Path: blob/main/tests/sys/netpfil/pf/fragmentation_no_reassembly.sh
39507 views
#1# SPDX-License-Identifier: BSD-2-Clause2#3# Copyright (c) 2017 Kristof Provost <[email protected]>4# Copyright (c) 2023 Kajetan Staszkiewicz <[email protected]>5#6# Redistribution and use in source and binary forms, with or without7# modification, are permitted provided that the following conditions8# are met:9# 1. Redistributions of source code must retain the above copyright10# notice, this list of conditions and the following disclaimer.11# 2. Redistributions in binary form must reproduce the above copyright12# notice, this list of conditions and the following disclaimer in the13# documentation and/or other materials provided with the distribution.14#15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF25# SUCH DAMAGE.2627. $(atf_get_srcdir)/utils.subr2829atf_test_case "match_full_v4" "cleanup"30match_full_v4_head()31{32atf_set descr 'Matching non-fragmented IPv4 packets'33atf_set require.user root34atf_set require.progs python3 scapy35}3637match_full_v4_body()38{39setup_router_dummy_ipv44041# Sanity check.42ping_dummy_check_request exit:0 --ping-type=icmp4344# Only non-fragmented packets are passed45jexec router pfctl -e46pft_set_rules router \47"pass out" \48"block in" \49"pass in inet proto icmp all icmp-type echoreq"50ping_dummy_check_request exit:0 --ping-type=icmp51ping_dummy_check_request exit:1 --ping-type=icmp --send-length=2000 --send-frag-length 100052}5354match_full_v4_cleanup()55{56pft_cleanup57}585960atf_test_case "match_fragment_v4" "cleanup"61match_fragment_v4_head()62{63atf_set descr 'Matching fragmented IPv4 packets'64atf_set require.user root65atf_set require.progs python3 scapy66}6768match_fragment_v4_body()69{70setup_router_dummy_ipv47172# Sanity check.73ping_dummy_check_request exit:0 --ping-type=icmp7475# Only fragmented packets are passed76pft_set_rules router \77"pass out" \78"block in" \79"pass in inet proto icmp fragment"80ping_dummy_check_request exit:1 --ping-type=icmp81ping_dummy_check_request exit:0 --ping-type=icmp --send-length=2000 --send-frag-length 100082}8384match_fragment_v4_cleanup()85{86pft_cleanup87}888990atf_test_case "compat_override_v4" "cleanup"91compat_override_v4_head()92{93atf_set descr 'Scrub rules override "set reassemble" for IPv4'94atf_set require.user root95atf_set require.progs python3 scapy96}9798compat_override_v4_body()99{100setup_router_dummy_ipv4101102# Sanity check.103ping_dummy_check_request exit:0 --ping-type=icmp104105# The same as match_fragment_v4 but with "set reassemble yes" which106# is ignored because of presence of scrub rules.107# Only fragmented packets are passed.108pft_set_rules router \109"set reassemble yes" \110"no scrub" \111"pass out" \112"block in" \113"pass in inet proto icmp fragment"114ping_dummy_check_request exit:1 --ping-type=icmp115ping_dummy_check_request exit:0 --ping-type=icmp --send-length=2000 --send-frag-length 1000116}117118compat_override_v4_cleanup()119{120pft_cleanup121}122123124atf_init_test_cases()125{126atf_add_test_case "match_full_v4"127atf_add_test_case "match_fragment_v4"128atf_add_test_case "compat_override_v4"129}130131132