Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 26 Oct 2017 20:54:52 +0000 (UTC)
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r325021 - head/tests/sys/netpfil/pf
Message-ID:  <201710262054.v9QKsqCY059785@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: kp
Date: Thu Oct 26 20:54:52 2017
New Revision: 325021
URL: https://svnweb.freebsd.org/changeset/base/325021

Log:
  pf tests: Fragmentation (v6) test
  
  Test fragmentation handling (i.e. scrub fragment reassemble) code for
  IPv6.
  
  Two simple tests: Ping a host (jail) and test forwarding of fragmented
  packets.

Added:
  head/tests/sys/netpfil/pf/fragmentation.sh   (contents, props changed)
Modified:
  head/tests/sys/netpfil/pf/Makefile

Modified: head/tests/sys/netpfil/pf/Makefile
==============================================================================
--- head/tests/sys/netpfil/pf/Makefile	Thu Oct 26 20:53:56 2017	(r325020)
+++ head/tests/sys/netpfil/pf/Makefile	Thu Oct 26 20:54:52 2017	(r325021)
@@ -6,6 +6,7 @@ TESTSDIR=       ${TESTSBASE}/sys/netpfil/pf
 
 ATF_TESTS_SH+=	pass_block \
 		forward \
+		fragmentation \
 		set_tos
 
 ${PACKAGE}FILES+=	utils.subr \

Added: head/tests/sys/netpfil/pf/fragmentation.sh
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tests/sys/netpfil/pf/fragmentation.sh	Thu Oct 26 20:54:52 2017	(r325021)
@@ -0,0 +1,74 @@
+# $FreeBSD$
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "v6" "cleanup"
+v6_head()
+{
+	atf_set descr 'IPv6 fragmentation test'
+	atf_set require.user root
+	atf_set require.progs scapy
+}
+
+v6_body()
+{
+	pft_init
+
+	epair_send=$(pft_mkepair)
+	epair_link=$(pft_mkepair)
+
+	pft_mkjail alcatraz ${epair_send}b ${epair_link}a
+	pft_mkjail singsing ${epair_link}b
+
+	ifconfig ${epair_send}a inet6 2001:db8:42::1/64 no_dad up
+
+	jexec alcatraz ifconfig ${epair_send}b inet6 2001:db8:42::2/64 no_dad up
+	jexec alcatraz ifconfig ${epair_link}a inet6 2001:db8:43::2/64 no_dad up
+	jexec alcatraz sysctl net.inet6.ip6.forwarding=1
+
+	jexec singsing ifconfig ${epair_link}b inet6 2001:db8:43::3/64 no_dad up
+	jexec singsing route add -6 2001:db8:42::/64 2001:db8:43::2
+	route add -6 2001:db8:43::/64 2001:db8:42::2
+
+	jexec alcatraz ifconfig ${epair_send}b inet6 -ifdisabled
+	jexec alcatraz ifconfig ${epair_link}a inet6 -ifdisabled
+	jexec singsing ifconfig ${epair_link}b inet6 -ifdisabled
+	ifconfig ${epair_send}a inet6 -ifdisabled
+
+	jexec alcatraz pfctl -e
+	pft_set_rules alcatraz \
+		"scrub fragment reassemble" \
+		"block in" \
+		"pass in inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv }" \
+		"pass in inet6 proto icmp6 icmp6-type { echoreq, echorep }"
+
+	# Host test
+	atf_check -s exit:0 -o ignore \
+		ping6 -c 1 2001:db8:42::2
+
+	atf_check -s exit:0 -o ignore \
+		ping6 -c 1 -s 4500 2001:db8:42::2
+
+	atf_check -s exit:0 -o ignore\
+		ping6 -c 1 -b 70000 -s 65000 2001:db8:42::2
+
+	# Forwarding test
+	atf_check -s exit:0 -o ignore \
+		ping6 -c 1 2001:db8:43::3
+
+	atf_check -s exit:0 -o ignore \
+		ping6 -c 1 -s 4500 2001:db8:43::3
+
+	atf_check -s exit:0 -o ignore\
+		ping6 -c 1 -b 70000 -s 65000 2001:db8:43::3
+}
+
+v6_cleanup()
+{
+	pft_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "v6"
+}



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710262054.v9QKsqCY059785>