: freebsd" cat "${logfile}" 235fcace290SJake Freeland 236fcace290SJake Freeland truncate -s 0 ${logfile} 237fcace290SJake Freeland printf ":msg,!icase_contains,\"FreeBSD\"\nuser.debug\t${logfile}\n" \ 238fcace290SJake Freeland > "${SYSLOGD_CONFIG}" 239fcace290SJake Freeland syslogd_reload 240fcace290SJake Freeland 241fcace290SJake Freeland syslogd_log -p user.debug -t "prop1" -h "${SYSLOGD_LOCAL_SOCKET}" "FreeBSD" 242fcace290SJake Freeland syslogd_log -p user.debug -t "prop2" -h "${SYSLOGD_LOCAL_SOCKET}" "freebsd" 243fcace290SJake Freeland syslogd_log -p user.debug -t "prop3" -h "${SYSLOGD_LOCAL_SOCKET}" "Solaris" 244fcace290SJake Freeland atf_check -s exit:0 -o not-match:"prop1: FreeBSD" cat "${logfile}" 245fcace290SJake Freeland atf_check -s exit:0 -o not-match:"prop2: freebsd" cat "${logfile}" 246fcace290SJake Freeland atf_check -s exit:0 -o match:"prop3: Solaris" cat "${logfile}" 247fcace290SJake Freeland} 248fcace290SJake Freelandprop_filter_cleanup() 249fcace290SJake Freeland{ 250fcace290SJake Freeland syslogd_stop 251fcace290SJake Freeland} 252fcace290SJake Freeland 2538b63477eSJake Freelandatf_test_case "host_action" "cleanup" 2548b63477eSJake Freelandhost_action_head() 2558b63477eSJake Freeland{ 2568b63477eSJake Freeland atf_set descr "Sends a message to a specified host" 2578b63477eSJake Freeland} 2588b63477eSJake Freelandhost_action_body() 2598b63477eSJake Freeland{ 2608b63477eSJake Freeland local addr="192.0.2.100" 2618b63477eSJake Freeland local logfile="${PWD}/host_action.log" 2628b63477eSJake Freeland 2638b63477eSJake Freeland atf_check ifconfig lo1 create 2648b63477eSJake Freeland atf_check ifconfig lo1 inet "${addr}/24" 2658b63477eSJake Freeland atf_check ifconfig lo1 up 2668b63477eSJake Freeland 2678b63477eSJake Freeland printf "user.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}" 2688b63477eSJake Freeland syslogd_start -b "${addr}" 2698b63477eSJake Freeland 2708b63477eSJake Freeland printf "user.debug\t@${addr}\n" > "${SYSLOGD_CONFIG}.2" 2718b63477eSJake Freeland syslogd_start \ 2728b63477eSJake Freeland -f "${SYSLOGD_CONFIG}.2" \ 2738b63477eSJake Freeland -P "${SYSLOGD_PIDFILE}.2" \ 2748b63477eSJake Freeland -p "${SYSLOGD_LOCAL_SOCKET}.2" \ 2758b63477eSJake Freeland -S "${SYSLOGD_LOCAL_PRIVSOCKET}.2" 2768b63477eSJake Freeland 2778b63477eSJake Freeland syslogd_log -p user.debug -t "test" -h "${SYSLOGD_LOCAL_SOCKET}.2" \ 2788b63477eSJake Freeland "message from syslogd2" 2798b63477eSJake Freeland atf_check -s exit:0 -o match:"test: message from syslogd2" \ 2808b63477eSJake Freeland cat "${logfile}" 2818b63477eSJake Freeland} 2828b63477eSJake Freelandhost_action_cleanup() 2838b63477eSJake Freeland{ 2848b63477eSJake Freeland syslogd_stop 2858b63477eSJake Freeland syslogd_stop \ 2868b63477eSJake Freeland "${SYSLOGD_PIDFILE}.2" \ 2878b63477eSJake Freeland "${SYSLOGD_LOCAL_SOCKET}.2" \ 2888b63477eSJake Freeland "${SYSLOGD_LOCAL_PRIVSOCKET}.2" 2898b63477eSJake Freeland atf_check ifconfig lo1 destroy 2908b63477eSJake Freeland} 2918b63477eSJake Freeland 292fcace290SJake Freelandatf_test_case "pipe_action" "cleanup" 293fcace290SJake Freelandpipe_action_head() 294fcace290SJake Freeland{ 295fcace290SJake Freeland atf_set descr "The pipe action evaluates provided command in sh(1)" 296fcace290SJake Freeland} 297fcace290SJake Freelandpipe_action_body() 298fcace290SJake Freeland{ 299fcace290SJake Freeland logfile="${PWD}/pipe_action.log" 300fcace290SJake Freeland printf "\"While I'm digging in the tunnel, the elves will often come to me \ 301fcace290SJake Freeland with solutions to my problem.\"\n-Saymore Crey" > ${logfile} 302fcace290SJake Freeland 303fcace290SJake Freeland printf "!pipe\nuser.debug\t| sed -i '' -e 's/Saymore Crey/Seymour Cray/g' \ 304fcace290SJake Freeland ${logfile}\n" > "${SYSLOGD_CONFIG}" 305fcace290SJake Freeland syslogd_start 306fcace290SJake Freeland 307fcace290SJake Freeland syslogd_log -p user.debug -t "pipe" -h "${SYSLOGD_LOCAL_SOCKET}" \ 308fcace290SJake Freeland "fix spelling error" 309fcace290SJake Freeland atf_check -s exit:0 -o match:"Seymour Cray" cat "${logfile}" 310fcace290SJake Freeland} 311fcace290SJake Freelandpipe_action_cleanup() 312fcace290SJake Freeland{ 313fcace290SJake Freeland syslogd_stop 314fcace290SJake Freeland} 315fcace290SJake Freeland 3165d045d55SMark Johnstonatf_test_case "jail_noinet" "cleanup" 3175d045d55SMark Johnstonjail_noinet_head() 3185d045d55SMark Johnston{ 3195d045d55SMark Johnston atf_set descr "syslogd -ss can be run in a jail without INET support" 3205d045d55SMark Johnston atf_set require.user root 3215d045d55SMark Johnston} 3225d045d55SMark Johnstonjail_noinet_body() 3235d045d55SMark Johnston{ 3245d045d55SMark Johnston local logfile 3255d045d55SMark Johnston 326*8d9c25c4SJose Luis Duran syslogd_mkjail syslogd_noinet 3275d045d55SMark Johnston 3285d045d55SMark Johnston logfile="${PWD}/jail_noinet.log" 3295d045d55SMark Johnston printf "user.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}" 3308b63477eSJake Freeland syslogd_start -j syslogd_noinet -s -s 3315d045d55SMark Johnston 3325d045d55SMark Johnston syslogd_log -p user.debug -t "test" -h "${SYSLOGD_LOCAL_SOCKET}" \ 3335d045d55SMark Johnston "hello, world" 3345d045d55SMark Johnston atf_check -s exit:0 -o match:"test: hello, world" cat "${logfile}" 3355d045d55SMark Johnston} 3365d045d55SMark Johnstonjail_noinet_cleanup() 3375d045d55SMark Johnston{ 338*8d9c25c4SJose Luis Duran syslogd_cleanup 3395d045d55SMark Johnston} 3405d045d55SMark Johnston 341ae4f708fSMark Johnston# Create a pair of jails, connected by an epair. The idea is to run syslogd in 342ae4f708fSMark Johnston# one jail (syslogd_allowed_peer), listening on 169.254.0.1, and logger(1) can 343ae4f708fSMark Johnston# send messages from the other jail (syslogd_client) using source addrs 344ae4f708fSMark Johnston# 169.254.0.2 or 169.254.0.3. 345ae4f708fSMark Johnstonallowed_peer_test_setup() 346ae4f708fSMark Johnston{ 347*8d9c25c4SJose Luis Duran syslogd_check_req epair 348*8d9c25c4SJose Luis Duran 349ae4f708fSMark Johnston local epair 350ae4f708fSMark Johnston 351*8d9c25c4SJose Luis Duran syslogd_mkjail syslogd_allowed_peer vnet 352*8d9c25c4SJose Luis Duran syslogd_mkjail syslogd_client vnet 353ae4f708fSMark Johnston 354ae4f708fSMark Johnston atf_check -o save:epair ifconfig epair create 355ae4f708fSMark Johnston epair=$(cat epair) 356ae4f708fSMark Johnston epair=${epair%%a} 357ae4f708fSMark Johnston 358ae4f708fSMark Johnston atf_check ifconfig ${epair}a vnet syslogd_allowed_peer 359ae4f708fSMark Johnston atf_check ifconfig ${epair}b vnet syslogd_client 360ae4f708fSMark Johnston atf_check jexec syslogd_allowed_peer ifconfig ${epair}a inet 169.254.0.1/16 361ae4f708fSMark Johnston atf_check jexec syslogd_allowed_peer ifconfig lo0 inet 127.0.0.1/8 362ae4f708fSMark Johnston atf_check jexec syslogd_client ifconfig ${epair}b inet 169.254.0.2/16 363ae4f708fSMark Johnston atf_check jexec syslogd_client ifconfig ${epair}b alias 169.254.0.3/16 364ae4f708fSMark Johnston atf_check jexec syslogd_client ifconfig lo0 inet 127.0.0.1/8 365ae4f708fSMark Johnston} 366ae4f708fSMark Johnston 367ae4f708fSMark Johnstonallowed_peer_test_cleanup() 368ae4f708fSMark Johnston{ 369*8d9c25c4SJose Luis Duran syslogd_cleanup 370ae4f708fSMark Johnston} 371ae4f708fSMark Johnston 372ae4f708fSMark Johnstonatf_test_case allowed_peer "cleanup" 373ae4f708fSMark Johnstonallowed_peer_head() 374ae4f708fSMark Johnston{ 375ae4f708fSMark Johnston atf_set descr "syslogd -a works" 376ae4f708fSMark Johnston atf_set require.user root 377ae4f708fSMark Johnston} 378ae4f708fSMark Johnstonallowed_peer_body() 379ae4f708fSMark Johnston{ 380ae4f708fSMark Johnston local logfile 381ae4f708fSMark Johnston 382ae4f708fSMark Johnston allowed_peer_test_setup 383ae4f708fSMark Johnston 384ae4f708fSMark Johnston logfile="${PWD}/jail.log" 385ae4f708fSMark Johnston printf "user.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}" 386ae4f708fSMark Johnston syslogd_start -j syslogd_allowed_peer -b 169.254.0.1:514 -a '169.254.0.2/32' 387ae4f708fSMark Johnston 388ae4f708fSMark Johnston # Make sure that a message from 169.254.0.2:514 is logged. 389ae4f708fSMark Johnston atf_check jexec syslogd_client \ 390ae4f708fSMark Johnston logger -p user.debug -t test1 -h 169.254.0.1 -S 169.254.0.2:514 "hello, world" 391ae4f708fSMark Johnston atf_check -o match:"test1: hello, world" cat "${logfile}" 392ae4f708fSMark Johnston # ... but not a message from port 515. 393ae4f708fSMark Johnston atf_check -o ignore jexec syslogd_client \ 394ae4f708fSMark Johnston logger -p user.debug -t test2 -h 169.254.0.1 -S 169.254.0.2:515 "hello, world" 395ae4f708fSMark Johnston atf_check -o not-match:"test2: hello, world" cat "${logfile}" 396ae4f708fSMark Johnston atf_check -o ignore jexec syslogd_client \ 397ae4f708fSMark Johnston logger -p user.debug -t test2 -h 169.254.0.1 -S 169.254.0.3:515 "hello, world" 398ae4f708fSMark Johnston atf_check -o not-match:"test2: hello, world" cat "${logfile}" 399ae4f708fSMark Johnston 400ae4f708fSMark Johnston syslogd_stop 401ae4f708fSMark Johnston 402ae4f708fSMark Johnston # Now make sure that we can filter by port. 403ae4f708fSMark Johnston syslogd_start -j syslogd_allowed_peer -b 169.254.0.1:514 -a '169.254.0.2/32:515' 404ae4f708fSMark Johnston 405ae4f708fSMark Johnston atf_check jexec syslogd_client \ 406ae4f708fSMark Johnston logger -p user.debug -t test3 -h 169.254.0.1 -S 169.254.0.2:514 "hello, world" 407ae4f708fSMark Johnston atf_check -o not-match:"test3: hello, world" cat "${logfile}" 408ae4f708fSMark Johnston atf_check jexec syslogd_client \ 409ae4f708fSMark Johnston logger -p user.debug -t test4 -h 169.254.0.1 -S 169.254.0.2:515 "hello, world" 410ae4f708fSMark Johnston atf_check -o match:"test4: hello, world" cat "${logfile}" 411ae4f708fSMark Johnston 412ae4f708fSMark Johnston syslogd_stop 413ae4f708fSMark Johnston} 414ae4f708fSMark Johnstonallowed_peer_cleanup() 415ae4f708fSMark Johnston{ 416ae4f708fSMark Johnston allowed_peer_test_cleanup 417ae4f708fSMark Johnston} 418ae4f708fSMark Johnston 419ae4f708fSMark Johnstonatf_test_case allowed_peer_forwarding "cleanup" 420ae4f708fSMark Johnstonallowed_peer_forwarding_head() 421ae4f708fSMark Johnston{ 422ae4f708fSMark Johnston atf_set descr "syslogd forwards messages from its listening port" 423ae4f708fSMark Johnston atf_set require.user root 424ae4f708fSMark Johnston} 425ae4f708fSMark Johnstonallowed_peer_forwarding_body() 426ae4f708fSMark Johnston{ 427ae4f708fSMark Johnston local logfile 428ae4f708fSMark Johnston 429ae4f708fSMark Johnston allowed_peer_test_setup 430ae4f708fSMark Johnston 431ae4f708fSMark Johnston printf "user.debug\t@169.254.0.1\n" > client_config 432ae4f708fSMark Johnston printf "mark.debug\t@169.254.0.1:515\n" >> client_config 433ae4f708fSMark Johnston syslogd_start -j syslogd_client -b 169.254.0.2:514 -f ${PWD}/client_config 434ae4f708fSMark Johnston 435ae4f708fSMark Johnston logfile="${PWD}/jail.log" 436ae4f708fSMark Johnston printf "+169.254.0.2\nuser.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}" 437ae4f708fSMark Johnston syslogd_start -j syslogd_allowed_peer -P ${SYSLOGD_PIDFILE}.2 \ 438ae4f708fSMark Johnston -b 169.254.0.1:514 -a 169.254.0.2/32 439ae4f708fSMark Johnston 440ae4f708fSMark Johnston # A message forwarded to 169.254.0.1:514 should be logged, but one 441ae4f708fSMark Johnston # forwarded to 169.254.0.1:515 should not. 442ae4f708fSMark Johnston atf_check jexec syslogd_client \ 443ae4f708fSMark Johnston logger -h 169.254.0.2 -p user.debug -t test1 "hello, world" 444ae4f708fSMark Johnston atf_check jexec syslogd_client \ 445ae4f708fSMark Johnston logger -h 169.254.0.2 -p mark.debug -t test2 "hello, world" 446ae4f708fSMark Johnston 447ae4f708fSMark Johnston atf_check -o match:"test1: hello, world" cat "${logfile}" 448ae4f708fSMark Johnston atf_check -o not-match:"test2: hello, world" cat "${logfile}" 449ae4f708fSMark Johnston} 450ae4f708fSMark Johnstonallowed_peer_forwarding_cleanup() 451ae4f708fSMark Johnston{ 452ae4f708fSMark Johnston allowed_peer_test_cleanup 453ae4f708fSMark Johnston} 454ae4f708fSMark Johnston 455ae4f708fSMark Johnstonatf_test_case allowed_peer_wildcard "cleanup" 456ae4f708fSMark Johnstonallowed_peer_wildcard_head() 457ae4f708fSMark Johnston{ 458ae4f708fSMark Johnston atf_set descr "syslogd -a works with port wildcards" 459ae4f708fSMark Johnston atf_set require.user root 460ae4f708fSMark Johnston} 461ae4f708fSMark Johnstonallowed_peer_wildcard_body() 462ae4f708fSMark Johnston{ 463ae4f708fSMark Johnston local logfile 464ae4f708fSMark Johnston 465ae4f708fSMark Johnston allowed_peer_test_setup 466ae4f708fSMark Johnston 467ae4f708fSMark Johnston logfile="${PWD}/jail.log" 468ae4f708fSMark Johnston printf "user.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}" 469ae4f708fSMark Johnston syslogd_start -j syslogd_allowed_peer -b 169.254.0.1:514 -a '169.254.0.2/32:*' 470ae4f708fSMark Johnston 471ae4f708fSMark Johnston # Make sure that a message from 169.254.0.2:514 is logged. 472ae4f708fSMark Johnston atf_check jexec syslogd_client \ 473ae4f708fSMark Johnston logger -p user.debug -t test1 -h 169.254.0.1 -S 169.254.0.2:514 "hello, world" 474ae4f708fSMark Johnston atf_check -o match:"test1: hello, world" cat "${logfile}" 475ae4f708fSMark Johnston # ... as is a message from 169.254.0.2:515, allowed by the wildcard. 476ae4f708fSMark Johnston atf_check jexec syslogd_client \ 477ae4f708fSMark Johnston logger -p user.debug -t test2 -h 169.254.0.1 -S 169.254.0.2:515 "hello, world" 478ae4f708fSMark Johnston atf_check -o match:"test2: hello, world" cat "${logfile}" 479ae4f708fSMark Johnston # ... but not a message from 169.254.0.3. 480ae4f708fSMark Johnston atf_check -o ignore jexec syslogd_client \ 481ae4f708fSMark Johnston logger -p user.debug -t test3 -h 169.254.0.1 -S 169.254.0.3:514 "hello, world" 482ae4f708fSMark Johnston atf_check -o not-match:"test3: hello, world" cat "${logfile}" 483ae4f708fSMark Johnston atf_check -o ignore jexec syslogd_client \ 484ae4f708fSMark Johnston logger -p user.debug -t test3 -h 169.254.0.1 -S 169.254.0.3:515 "hello, world" 485ae4f708fSMark Johnston atf_check -o not-match:"test3: hello, world" cat "${logfile}" 486ae4f708fSMark Johnston 487ae4f708fSMark Johnston syslogd_stop 488ae4f708fSMark Johnston} 489ae4f708fSMark Johnstonallowed_peer_wildcard_cleanup() 490ae4f708fSMark Johnston{ 491ae4f708fSMark Johnston allowed_peer_test_cleanup 492ae4f708fSMark Johnston} 493ae4f708fSMark Johnston 494ae4f708fSMark Johnstonatf_test_case "forward" "cleanup" 495ae4f708fSMark Johnstonforward_head() 496ae4f708fSMark Johnston{ 497ae4f708fSMark Johnston atf_set descr "syslogd forwards messages to a remote host" 498ae4f708fSMark Johnston atf_set require.user root 499ae4f708fSMark Johnston} 500ae4f708fSMark Johnstonforward_body() 501ae4f708fSMark Johnston{ 502*8d9c25c4SJose Luis Duran syslogd_check_req epair 503*8d9c25c4SJose Luis Duran 504ae4f708fSMark Johnston local epair logfile 505ae4f708fSMark Johnston 506ae4f708fSMark Johnston atf_check -o save:epair ifconfig epair create 507ae4f708fSMark Johnston epair=$(cat epair) 508ae4f708fSMark Johnston epair=${epair%%a} 509ae4f708fSMark Johnston 510*8d9c25c4SJose Luis Duran syslogd_mkjail syslogd_server vnet 511ae4f708fSMark Johnston atf_check ifconfig ${epair}a vnet syslogd_server 512ae4f708fSMark Johnston atf_check jexec syslogd_server ifconfig ${epair}a inet 169.254.0.1/16 513ae4f708fSMark Johnston atf_check jexec syslogd_server ifconfig ${epair}a alias 169.254.0.2/16 514ae4f708fSMark Johnston atf_check jexec syslogd_server ifconfig lo0 inet 127.0.0.1/8 515ae4f708fSMark Johnston 516*8d9c25c4SJose Luis Duran syslogd_mkjail syslogd_client vnet 517ae4f708fSMark Johnston atf_check ifconfig ${epair}b vnet syslogd_client 518ae4f708fSMark Johnston atf_check jexec syslogd_client ifconfig ${epair}b inet 169.254.0.3/16 519ae4f708fSMark Johnston atf_check jexec syslogd_client ifconfig lo0 inet 127.0.0.1/8 520ae4f708fSMark Johnston 521ae4f708fSMark Johnston cat <<__EOF__ > ./client_config 522ae4f708fSMark Johnstonuser.debug @169.254.0.1 523ae4f708fSMark Johnstonmail.debug @169.254.0.2 524ae4f708fSMark Johnstonftp.debug @169.254.0.1 525ae4f708fSMark Johnston__EOF__ 526ae4f708fSMark Johnston 527ae4f708fSMark Johnston logfile="${PWD}/jail.log" 528ae4f708fSMark Johnston cat <<__EOF__ > ./server_config 529ae4f708fSMark Johnstonuser.debug ${logfile} 530ae4f708fSMark Johnstonmail.debug ${logfile} 531ae4f708fSMark Johnstonftp.debug ${logfile} 532ae4f708fSMark Johnston__EOF__ 533ae4f708fSMark Johnston 534ae4f708fSMark Johnston syslogd_start -j syslogd_server -f ${PWD}/server_config -b 169.254.0.1 -b 169.254.0.2 535ae4f708fSMark Johnston syslogd_start -j syslogd_client -f ${PWD}/client_config -P ${SYSLOGD_PIDFILE}.2 536ae4f708fSMark Johnston 537ae4f708fSMark Johnston atf_check jexec syslogd_client \ 538ae4f708fSMark Johnston logger -h 169.254.0.3 -P $SYSLOGD_UDP_PORT -p user.debug -t test1 "hello, world" 539ae4f708fSMark Johnston atf_check jexec syslogd_client \ 540ae4f708fSMark Johnston logger -h 169.254.0.3 -P $SYSLOGD_UDP_PORT -p mail.debug -t test2 "you've got mail" 541ae4f708fSMark Johnston atf_check jexec syslogd_client \ 542ae4f708fSMark Johnston logger -h 169.254.0.3 -P $SYSLOGD_UDP_PORT -p ftp.debug -t test3 "transfer complete" 543ae4f708fSMark Johnston 544ae4f708fSMark Johnston atf_check -o match:"test1: hello, world" cat "${logfile}" 545ae4f708fSMark Johnston atf_check -o match:"test2: you've got mail" cat "${logfile}" 546ae4f708fSMark Johnston atf_check -o match:"test3: transfer complete" cat "${logfile}" 547ae4f708fSMark Johnston} 548ae4f708fSMark Johnstonforward_cleanup() 549ae4f708fSMark Johnston{ 550*8d9c25c4SJose Luis Duran syslogd_cleanup 551ae4f708fSMark Johnston} 552ae4f708fSMark Johnston 553fcace290SJake Freelandatf_init_test_cases() 554fcace290SJake Freeland{ 555b872bb72SJake Freeland atf_add_test_case "unix" 556b872bb72SJake Freeland atf_add_test_case "inet" 557b872bb72SJake Freeland atf_add_test_case "inet6" 558fcace290SJake Freeland atf_add_test_case "reload" 559fcace290SJake Freeland atf_add_test_case "prog_filter" 560fcace290SJake Freeland atf_add_test_case "host_filter" 561fcace290SJake Freeland atf_add_test_case "prop_filter" 5628b63477eSJake Freeland atf_add_test_case "host_action" 563fcace290SJake Freeland atf_add_test_case "pipe_action" 5645d045d55SMark Johnston atf_add_test_case "jail_noinet" 565ae4f708fSMark Johnston atf_add_test_case "allowed_peer" 566ae4f708fSMark Johnston atf_add_test_case "allowed_peer_forwarding" 567ae4f708fSMark Johnston atf_add_test_case "allowed_peer_wildcard" 568ae4f708fSMark Johnston atf_add_test_case "forward" 569fcace290SJake Freeland} 570