Path: blob/main/tests/sys/netpfil/pf/ioctl/validation.c
105686 views
/*-1* Copyright (c) 2018 Kristof Provost <[email protected]>2*3* Redistribution and use in source and binary forms, with or without4* modification, are permitted provided that the following conditions5* are met:6* 1. Redistributions of source code must retain the above copyright7* notice, this list of conditions and the following disclaimer.8* 2. Redistributions in binary form must reproduce the above copyright9* notice, this list of conditions and the following disclaimer in the10* documentation and/or other materials provided with the distribution.11*12* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND13* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE14* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE15* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE16* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL17* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS18* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)19* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT20* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY21* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF22* SUCH DAMAGE.23*/2425#include <sys/param.h>26#include <sys/module.h>27#include <sys/types.h>28#include <sys/ioctl.h>29#include <sys/socket.h>3031#include <net/if.h>32#include <net/pfvar.h>3334#include <errno.h>35#include <fcntl.h>36#include <stdio.h>3738#include <atf-c.h>3940static int dev;4142#define COMMON_HEAD() \43dev = open("/dev/pf", O_RDWR); \44if (dev == -1) \45atf_tc_skip("Failed to open /dev/pf");4647#define COMMON_CLEANUP() \48close(dev);4950static void51common_init_tbl(struct pfr_table *tbl)52{53bzero(tbl, sizeof(struct pfr_table));54strcpy(tbl->pfrt_anchor, "anchor");55strcpy(tbl->pfrt_name, "name");56tbl->pfrt_flags = 0;57tbl->pfrt_fback = 0;58}5960ATF_TC_WITH_CLEANUP(addtables);61ATF_TC_HEAD(addtables, tc)62{63atf_tc_set_md_var(tc, "require.user", "root");64atf_tc_set_md_var(tc, "require.kmods", "pf");65}6667ATF_TC_BODY(addtables, tc)68{69struct pfioc_table io;70struct pfr_table tbl;71struct pfr_table tbls[4];72int flags;7374COMMON_HEAD();7576flags = 0;7778bzero(&io, sizeof(io));79io.pfrio_flags = flags;80io.pfrio_buffer = &tbl;81io.pfrio_esize = sizeof(tbl);8283/* Negative size */84io.pfrio_size = -1;85if (ioctl(dev, DIOCRADDTABLES, &io) == 0)86atf_tc_fail("Request with size -1 succeeded");8788/* Overly large size */89io.pfrio_size = 1 << 24;90if (ioctl(dev, DIOCRADDTABLES, &io) == 0)91atf_tc_fail("Request with size 1 << 24 succeeded");9293/* NULL buffer */94io.pfrio_size = 1;95io.pfrio_buffer = NULL;96if (ioctl(dev, DIOCRADDTABLES, &io) == 0)97atf_tc_fail("Request with NULL buffer succeeded");9899/* This can provoke a memory leak, see r331225. */100io.pfrio_size = 4;101for (int i = 0; i < io.pfrio_size; i++)102common_init_tbl(&tbls[i]);103104io.pfrio_buffer = &tbls;105ioctl(dev, DIOCRADDTABLES, &io);106}107108ATF_TC_CLEANUP(addtables, tc)109{110COMMON_CLEANUP();111}112113ATF_TC_WITH_CLEANUP(deltables);114ATF_TC_HEAD(deltables, tc)115{116atf_tc_set_md_var(tc, "require.user", "root");117atf_tc_set_md_var(tc, "require.kmods", "pf");118}119120ATF_TC_BODY(deltables, tc)121{122struct pfioc_table io;123struct pfr_table tbl;124int flags;125126COMMON_HEAD();127128flags = 0;129130bzero(&io, sizeof(io));131io.pfrio_flags = flags;132io.pfrio_buffer = &tbl;133io.pfrio_esize = sizeof(tbl);134135/* Negative size */136io.pfrio_size = -1;137if (ioctl(dev, DIOCRDELTABLES, &io) == 0)138atf_tc_fail("Request with size -1 succeeded");139140/* Overly large size */141io.pfrio_size = 1 << 24;142if (ioctl(dev, DIOCRDELTABLES, &io) == 0)143atf_tc_fail("Request with size 1 << 24 succeeded");144145/* NULL buffer */146io.pfrio_size = 1;147io.pfrio_buffer = NULL;148if (ioctl(dev, DIOCRDELTABLES, &io) == 0)149atf_tc_fail("Request with NULL buffer succeeded");150}151152ATF_TC_CLEANUP(deltables, tc)153{154COMMON_CLEANUP();155}156157ATF_TC_WITH_CLEANUP(gettables);158ATF_TC_HEAD(gettables, tc)159{160atf_tc_set_md_var(tc, "require.user", "root");161atf_tc_set_md_var(tc, "require.kmods", "pf");162}163164ATF_TC_BODY(gettables, tc)165{166struct pfioc_table io;167struct pfr_table tbl;168int flags;169170COMMON_HEAD();171172flags = 0;173174bzero(&io, sizeof(io));175io.pfrio_flags = flags;176io.pfrio_buffer = &tbl;177io.pfrio_esize = sizeof(tbl);178179/* Negative size. This will succeed, because the kernel will not copy180* tables than it has. */181io.pfrio_size = -1;182if (ioctl(dev, DIOCRGETTABLES, &io) != 0)183atf_tc_fail("Request with size -1 failed");184185/* Overly large size. See above. */186io.pfrio_size = 1 << 24;187if (ioctl(dev, DIOCRGETTABLES, &io) != 0)188atf_tc_fail("Request with size 1 << 24 failed");189}190191ATF_TC_CLEANUP(gettables, tc)192{193COMMON_CLEANUP();194}195196ATF_TC_WITH_CLEANUP(clrtables);197ATF_TC_HEAD(clrtables, tc)198{199atf_tc_set_md_var(tc, "require.user", "root");200atf_tc_set_md_var(tc, "require.kmods", "pf");201}202203ATF_TC_BODY(clrtables, tc)204{205struct pfioc_table io;206struct pfr_table tbl;207int flags;208209COMMON_HEAD();210211flags = 0;212213memset(&io, '/', sizeof(io));214io.pfrio_flags = flags;215io.pfrio_buffer = &tbl;216io.pfrio_esize = 0;217io.pfrio_size = 1;218219if (ioctl(dev, DIOCRCLRTABLES, &io) == 0)220atf_tc_fail("Request with unterminated anchor name succeeded");221}222223ATF_TC_CLEANUP(clrtables, tc)224{225COMMON_CLEANUP();226}227228ATF_TC_WITH_CLEANUP(gettstats);229ATF_TC_HEAD(gettstats, tc)230{231atf_tc_set_md_var(tc, "require.user", "root");232atf_tc_set_md_var(tc, "require.kmods", "pf");233}234235ATF_TC_BODY(gettstats, tc)236{237struct pfioc_table io;238struct pfr_tstats stats;239int flags;240241COMMON_HEAD();242243flags = 0;244245bzero(&io, sizeof(io));246io.pfrio_flags = flags;247io.pfrio_buffer = &stats;248io.pfrio_esize = sizeof(stats);249250/* Negative size. This will succeed, because the kernel will not copy251* tables than it has. */252io.pfrio_size = -1;253if (ioctl(dev, DIOCRGETTSTATS, &io) != 0)254atf_tc_fail("Request with size -1 failed");255256/* Overly large size. See above. */257io.pfrio_size = 1 << 24;258if (ioctl(dev, DIOCRGETTSTATS, &io) != 0)259atf_tc_fail("Request with size 1 << 24 failed");260}261262ATF_TC_CLEANUP(gettstats, tc)263{264COMMON_CLEANUP();265}266267ATF_TC_WITH_CLEANUP(clrtstats);268ATF_TC_HEAD(clrtstats, tc)269{270atf_tc_set_md_var(tc, "require.user", "root");271atf_tc_set_md_var(tc, "require.kmods", "pf");272}273274ATF_TC_BODY(clrtstats, tc)275{276struct pfioc_table io;277struct pfr_table tbl;278int flags;279280COMMON_HEAD();281282flags = 0;283284common_init_tbl(&tbl);285286bzero(&io, sizeof(io));287io.pfrio_flags = flags;288io.pfrio_buffer = &tbl;289io.pfrio_esize = sizeof(tbl);290291/* Negative size. This will succeed, because the kernel will not copy292* tables than it has. */293io.pfrio_size = -1;294if (ioctl(dev, DIOCRCLRTSTATS, &io) != 0)295atf_tc_fail("Request with size -1 failed ");296297/* Overly large size. See above. */298io.pfrio_size = 1 << 24;299if (ioctl(dev, DIOCRCLRTSTATS, &io) != 0)300atf_tc_fail("Request with size 1 << 24 failed");301302io.pfrio_size = sizeof(tbl);303io.pfrio_buffer = NULL;304if (ioctl(dev, DIOCRCLRTSTATS, &io) == 0)305atf_tc_fail("Request with NULL buffer succeeded");306}307308ATF_TC_CLEANUP(clrtstats, tc)309{310COMMON_CLEANUP();311}312313ATF_TC_WITH_CLEANUP(settflags);314ATF_TC_HEAD(settflags, tc)315{316atf_tc_set_md_var(tc, "require.user", "root");317atf_tc_set_md_var(tc, "require.kmods", "pf");318}319320ATF_TC_BODY(settflags, tc)321{322struct pfioc_table io;323struct pfr_table tbl;324int flags;325326COMMON_HEAD();327328flags = 0;329330common_init_tbl(&tbl);331332bzero(&io, sizeof(io));333io.pfrio_flags = flags;334io.pfrio_buffer = &tbl;335io.pfrio_esize = sizeof(tbl);336337/* Negative size. This will succeed, because the kernel will not copy338* tables than it has. */339io.pfrio_size = -1;340if (ioctl(dev, DIOCRSETTFLAGS, &io) != 0)341atf_tc_fail("Request with size -1 failed");342343/* Overly large size. See above. */344io.pfrio_size = 1 << 28;345if (ioctl(dev, DIOCRSETTFLAGS, &io) != 0)346atf_tc_fail("Request with size 1 << 24 failed");347348/* NULL buffer */349io.pfrio_buffer = NULL;350if (ioctl(dev, DIOCRSETTFLAGS, &io) != -1)351atf_tc_fail("Request with NULL buffer succeeded");352}353354ATF_TC_CLEANUP(settflags, tc)355{356COMMON_CLEANUP();357}358359ATF_TC_WITH_CLEANUP(addaddrs);360ATF_TC_HEAD(addaddrs, tc)361{362atf_tc_set_md_var(tc, "require.user", "root");363atf_tc_set_md_var(tc, "require.kmods", "pf");364}365366ATF_TC_BODY(addaddrs, tc)367{368struct pfioc_table io;369struct pfr_addr addr;370371COMMON_HEAD();372373bzero(&addr, sizeof(addr));374bzero(&io, sizeof(io));375io.pfrio_flags = 0;376io.pfrio_buffer = &addr;377io.pfrio_esize = sizeof(addr);378379/* Negative size. */380io.pfrio_size = -1;381if (ioctl(dev, DIOCRADDADDRS, &io) == 0)382atf_tc_fail("Request with size -1 succeeded");383384/* Overly large size. */385io.pfrio_size = 1 << 28;386if (ioctl(dev, DIOCRADDADDRS, &io) == 0)387atf_tc_fail("Reuqest with size 1 << 28 failed");388}389390ATF_TC_CLEANUP(addaddrs, tc)391{392COMMON_CLEANUP();393}394395ATF_TC_WITH_CLEANUP(deladdrs);396ATF_TC_HEAD(deladdrs, tc)397{398atf_tc_set_md_var(tc, "require.user", "root");399atf_tc_set_md_var(tc, "require.kmods", "pf");400}401402ATF_TC_BODY(deladdrs, tc)403{404struct pfioc_table io;405struct pfr_addr addr;406407COMMON_HEAD();408409bzero(&addr, sizeof(addr));410bzero(&io, sizeof(io));411io.pfrio_flags = 0;412io.pfrio_buffer = &addr;413io.pfrio_esize = sizeof(addr);414415/* Negative size. */416io.pfrio_size = -1;417if (ioctl(dev, DIOCRDELADDRS, &io) == 0)418atf_tc_fail("Request with size -1 succeeded");419420/* Overly large size. */421io.pfrio_size = 1 << 28;422if (ioctl(dev, DIOCRDELADDRS, &io) == 0)423atf_tc_fail("Reuqest with size 1 << 28 failed");424}425426ATF_TC_CLEANUP(deladdrs, tc)427{428COMMON_CLEANUP();429}430431ATF_TC_WITH_CLEANUP(setaddrs);432ATF_TC_HEAD(setaddrs, tc)433{434atf_tc_set_md_var(tc, "require.user", "root");435atf_tc_set_md_var(tc, "require.kmods", "pf");436}437438ATF_TC_BODY(setaddrs, tc)439{440struct pfioc_table io;441struct pfr_addr addr;442443COMMON_HEAD();444445bzero(&addr, sizeof(addr));446bzero(&io, sizeof(io));447io.pfrio_flags = 0;448io.pfrio_buffer = &addr;449io.pfrio_esize = sizeof(addr);450451/* Negative size. */452io.pfrio_size = -1;453if (ioctl(dev, DIOCRSETADDRS, &io) == 0)454atf_tc_fail("Request with size -1 succeeded");455456/* Overly large size. */457io.pfrio_size = 1 << 28;458if (ioctl(dev, DIOCRSETADDRS, &io) == 0)459atf_tc_fail("Reuqest with size 1 << 28 failed");460}461462ATF_TC_CLEANUP(setaddrs, tc)463{464COMMON_CLEANUP();465}466467ATF_TC_WITH_CLEANUP(getaddrs);468ATF_TC_HEAD(getaddrs, tc)469{470atf_tc_set_md_var(tc, "require.user", "root");471atf_tc_set_md_var(tc, "require.kmods", "pf");472}473474ATF_TC_BODY(getaddrs, tc)475{476struct pfioc_table io;477struct pfr_addr addr;478479COMMON_HEAD();480481bzero(&addr, sizeof(addr));482bzero(&io, sizeof(io));483io.pfrio_flags = 0;484io.pfrio_buffer = &addr;485io.pfrio_esize = sizeof(addr);486487common_init_tbl(&io.pfrio_table);488489/* Negative size. */490io.pfrio_size = -1;491if (ioctl(dev, DIOCRGETADDRS, &io) == 0)492atf_tc_fail("Request with size -1 succeeded");493494/* Overly large size. */495io.pfrio_size = 1 << 24;496if (ioctl(dev, DIOCRGETADDRS, &io) == 0)497atf_tc_fail("Request with size 1 << 24 failed");498}499500ATF_TC_CLEANUP(getaddrs, tc)501{502COMMON_CLEANUP();503}504505ATF_TC_WITH_CLEANUP(getastats);506ATF_TC_HEAD(getastats, tc)507{508atf_tc_set_md_var(tc, "require.user", "root");509atf_tc_set_md_var(tc, "require.kmods", "pf");510}511512ATF_TC_BODY(getastats, tc)513{514struct pfioc_table io;515struct pfr_astats astats;516517COMMON_HEAD();518519bzero(&astats, sizeof(astats));520bzero(&io, sizeof(io));521io.pfrio_flags = 0;522io.pfrio_buffer = &astats;523io.pfrio_esize = sizeof(astats);524525common_init_tbl(&io.pfrio_table);526527/* Negative size. */528io.pfrio_size = -1;529if (ioctl(dev, DIOCRGETASTATS, &io) == 0)530atf_tc_fail("Request with size -1 succeeded");531532/* Overly large size. */533io.pfrio_size = 1 << 24;534if (ioctl(dev, DIOCRGETASTATS, &io) == 0)535atf_tc_fail("Request with size 1 << 24 failed");536}537538ATF_TC_CLEANUP(getastats, tc)539{540COMMON_CLEANUP();541}542543ATF_TC_WITH_CLEANUP(clrastats);544ATF_TC_HEAD(clrastats, tc)545{546atf_tc_set_md_var(tc, "require.user", "root");547atf_tc_set_md_var(tc, "require.kmods", "pf");548}549550ATF_TC_BODY(clrastats, tc)551{552struct pfioc_table io;553struct pfr_addr addr;554555COMMON_HEAD();556557bzero(&addr, sizeof(addr));558bzero(&io, sizeof(io));559io.pfrio_flags = 0;560io.pfrio_buffer = &addr;561io.pfrio_esize = sizeof(addr);562563common_init_tbl(&io.pfrio_table);564565/* Negative size. */566io.pfrio_size = -1;567if (ioctl(dev, DIOCRCLRASTATS, &io) == 0)568atf_tc_fail("Request with size -1 succeeded");569570/* Overly large size. */571io.pfrio_size = 1 << 24;572if (ioctl(dev, DIOCRCLRASTATS, &io) == 0)573atf_tc_fail("Request with size 1 << 24 failed");574}575576ATF_TC_CLEANUP(clrastats, tc)577{578COMMON_CLEANUP();579}580581ATF_TC_WITH_CLEANUP(tstaddrs);582ATF_TC_HEAD(tstaddrs, tc)583{584atf_tc_set_md_var(tc, "require.user", "root");585atf_tc_set_md_var(tc, "require.kmods", "pf");586}587588ATF_TC_BODY(tstaddrs, tc)589{590struct pfioc_table io;591struct pfr_addr addr;592593COMMON_HEAD();594595bzero(&addr, sizeof(addr));596bzero(&io, sizeof(io));597io.pfrio_flags = 0;598io.pfrio_buffer = &addr;599io.pfrio_esize = sizeof(addr);600601common_init_tbl(&io.pfrio_table);602603/* Negative size. */604io.pfrio_size = -1;605if (ioctl(dev, DIOCRTSTADDRS, &io) == 0)606atf_tc_fail("Request with size -1 succeeded");607608/* Overly large size. */609io.pfrio_size = 1 << 24;610if (ioctl(dev, DIOCRTSTADDRS, &io) == 0)611atf_tc_fail("Request with size 1 << 24 failed");612}613614ATF_TC_CLEANUP(tstaddrs, tc)615{616COMMON_CLEANUP();617}618619ATF_TC_WITH_CLEANUP(inadefine);620ATF_TC_HEAD(inadefine, tc)621{622atf_tc_set_md_var(tc, "require.user", "root");623atf_tc_set_md_var(tc, "require.kmods", "pf");624}625626ATF_TC_BODY(inadefine, tc)627{628struct pfioc_table io;629struct pfr_addr addr;630631COMMON_HEAD();632633bzero(&addr, sizeof(addr));634bzero(&io, sizeof(io));635io.pfrio_flags = 0;636io.pfrio_buffer = &addr;637io.pfrio_esize = sizeof(addr);638639common_init_tbl(&io.pfrio_table);640641/* Negative size. */642io.pfrio_size = -1;643if (ioctl(dev, DIOCRINADEFINE, &io) == 0)644atf_tc_fail("Request with size -1 succeeded");645646/* Overly large size. */647io.pfrio_size = 1 << 24;648if (ioctl(dev, DIOCRINADEFINE, &io) == 0)649atf_tc_fail("Request with size 1 << 24 failed");650}651652ATF_TC_CLEANUP(inadefine, tc)653{654COMMON_CLEANUP();655}656657ATF_TC_WITH_CLEANUP(igetifaces);658ATF_TC_HEAD(igetifaces, tc)659{660atf_tc_set_md_var(tc, "require.user", "root");661atf_tc_set_md_var(tc, "require.kmods", "pf");662}663664ATF_TC_BODY(igetifaces, tc)665{666struct pfioc_iface io;667struct pfi_kif kif;668669COMMON_HEAD();670671bzero(&io, sizeof(io));672io.pfiio_flags = 0;673io.pfiio_buffer = &kif;674io.pfiio_esize = sizeof(kif);675676/* Negative size */677io.pfiio_size = -1;678if (ioctl(dev, DIOCIGETIFACES, &io) == 0)679atf_tc_fail("request with size -1 succeeded");680681/* Overflow size */682io.pfiio_size = 1 << 31;683if (ioctl(dev, DIOCIGETIFACES, &io) == 0)684atf_tc_fail("request with size 1 << 31 succeeded");685}686687ATF_TC_CLEANUP(igetifaces, tc)688{689COMMON_CLEANUP();690}691692ATF_TC_WITH_CLEANUP(cxbegin);693ATF_TC_HEAD(cxbegin, tc)694{695atf_tc_set_md_var(tc, "require.user", "root");696atf_tc_set_md_var(tc, "require.kmods", "pf");697}698699ATF_TC_BODY(cxbegin, tc)700{701struct pfioc_trans io;702struct pfioc_trans_e ioe;703704COMMON_HEAD();705706bzero(&io, sizeof(io));707io.esize = sizeof(ioe);708io.array = &ioe;709710/* Negative size */711io.size = -1;712if (ioctl(dev, DIOCXBEGIN, &io) == 0)713atf_tc_fail("request with size -1 succeeded");714715/* Overflow size */716io.size = 1 << 30;717if (ioctl(dev, DIOCXBEGIN, &io) == 0)718atf_tc_fail("request with size 1 << 30 succeeded");719720/* NULL buffer */721io.size = 1;722io.array = NULL;723if (ioctl(dev, DIOCXBEGIN, &io) == 0)724atf_tc_fail("request with size -1 succeeded");725}726727ATF_TC_CLEANUP(cxbegin, tc)728{729COMMON_CLEANUP();730}731732ATF_TC_WITH_CLEANUP(cxrollback);733ATF_TC_HEAD(cxrollback, tc)734{735atf_tc_set_md_var(tc, "require.user", "root");736atf_tc_set_md_var(tc, "require.kmods", "pf");737}738739ATF_TC_BODY(cxrollback, tc)740{741struct pfioc_trans io;742struct pfioc_trans_e ioe;743744COMMON_HEAD();745746bzero(&io, sizeof(io));747io.esize = sizeof(ioe);748io.array = &ioe;749750/* Negative size */751io.size = -1;752if (ioctl(dev, DIOCXROLLBACK, &io) == 0)753atf_tc_fail("request with size -1 succeeded");754755/* Overflow size */756io.size = 1 << 30;757if (ioctl(dev, DIOCXROLLBACK, &io) == 0)758atf_tc_fail("request with size 1 << 30 succeeded");759760/* NULL buffer */761io.size = 1;762io.array = NULL;763if (ioctl(dev, DIOCXROLLBACK, &io) == 0)764atf_tc_fail("request with size -1 succeeded");765}766767ATF_TC_CLEANUP(cxrollback, tc)768{769COMMON_CLEANUP();770}771772ATF_TC_WITH_CLEANUP(commit);773ATF_TC_HEAD(commit, tc)774{775atf_tc_set_md_var(tc, "require.user", "root");776atf_tc_set_md_var(tc, "require.kmods", "pf");777}778779ATF_TC_BODY(commit, tc)780{781struct pfioc_trans io;782struct pfioc_trans_e ioe;783784COMMON_HEAD();785786bzero(&io, sizeof(io));787io.esize = sizeof(ioe);788io.array = &ioe;789790/* Negative size */791io.size = -1;792if (ioctl(dev, DIOCXCOMMIT, &io) == 0)793atf_tc_fail("request with size -1 succeeded");794795/* Overflow size */796io.size = 1 << 30;797if (ioctl(dev, DIOCXCOMMIT, &io) == 0)798atf_tc_fail("request with size 1 << 30 succeeded");799800/* NULL buffer */801io.size = 1;802io.array = NULL;803if (ioctl(dev, DIOCXCOMMIT, &io) == 0)804atf_tc_fail("request with size -1 succeeded");805}806807ATF_TC_CLEANUP(commit, tc)808{809COMMON_CLEANUP();810}811812ATF_TC_WITH_CLEANUP(getsrcnodes);813ATF_TC_HEAD(getsrcnodes, tc)814{815atf_tc_set_md_var(tc, "require.user", "root");816atf_tc_set_md_var(tc, "require.kmods", "pf");817}818819ATF_TC_BODY(getsrcnodes, tc)820{821struct pfioc_src_nodes psn;822823COMMON_HEAD();824825bzero(&psn, sizeof(psn));826827psn.psn_len = -1;828if (ioctl(dev, DIOCGETSRCNODES, &psn) != 0)829atf_tc_fail("request with size -1 failed");830831psn.psn_len = 1 << 30;832if (ioctl(dev, DIOCGETSRCNODES, &psn) != 0)833atf_tc_fail("request with size << 30 failed");834835psn.psn_len = 1 << 31;836if (ioctl(dev, DIOCGETSRCNODES, &psn) != 0)837atf_tc_fail("request with size << 30 failed");838}839840ATF_TC_CLEANUP(getsrcnodes, tc)841{842COMMON_CLEANUP();843}844845ATF_TC_WITH_CLEANUP(tag);846ATF_TC_HEAD(tag, tc)847{848atf_tc_set_md_var(tc, "require.user", "root");849atf_tc_set_md_var(tc, "require.kmods", "pf");850}851852ATF_TC_BODY(tag, tc)853{854struct pfioc_rule rule;855856COMMON_HEAD();857858memset(&rule, 0x42, sizeof(rule));859860rule.ticket = 0;861rule.pool_ticket = 0;862rule.anchor[0] = 0;863864rule.rule.return_icmp = 0;865bzero(&rule.rule.src, sizeof(rule.rule.src));866bzero(&rule.rule.dst, sizeof(rule.rule.dst));867868rule.rule.ifname[0] = 0;869rule.rule.action = 0;870rule.rule.rtableid = 0;871872rule.rule.tagname[0] = 0;873874for (int i = 0; i < 10; i++)875ioctl(dev, DIOCADDRULE, &rule);876}877878ATF_TC_CLEANUP(tag, tc)879{880COMMON_CLEANUP();881}882883ATF_TC_WITH_CLEANUP(rpool_mtx);884ATF_TC_HEAD(rpool_mtx, tc)885{886atf_tc_set_md_var(tc, "require.user", "root");887atf_tc_set_md_var(tc, "require.kmods", "pf");888}889890ATF_TC_BODY(rpool_mtx, tc)891{892struct pfioc_rule rule;893894COMMON_HEAD();895896memset(&rule, 0, sizeof(rule));897898rule.ticket = 0;899rule.pool_ticket = 0;900rule.anchor[0] = 0;901902rule.rule.return_icmp = 0;903bzero(&rule.rule.src, sizeof(rule.rule.src));904bzero(&rule.rule.dst, sizeof(rule.rule.dst));905906rule.rule.ifname[0] = 0;907rule.rule.action = 0;908rule.rule.rtableid = 0;909910rule.rule.tagname[0] = 0;911rule.rule.action = 42;912913ioctl(dev, DIOCADDRULE, &rule);914}915916ATF_TC_CLEANUP(rpool_mtx, tc)917{918COMMON_CLEANUP();919}920921ATF_TC_WITH_CLEANUP(rpool_mtx2);922ATF_TC_HEAD(rpool_mtx2, tc)923{924atf_tc_set_md_var(tc, "require.user", "root");925atf_tc_set_md_var(tc, "require.kmods", "pf");926}927928ATF_TC_BODY(rpool_mtx2, tc)929{930struct pfioc_rule rule;931932COMMON_HEAD();933934memset(&rule, 0, sizeof(rule));935936rule.pool_ticket = 1000000;937rule.action = PF_CHANGE_ADD_HEAD;938rule.rule.af = AF_INET;939940ioctl(dev, DIOCCHANGERULE, &rule);941}942943ATF_TC_CLEANUP(rpool_mtx2, tc)944{945COMMON_CLEANUP();946}947948ATF_TC_WITH_CLEANUP(natlook);949ATF_TC_HEAD(natlook, tc)950{951atf_tc_set_md_var(tc, "require.user", "root");952atf_tc_set_md_var(tc, "require.kmods", "pf");953}954955ATF_TC_BODY(natlook, tc)956{957struct pfioc_natlook nl = { 0 };958959COMMON_HEAD();960961nl.af = AF_INET;962nl.proto = IPPROTO_ICMP;963nl.saddr.v4.s_addr = 0x01020304;964nl.daddr.v4.s_addr = 0x05060708;965966/* Invalid direction */967nl.direction = 42;968969ATF_CHECK_ERRNO(EINVAL, ioctl(dev, DIOCNATLOOK, &nl) == -1);970971/* Invalid af */972nl.direction = PF_IN;973nl.af = 99;974975ATF_CHECK_ERRNO(EAFNOSUPPORT, ioctl(dev, DIOCNATLOOK, &nl) == -1);976}977978ATF_TC_CLEANUP(natlook, tc)979{980COMMON_CLEANUP();981}982983ATF_TC_WITH_CLEANUP(addstate);984ATF_TC_HEAD(addstate, tc)985{986atf_tc_set_md_var(tc, "require.user", "root");987atf_tc_set_md_var(tc, "require.kmods", "pfsync");988}989990ATF_TC_BODY(addstate, tc)991{992struct pfioc_state st;993994COMMON_HEAD();995996memset(&st, 'a', sizeof(st));997st.state.timeout = PFTM_TCP_FIRST_PACKET;998999ATF_CHECK_ERRNO(EINVAL, ioctl(dev, DIOCADDSTATE, &st) == -1);1000}10011002ATF_TC_CLEANUP(addstate, tc)1003{1004COMMON_CLEANUP();1005}10061007ATF_TP_ADD_TCS(tp)1008{1009ATF_TP_ADD_TC(tp, addtables);1010ATF_TP_ADD_TC(tp, deltables);1011ATF_TP_ADD_TC(tp, gettables);1012ATF_TP_ADD_TC(tp, clrtables);1013ATF_TP_ADD_TC(tp, getastats);1014ATF_TP_ADD_TC(tp, gettstats);1015ATF_TP_ADD_TC(tp, clrtstats);1016ATF_TP_ADD_TC(tp, settflags);1017ATF_TP_ADD_TC(tp, addaddrs);1018ATF_TP_ADD_TC(tp, deladdrs);1019ATF_TP_ADD_TC(tp, setaddrs);1020ATF_TP_ADD_TC(tp, getaddrs);1021ATF_TP_ADD_TC(tp, clrastats);1022ATF_TP_ADD_TC(tp, tstaddrs);1023ATF_TP_ADD_TC(tp, inadefine);1024ATF_TP_ADD_TC(tp, igetifaces);1025ATF_TP_ADD_TC(tp, cxbegin);1026ATF_TP_ADD_TC(tp, cxrollback);1027ATF_TP_ADD_TC(tp, commit);1028ATF_TP_ADD_TC(tp, getsrcnodes);1029ATF_TP_ADD_TC(tp, tag);1030ATF_TP_ADD_TC(tp, rpool_mtx);1031ATF_TP_ADD_TC(tp, rpool_mtx2);1032ATF_TP_ADD_TC(tp, natlook);1033ATF_TP_ADD_TC(tp, addstate);10341035return (atf_no_error());1036}103710381039