Path: blob/main/tests/sys/netpfil/pf/ioctl/validation.c
39536 views
/*-1* Copyright (c) 2018 Kristof Provost <[email protected]>2*3* Redistribution and use in source and binary forms, with or without4* modification, are permitted provided that the following conditions5* are met:6* 1. Redistributions of source code must retain the above copyright7* notice, this list of conditions and the following disclaimer.8* 2. Redistributions in binary form must reproduce the above copyright9* notice, this list of conditions and the following disclaimer in the10* documentation and/or other materials provided with the distribution.11*12* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND13* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE14* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE15* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE16* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL17* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS18* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)19* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT20* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY21* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF22* SUCH DAMAGE.23*/2425#include <sys/param.h>26#include <sys/module.h>27#include <sys/types.h>28#include <sys/ioctl.h>29#include <sys/socket.h>3031#include <net/if.h>32#include <net/pfvar.h>3334#include <errno.h>35#include <fcntl.h>36#include <stdio.h>3738#include <atf-c.h>3940static int dev;4142#define COMMON_HEAD() \43dev = open("/dev/pf", O_RDWR); \44if (dev == -1) \45atf_tc_skip("Failed to open /dev/pf");4647#define COMMON_CLEANUP() \48close(dev);4950static void51common_init_tbl(struct pfr_table *tbl)52{53bzero(tbl, sizeof(struct pfr_table));54strcpy(tbl->pfrt_anchor, "anchor");55strcpy(tbl->pfrt_name, "name");56tbl->pfrt_flags = 0;57tbl->pfrt_fback = 0;58}5960ATF_TC_WITH_CLEANUP(addtables);61ATF_TC_HEAD(addtables, tc)62{63atf_tc_set_md_var(tc, "require.user", "root");64atf_tc_set_md_var(tc, "require.kmods", "pf");65}6667ATF_TC_BODY(addtables, tc)68{69struct pfioc_table io;70struct pfr_table tbl;71struct pfr_table tbls[4];72int flags;7374COMMON_HEAD();7576flags = 0;7778bzero(&io, sizeof(io));79io.pfrio_flags = flags;80io.pfrio_buffer = &tbl;81io.pfrio_esize = sizeof(tbl);8283/* Negative size */84io.pfrio_size = -1;85if (ioctl(dev, DIOCRADDTABLES, &io) == 0)86atf_tc_fail("Request with size -1 succeeded");8788/* Overly large size */89io.pfrio_size = 1 << 24;90if (ioctl(dev, DIOCRADDTABLES, &io) == 0)91atf_tc_fail("Request with size 1 << 24 succeeded");9293/* NULL buffer */94io.pfrio_size = 1;95io.pfrio_buffer = NULL;96if (ioctl(dev, DIOCRADDTABLES, &io) == 0)97atf_tc_fail("Request with NULL buffer succeeded");9899/* This can provoke a memory leak, see r331225. */100io.pfrio_size = 4;101for (int i = 0; i < io.pfrio_size; i++)102common_init_tbl(&tbls[i]);103104io.pfrio_buffer = &tbls;105ioctl(dev, DIOCRADDTABLES, &io);106}107108ATF_TC_CLEANUP(addtables, tc)109{110COMMON_CLEANUP();111}112113ATF_TC_WITH_CLEANUP(deltables);114ATF_TC_HEAD(deltables, tc)115{116atf_tc_set_md_var(tc, "require.user", "root");117atf_tc_set_md_var(tc, "require.kmods", "pf");118}119120ATF_TC_BODY(deltables, tc)121{122struct pfioc_table io;123struct pfr_table tbl;124int flags;125126COMMON_HEAD();127128flags = 0;129130bzero(&io, sizeof(io));131io.pfrio_flags = flags;132io.pfrio_buffer = &tbl;133io.pfrio_esize = sizeof(tbl);134135/* Negative size */136io.pfrio_size = -1;137if (ioctl(dev, DIOCRDELTABLES, &io) == 0)138atf_tc_fail("Request with size -1 succeeded");139140/* Overly large size */141io.pfrio_size = 1 << 24;142if (ioctl(dev, DIOCRDELTABLES, &io) == 0)143atf_tc_fail("Request with size 1 << 24 succeeded");144145/* NULL buffer */146io.pfrio_size = 1;147io.pfrio_buffer = NULL;148if (ioctl(dev, DIOCRDELTABLES, &io) == 0)149atf_tc_fail("Request with NULL buffer succeeded");150}151152ATF_TC_CLEANUP(deltables, tc)153{154COMMON_CLEANUP();155}156157ATF_TC_WITH_CLEANUP(gettables);158ATF_TC_HEAD(gettables, tc)159{160atf_tc_set_md_var(tc, "require.user", "root");161atf_tc_set_md_var(tc, "require.kmods", "pf");162}163164ATF_TC_BODY(gettables, tc)165{166struct pfioc_table io;167struct pfr_table tbl;168int flags;169170COMMON_HEAD();171172flags = 0;173174bzero(&io, sizeof(io));175io.pfrio_flags = flags;176io.pfrio_buffer = &tbl;177io.pfrio_esize = sizeof(tbl);178179/* Negative size. This will succeed, because the kernel will not copy180* tables than it has. */181io.pfrio_size = -1;182if (ioctl(dev, DIOCRGETTABLES, &io) != 0)183atf_tc_fail("Request with size -1 failed");184185/* Overly large size. See above. */186io.pfrio_size = 1 << 24;187if (ioctl(dev, DIOCRGETTABLES, &io) != 0)188atf_tc_fail("Request with size 1 << 24 failed");189}190191ATF_TC_CLEANUP(gettables, tc)192{193COMMON_CLEANUP();194}195196ATF_TC_WITH_CLEANUP(gettstats);197ATF_TC_HEAD(gettstats, tc)198{199atf_tc_set_md_var(tc, "require.user", "root");200atf_tc_set_md_var(tc, "require.kmods", "pf");201}202203ATF_TC_BODY(gettstats, tc)204{205struct pfioc_table io;206struct pfr_tstats stats;207int flags;208209COMMON_HEAD();210211flags = 0;212213bzero(&io, sizeof(io));214io.pfrio_flags = flags;215io.pfrio_buffer = &stats;216io.pfrio_esize = sizeof(stats);217218/* Negative size. This will succeed, because the kernel will not copy219* tables than it has. */220io.pfrio_size = -1;221if (ioctl(dev, DIOCRGETTSTATS, &io) != 0)222atf_tc_fail("Request with size -1 failed");223224/* Overly large size. See above. */225io.pfrio_size = 1 << 24;226if (ioctl(dev, DIOCRGETTSTATS, &io) != 0)227atf_tc_fail("Request with size 1 << 24 failed");228}229230ATF_TC_CLEANUP(gettstats, tc)231{232COMMON_CLEANUP();233}234235ATF_TC_WITH_CLEANUP(clrtstats);236ATF_TC_HEAD(clrtstats, tc)237{238atf_tc_set_md_var(tc, "require.user", "root");239atf_tc_set_md_var(tc, "require.kmods", "pf");240}241242ATF_TC_BODY(clrtstats, tc)243{244struct pfioc_table io;245struct pfr_table tbl;246int flags;247248COMMON_HEAD();249250flags = 0;251252common_init_tbl(&tbl);253254bzero(&io, sizeof(io));255io.pfrio_flags = flags;256io.pfrio_buffer = &tbl;257io.pfrio_esize = sizeof(tbl);258259/* Negative size. This will succeed, because the kernel will not copy260* tables than it has. */261io.pfrio_size = -1;262if (ioctl(dev, DIOCRCLRTSTATS, &io) != 0)263atf_tc_fail("Request with size -1 failed ");264265/* Overly large size. See above. */266io.pfrio_size = 1 << 24;267if (ioctl(dev, DIOCRCLRTSTATS, &io) != 0)268atf_tc_fail("Request with size 1 << 24 failed");269270io.pfrio_size = sizeof(tbl);271io.pfrio_buffer = NULL;272if (ioctl(dev, DIOCRCLRTSTATS, &io) == 0)273atf_tc_fail("Request with NULL buffer succeeded");274}275276ATF_TC_CLEANUP(clrtstats, tc)277{278COMMON_CLEANUP();279}280281ATF_TC_WITH_CLEANUP(settflags);282ATF_TC_HEAD(settflags, tc)283{284atf_tc_set_md_var(tc, "require.user", "root");285atf_tc_set_md_var(tc, "require.kmods", "pf");286}287288ATF_TC_BODY(settflags, tc)289{290struct pfioc_table io;291struct pfr_table tbl;292int flags;293294COMMON_HEAD();295296flags = 0;297298common_init_tbl(&tbl);299300bzero(&io, sizeof(io));301io.pfrio_flags = flags;302io.pfrio_buffer = &tbl;303io.pfrio_esize = sizeof(tbl);304305/* Negative size. This will succeed, because the kernel will not copy306* tables than it has. */307io.pfrio_size = -1;308if (ioctl(dev, DIOCRSETTFLAGS, &io) != 0)309atf_tc_fail("Request with size -1 failed");310311/* Overly large size. See above. */312io.pfrio_size = 1 << 28;313if (ioctl(dev, DIOCRSETTFLAGS, &io) != 0)314atf_tc_fail("Request with size 1 << 24 failed");315316/* NULL buffer */317io.pfrio_buffer = NULL;318if (ioctl(dev, DIOCRSETTFLAGS, &io) != -1)319atf_tc_fail("Request with NULL buffer succeeded");320}321322ATF_TC_CLEANUP(settflags, tc)323{324COMMON_CLEANUP();325}326327ATF_TC_WITH_CLEANUP(addaddrs);328ATF_TC_HEAD(addaddrs, tc)329{330atf_tc_set_md_var(tc, "require.user", "root");331atf_tc_set_md_var(tc, "require.kmods", "pf");332}333334ATF_TC_BODY(addaddrs, tc)335{336struct pfioc_table io;337struct pfr_addr addr;338339COMMON_HEAD();340341bzero(&addr, sizeof(addr));342bzero(&io, sizeof(io));343io.pfrio_flags = 0;344io.pfrio_buffer = &addr;345io.pfrio_esize = sizeof(addr);346347/* Negative size. */348io.pfrio_size = -1;349if (ioctl(dev, DIOCRADDADDRS, &io) == 0)350atf_tc_fail("Request with size -1 succeeded");351352/* Overly large size. */353io.pfrio_size = 1 << 28;354if (ioctl(dev, DIOCRADDADDRS, &io) == 0)355atf_tc_fail("Reuqest with size 1 << 28 failed");356}357358ATF_TC_CLEANUP(addaddrs, tc)359{360COMMON_CLEANUP();361}362363ATF_TC_WITH_CLEANUP(deladdrs);364ATF_TC_HEAD(deladdrs, tc)365{366atf_tc_set_md_var(tc, "require.user", "root");367atf_tc_set_md_var(tc, "require.kmods", "pf");368}369370ATF_TC_BODY(deladdrs, tc)371{372struct pfioc_table io;373struct pfr_addr addr;374375COMMON_HEAD();376377bzero(&addr, sizeof(addr));378bzero(&io, sizeof(io));379io.pfrio_flags = 0;380io.pfrio_buffer = &addr;381io.pfrio_esize = sizeof(addr);382383/* Negative size. */384io.pfrio_size = -1;385if (ioctl(dev, DIOCRDELADDRS, &io) == 0)386atf_tc_fail("Request with size -1 succeeded");387388/* Overly large size. */389io.pfrio_size = 1 << 28;390if (ioctl(dev, DIOCRDELADDRS, &io) == 0)391atf_tc_fail("Reuqest with size 1 << 28 failed");392}393394ATF_TC_CLEANUP(deladdrs, tc)395{396COMMON_CLEANUP();397}398399ATF_TC_WITH_CLEANUP(setaddrs);400ATF_TC_HEAD(setaddrs, tc)401{402atf_tc_set_md_var(tc, "require.user", "root");403atf_tc_set_md_var(tc, "require.kmods", "pf");404}405406ATF_TC_BODY(setaddrs, tc)407{408struct pfioc_table io;409struct pfr_addr addr;410411COMMON_HEAD();412413bzero(&addr, sizeof(addr));414bzero(&io, sizeof(io));415io.pfrio_flags = 0;416io.pfrio_buffer = &addr;417io.pfrio_esize = sizeof(addr);418419/* Negative size. */420io.pfrio_size = -1;421if (ioctl(dev, DIOCRSETADDRS, &io) == 0)422atf_tc_fail("Request with size -1 succeeded");423424/* Overly large size. */425io.pfrio_size = 1 << 28;426if (ioctl(dev, DIOCRSETADDRS, &io) == 0)427atf_tc_fail("Reuqest with size 1 << 28 failed");428}429430ATF_TC_CLEANUP(setaddrs, tc)431{432COMMON_CLEANUP();433}434435ATF_TC_WITH_CLEANUP(getaddrs);436ATF_TC_HEAD(getaddrs, tc)437{438atf_tc_set_md_var(tc, "require.user", "root");439atf_tc_set_md_var(tc, "require.kmods", "pf");440}441442ATF_TC_BODY(getaddrs, tc)443{444struct pfioc_table io;445struct pfr_addr addr;446447COMMON_HEAD();448449bzero(&addr, sizeof(addr));450bzero(&io, sizeof(io));451io.pfrio_flags = 0;452io.pfrio_buffer = &addr;453io.pfrio_esize = sizeof(addr);454455common_init_tbl(&io.pfrio_table);456457/* Negative size. */458io.pfrio_size = -1;459if (ioctl(dev, DIOCRGETADDRS, &io) == 0)460atf_tc_fail("Request with size -1 succeeded");461462/* Overly large size. */463io.pfrio_size = 1 << 24;464if (ioctl(dev, DIOCRGETADDRS, &io) == 0)465atf_tc_fail("Request with size 1 << 24 failed");466}467468ATF_TC_CLEANUP(getaddrs, tc)469{470COMMON_CLEANUP();471}472473ATF_TC_WITH_CLEANUP(getastats);474ATF_TC_HEAD(getastats, tc)475{476atf_tc_set_md_var(tc, "require.user", "root");477atf_tc_set_md_var(tc, "require.kmods", "pf");478}479480ATF_TC_BODY(getastats, tc)481{482struct pfioc_table io;483struct pfr_astats astats;484485COMMON_HEAD();486487bzero(&astats, sizeof(astats));488bzero(&io, sizeof(io));489io.pfrio_flags = 0;490io.pfrio_buffer = &astats;491io.pfrio_esize = sizeof(astats);492493common_init_tbl(&io.pfrio_table);494495/* Negative size. */496io.pfrio_size = -1;497if (ioctl(dev, DIOCRGETASTATS, &io) == 0)498atf_tc_fail("Request with size -1 succeeded");499500/* Overly large size. */501io.pfrio_size = 1 << 24;502if (ioctl(dev, DIOCRGETASTATS, &io) == 0)503atf_tc_fail("Request with size 1 << 24 failed");504}505506ATF_TC_CLEANUP(getastats, tc)507{508COMMON_CLEANUP();509}510511ATF_TC_WITH_CLEANUP(clrastats);512ATF_TC_HEAD(clrastats, tc)513{514atf_tc_set_md_var(tc, "require.user", "root");515atf_tc_set_md_var(tc, "require.kmods", "pf");516}517518ATF_TC_BODY(clrastats, tc)519{520struct pfioc_table io;521struct pfr_addr addr;522523COMMON_HEAD();524525bzero(&addr, sizeof(addr));526bzero(&io, sizeof(io));527io.pfrio_flags = 0;528io.pfrio_buffer = &addr;529io.pfrio_esize = sizeof(addr);530531common_init_tbl(&io.pfrio_table);532533/* Negative size. */534io.pfrio_size = -1;535if (ioctl(dev, DIOCRCLRASTATS, &io) == 0)536atf_tc_fail("Request with size -1 succeeded");537538/* Overly large size. */539io.pfrio_size = 1 << 24;540if (ioctl(dev, DIOCRCLRASTATS, &io) == 0)541atf_tc_fail("Request with size 1 << 24 failed");542}543544ATF_TC_CLEANUP(clrastats, tc)545{546COMMON_CLEANUP();547}548549ATF_TC_WITH_CLEANUP(tstaddrs);550ATF_TC_HEAD(tstaddrs, tc)551{552atf_tc_set_md_var(tc, "require.user", "root");553atf_tc_set_md_var(tc, "require.kmods", "pf");554}555556ATF_TC_BODY(tstaddrs, tc)557{558struct pfioc_table io;559struct pfr_addr addr;560561COMMON_HEAD();562563bzero(&addr, sizeof(addr));564bzero(&io, sizeof(io));565io.pfrio_flags = 0;566io.pfrio_buffer = &addr;567io.pfrio_esize = sizeof(addr);568569common_init_tbl(&io.pfrio_table);570571/* Negative size. */572io.pfrio_size = -1;573if (ioctl(dev, DIOCRTSTADDRS, &io) == 0)574atf_tc_fail("Request with size -1 succeeded");575576/* Overly large size. */577io.pfrio_size = 1 << 24;578if (ioctl(dev, DIOCRTSTADDRS, &io) == 0)579atf_tc_fail("Request with size 1 << 24 failed");580}581582ATF_TC_CLEANUP(tstaddrs, tc)583{584COMMON_CLEANUP();585}586587ATF_TC_WITH_CLEANUP(inadefine);588ATF_TC_HEAD(inadefine, tc)589{590atf_tc_set_md_var(tc, "require.user", "root");591atf_tc_set_md_var(tc, "require.kmods", "pf");592}593594ATF_TC_BODY(inadefine, tc)595{596struct pfioc_table io;597struct pfr_addr addr;598599COMMON_HEAD();600601bzero(&addr, sizeof(addr));602bzero(&io, sizeof(io));603io.pfrio_flags = 0;604io.pfrio_buffer = &addr;605io.pfrio_esize = sizeof(addr);606607common_init_tbl(&io.pfrio_table);608609/* Negative size. */610io.pfrio_size = -1;611if (ioctl(dev, DIOCRINADEFINE, &io) == 0)612atf_tc_fail("Request with size -1 succeeded");613614/* Overly large size. */615io.pfrio_size = 1 << 24;616if (ioctl(dev, DIOCRINADEFINE, &io) == 0)617atf_tc_fail("Request with size 1 << 24 failed");618}619620ATF_TC_CLEANUP(inadefine, tc)621{622COMMON_CLEANUP();623}624625ATF_TC_WITH_CLEANUP(igetifaces);626ATF_TC_HEAD(igetifaces, tc)627{628atf_tc_set_md_var(tc, "require.user", "root");629atf_tc_set_md_var(tc, "require.kmods", "pf");630}631632ATF_TC_BODY(igetifaces, tc)633{634struct pfioc_iface io;635struct pfi_kif kif;636637COMMON_HEAD();638639bzero(&io, sizeof(io));640io.pfiio_flags = 0;641io.pfiio_buffer = &kif;642io.pfiio_esize = sizeof(kif);643644/* Negative size */645io.pfiio_size = -1;646if (ioctl(dev, DIOCIGETIFACES, &io) == 0)647atf_tc_fail("request with size -1 succeeded");648649/* Overflow size */650io.pfiio_size = 1 << 31;651if (ioctl(dev, DIOCIGETIFACES, &io) == 0)652atf_tc_fail("request with size 1 << 31 succeeded");653}654655ATF_TC_CLEANUP(igetifaces, tc)656{657COMMON_CLEANUP();658}659660ATF_TC_WITH_CLEANUP(cxbegin);661ATF_TC_HEAD(cxbegin, tc)662{663atf_tc_set_md_var(tc, "require.user", "root");664atf_tc_set_md_var(tc, "require.kmods", "pf");665}666667ATF_TC_BODY(cxbegin, tc)668{669struct pfioc_trans io;670struct pfioc_trans_e ioe;671672COMMON_HEAD();673674bzero(&io, sizeof(io));675io.esize = sizeof(ioe);676io.array = &ioe;677678/* Negative size */679io.size = -1;680if (ioctl(dev, DIOCXBEGIN, &io) == 0)681atf_tc_fail("request with size -1 succeeded");682683/* Overflow size */684io.size = 1 << 30;685if (ioctl(dev, DIOCXBEGIN, &io) == 0)686atf_tc_fail("request with size 1 << 30 succeeded");687688/* NULL buffer */689io.size = 1;690io.array = NULL;691if (ioctl(dev, DIOCXBEGIN, &io) == 0)692atf_tc_fail("request with size -1 succeeded");693}694695ATF_TC_CLEANUP(cxbegin, tc)696{697COMMON_CLEANUP();698}699700ATF_TC_WITH_CLEANUP(cxrollback);701ATF_TC_HEAD(cxrollback, tc)702{703atf_tc_set_md_var(tc, "require.user", "root");704atf_tc_set_md_var(tc, "require.kmods", "pf");705}706707ATF_TC_BODY(cxrollback, tc)708{709struct pfioc_trans io;710struct pfioc_trans_e ioe;711712COMMON_HEAD();713714bzero(&io, sizeof(io));715io.esize = sizeof(ioe);716io.array = &ioe;717718/* Negative size */719io.size = -1;720if (ioctl(dev, DIOCXROLLBACK, &io) == 0)721atf_tc_fail("request with size -1 succeeded");722723/* Overflow size */724io.size = 1 << 30;725if (ioctl(dev, DIOCXROLLBACK, &io) == 0)726atf_tc_fail("request with size 1 << 30 succeeded");727728/* NULL buffer */729io.size = 1;730io.array = NULL;731if (ioctl(dev, DIOCXROLLBACK, &io) == 0)732atf_tc_fail("request with size -1 succeeded");733}734735ATF_TC_CLEANUP(cxrollback, tc)736{737COMMON_CLEANUP();738}739740ATF_TC_WITH_CLEANUP(commit);741ATF_TC_HEAD(commit, tc)742{743atf_tc_set_md_var(tc, "require.user", "root");744atf_tc_set_md_var(tc, "require.kmods", "pf");745}746747ATF_TC_BODY(commit, tc)748{749struct pfioc_trans io;750struct pfioc_trans_e ioe;751752COMMON_HEAD();753754bzero(&io, sizeof(io));755io.esize = sizeof(ioe);756io.array = &ioe;757758/* Negative size */759io.size = -1;760if (ioctl(dev, DIOCXCOMMIT, &io) == 0)761atf_tc_fail("request with size -1 succeeded");762763/* Overflow size */764io.size = 1 << 30;765if (ioctl(dev, DIOCXCOMMIT, &io) == 0)766atf_tc_fail("request with size 1 << 30 succeeded");767768/* NULL buffer */769io.size = 1;770io.array = NULL;771if (ioctl(dev, DIOCXCOMMIT, &io) == 0)772atf_tc_fail("request with size -1 succeeded");773}774775ATF_TC_CLEANUP(commit, tc)776{777COMMON_CLEANUP();778}779780ATF_TC_WITH_CLEANUP(getsrcnodes);781ATF_TC_HEAD(getsrcnodes, tc)782{783atf_tc_set_md_var(tc, "require.user", "root");784atf_tc_set_md_var(tc, "require.kmods", "pf");785}786787ATF_TC_BODY(getsrcnodes, tc)788{789struct pfioc_src_nodes psn;790791COMMON_HEAD();792793bzero(&psn, sizeof(psn));794795psn.psn_len = -1;796if (ioctl(dev, DIOCGETSRCNODES, &psn) != 0)797atf_tc_fail("request with size -1 failed");798799psn.psn_len = 1 << 30;800if (ioctl(dev, DIOCGETSRCNODES, &psn) != 0)801atf_tc_fail("request with size << 30 failed");802803psn.psn_len = 1 << 31;804if (ioctl(dev, DIOCGETSRCNODES, &psn) != 0)805atf_tc_fail("request with size << 30 failed");806}807808ATF_TC_CLEANUP(getsrcnodes, tc)809{810COMMON_CLEANUP();811}812813ATF_TC_WITH_CLEANUP(tag);814ATF_TC_HEAD(tag, tc)815{816atf_tc_set_md_var(tc, "require.user", "root");817atf_tc_set_md_var(tc, "require.kmods", "pf");818}819820ATF_TC_BODY(tag, tc)821{822struct pfioc_rule rule;823824COMMON_HEAD();825826memset(&rule, 0x42, sizeof(rule));827828rule.ticket = 0;829rule.pool_ticket = 0;830rule.anchor[0] = 0;831832rule.rule.return_icmp = 0;833bzero(&rule.rule.src, sizeof(rule.rule.src));834bzero(&rule.rule.dst, sizeof(rule.rule.dst));835836rule.rule.ifname[0] = 0;837rule.rule.action = 0;838rule.rule.rtableid = 0;839840rule.rule.tagname[0] = 0;841842for (int i = 0; i < 10; i++)843ioctl(dev, DIOCADDRULE, &rule);844}845846ATF_TC_CLEANUP(tag, tc)847{848COMMON_CLEANUP();849}850851ATF_TC_WITH_CLEANUP(rpool_mtx);852ATF_TC_HEAD(rpool_mtx, tc)853{854atf_tc_set_md_var(tc, "require.user", "root");855atf_tc_set_md_var(tc, "require.kmods", "pf");856}857858ATF_TC_BODY(rpool_mtx, tc)859{860struct pfioc_rule rule;861862COMMON_HEAD();863864memset(&rule, 0, sizeof(rule));865866rule.ticket = 0;867rule.pool_ticket = 0;868rule.anchor[0] = 0;869870rule.rule.return_icmp = 0;871bzero(&rule.rule.src, sizeof(rule.rule.src));872bzero(&rule.rule.dst, sizeof(rule.rule.dst));873874rule.rule.ifname[0] = 0;875rule.rule.action = 0;876rule.rule.rtableid = 0;877878rule.rule.tagname[0] = 0;879rule.rule.action = 42;880881ioctl(dev, DIOCADDRULE, &rule);882}883884ATF_TC_CLEANUP(rpool_mtx, tc)885{886COMMON_CLEANUP();887}888889ATF_TC_WITH_CLEANUP(rpool_mtx2);890ATF_TC_HEAD(rpool_mtx2, tc)891{892atf_tc_set_md_var(tc, "require.user", "root");893atf_tc_set_md_var(tc, "require.kmods", "pf");894}895896ATF_TC_BODY(rpool_mtx2, tc)897{898struct pfioc_rule rule;899900COMMON_HEAD();901902memset(&rule, 0, sizeof(rule));903904rule.pool_ticket = 1000000;905rule.action = PF_CHANGE_ADD_HEAD;906rule.rule.af = AF_INET;907908ioctl(dev, DIOCCHANGERULE, &rule);909}910911ATF_TC_CLEANUP(rpool_mtx2, tc)912{913COMMON_CLEANUP();914}915916ATF_TC_WITH_CLEANUP(natlook);917ATF_TC_HEAD(natlook, tc)918{919atf_tc_set_md_var(tc, "require.user", "root");920atf_tc_set_md_var(tc, "require.kmods", "pf");921}922923ATF_TC_BODY(natlook, tc)924{925struct pfioc_natlook nl = { 0 };926927COMMON_HEAD();928929nl.af = AF_INET;930nl.proto = IPPROTO_ICMP;931nl.saddr.v4.s_addr = 0x01020304;932nl.daddr.v4.s_addr = 0x05060708;933934/* Invalid direction */935nl.direction = 42;936937ATF_CHECK_ERRNO(EINVAL, ioctl(dev, DIOCNATLOOK, &nl) == -1);938939/* Invalid af */940nl.direction = PF_IN;941nl.af = 99;942943ATF_CHECK_ERRNO(EAFNOSUPPORT, ioctl(dev, DIOCNATLOOK, &nl) == -1);944}945946ATF_TC_CLEANUP(natlook, tc)947{948COMMON_CLEANUP();949}950951ATF_TP_ADD_TCS(tp)952{953ATF_TP_ADD_TC(tp, addtables);954ATF_TP_ADD_TC(tp, deltables);955ATF_TP_ADD_TC(tp, gettables);956ATF_TP_ADD_TC(tp, getastats);957ATF_TP_ADD_TC(tp, gettstats);958ATF_TP_ADD_TC(tp, clrtstats);959ATF_TP_ADD_TC(tp, settflags);960ATF_TP_ADD_TC(tp, addaddrs);961ATF_TP_ADD_TC(tp, deladdrs);962ATF_TP_ADD_TC(tp, setaddrs);963ATF_TP_ADD_TC(tp, getaddrs);964ATF_TP_ADD_TC(tp, clrastats);965ATF_TP_ADD_TC(tp, tstaddrs);966ATF_TP_ADD_TC(tp, inadefine);967ATF_TP_ADD_TC(tp, igetifaces);968ATF_TP_ADD_TC(tp, cxbegin);969ATF_TP_ADD_TC(tp, cxrollback);970ATF_TP_ADD_TC(tp, commit);971ATF_TP_ADD_TC(tp, getsrcnodes);972ATF_TP_ADD_TC(tp, tag);973ATF_TP_ADD_TC(tp, rpool_mtx);974ATF_TP_ADD_TC(tp, rpool_mtx2);975ATF_TP_ADD_TC(tp, natlook);976977return (atf_no_error());978}979980981