Changeset View
Changeset View
Standalone View
Standalone View
tests/sys/netpfil/pf/syncookie.sh
Show All 21 Lines | |||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
# SUCH DAMAGE. | # SUCH DAMAGE. | ||||
. $(atf_get_srcdir)/utils.subr | . $(atf_get_srcdir)/utils.subr | ||||
common_dir=$(atf_get_srcdir)/../common | |||||
atf_test_case "forward" "cleanup" | atf_test_case "forward" "cleanup" | ||||
forward_head() | forward_head() | ||||
{ | { | ||||
atf_set descr 'Syncookies for forwarded hosts' | atf_set descr 'Syncookies for forwarded hosts' | ||||
atf_set require.user root | atf_set require.user root | ||||
} | } | ||||
forward_body() | forward_body() | ||||
Show All 35 Lines | |||||
} | } | ||||
forward_cleanup() | forward_cleanup() | ||||
{ | { | ||||
rm -f inetd-alcatraz.pid | rm -f inetd-alcatraz.pid | ||||
pft_cleanup | pft_cleanup | ||||
} | } | ||||
atf_test_case "nostate" "cleanup" | |||||
nostate_head() | |||||
{ | |||||
atf_set descr 'Ensure that we do not create until SYN|ACK' | |||||
atf_set require.user root | |||||
atf_set require.progs scapy | |||||
} | |||||
nostate_body() | |||||
{ | |||||
pft_init | |||||
epair=$(vnet_mkepair) | |||||
ifconfig ${epair}a 192.0.2.2/24 up | |||||
vnet_mkjail alcatraz ${epair}b | |||||
jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up | |||||
jexec alcatraz pfctl -e | |||||
pft_set_rules alcatraz \ | |||||
"set syncookies always" \ | |||||
"pass in" \ | |||||
"pass out" | |||||
# Sanity check | |||||
atf_check -s exit:0 -o ignore ping -c 1 192.0.2.1 | |||||
# Now syn flood to create many states | |||||
${common_dir}/pft_synflood.py \ | |||||
--sendif ${epair}a \ | |||||
--to 192.0.2.2 \ | |||||
--count 20 | |||||
states=$(jexec alcatraz pfctl -ss | grep tcp) | |||||
if [ -n "$states" ]; | |||||
then | |||||
echo "$states" | |||||
atf_fail "Found unexpected state" | |||||
fi | |||||
} | |||||
nostate_cleanup() | |||||
{ | |||||
pft_cleanup | |||||
} | |||||
atf_init_test_cases() | atf_init_test_cases() | ||||
{ | { | ||||
atf_add_test_case "forward" | atf_add_test_case "forward" | ||||
atf_add_test_case "nostate" | |||||
} | } |