mirror of
https://github.com/opnsense/src.git
synced 2026-05-28 04:12:45 -04:00
ipfw: Add tests for the NPTv6 rule parser
(cherry picked from commit d879f1c8961d99bdbe6727004bfc6c23924526f8)
This commit is contained in:
Dag-Erling Smørgrav
Franco Fichtner
parent
fe13bb6f5f
commit
fad9cb779f
3 changed files with 111 additions and 0 deletions
|
|
@ -18,6 +18,9 @@ CFLAGS+=-DPF
|
|||
LIBADD= jail util
|
||||
MAN= ipfw.8
|
||||
|
||||
HAS_TESTS=
|
||||
SUBDIR.${MK_TESTS}= tests
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
|
||||
CWARNFLAGS+= -Wno-cast-align
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
PACKAGE= tests
|
||||
|
||||
ATF_TESTS_PYTEST+= test_add_rule.py
|
||||
ATF_TESTS_SH+= ipfw_test
|
||||
|
||||
.include <bsd.test.mk>
|
||||
|
|
|
|||
107
sbin/ipfw/tests/ipfw_test.sh
Normal file
107
sbin/ipfw/tests/ipfw_test.sh
Normal file
|
|
@ -0,0 +1,107 @@
|
|||
#
|
||||
# Copyright (c) 2025 Dag-Erling Smørgrav <des@FreeBSD.org>
|
||||
#
|
||||
# SPDX-License-Identifier: BSD-2-Clause
|
||||
#
|
||||
|
||||
. $(atf_get_srcdir)/../../sys/common/vnet.subr
|
||||
|
||||
atf_test_case nptv6 cleanup
|
||||
nptv6_head()
|
||||
{
|
||||
atf_set "descr" "Test creation of NPTv6 rules"
|
||||
atf_set "require.user" "root"
|
||||
atf_set "require.kmods" "ipfw_nptv6"
|
||||
}
|
||||
nptv6_body()
|
||||
{
|
||||
vnet_init
|
||||
local jail=ipfw_$(atf_get ident)
|
||||
local epair=$(vnet_mkepair)
|
||||
vnet_mkjail ${jail} ${epair}a
|
||||
|
||||
local rule="xyzzy"
|
||||
local int="2001:db8:1::"
|
||||
local ext="2001:db8:2::"
|
||||
|
||||
atf_check jexec ${jail} \
|
||||
ifconfig "${epair}"a inet6 ${ext}1/64 up
|
||||
|
||||
# This is how it's supposed to be used
|
||||
atf_check jexec ${jail} ipfw nptv6 ${rule} create \
|
||||
int_prefix ${int} ext_prefix ${ext} prefixlen 64
|
||||
atf_check -o inline:\
|
||||
"nptv6 $rule int_prefix $int ext_prefix $ext prefixlen 64\n" \
|
||||
jexec ${jail} ipfw nptv6 all list
|
||||
atf_check jexec ${jail} ipfw nptv6 all destroy
|
||||
|
||||
# Specify external interface rather than network
|
||||
atf_check jexec ${jail} ipfw nptv6 ${rule} create \
|
||||
int_prefix ${int} ext_if ${epair}a prefixlen 64
|
||||
atf_check -o inline:\
|
||||
"nptv6 $rule int_prefix $int ext_if ${epair}a prefixlen 64\n" \
|
||||
jexec ${jail} ipfw nptv6 all list
|
||||
atf_check jexec ${jail} ipfw nptv6 all destroy
|
||||
|
||||
# This should also work
|
||||
atf_check jexec ${jail} ipfw nptv6 ${rule} create \
|
||||
int_prefix ${int}/64 ext_prefix ${ext}/64 prefixlen 64
|
||||
atf_check -o inline:\
|
||||
"nptv6 $rule int_prefix $int ext_prefix $ext prefixlen 64\n" \
|
||||
jexec ${jail} ipfw nptv6 all list
|
||||
atf_check jexec ${jail} ipfw nptv6 all destroy
|
||||
|
||||
# This should also work, although it's not encouraged
|
||||
atf_check -e match:"use prefixlen instead" \
|
||||
jexec ${jail} ipfw nptv6 ${rule} create \
|
||||
int_prefix ${int}/64 ext_prefix ${ext}/64
|
||||
atf_check -o inline:\
|
||||
"nptv6 $rule int_prefix $int ext_prefix $ext prefixlen 64\n" \
|
||||
jexec ${jail} ipfw nptv6 all list
|
||||
atf_check jexec ${jail} ipfw nptv6 all destroy
|
||||
|
||||
# These should all fail
|
||||
atf_check -s not-exit:0 -e match:"one ext_prefix or ext_if" \
|
||||
jexec ${jail} ipfw nptv6 ${rule} create \
|
||||
int_prefix ${int} ext_prefix ${ext} ext_if ${epair}a
|
||||
atf_check -o empty jexec ${jail} ipfw nptv6 all list
|
||||
|
||||
atf_check -s not-exit:0 -e match:"one ext_prefix or ext_if" \
|
||||
jexec ${jail} ipfw nptv6 ${rule} create \
|
||||
int_prefix ${int} ext_if ${epair}a ext_prefix ${ext}
|
||||
atf_check -o empty jexec ${jail} ipfw nptv6 all list
|
||||
|
||||
atf_check -s not-exit:0 -e match:"prefix length mismatch" \
|
||||
jexec ${jail} ipfw nptv6 ${rule} create \
|
||||
int_prefix ${int}/48 ext_prefix ${ext}/64
|
||||
atf_check -o empty jexec ${jail} ipfw nptv6 all list
|
||||
|
||||
atf_check -s not-exit:0 -e match:"prefix length mismatch" \
|
||||
jexec ${jail} ipfw nptv6 ${rule} create \
|
||||
int_prefix ${int}/64 ext_prefix ${ext}/64 prefixlen 48
|
||||
atf_check -o empty jexec ${jail} ipfw nptv6 all list
|
||||
|
||||
atf_check -s not-exit:0 -e match:"prefix length mismatch" \
|
||||
jexec ${jail} ipfw nptv6 ${rule} create \
|
||||
int_prefix ${int}/64 ext_prefix ${ext} prefixlen 48
|
||||
atf_check -o empty jexec ${jail} ipfw nptv6 all list
|
||||
|
||||
atf_check -s not-exit:0 -e match:"prefix length mismatch" \
|
||||
jexec ${jail} ipfw nptv6 ${rule} create \
|
||||
int_prefix ${int} ext_prefix ${ext}/64 prefixlen 48
|
||||
atf_check -o empty jexec ${jail} ipfw nptv6 all list
|
||||
|
||||
atf_check -s not-exit:0 -e match:"prefix length mismatch" \
|
||||
jexec ${jail} ipfw nptv6 ${rule} create \
|
||||
int_prefix ${int}/64 ext_if ${epair}a prefixlen 48
|
||||
atf_check -o empty jexec ${jail} ipfw nptv6 all list
|
||||
}
|
||||
nptv6_cleanup()
|
||||
{
|
||||
vnet_cleanup
|
||||
}
|
||||
|
||||
atf_init_test_cases()
|
||||
{
|
||||
atf_add_test_case nptv6
|
||||
}
|
||||
Loading…
Reference in a new issue