Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/tests/sys/netpfil/pf/max_pkt_size.sh
39536 views
1
#

2
# SPDX-License-Identifier: BSD-2-Clause

3
#

4
# Copyright (c) 2025 Rubicon Communications, LLC (Netgate)

5
#

6
# Redistribution and use in source and binary forms, with or without

7
# modification, are permitted provided that the following conditions

8
# are met:

9
# 1. Redistributions of source code must retain the above copyright

10
#    notice, this list of conditions and the following disclaimer.

11
# 2. Redistributions in binary form must reproduce the above copyright

12
#    notice, this list of conditions and the following disclaimer in the

13
#    documentation and/or other materials provided with the distribution.

14
#

15
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

16
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

17
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

18
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

19
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

20
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

21
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

22
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

23
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

24
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

25
# SUCH DAMAGE.

26


27
. $(atf_get_srcdir)/utils.subr

28


29
common_setup()

30
{

31
	epair=$(vnet_mkepair)

32


33
	ifconfig ${epair}b 192.0.2.2/24 up

34


35
	vnet_mkjail alcatraz ${epair}a

36
	jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up

37


38
	jexec alcatraz pfctl -e

39
}

40


41
common_test()

42
{

43
	# Small packets pass

44
	atf_check -s exit:0 -o ignore \

45
	    ping -c 1 192.0.2.1

46
	atf_check -s exit:0 -o ignore \

47
	    ping -c 1 -s 100 192.0.2.1

48


49
	# Larger packets do not

50
	atf_check -s exit:2 -o ignore \

51
	    ping -c 3 -s 101 192.0.2.1

52
	atf_check -s exit:2 -o ignore \

53
	    ping -c 3 -s 128 192.0.2.1

54
}

55


56
atf_test_case "basic" "cleanup"

57
basic_head()

58
{

59
	atf_set descr 'Basic max-pkt-size test'

60
	atf_set require.user root

61
}

62


63
basic_body()

64
{

65
	pft_init

66


67
	common_setup

68


69
	pft_set_rules alcatraz \

70
	    "pass max-pkt-size 128"

71


72
	common_test

73


74
	# We can enforce this on fragmented packets too

75
	pft_set_rules alcatraz \

76
	    "pass max-pkt-size 2000"

77


78
	atf_check -s exit:0 -o ignore \

79
	    ping -c 1 -s 1400 192.0.2.1

80
	atf_check -s exit:0 -o ignore \

81
	    ping -c 1 -s 1972 192.0.2.1

82
	atf_check -s exit:2 -o ignore \

83
	    ping -c 1 -s 1973 192.0.2.1

84
	atf_check -s exit:2 -o ignore \

85
	    ping -c 3 -s 3000 192.0.2.1

86
}

87


88
basic_cleanup()

89
{

90
	pft_cleanup

91
}

92


93
atf_test_case "match" "cleanup"

94
match_head()

95
{

96
	atf_set descr 'max-pkt-size on match rules'

97
	atf_set require.user root

98
}

99


100
match_body()

101
{

102
	pft_init

103


104
	common_setup

105


106
	pft_set_rules alcatraz \

107
	    "match in max-pkt-size 128" \

108
	    "pass"

109


110
	common_test

111
}

112


113
match_cleanup()

114
{

115
	pft_cleanup

116
}

117


118
atf_init_test_cases()

119
{

120
	atf_add_test_case "basic"

121
	atf_add_test_case "match"

122
}

123


124