139cae0d5SKristof Provost#- 24d846d26SWarner Losh# SPDX-License-Identifier: BSD-2-Clause 339cae0d5SKristof Provost# 439cae0d5SKristof Provost# Copyright (c) 2019 Ahsan Barkati 539cae0d5SKristof Provost# 639cae0d5SKristof Provost# Redistribution and use in source and binary forms, with or without 739cae0d5SKristof Provost# modification, are permitted provided that the following conditions 839cae0d5SKristof Provost# are met: 939cae0d5SKristof Provost# 1. Redistributions of source code must retain the above copyright 1039cae0d5SKristof Provost# notice, this list of conditions and the following disclaimer. 1139cae0d5SKristof Provost# 2. Redistributions in binary form must reproduce the above copyright 1239cae0d5SKristof Provost# notice, this list of conditions and the following disclaimer in the 1339cae0d5SKristof Provost# documentation and/or other materials provided with the distribution. 1439cae0d5SKristof Provost# 1539cae0d5SKristof Provost# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1639cae0d5SKristof Provost# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1739cae0d5SKristof Provost# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1839cae0d5SKristof Provost# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1939cae0d5SKristof Provost# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2039cae0d5SKristof Provost# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2139cae0d5SKristof Provost# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2239cae0d5SKristof Provost# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2339cae0d5SKristof Provost# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2439cae0d5SKristof Provost# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2539cae0d5SKristof Provost# SUCH DAMAGE. 2639cae0d5SKristof Provost# 2739cae0d5SKristof Provost# 2839cae0d5SKristof Provost 2939cae0d5SKristof Provost. $(atf_get_srcdir)/utils.subr 3039cae0d5SKristof Provost. $(atf_get_srcdir)/runner.subr 3139cae0d5SKristof Provost 3239cae0d5SKristof Provostv4_head() 3339cae0d5SKristof Provost{ 3439cae0d5SKristof Provost atf_set descr 'Basic forwarding test' 3539cae0d5SKristof Provost atf_set require.user root 3639cae0d5SKristof Provost atf_set require.progs scapy 3739cae0d5SKristof Provost} 3839cae0d5SKristof Provost 3939cae0d5SKristof Provostv4_body() 4039cae0d5SKristof Provost{ 4139cae0d5SKristof Provost firewall=$1 4239cae0d5SKristof Provost firewall_init $firewall 4339cae0d5SKristof Provost 4439cae0d5SKristof Provost epair_send=$(vnet_mkepair) 4539cae0d5SKristof Provost ifconfig ${epair_send}a 192.0.2.1/24 up 4639cae0d5SKristof Provost 4739cae0d5SKristof Provost epair_recv=$(vnet_mkepair) 4839cae0d5SKristof Provost ifconfig ${epair_recv}a up 4939cae0d5SKristof Provost 5039cae0d5SKristof Provost vnet_mkjail iron ${epair_send}b ${epair_recv}b 5139cae0d5SKristof Provost jexec iron ifconfig ${epair_send}b 192.0.2.2/24 up 5239cae0d5SKristof Provost jexec iron ifconfig ${epair_recv}b 198.51.100.2/24 up 5339cae0d5SKristof Provost jexec iron sysctl net.inet.ip.forwarding=1 5439cae0d5SKristof Provost jexec iron arp -s 198.51.100.3 00:01:02:03:04:05 5539cae0d5SKristof Provost route add -net 198.51.100.0/24 192.0.2.2 5639cae0d5SKristof Provost 5739cae0d5SKristof Provost 5839cae0d5SKristof Provost atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \ 5939cae0d5SKristof Provost --sendif ${epair_send}a \ 6039cae0d5SKristof Provost --to 198.51.100.3 \ 6139cae0d5SKristof Provost --recvif ${epair_recv}a 6239cae0d5SKristof Provost 6339cae0d5SKristof Provost firewall_config "iron" ${firewall} \ 6439cae0d5SKristof Provost "pf" \ 6539cae0d5SKristof Provost "block in" \ 6639cae0d5SKristof Provost "ipfw" \ 6739cae0d5SKristof Provost "ipfw -q add 100 deny all from any to any in" \ 6839cae0d5SKristof Provost "ipf" \ 6939cae0d5SKristof Provost "block in all" \ 7039cae0d5SKristof Provost 7139cae0d5SKristof Provost atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \ 7239cae0d5SKristof Provost --sendif ${epair_send}a \ 7339cae0d5SKristof Provost --to 198.51.100.3 \ 7439cae0d5SKristof Provost --recvif ${epair_recv}a 7539cae0d5SKristof Provost 7639cae0d5SKristof Provost firewall_config "iron" ${firewall} \ 7739cae0d5SKristof Provost "pf" \ 7839cae0d5SKristof Provost "block out" \ 7939cae0d5SKristof Provost "ipfw" \ 8039cae0d5SKristof Provost "ipfw -q add 100 deny all from any to any out" \ 8139cae0d5SKristof Provost "ipf" \ 8239cae0d5SKristof Provost "block out all" \ 8339cae0d5SKristof Provost 8439cae0d5SKristof Provost atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \ 8539cae0d5SKristof Provost --sendif ${epair_send}a \ 8639cae0d5SKristof Provost --to 198.51.100.3 \ 8739cae0d5SKristof Provost --recv ${epair_recv}a 8839cae0d5SKristof Provost} 8939cae0d5SKristof Provost 9039cae0d5SKristof Provostv4_cleanup() 9139cae0d5SKristof Provost{ 9239cae0d5SKristof Provost firewall=$1 9339cae0d5SKristof Provost firewall_cleanup $firewall 9439cae0d5SKristof Provost} 9539cae0d5SKristof Provost 9639cae0d5SKristof Provostsetup_tests \ 9739cae0d5SKristof Provost v4 \ 9839cae0d5SKristof Provost pf \ 9939cae0d5SKristof Provost ipfw \ 10039cae0d5SKristof Provost ipf 101