Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/tests/sys/netpfil/common/forward.sh
39507 views
1
#-

2
# SPDX-License-Identifier: BSD-2-Clause

3
#

4
# Copyright (c) 2019 Ahsan Barkati

5
#

6
# Redistribution and use in source and binary forms, with or without

7
# modification, are permitted provided that the following conditions

8
# are met:

9
# 1. Redistributions of source code must retain the above copyright

10
#    notice, this list of conditions and the following disclaimer.

11
# 2. Redistributions in binary form must reproduce the above copyright

12
#    notice, this list of conditions and the following disclaimer in the

13
#    documentation and/or other materials provided with the distribution.

14
#

15
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

16
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

17
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

18
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

19
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

20
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

21
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

22
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

23
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

24
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

25
# SUCH DAMAGE.

26
#

27
#

28


29
. $(atf_get_srcdir)/utils.subr

30
. $(atf_get_srcdir)/runner.subr

31


32
v4_head()

33
{

34
	atf_set descr 'Basic forwarding test'

35
	atf_set require.user root

36
	atf_set require.progs python3 scapy

37
}

38


39
v4_body()

40
{

41
	firewall=$1

42
	firewall_init $firewall

43


44
	epair_send=$(vnet_mkepair)

45
	ifconfig ${epair_send}a 192.0.2.1/24 up

46


47
	epair_recv=$(vnet_mkepair)

48
	ifconfig ${epair_recv}a up

49


50
	vnet_mkjail iron ${epair_send}b ${epair_recv}b

51
	jexec iron ifconfig ${epair_send}b 192.0.2.2/24 up

52
	jexec iron ifconfig ${epair_recv}b 198.51.100.2/24 up

53
	jexec iron sysctl net.inet.ip.forwarding=1

54
	jexec iron arp -s 198.51.100.3 00:01:02:03:04:05

55
	route add -net 198.51.100.0/24 192.0.2.2

56


57


58
	atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \

59
		--sendif ${epair_send}a \

60
		--to 198.51.100.3 \

61
		--recvif ${epair_recv}a

62


63
	firewall_config "iron" ${firewall} \

64
		"pf" \

65
			"block in" \

66
		"ipfw" \

67
			"ipfw -q add 100 deny all from any to any in" \

68
		"ipf" \

69
			"block in all" \

70


71
	atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \

72
		--sendif ${epair_send}a \

73
		--to 198.51.100.3 \

74
		--recvif ${epair_recv}a

75


76
	firewall_config "iron" ${firewall} \

77
		"pf" \

78
			"block out" \

79
		"ipfw" \

80
			"ipfw -q add 100 deny all from any to any out" \

81
		"ipf" \

82
			"block out all" \

83


84
	atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \

85
		--sendif ${epair_send}a \

86
		--to 198.51.100.3 \

87
		--recv ${epair_recv}a

88
}

89


90
v4_cleanup()

91
{

92
	firewall=$1

93
	firewall_cleanup $firewall

94
}

95


96
setup_tests \

97
		v4 \

98
			pf \

99
			ipfw \

100
			ipf

101


102