upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-04 22:32:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sbin/ipfw/tests/ipfw_test.sh
Dag-Erling Smørgrav fad9cb779f ipfw: Add tests for the NPTv6 rule parser 
(cherry picked from commit d879f1c896)
2025-10-07 12:08:43 +02:00

107 lines
3.5 KiB
Bash
Raw Permalink Blame History

#
# Copyright (c) 2025 Dag-Erling Smørgrav <des@FreeBSD.org>
#
# SPDX-License-Identifier: BSD-2-Clause
#
. $(atf_get_srcdir)/../../sys/common/vnet.subr
atf_test_case nptv6 cleanup
nptv6_head()
{
atf_set "descr" "Test creation of NPTv6 rules"
atf_set "require.user" "root"
atf_set "require.kmods" "ipfw_nptv6"
}
nptv6_body()
{
vnet_init
local jail=ipfw_$(atf_get ident)
local epair=$(vnet_mkepair)
vnet_mkjail ${jail} ${epair}a
local rule="xyzzy"
local int="2001:db8:1::"
local ext="2001:db8:2::"
atf_check jexec ${jail} \
ifconfig "${epair}"a inet6 ${ext}1/64 up
# This is how it's supposed to be used
atf_check jexec ${jail} ipfw nptv6 ${rule} create \
int_prefix ${int} ext_prefix ${ext} prefixlen 64
atf_check -o inline:\
"nptv6 $rule int_prefix $int ext_prefix $ext prefixlen 64\n" \
jexec ${jail} ipfw nptv6 all list
atf_check jexec ${jail} ipfw nptv6 all destroy
# Specify external interface rather than network
atf_check jexec ${jail} ipfw nptv6 ${rule} create \
int_prefix ${int} ext_if ${epair}a prefixlen 64
atf_check -o inline:\
"nptv6 $rule int_prefix $int ext_if ${epair}a prefixlen 64\n" \
jexec ${jail} ipfw nptv6 all list
atf_check jexec ${jail} ipfw nptv6 all destroy
# This should also work
atf_check jexec ${jail} ipfw nptv6 ${rule} create \
int_prefix ${int}/64 ext_prefix ${ext}/64 prefixlen 64
atf_check -o inline:\
"nptv6 $rule int_prefix $int ext_prefix $ext prefixlen 64\n" \
jexec ${jail} ipfw nptv6 all list
atf_check jexec ${jail} ipfw nptv6 all destroy
# This should also work, although it's not encouraged
atf_check -e match:"use prefixlen instead" \
jexec ${jail} ipfw nptv6 ${rule} create \
int_prefix ${int}/64 ext_prefix ${ext}/64
atf_check -o inline:\
"nptv6 $rule int_prefix $int ext_prefix $ext prefixlen 64\n" \
jexec ${jail} ipfw nptv6 all list
atf_check jexec ${jail} ipfw nptv6 all destroy
# These should all fail
atf_check -s not-exit:0 -e match:"one ext_prefix or ext_if" \
jexec ${jail} ipfw nptv6 ${rule} create \
int_prefix ${int} ext_prefix ${ext} ext_if ${epair}a
atf_check -o empty jexec ${jail} ipfw nptv6 all list
atf_check -s not-exit:0 -e match:"one ext_prefix or ext_if" \
jexec ${jail} ipfw nptv6 ${rule} create \
int_prefix ${int} ext_if ${epair}a ext_prefix ${ext}
atf_check -o empty jexec ${jail} ipfw nptv6 all list
atf_check -s not-exit:0 -e match:"prefix length mismatch" \
jexec ${jail} ipfw nptv6 ${rule} create \
int_prefix ${int}/48 ext_prefix ${ext}/64
atf_check -o empty jexec ${jail} ipfw nptv6 all list
atf_check -s not-exit:0 -e match:"prefix length mismatch" \
jexec ${jail} ipfw nptv6 ${rule} create \
int_prefix ${int}/64 ext_prefix ${ext}/64 prefixlen 48
atf_check -o empty jexec ${jail} ipfw nptv6 all list
atf_check -s not-exit:0 -e match:"prefix length mismatch" \
jexec ${jail} ipfw nptv6 ${rule} create \
int_prefix ${int}/64 ext_prefix ${ext} prefixlen 48
atf_check -o empty jexec ${jail} ipfw nptv6 all list
atf_check -s not-exit:0 -e match:"prefix length mismatch" \
jexec ${jail} ipfw nptv6 ${rule} create \
int_prefix ${int} ext_prefix ${ext}/64 prefixlen 48
atf_check -o empty jexec ${jail} ipfw nptv6 all list
atf_check -s not-exit:0 -e match:"prefix length mismatch" \
jexec ${jail} ipfw nptv6 ${rule} create \
int_prefix ${int}/64 ext_if ${epair}a prefixlen 48
atf_check -o empty jexec ${jail} ipfw nptv6 all list
}
nptv6_cleanup()
{
vnet_cleanup
}
atf_init_test_cases()
{
atf_add_test_case nptv6
}
Reference in a new issue View git blame Copy permalink