Index: head/etc/mtree/BSD.tests.dist =================================================================== --- head/etc/mtree/BSD.tests.dist (revision 324374) +++ head/etc/mtree/BSD.tests.dist (revision 324375) @@ -1,750 +1,754 @@ # $FreeBSD$ # # Please see the file src/etc/mtree/README before making changes to this file. # /set type=dir uname=root gname=wheel mode=0755 . bin cat .. chflags .. chmod .. date .. dd .. echo .. expr .. ln .. ls .. mkdir .. mv .. pax .. pkill .. pwait .. rmdir .. sh builtins .. errors .. execution .. expansion .. invocation .. parameters .. parser .. set-e .. .. sleep .. test .. .. cddl lib .. sbin .. usr.bin .. usr.sbin dtrace common aggs .. arithmetic .. arrays .. assocs .. begin .. bitfields .. buffering .. builtinvar .. cg .. clauses .. cpc .. decls .. drops .. dtraceUtil .. end .. enum .. error .. exit .. fbtprovider .. funcs .. grammar .. include .. inline .. io .. ip .. java_api .. json .. lexer .. llquantize .. mdb .. mib .. misc .. multiaggs .. offsetof .. operators .. pid .. plockstat .. pointers .. pragma .. predicates .. preprocessor .. print .. printa .. printf .. privs .. probes .. proc .. profile-n .. providers .. raise .. rates .. safety .. scalars .. sched .. scripting .. sdt .. sizeof .. speculation .. stability .. stack .. stackdepth .. stop .. strlen .. strtoll .. struct .. sugar .. syscall .. sysevent .. tick-n .. trace .. tracemem .. translators .. typedef .. types .. uctf .. union .. usdt .. ustack .. vars .. version .. .. .. zfsd .. .. .. etc rc.d .. .. games .. gnu lib .. usr.bin diff .. .. .. lib atf libatf-c detail .. .. libatf-c++ detail .. .. test-programs .. .. libarchive .. libc c063 .. db .. gen execve .. posix_spawn .. .. hash data .. .. iconv .. inet .. locale .. net getaddrinfo data .. .. .. nss .. regex data .. .. resolv .. rpc .. ssp .. setjmp .. stdio .. stdlib .. string .. sys .. time .. tls dso .. .. termios .. ttyio .. .. libcam .. libcasper services cap_dns .. cap_grp .. cap_pwd .. cap_sysctl .. .. .. libcrypt .. libdevdctl .. libkvm .. libmp .. libnv .. libproc .. librt .. libsbuf .. libthr dlopen .. .. libutil .. libxo .. msun .. .. libexec atf atf-check .. atf-sh .. .. rtld-elf .. .. sbin dhclient .. devd .. growfs .. ifconfig .. mdconfig .. pfctl files .. .. .. secure lib .. libexec .. usr.bin .. usr.sbin .. .. share examples tests atf .. plain .. tap .. .. .. zoneinfo .. .. sys acl .. aio .. fifo .. file .. fs tmpfs .. .. geom class concat .. eli .. gate .. gpt .. mirror .. nop .. raid3 .. shsec .. stripe .. uzip etalon .. .. .. .. kern acct .. execve .. pipe .. .. kqueue libkqueue .. .. mac bsdextended .. portacl .. .. mqueue .. netinet .. + netpfil + pf + .. + .. opencrypto .. pjdfstest chflags .. chmod .. chown .. ftruncate .. granular .. link .. mkdir .. mkfifo .. mknod .. open .. rename .. rmdir .. symlink .. truncate .. unlink .. utimensat .. .. posixshm .. sys .. vfs .. vm .. .. usr.bin apply .. basename .. bmake archives fmt_44bsd .. fmt_44bsd_mod .. fmt_oldbsd .. .. basic t0 .. t1 .. t2 .. t3 .. .. execution ellipsis .. empty .. joberr .. plus .. .. shell builtin .. meta .. path .. path_select .. replace .. select .. .. suffixes basic .. src_wild1 .. src_wild2 .. .. syntax directive-t0 .. enl .. funny-targets .. semi .. .. sysmk t0 2 1 .. .. mk .. .. t1 2 1 .. .. mk .. .. t2 2 1 .. .. mk .. .. .. variables modifier_M .. modifier_t .. opt_V .. t0 .. .. .. bsdcat .. calendar .. cmp .. compress .. cpio .. col .. comm .. csplit .. cut .. diff .. dirname .. du .. file2c .. getconf .. grep .. gzip .. hexdump .. ident .. indent .. join .. jot .. lastcomm .. limits .. m4 .. mkimg .. ncal .. opensm .. pr .. printf .. procstat .. sdiff .. sed regress.multitest.out .. .. soelim .. stat .. tail .. tar .. timeout .. tr .. truncate .. units .. uudecode .. uuencode .. uniq .. xargs .. xinstall .. xo .. yacc yacc .. .. .. usr.sbin chown .. etcupdate .. extattr .. fstyp .. makefs .. newsyslog .. nmtree .. pw .. rpcbind .. sa .. .. .. # vim: set expandtab ts=4 sw=4: Index: head/tests/sys/Makefile =================================================================== --- head/tests/sys/Makefile (revision 324374) +++ head/tests/sys/Makefile (revision 324375) @@ -1,25 +1,26 @@ # $FreeBSD$ TESTSDIR= ${TESTSBASE}/sys TESTS_SUBDIRS+= acl TESTS_SUBDIRS+= aio TESTS_SUBDIRS+= fifo TESTS_SUBDIRS+= file TESTS_SUBDIRS+= fs TESTS_SUBDIRS+= geom TESTS_SUBDIRS+= kern TESTS_SUBDIRS+= kqueue TESTS_SUBDIRS+= mac TESTS_SUBDIRS+= mqueue TESTS_SUBDIRS+= netinet +TESTS_SUBDIRS+= netpfil TESTS_SUBDIRS+= opencrypto TESTS_SUBDIRS+= posixshm TESTS_SUBDIRS+= sys TESTS_SUBDIRS+= vfs TESTS_SUBDIRS+= vm # Items not integrated into kyua runs by default SUBDIR+= pjdfstest .include Index: head/tests/sys/netpfil/Makefile =================================================================== --- head/tests/sys/netpfil/Makefile (nonexistent) +++ head/tests/sys/netpfil/Makefile (revision 324375) @@ -0,0 +1,7 @@ +# $FreeBSD$ + +TESTSDIR= ${TESTSBASE}/sys/netpfil + +TESTS_SUBDIRS+= pf + +.include Property changes on: head/tests/sys/netpfil/Makefile ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/tests/sys/netpfil/pf/Makefile =================================================================== --- head/tests/sys/netpfil/pf/Makefile (nonexistent) +++ head/tests/sys/netpfil/pf/Makefile (revision 324375) @@ -0,0 +1,11 @@ +# $FreeBSD$ + +PACKAGE= tests + +TESTSDIR= ${TESTSBASE}/sys/netpfil/pf + +ATF_TESTS_SH+= pass_block + +${PACKAGE}FILES+= utils.subr + +.include Property changes on: head/tests/sys/netpfil/pf/Makefile ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/tests/sys/netpfil/pf/pass_block.sh =================================================================== --- head/tests/sys/netpfil/pf/pass_block.sh (nonexistent) +++ head/tests/sys/netpfil/pf/pass_block.sh (revision 324375) @@ -0,0 +1,91 @@ +# $FreeBSD$ + +. $(atf_get_srcdir)/utils.subr + +atf_test_case "v4" "cleanup" +v4_head() +{ + atf_set descr 'Basic pass/block test for IPv4' + atf_set require.user root +} + +v4_body() +{ + pft_init + + epair=$(pft_mkepair) + ifconfig ${epair}a 192.0.2.1/24 up + + # Set up a simple jail with one interface + pft_mkjail alcatraz ${epair}b + jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up + + # Trivial ping to the jail, without pf + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2 + + # pf without policy will let us ping + jexec alcatraz pfctl -e + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2 + + # Block everything + printf "block in\n" | jexec alcatraz pfctl -f - + atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2 + + # Block everything but ICMP + printf "block in\npass in proto icmp\n" | jexec alcatraz pfctl -f - + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2 +} + +v4_cleanup() +{ + pft_cleanup +} + +atf_test_case "v6" "cleanup" +v6_head() +{ + atf_set descr 'Basic pass/block test for IPv6' + atf_set require.user root +} + +v6_body() +{ + pft_init + + epair=$(pft_mkepair) + ifconfig ${epair}a inet6 2001:db8:42::1/64 up no_dad + + # Set up a simple jail with one interface + pft_mkjail alcatraz ${epair}b + jexec alcatraz ifconfig ${epair}b inet6 2001:db8:42::2/64 up no_dad + + # Trivial ping to the jail, without pf + atf_check -s exit:0 -o ignore ping6 -c 1 -x 1 2001:db8:42::2 + + # pf without policy will let us ping + jexec alcatraz pfctl -e + atf_check -s exit:0 -o ignore ping6 -c 1 -x 1 2001:db8:42::2 + + # Block everything + printf "block in\n" | jexec alcatraz pfctl -f - + atf_check -s exit:2 -o ignore ping6 -c 1 -x 1 2001:db8:42::2 + + # Block everything but ICMP + printf "block in\npass in proto icmp6\n" | jexec alcatraz pfctl -f - + atf_check -s exit:0 -o ignore ping6 -c 1 -x 1 2001:db8:42::2 + + # Allowing ICMPv4 does not allow ICMPv6 + printf "block in\npass in proto icmp\n" | jexec alcatraz pfctl -f - + atf_check -s exit:2 -o ignore ping6 -c 1 -x 1 2001:db8:42::2 +} + +v6_cleanup() +{ + pft_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case "v4" + atf_add_test_case "v6" +} Property changes on: head/tests/sys/netpfil/pf/pass_block.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/tests/sys/netpfil/pf/utils.subr =================================================================== --- head/tests/sys/netpfil/pf/utils.subr (nonexistent) +++ head/tests/sys/netpfil/pf/utils.subr (revision 324375) @@ -0,0 +1,47 @@ +# $FreeBSD$ +# Utility functions +## + +pft_init() +{ + if [ ! -c /dev/pf ]; then + atf_skip "This test requires pf" + fi + + if [ "`sysctl -i -n kern.features.vimage`" != 1 ]; then + atf_skip "This test requires VIMAGE" + fi +} + +pft_mkepair() +{ + ifname=$(ifconfig epair create) + echo $ifname >> created_interfaces.lst + echo ${ifname%a} +} + +pft_mkjail() +{ + jailname=$1 + ifname=$2 + jail -c name=${jailname} persist vnet vnet.interface=${ifname} + + echo $jailname >> created_jails.lst +} + +pft_cleanup() +{ + if [ -f created_interfaces.lst ]; then + for ifname in `cat created_interfaces.lst` + do + ifconfig ${ifname} destroy + done + fi + + if [ -f created_jails.lst ]; then + for jailname in `cat created_jails.lst` + do + jail -r ${jailname} + done + fi +} Property changes on: head/tests/sys/netpfil/pf/utils.subr ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property