aboutsummaryrefslogtreecommitdiff
path: root/tests/sys/netpfil/pf/syncookie.sh
diff options
context:
space:
mode:
Diffstat (limited to 'tests/sys/netpfil/pf/syncookie.sh')
-rw-r--r--tests/sys/netpfil/pf/syncookie.sh110
1 files changed, 98 insertions, 12 deletions
diff --git a/tests/sys/netpfil/pf/syncookie.sh b/tests/sys/netpfil/pf/syncookie.sh
index 8feb2816f589..598ac17c67f5 100644
--- a/tests/sys/netpfil/pf/syncookie.sh
+++ b/tests/sys/netpfil/pf/syncookie.sh
@@ -51,7 +51,7 @@ basic_body()
vnet_mkjail alcatraz ${epair}b
jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up
- jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid \
+ jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \
$(atf_get_srcdir)/echo_inetd.conf
ifconfig ${epair}a 192.0.2.2/24 up
@@ -81,7 +81,7 @@ basic_body()
basic_cleanup()
{
- rm -f inetd-alcatraz.pid
+ rm -f ${PWD}/inetd-alcatraz.pid
pft_cleanup
}
@@ -100,7 +100,7 @@ basic_v6_body()
vnet_mkjail alcatraz ${epair}b
jexec alcatraz ifconfig ${epair}b inet6 2001:db8::1/64 up no_dad
- jexec alcatraz /usr/sbin/inetd -p inetd-alcatraz.pid \
+ jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \
$(atf_get_srcdir)/echo_inetd.conf
ifconfig ${epair}a inet6 2001:db8::2/64 up no_dad
@@ -130,7 +130,6 @@ basic_v6_body()
basic_v6_cleanup()
{
- rm -f inetd-alcatraz.pid
pft_cleanup
}
@@ -157,7 +156,7 @@ forward_body()
jexec srv ifconfig ${epair_out}b 198.51.100.2/24 up
jexec srv route add default 198.51.100.1
- jexec srv /usr/sbin/inetd -p inetd-alcatraz.pid \
+ jexec srv /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \
$(atf_get_srcdir)/echo_inetd.conf
ifconfig ${epair_in}a 192.0.2.2/24 up
@@ -181,7 +180,6 @@ forward_body()
forward_cleanup()
{
- rm -f inetd-alcatraz.pid
pft_cleanup
}
@@ -208,7 +206,7 @@ forward_v6_body()
jexec srv ifconfig ${epair_out}b inet6 2001:db8:1::2/64 up no_dad
jexec srv route -6 add default 2001:db8:1::1
- jexec srv /usr/sbin/inetd -p inetd-alcatraz.pid \
+ jexec srv /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \
$(atf_get_srcdir)/echo_inetd.conf
ifconfig ${epair_in}a inet6 2001:db8::2/64 up no_dad
@@ -232,7 +230,93 @@ forward_v6_body()
forward_v6_cleanup()
{
- rm -f inetd-alcatraz.pid
+ pft_cleanup
+}
+
+loopback_test()
+{
+ local addr port
+
+ addr=$1
+ port=$2
+
+ # syncookies don't work without state tracking enabled.
+ atf_check -e ignore pfctl -e
+ atf_check pfctl -f - <<__EOF__
+set syncookies always
+pass all keep state
+__EOF__
+
+ # Try to transmit data over a loopback connection.
+ cat <<__EOF__ >in
+Creativity, no.
+__EOF__
+ nc -l $addr $port >out &
+
+ # Give the background nc time to start
+ sleep 1
+
+ atf_check nc -N $addr $port < in
+
+ atf_check -o file:in cat out
+
+ atf_check -e ignore pfctl -d
+}
+
+atf_test_case "loopback" "cleanup"
+loopback_head()
+{
+ atf_set descr 'Make sure that loopback v4 TCP connections work with syncookies on'
+ atf_set require.user root
+}
+
+loopback_body()
+{
+ local epair
+
+ pft_init
+
+ atf_check ifconfig lo0 127.0.0.1/8
+ atf_check ifconfig lo0 up
+
+ loopback_test 127.0.0.1 8080
+
+ epair=$(vnet_mkepair)
+ atf_check ifconfig ${epair}a inet 192.0.2.1/24
+
+ loopback_test 192.0.2.1 8081
+}
+
+loopback_cleanup()
+{
+ pft_cleanup
+}
+
+atf_test_case "loopback_v6" "cleanup"
+loopback_v6_head()
+{
+ atf_set descr 'Make sure that loopback v6 TCP connections work with syncookies on'
+ atf_set require.user root
+}
+
+loopback_v6_body()
+{
+ local epair
+
+ pft_init
+
+ atf_check ifconfig lo0 up
+
+ loopback_test ::1 8080
+
+ epair=$(vnet_mkepair)
+ atf_check ifconfig ${epair}a inet6 2001:db8::1/64
+
+ loopback_test 2001:db8::1 8081
+}
+
+loopback_v6_cleanup()
+{
pft_cleanup
}
@@ -241,7 +325,7 @@ nostate_head()
{
atf_set descr 'Ensure that we do not create until SYN|ACK'
atf_set require.user root
- atf_set require.progs scapy
+ atf_set require.progs python3 scapy
}
nostate_body()
@@ -287,7 +371,7 @@ nostate_v6_head()
{
atf_set descr 'Ensure that we do not create until SYN|ACK'
atf_set require.user root
- atf_set require.progs scapy
+ atf_set require.progs python3 scapy
}
nostate_v6_body()
@@ -334,7 +418,7 @@ adaptive_head()
{
atf_set descr 'Adaptive mode test'
atf_set require.user root
- atf_set require.progs scapy
+ atf_set require.progs python3 scapy
}
adaptive_body()
@@ -440,7 +524,7 @@ port_reuse_body()
vnet_mkjail alcatraz ${epair}b
vnet_mkjail singsing
jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up
- jexec alcatraz /usr/sbin/inetd -p ${HOME}/inetd-alcatraz.pid \
+ jexec alcatraz /usr/sbin/inetd -p ${PWD}/inetd-alcatraz.pid \
$(atf_get_srcdir)/echo_inetd.conf
ifconfig ${epair}a 192.0.2.2/24 up
@@ -486,6 +570,8 @@ atf_init_test_cases()
atf_add_test_case "basic_v6"
atf_add_test_case "forward"
atf_add_test_case "forward_v6"
+ atf_add_test_case "loopback"
+ atf_add_test_case "loopback_v6"
atf_add_test_case "nostate"
atf_add_test_case "nostate_v6"
atf_add_test_case "adaptive"
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-10 04:21:55 +0000