Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/tests/sys/netpfil/pf/max_pkt_rate.sh
39536 views
1
#

2
# SPDX-License-Identifier: BSD-2-Clause

3
#

4
# Copyright (c) 2025 Rubicon Communications, LLC (Netgate)

5
#

6
# Redistribution and use in source and binary forms, with or without

7
# modification, are permitted provided that the following conditions

8
# are met:

9
# 1. Redistributions of source code must retain the above copyright

10
#    notice, this list of conditions and the following disclaimer.

11
# 2. Redistributions in binary form must reproduce the above copyright

12
#    notice, this list of conditions and the following disclaimer in the

13
#    documentation and/or other materials provided with the distribution.

14
#

15
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

16
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

17
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

18
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

19
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

20
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

21
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

22
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

23
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

24
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

25
# SUCH DAMAGE.

26


27
. $(atf_get_srcdir)/utils.subr

28


29
common_setup()

30
{

31
	epair=$(vnet_mkepair)

32


33
	ifconfig ${epair}a inet 192.0.2.2/24 up

34


35
	vnet_mkjail alcatraz ${epair}b

36
	jexec alcatraz ifconfig ${epair}b inet 192.0.2.1/24 up

37


38
	# Sanity check

39
	atf_check -s exit:0 -o ignore \

40
	    ping -c 1 192.0.2.1

41


42
	jexec alcatraz pfctl -e

43
}

44


45
common_test()

46
{

47
	# One ping will pass

48
	atf_check -s exit:0 -o ignore \

49
	    ping -c 1 192.0.2.1

50


51
	# As will a second

52
	atf_check -s exit:0 -o ignore \

53
	    ping -c 1 192.0.2.1

54


55
	# But the third should fail

56
	atf_check -s exit:2 -o ignore \

57
	    ping -c 1 192.0.2.1

58


59
	# But three seconds later we can ping again

60
	sleep 3

61
	atf_check -s exit:0 -o ignore \

62
	    ping -c 1 192.0.2.1

63
}

64


65
atf_test_case "basic" "cleanup"

66
basic_head()

67
{

68
	atf_set descr 'Basic maximum packet rate test'

69
	atf_set require.user root

70
}

71


72
basic_body()

73
{

74
	pft_init

75


76
	common_setup

77


78
	pft_set_rules alcatraz \

79
	    "block" \

80
	    "pass in proto icmp max-pkt-rate 2/2"

81


82
	common_test

83
}

84


85
basic_cleanup()

86
{

87
	pft_cleanup

88
}

89


90
atf_test_case "anchor" "cleanup"

91
anchor_head()

92
{

93
	atf_set descr 'maximum packet rate on anchor'

94
	atf_set require.user root

95
}

96


97
anchor_body()

98
{

99
	pft_init

100


101
	common_setup

102


103
	pft_set_rules alcatraz \

104
	    "block" \

105
	    "anchor \"foo\" proto icmp max-pkt-rate 2/2 {\n \

106
	    	pass \n \

107
	    }"

108


109
	common_test

110
}

111


112
anchor_cleanup()

113
{

114
	pft_cleanup

115
}

116


117
atf_init_test_cases()

118
{

119
	atf_add_test_case "basic"

120
	atf_add_test_case "anchor"

121
}

122


123