Changeset View
Changeset View
Standalone View
Standalone View
tests/sys/netpfil/common/ipfw_me4.sh
Property | Old Value | New Value |
---|---|---|
svn:eol-style | null | native \ No newline at end of property |
svn:executable | null | * \ No newline at end of property |
svn:keywords | null | FreeBSD=%H \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
#- | |||||
# SPDX-License-Identifier: BSD-2-Clause-FreeBSD | |||||
# | |||||
# Copyright (c) 2019 Neel Chauhan | |||||
melifaro: 2020 ? :-) | |||||
# | |||||
# Redistribution and use in source and binary forms, with or without | |||||
# modification, are permitted provided that the following conditions | |||||
# are met: | |||||
# 1. Redistributions of source code must retain the above copyright | |||||
# notice, this list of conditions and the following disclaimer. | |||||
# 2. Redistributions in binary form must reproduce the above copyright | |||||
# notice, this list of conditions and the following disclaimer in the | |||||
# documentation and/or other materials provided with the distribution. | |||||
# | |||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |||||
# SUCH DAMAGE. | |||||
# | |||||
# $FreeBSD$ | |||||
# | |||||
. $(atf_get_srcdir)/utils.subr | |||||
. $(atf_get_srcdir)/runner.subr | |||||
me4_head() | |||||
{ | |||||
atf_set descr 'IPFW me4 identifier test' | |||||
atf_set require.user root | |||||
} | |||||
me4_body() | |||||
{ | |||||
firewall=$1 | |||||
firewall_init $firewall | |||||
epair=$(vnet_mkepair) | |||||
ifconfig ${epair}a 192.0.2.1/24 up | |||||
melifaroUnsubmitted Done Inline ActionsI'd suggest creating another jail for this end, to avoid using 192.0.2.0/24 in the host system and allow this tests running in parallel with other tests using this network. melifaro: I'd suggest creating another jail for this end, to avoid using `192.0.2.0/24` in the host… | |||||
vnet_mkjail iron ${epair}b | |||||
melifaroUnsubmitted Done Inline ActionsBetter to use something like ${jname} as jail identifier. Also: it would be better to have the jail name somewhat consistent with the test name, as in the future we will certainly have more ipfw(8) tests. melifaro: Better to use something like `${jname}` as jail identifier. Also: it would be better to have… | |||||
jexec iron ifconfig ${epair}b 192.0.2.2/24 up | |||||
firewall_config "iron" ${firewall} \ | |||||
melifaroUnsubmitted Done Inline ActionsMaybe it's worth having simple setup with allow+deny rule and not having depends on rc.firewall functionality? melifaro: Maybe it's worth having simple setup with allow+deny rule and not having depends on `rc. | |||||
"ipfw" \ | |||||
"ipfw -q add 100 allow all from any to any" | |||||
atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2 | |||||
firewall_config "iron" ${firewall} \ | |||||
"ipfw" \ | |||||
"ipfw -q add 100 deny all from any to me4" | |||||
atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2 | |||||
melifaroUnsubmitted Done Inline ActionsIt would be better if you make the positive and negative cases into separate tests. melifaro: It would be better if you make the positive and negative cases into separate tests. | |||||
firewall_config "iron" ${firewall} \ | |||||
"ipfw" \ | |||||
"ipfw -q add 100 deny all from me4 to any" | |||||
atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2 | |||||
} | |||||
me4_cleanup() | |||||
{ | |||||
firewall=$1 | |||||
firewall_cleanup $firewall | |||||
} | |||||
setup_tests \ | |||||
me4 \ | |||||
melifaroUnsubmitted Done Inline ActionsCould you also add the tests, verifying that:
? melifaro: Could you also add the tests, verifying that:
* me4 does NOT match non-local IPv4 address… | |||||
ipfw |
2020 ? :-)