Changeset View
Changeset View
Standalone View
Standalone View
tests/sys/netpfil/common/ipfw_me4.sh
| Property | Old Value | New Value |
|---|---|---|
| svn:eol-style | null | native \ No newline at end of property |
| svn:executable | null | * \ No newline at end of property |
| svn:keywords | null | FreeBSD=%H \ No newline at end of property |
| svn:mime-type | null | text/plain \ No newline at end of property |
| #- | |||||
| # SPDX-License-Identifier: BSD-2-Clause-FreeBSD | |||||
| # | |||||
| # Copyright (c) 2019 Neel Chauhan | |||||
melifaro: 2020 ? :-) | |||||
| # | |||||
| # Redistribution and use in source and binary forms, with or without | |||||
| # modification, are permitted provided that the following conditions | |||||
| # are met: | |||||
| # 1. Redistributions of source code must retain the above copyright | |||||
| # notice, this list of conditions and the following disclaimer. | |||||
| # 2. Redistributions in binary form must reproduce the above copyright | |||||
| # notice, this list of conditions and the following disclaimer in the | |||||
| # documentation and/or other materials provided with the distribution. | |||||
| # | |||||
| # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |||||
| # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||||
| # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||||
| # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |||||
| # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |||||
| # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |||||
| # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||||
| # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |||||
| # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |||||
| # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |||||
| # SUCH DAMAGE. | |||||
| # | |||||
| # $FreeBSD$ | |||||
| # | |||||
| . $(atf_get_srcdir)/utils.subr | |||||
| . $(atf_get_srcdir)/runner.subr | |||||
| me4_head() | |||||
| { | |||||
| atf_set descr 'IPFW me4 identifier test' | |||||
| atf_set require.user root | |||||
| } | |||||
| me4_body() | |||||
| { | |||||
| firewall=$1 | |||||
| firewall_init $firewall | |||||
| epair=$(vnet_mkepair) | |||||
| ifconfig ${epair}a 192.0.2.1/24 up | |||||
melifaroUnsubmitted Done Inline ActionsI'd suggest creating another jail for this end, to avoid using 192.0.2.0/24 in the host system and allow this tests running in parallel with other tests using this network. melifaro: I'd suggest creating another jail for this end, to avoid using `192.0.2.0/24` in the host… | |||||
| vnet_mkjail iron ${epair}b | |||||
melifaroUnsubmitted Done Inline ActionsBetter to use something like ${jname} as jail identifier. Also: it would be better to have the jail name somewhat consistent with the test name, as in the future we will certainly have more ipfw(8) tests. melifaro: Better to use something like `${jname}` as jail identifier. Also: it would be better to have… | |||||
| jexec iron ifconfig ${epair}b 192.0.2.2/24 up | |||||
| firewall_config "iron" ${firewall} \ | |||||
melifaroUnsubmitted Done Inline ActionsMaybe it's worth having simple setup with allow+deny rule and not having depends on rc.firewall functionality? melifaro: Maybe it's worth having simple setup with allow+deny rule and not having depends on `rc. | |||||
| "ipfw" \ | |||||
| "ipfw -q add 100 allow all from any to any" | |||||
| atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2 | |||||
| firewall_config "iron" ${firewall} \ | |||||
| "ipfw" \ | |||||
| "ipfw -q add 100 deny all from any to me4" | |||||
| atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2 | |||||
melifaroUnsubmitted Done Inline ActionsIt would be better if you make the positive and negative cases into separate tests. melifaro: It would be better if you make the positive and negative cases into separate tests. | |||||
| firewall_config "iron" ${firewall} \ | |||||
| "ipfw" \ | |||||
| "ipfw -q add 100 deny all from me4 to any" | |||||
| atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2 | |||||
| } | |||||
| me4_cleanup() | |||||
| { | |||||
| firewall=$1 | |||||
| firewall_cleanup $firewall | |||||
| } | |||||
| setup_tests \ | |||||
| me4 \ | |||||
melifaroUnsubmitted Done Inline ActionsCould you also add the tests, verifying that:
? melifaro: Could you also add the tests, verifying that:
* me4 does NOT match non-local IPv4 address… | |||||
| ipfw | |||||
2020 ? :-)