CoCalc -- tos.sh

GitHub Repository: freebsd/freebsd-src
Path: blob/main/tests/sys/netpfil/common/tos.sh
³⁹⁵⁰⁷ views
1
#-
2
# SPDX-License-Identifier: BSD-2-Clause
3
#
4
# Copyright (c) 2019 Ahsan Barkati
5
#
6
# Redistribution and use in source and binary forms, with or without
7
# modification, are permitted provided that the following conditions
8
# are met:
9
# 1. Redistributions of source code must retain the above copyright
10
#    notice, this list of conditions and the following disclaimer.
11
# 2. Redistributions in binary form must reproduce the above copyright
12
#    notice, this list of conditions and the following disclaimer in the
13
#    documentation and/or other materials provided with the distribution.
14
#
15
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25
# SUCH DAMAGE.
26
#
27
#
28

29
. $(atf_get_srcdir)/utils.subr
30
. $(atf_get_srcdir)/runner.subr
31

32
tos_head()
33
{
34
	atf_set descr 'set-tos test'
35
	atf_set require.user root
36
	atf_set require.progs python3 scapy
37
}
38

39
tos_body()
40
{
41
	firewall=$1
42
	firewall_init $firewall
43

44
	epair_send=$(vnet_mkepair)
45
	ifconfig ${epair_send}a 192.0.2.1/24 up
46

47
	epair_recv=$(vnet_mkepair)
48
	ifconfig ${epair_recv}a up
49

50
	vnet_mkjail iron ${epair_send}b ${epair_recv}b
51
	jexec iron ifconfig ${epair_send}b 192.0.2.2/24 up
52
	jexec iron ifconfig ${epair_recv}b 198.51.100.2/24 up
53
	jexec iron sysctl net.inet.ip.forwarding=1
54
	jexec iron arp -s 198.51.100.3 00:01:02:03:04:05
55
	route add -net 198.51.100.0/24 192.0.2.2
56

57
	# Check if the firewall is able to set the ToS bits
58
	firewall_config "iron" ${firewall} \
59
		"pf" \
60
			"scrub out proto icmp set-tos 36" \
61
		"ipfw" \
62
			"ipfw -q add 100 setdscp 9 ip from any to any"
63
		# dscp is set to 9 because last two bits are for
64
		# EN and hence tos would be 36
65

66
	atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
67
		--sendif ${epair_send}a \
68
		--to 198.51.100.3 \
69
		--recvif ${epair_recv}a \
70
		--expect-tc 36
71

72
	# Check if the firewall is able to set the ToS bits
73
	# and persists the EN bits (if already set)
74
	firewall_config "iron" ${firewall} \
75
		"pf" \
76
			"scrub out proto icmp set-tos 36" \
77
		"ipfw" \
78
			"ipfw -q add 100 setdscp 9 ip from any to any"
79

80
	atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
81
		--sendif ${epair_send}a \
82
		--to 198.51.100.3 \
83
		--recvif ${epair_recv}a \
84
		--send-tc 3 \
85
		--expect-tc 39
86

87
	# Check if the firewall is able to filter the
88
	# packets based on the ToS value
89
	firewall_config "iron" ${firewall} \
90
		"pf" \
91
			"block all tos 36" \
92
		"ipfw" \
93
			"ipfw -q add 100 deny all from any to any dscp 9"
94

95
	atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \
96
		--sendif ${epair_send}a \
97
		--to 198.51.100.3 \
98
		--recvif ${epair_recv}a \
99
		--send-tc 36
100

101
	atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
102
		--sendif ${epair_send}a \
103
		--to 198.51.100.3 \
104
		--recvif ${epair_recv}a \
105
		--send-tc 32
106
}
107

108
tos_cleanup()
109
{
110
	firewall=$1
111
	firewall_cleanup $firewall
112
}
113

114
setup_tests \
115
		"tos" \
116
			"pf" \
117
			"ipfw"
118

119
Product

Resources

Company
