#1# SPDX-License-Identifier: BSD-2-Clause2#3# Copyright (c) 2024 Kristof Provost <[email protected]>4#5# Redistribution and use in source and binary forms, with or without6# modification, are permitted provided that the following conditions7# are met:8# 1. Redistributions of source code must retain the above copyright9# notice, this list of conditions and the following disclaimer.10# 2. Redistributions in binary form must reproduce the above copyright11# notice, this list of conditions and the following disclaimer in the12# documentation and/or other materials provided with the distribution.13#14# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND15# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE16# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE17# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE18# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL19# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS20# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)21# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT22# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY23# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF24# SUCH DAMAGE.2526. $(atf_get_srcdir)/utils.subr2728atf_test_case "basic" "cleanup"29basic_head()30{31atf_set descr 'Test setting and retrieving limits'32atf_set require.user root33}3435basic_body()36{37pft_init3839vnet_mkjail alcatraz4041pft_set_rules alcatraz \42"set limit states 200" \43"set limit frags 100" \44"set limit src-nodes 50" \45"set limit table-entries 25"4647atf_check -s exit:0 -o match:'states.*200' \48jexec alcatraz pfctl -sm49atf_check -s exit:0 -o match:'frags.*100' \50jexec alcatraz pfctl -sm51atf_check -s exit:0 -o match:'src-nodes.*50' \52jexec alcatraz pfctl -sm53atf_check -s exit:0 -o match:'table-entries.*25' \54jexec alcatraz pfctl -sm55}5657basic_cleanup()58{59pft_cleanup60}6162atf_test_case "zero" "cleanup"63zero_head()64{65atf_set descr 'Test changing a limit from zero on an in-use zone'66atf_set require.user root67}6869zero_body()70{71pft_init7273epair=$(vnet_mkepair)74ifconfig ${epair}b 192.0.2.2/24 up7576vnet_mkjail alcatraz ${epair}a77jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up7879atf_check -s exit:0 -o ignore \80ping -c 3 192.0.2.18182jexec alcatraz pfctl -e83# Set no limit84pft_set_rules noflush alcatraz \85"set limit states 0" \86"pass"8788# Check that we really report no limit89atf_check -s exit:0 -o 'match:states hard limit 0' \90jexec alcatraz pfctl -sa9192# Create a state93atf_check -s exit:0 -o ignore \94ping -c 3 192.0.2.19596# Limit states97pft_set_rules noflush alcatraz \98"set limit states 1000" \99"pass"100101# And create a new state102atf_check -s exit:0 -o ignore \103ping -c 3 192.0.2.1104105atf_check -s exit:0 -o 'match:states hard limit 1000' \106jexec alcatraz pfctl -sa107}108109zero_cleanup()110{111pft_cleanup112}113114atf_test_case "anchors" "cleanup"115anchors_head()116{117atf_set descr 'Test increasing maximum number of anchors'118atf_set require.user root119}120121anchors_body()122{123pft_init124125vnet_mkjail alcatraz126127jexec alcatraz pfctl -e128129pft_set_rules alcatraz \130"set limit anchors 1"131132pft_set_rules alcatraz \133"set limit anchors 2" \134"pass" \135"anchor \"foo\" {\n136pass in\n137}" \138"anchor \"bar\" {\n139pass out\n140}"141}142143anchors_cleanup()144{145pft_cleanup146}147148atf_init_test_cases()149{150atf_add_test_case "basic"151atf_add_test_case "zero"152atf_add_test_case "anchors"153}154155156