2 * Copyright (c) 2020 Mariusz Zaborski <oshogbo@FreeBSD.org>
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
14 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
15 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
17 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
18 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
19 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
21 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
22 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
23 * POSSIBILITY OF SUCH DAMAGE.
26 #include <sys/cdefs.h>
27 __FBSDID("$FreeBSD$");
29 #include <sys/param.h>
30 #include <sys/socket.h>
31 #include <netinet/in.h>
32 #include <arpa/inet.h>
39 #include <libcasper.h>
40 #include <casper/cap_net.h>
42 #define TEST_DOMAIN_0 "example.com"
43 #define TEST_DOMAIN_1 "freebsd.org"
44 #define TEST_IPV4 "1.1.1.1"
45 #define TEST_IPV6 "2001:4860:4860::8888"
46 #define TEST_BIND_IPV4 "127.0.0.1"
48 static cap_channel_t *
49 create_network_service(void)
51 cap_channel_t *capcas, *capnet;
54 ATF_REQUIRE(capcas != NULL);
56 capnet = cap_service_open(capcas, "system.net");
57 ATF_REQUIRE(capnet != NULL);
64 test_getnameinfo_v4(cap_channel_t *chan, int family, const char *ip)
66 struct sockaddr_in ipaddr;
67 char capfn[MAXHOSTNAMELEN];
68 char origfn[MAXHOSTNAMELEN];
71 memset(&ipaddr, 0, sizeof(ipaddr));
72 ipaddr.sin_family = family;
73 inet_pton(family, ip, &ipaddr.sin_addr);
75 ret = cap_getnameinfo(chan, (struct sockaddr *)&ipaddr, sizeof(ipaddr),
76 capfn, sizeof(capfn), NULL, 0, NI_NAMEREQD);
81 ret = getnameinfo((struct sockaddr *)&ipaddr, sizeof(ipaddr), origfn,
82 sizeof(origfn), NULL, 0, NI_NAMEREQD);
83 ATF_REQUIRE(ret == 0);
84 ATF_REQUIRE(strcmp(origfn, capfn) == 0);
90 test_getnameinfo_v6(cap_channel_t *chan, const char *ip)
92 struct sockaddr_in6 ipaddr;
93 char capfn[MAXHOSTNAMELEN];
94 char origfn[MAXHOSTNAMELEN];
97 memset(&ipaddr, 0, sizeof(ipaddr));
98 ipaddr.sin6_family = AF_INET6;
99 inet_pton(AF_INET6, ip, &ipaddr.sin6_addr);
101 ret = cap_getnameinfo(chan, (struct sockaddr *)&ipaddr, sizeof(ipaddr),
102 capfn, sizeof(capfn), NULL, 0, NI_NAMEREQD);
107 ret = getnameinfo((struct sockaddr *)&ipaddr, sizeof(ipaddr), origfn,
108 sizeof(origfn), NULL, 0, NI_NAMEREQD);
109 ATF_REQUIRE(ret == 0);
110 ATF_REQUIRE(strcmp(origfn, capfn) == 0);
116 test_getnameinfo(cap_channel_t *chan, int family, const char *ip)
119 if (family == AF_INET6) {
120 return (test_getnameinfo_v6(chan, ip));
123 return (test_getnameinfo_v4(chan, family, ip));
127 test_gethostbyaddr_v4(cap_channel_t *chan, int family, const char *ip)
129 struct in_addr ipaddr;
130 struct hostent *caphp, *orighp;
132 memset(&ipaddr, 0, sizeof(ipaddr));
133 inet_pton(AF_INET, ip, &ipaddr);
135 caphp = cap_gethostbyaddr(chan, &ipaddr, sizeof(ipaddr), family);
140 orighp = gethostbyaddr(&ipaddr, sizeof(ipaddr), family);
141 ATF_REQUIRE(orighp != NULL);
142 ATF_REQUIRE(strcmp(caphp->h_name, caphp->h_name) == 0);
148 test_gethostbyaddr_v6(cap_channel_t *chan, const char *ip)
150 struct in6_addr ipaddr;
151 struct hostent *caphp, *orighp;
153 memset(&ipaddr, 0, sizeof(ipaddr));
154 inet_pton(AF_INET6, ip, &ipaddr);
156 caphp = cap_gethostbyaddr(chan, &ipaddr, sizeof(ipaddr), AF_INET6);
160 orighp = gethostbyaddr(&ipaddr, sizeof(ipaddr), AF_INET6);
161 ATF_REQUIRE(orighp != NULL);
162 ATF_REQUIRE(strcmp(caphp->h_name, caphp->h_name) == 0);
168 test_gethostbyaddr(cap_channel_t *chan, int family, const char *ip)
171 if (family == AF_INET6) {
172 return (test_gethostbyaddr_v6(chan, ip));
174 return (test_gethostbyaddr_v4(chan, family, ip));
179 test_getaddrinfo(cap_channel_t *chan, int family, const char *domain,
180 const char *servname)
182 struct addrinfo hints, *capres, *origres, *res0, *res1;
186 memset(&hints, 0, sizeof(hints));
187 hints.ai_family = family;
188 hints.ai_socktype = SOCK_STREAM;
190 ret = cap_getaddrinfo(chan, domain, servname, &hints, &capres);
195 ret = getaddrinfo(domain, servname, &hints, &origres);
196 ATF_REQUIRE(ret == 0);
198 for (res0 = capres; res0 != NULL; res0 = res0->ai_next) {
200 for (res1 = origres; res1 != NULL; res1 = res1->ai_next) {
201 if (res1->ai_addrlen == res0->ai_addrlen &&
202 memcmp(res1->ai_addr, res0->ai_addr,
203 res0->ai_addrlen) == 0) {
211 freeaddrinfo(capres);
212 freeaddrinfo(origres);
217 test_gethostbyname(cap_channel_t *chan, int family, const char *domain)
219 struct hostent *caphp, *orighp;
221 caphp = cap_gethostbyname2(chan, domain, family);
226 orighp = gethostbyname2(domain, family);
227 ATF_REQUIRE(orighp != NULL);
228 ATF_REQUIRE(strcmp(caphp->h_name, orighp->h_name) == 0);
234 test_bind(cap_channel_t *chan, const char *ip)
236 struct sockaddr_in ipv4;
237 int capfd, ret, serrno;
239 capfd = socket(AF_INET, SOCK_STREAM, 0);
240 ATF_REQUIRE(capfd > 0);
242 memset(&ipv4, 0, sizeof(ipv4));
243 ipv4.sin_family = AF_INET;
244 inet_pton(AF_INET, ip, &ipv4.sin_addr);
246 ret = cap_bind(chan, capfd, (struct sockaddr *)&ipv4, sizeof(ipv4));
250 return (ret < 0 ? serrno : 0);
254 test_connect(cap_channel_t *chan, const char *ip, unsigned short port)
256 struct sockaddr_in ipv4;
257 int capfd, ret, serrno;
259 capfd = socket(AF_INET, SOCK_STREAM, 0);
260 ATF_REQUIRE(capfd > 0);
262 memset(&ipv4, 0, sizeof(ipv4));
263 ipv4.sin_family = AF_INET;
264 ipv4.sin_port = htons(port);
265 inet_pton(AF_INET, ip, &ipv4.sin_addr);
267 ret = cap_connect(chan, capfd, (struct sockaddr *)&ipv4, sizeof(ipv4));
271 return (ret < 0 ? serrno : 0);
275 test_extend_mode(cap_channel_t *capnet, int current)
277 cap_net_limit_t *limit;
278 const int rights[] = {
281 CAPNET_DEPRECATED_ADDR2NAME,
282 CAPNET_DEPRECATED_NAME2ADDR,
289 for (i = 0; i < nitems(rights); i++) {
290 if (current == rights[i])
293 limit = cap_net_limit_init(capnet, current | rights[i]);
294 ATF_REQUIRE(limit != NULL);
295 ATF_REQUIRE(cap_net_limit(limit) != 0);
299 ATF_TC_WITHOUT_HEAD(capnet__limits_addr2name_mode);
300 ATF_TC_BODY(capnet__limits_addr2name_mode, tc)
302 cap_channel_t *capnet;
303 cap_net_limit_t *limit;
305 capnet = create_network_service();
308 limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME);
309 ATF_REQUIRE(limit != NULL);
310 ATF_REQUIRE(cap_net_limit(limit) == 0);
313 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET, TEST_IPV4) == 0);
316 ATF_REQUIRE(test_gethostbyname(capnet, AF_INET, TEST_DOMAIN_0) ==
318 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET, TEST_IPV4) ==
320 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
322 ATF_REQUIRE(test_bind(capnet, TEST_BIND_IPV4) == ENOTCAPABLE);
323 ATF_REQUIRE(test_connect(capnet, TEST_IPV4, 80) == ENOTCAPABLE);
325 test_extend_mode(capnet, CAPNET_ADDR2NAME);
330 ATF_TC_WITHOUT_HEAD(capnet__limits_addr2name_family);
331 ATF_TC_BODY(capnet__limits_addr2name_family, tc)
333 cap_channel_t *capnet;
334 cap_net_limit_t *limit;
335 int family[] = { AF_INET6, AF_INET };
337 capnet = create_network_service();
339 /* Limit to AF_INET6 and AF_INET. */
340 limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME);
341 ATF_REQUIRE(limit != NULL);
342 cap_net_limit_addr2name_family(limit, family, nitems(family));
343 ATF_REQUIRE(cap_net_limit(limit) == 0);
345 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET, TEST_IPV4) == 0);
346 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET6, TEST_IPV6) == 0);
348 /* Limit to AF_INET6 and AF_INET. */
349 limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME);
350 ATF_REQUIRE(limit != NULL);
351 cap_net_limit_addr2name_family(limit, &family[0], 1);
352 cap_net_limit_addr2name_family(limit, &family[1], 1);
353 ATF_REQUIRE(cap_net_limit(limit) == 0);
355 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET, TEST_IPV4) == 0);
356 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET6, TEST_IPV6) == 0);
358 /* Limit to AF_INET6. */
359 limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME);
360 ATF_REQUIRE(limit != NULL);
361 cap_net_limit_addr2name_family(limit, family, 1);
362 ATF_REQUIRE(cap_net_limit(limit) == 0);
364 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET, TEST_IPV4) ==
366 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET6, TEST_IPV6) == 0);
368 /* Unable to set empty limits. Empty limits means full access. */
369 limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME);
370 ATF_REQUIRE(cap_net_limit(limit) != 0);
375 ATF_TC_WITHOUT_HEAD(capnet__limits_addr2name);
376 ATF_TC_BODY(capnet__limits_addr2name, tc)
378 cap_channel_t *capnet;
379 cap_net_limit_t *limit;
380 struct sockaddr_in ipaddrv4;
381 struct sockaddr_in6 ipaddrv6;
383 capnet = create_network_service();
385 /* Limit to TEST_IPV4 and TEST_IPV6. */
386 memset(&ipaddrv4, 0, sizeof(ipaddrv4));
387 memset(&ipaddrv6, 0, sizeof(ipaddrv6));
389 ipaddrv4.sin_family = AF_INET;
390 inet_pton(AF_INET, TEST_IPV4, &ipaddrv4.sin_addr);
392 ipaddrv6.sin6_family = AF_INET6;
393 inet_pton(AF_INET6, TEST_IPV6, &ipaddrv6.sin6_addr);
395 limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME);
396 ATF_REQUIRE(limit != NULL);
398 cap_net_limit_addr2name(limit, (struct sockaddr *)&ipaddrv4,
400 cap_net_limit_addr2name(limit, (struct sockaddr *)&ipaddrv6,
402 ATF_REQUIRE(cap_net_limit(limit) == 0);
404 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET, TEST_IPV4) == 0);
405 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET6, TEST_IPV6) == 0);
406 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET, "127.0.0.1") ==
409 /* Limit to AF_INET. */
410 limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME);
411 ATF_REQUIRE(limit != NULL);
412 cap_net_limit_addr2name(limit, (struct sockaddr *)&ipaddrv4,
414 ATF_REQUIRE(cap_net_limit(limit) == 0);
416 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET, TEST_IPV4) == 0);
417 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET6, TEST_IPV6) ==
419 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET, "127.0.0.1") ==
422 /* Unable to set empty limits. Empty limits means full access. */
423 limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME);
424 ATF_REQUIRE(cap_net_limit(limit) != 0);
429 ATF_TC_WITHOUT_HEAD(capnet__limits_deprecated_addr2name_mode);
430 ATF_TC_BODY(capnet__limits_deprecated_addr2name_mode, tc)
432 cap_channel_t *capnet;
433 cap_net_limit_t *limit;
435 capnet = create_network_service();
438 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_ADDR2NAME);
439 ATF_REQUIRE(limit != NULL);
440 ATF_REQUIRE(cap_net_limit(limit) == 0);
443 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET, TEST_IPV4) == 0);
446 ATF_REQUIRE(test_gethostbyname(capnet, AF_INET, TEST_DOMAIN_0) ==
448 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET, TEST_IPV4) ==
450 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
452 ATF_REQUIRE(test_bind(capnet, TEST_BIND_IPV4) == ENOTCAPABLE);
453 ATF_REQUIRE(test_connect(capnet, TEST_IPV4, 80) == ENOTCAPABLE);
458 ATF_TC_WITHOUT_HEAD(capnet__limits_deprecated_addr2name_family);
459 ATF_TC_BODY(capnet__limits_deprecated_addr2name_family, tc)
461 cap_channel_t *capnet;
462 cap_net_limit_t *limit;
463 int family[] = { AF_INET6, AF_INET };
465 capnet = create_network_service();
467 /* Limit to AF_INET6 and AF_INET. */
468 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_ADDR2NAME);
469 ATF_REQUIRE(limit != NULL);
470 cap_net_limit_addr2name_family(limit, family, nitems(family));
471 ATF_REQUIRE(cap_net_limit(limit) == 0);
473 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET, TEST_IPV4) == 0);
474 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET6, TEST_IPV6) == 0);
475 ATF_REQUIRE(test_gethostbyaddr(capnet, PF_LINK, TEST_IPV4) ==
478 /* Limit to AF_INET6 and AF_INET. */
479 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_ADDR2NAME);
480 ATF_REQUIRE(limit != NULL);
481 cap_net_limit_addr2name_family(limit, &family[0], 1);
482 cap_net_limit_addr2name_family(limit, &family[1], 1);
483 ATF_REQUIRE(cap_net_limit(limit) == 0);
485 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET, TEST_IPV4) == 0);
486 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET6, TEST_IPV6) == 0);
487 ATF_REQUIRE(test_gethostbyaddr(capnet, PF_LINK, TEST_IPV4) ==
490 /* Limit to AF_INET6. */
491 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_ADDR2NAME);
492 ATF_REQUIRE(limit != NULL);
493 cap_net_limit_addr2name_family(limit, family, 1);
494 ATF_REQUIRE(cap_net_limit(limit) == 0);
496 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET, TEST_IPV4) ==
498 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET6, TEST_IPV6) == 0);
499 ATF_REQUIRE(test_gethostbyaddr(capnet, PF_LINK, TEST_IPV4) ==
502 /* Unable to set empty limits. Empty limits means full access. */
503 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_ADDR2NAME);
504 ATF_REQUIRE(cap_net_limit(limit) != 0);
509 ATF_TC_WITHOUT_HEAD(capnet__limits_deprecated_addr2name);
510 ATF_TC_BODY(capnet__limits_deprecated_addr2name, tc)
512 cap_channel_t *capnet;
513 cap_net_limit_t *limit;
514 struct in_addr ipaddrv4;
515 struct in6_addr ipaddrv6;
517 capnet = create_network_service();
519 /* Limit to TEST_IPV4 and TEST_IPV6. */
520 memset(&ipaddrv4, 0, sizeof(ipaddrv4));
521 memset(&ipaddrv6, 0, sizeof(ipaddrv6));
523 inet_pton(AF_INET, TEST_IPV4, &ipaddrv4);
524 inet_pton(AF_INET6, TEST_IPV6, &ipaddrv6);
526 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_ADDR2NAME);
527 ATF_REQUIRE(limit != NULL);
529 cap_net_limit_addr2name(limit, (struct sockaddr *)&ipaddrv4,
531 cap_net_limit_addr2name(limit, (struct sockaddr *)&ipaddrv6,
533 ATF_REQUIRE(cap_net_limit(limit) == 0);
535 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET, TEST_IPV4) == 0);
536 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET6, TEST_IPV6) == 0);
537 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET, "127.0.0.1") ==
540 /* Limit to AF_INET. */
541 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_ADDR2NAME);
542 ATF_REQUIRE(limit != NULL);
543 cap_net_limit_addr2name(limit, (struct sockaddr *)&ipaddrv4,
545 ATF_REQUIRE(cap_net_limit(limit) == 0);
547 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET, TEST_IPV4) == 0);
548 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET6, TEST_IPV6) ==
550 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET, "127.0.0.1") ==
553 /* Unable to set empty limits. Empty limits means full access. */
554 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_ADDR2NAME);
555 ATF_REQUIRE(cap_net_limit(limit) != 0);
561 ATF_TC_WITHOUT_HEAD(capnet__limits_name2addr_mode);
562 ATF_TC_BODY(capnet__limits_name2addr_mode, tc)
564 cap_channel_t *capnet;
565 cap_net_limit_t *limit;
567 capnet = create_network_service();
570 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
571 ATF_REQUIRE(limit != NULL);
572 ATF_REQUIRE(cap_net_limit(limit) == 0);
575 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
580 test_gethostbyname(capnet, AF_INET, TEST_DOMAIN_0) == ENOTCAPABLE);
581 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET, TEST_IPV4) ==
583 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET, TEST_IPV4) ==
585 ATF_REQUIRE(test_bind(capnet, TEST_BIND_IPV4) == ENOTCAPABLE);
586 ATF_REQUIRE(test_connect(capnet, TEST_IPV4, 80) == ENOTCAPABLE);
588 test_extend_mode(capnet, CAPNET_ADDR2NAME);
593 ATF_TC_WITHOUT_HEAD(capnet__limits_name2addr_hosts);
594 ATF_TC_BODY(capnet__limits_name2addr_hosts, tc)
596 cap_channel_t *capnet;
597 cap_net_limit_t *limit;
599 capnet = create_network_service();
601 /* Limit to TEST_DOMAIN_0 and localhost only. */
602 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
603 ATF_REQUIRE(limit != NULL);
604 cap_net_limit_name2addr(limit, TEST_DOMAIN_0, NULL);
605 cap_net_limit_name2addr(limit, "localhost", NULL);
606 ATF_REQUIRE(cap_net_limit(limit) == 0);
608 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
610 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, "localhost", NULL) == 0);
611 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_1, NULL) ==
614 /* Limit to TEST_DOMAIN_0 only. */
615 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
616 ATF_REQUIRE(limit != NULL);
617 cap_net_limit_name2addr(limit, TEST_DOMAIN_0, NULL);
618 ATF_REQUIRE(cap_net_limit(limit) == 0);
620 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, "localhost", NULL) ==
622 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_1, NULL) ==
624 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
627 /* Unable to set empty limits. Empty limits means full access. */
628 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
629 ATF_REQUIRE(cap_net_limit(limit) != 0);
634 ATF_TC_WITHOUT_HEAD(capnet__limits_name2addr_hosts_servnames_strict);
635 ATF_TC_BODY(capnet__limits_name2addr_hosts_servnames_strict, tc)
637 cap_channel_t *capnet;
638 cap_net_limit_t *limit;
640 capnet = create_network_service();
643 * Limit to TEST_DOMAIN_0 and HTTP service.
645 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
646 ATF_REQUIRE(limit != NULL);
647 cap_net_limit_name2addr(limit, TEST_DOMAIN_0, "http");
648 ATF_REQUIRE(cap_net_limit(limit) == 0);
650 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, "http") ==
652 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
654 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, "snmp") ==
656 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_1, "http") ==
659 /* Unable to set empty limits. Empty limits means full access. */
660 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
661 ATF_REQUIRE(cap_net_limit(limit) != 0);
666 ATF_TC_WITHOUT_HEAD(capnet__limits_name2addr_hosts_servnames_mix);
667 ATF_TC_BODY(capnet__limits_name2addr_hosts_servnames_mix, tc)
669 cap_channel_t *capnet;
670 cap_net_limit_t *limit;
672 capnet = create_network_service();
675 * Limit to TEST_DOMAIN_0 and any servnamex, and any domain with
678 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
679 ATF_REQUIRE(limit != NULL);
680 cap_net_limit_name2addr(limit, TEST_DOMAIN_0, NULL);
681 cap_net_limit_name2addr(limit, NULL, "http");
682 ATF_REQUIRE(cap_net_limit(limit) == 0);
684 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, "http") ==
686 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
688 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_1, "http") ==
690 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
692 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_1, "snmp") ==
695 /* Limit to HTTTP servname only. */
696 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
697 ATF_REQUIRE(limit != NULL);
698 cap_net_limit_name2addr(limit, NULL, "http");
699 ATF_REQUIRE(cap_net_limit(limit) == 0);
701 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, "http") ==
703 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
705 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_1, "http") ==
707 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
709 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_1, "snmp") ==
712 /* Unable to set empty limits. Empty limits means full access. */
713 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
714 ATF_REQUIRE(cap_net_limit(limit) != 0);
719 ATF_TC_WITHOUT_HEAD(capnet__limits_name2addr_family);
720 ATF_TC_BODY(capnet__limits_name2addr_family, tc)
722 cap_channel_t *capnet;
723 cap_net_limit_t *limit;
724 int family[] = { AF_INET6, AF_INET };
726 capnet = create_network_service();
728 /* Limit to AF_INET and AF_INET6. */
729 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
730 ATF_REQUIRE(limit != NULL);
731 cap_net_limit_name2addr(limit, TEST_DOMAIN_0, NULL);
732 cap_net_limit_name2addr_family(limit, family, nitems(family));
733 ATF_REQUIRE(cap_net_limit(limit) == 0);
735 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
737 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET6, TEST_DOMAIN_0, NULL) ==
739 ATF_REQUIRE(test_getaddrinfo(capnet, PF_LINK, TEST_DOMAIN_0, NULL) ==
742 /* Limit to AF_INET and AF_INET6. */
743 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
744 ATF_REQUIRE(limit != NULL);
745 cap_net_limit_name2addr(limit, TEST_DOMAIN_0, NULL);
746 cap_net_limit_name2addr_family(limit, &family[0], 1);
747 cap_net_limit_name2addr_family(limit, &family[1], 1);
748 ATF_REQUIRE(cap_net_limit(limit) == 0);
750 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
752 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET6, TEST_DOMAIN_0, NULL) ==
754 ATF_REQUIRE(test_getaddrinfo(capnet, PF_LINK, TEST_DOMAIN_0, NULL) ==
757 /* Limit to AF_INET6 only. */
758 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
759 ATF_REQUIRE(limit != NULL);
760 cap_net_limit_name2addr(limit, TEST_DOMAIN_0, NULL);
761 cap_net_limit_name2addr_family(limit, family, 1);
762 ATF_REQUIRE(cap_net_limit(limit) == 0);
764 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
766 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET6, TEST_DOMAIN_0, NULL) ==
768 ATF_REQUIRE(test_getaddrinfo(capnet, PF_LINK, TEST_DOMAIN_0, NULL) ==
771 /* Unable to set empty limits. Empty limits means full access. */
772 limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
773 ATF_REQUIRE(cap_net_limit(limit) != 0);
778 ATF_TC_WITHOUT_HEAD(capnet__limits_deprecated_name2addr_mode);
779 ATF_TC_BODY(capnet__limits_deprecated_name2addr_mode, tc)
781 cap_channel_t *capnet;
782 cap_net_limit_t *limit;
784 capnet = create_network_service();
787 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_NAME2ADDR);
788 ATF_REQUIRE(limit != NULL);
789 ATF_REQUIRE(cap_net_limit(limit) == 0);
792 ATF_REQUIRE(test_gethostbyname(capnet, AF_INET, TEST_DOMAIN_0) == 0);
795 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET, TEST_IPV4) ==
797 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET, TEST_IPV4) ==
799 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
801 ATF_REQUIRE(test_bind(capnet, TEST_BIND_IPV4) == ENOTCAPABLE);
802 ATF_REQUIRE(test_connect(capnet, TEST_IPV4, 80) == ENOTCAPABLE);
804 test_extend_mode(capnet, CAPNET_ADDR2NAME);
809 ATF_TC_WITHOUT_HEAD(capnet__limits_deprecated_name2addr_hosts);
810 ATF_TC_BODY(capnet__limits_deprecated_name2addr_hosts, tc)
812 cap_channel_t *capnet;
813 cap_net_limit_t *limit;
815 capnet = create_network_service();
817 /* Limit to TEST_DOMAIN_0 and localhost only. */
818 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_NAME2ADDR);
819 ATF_REQUIRE(limit != NULL);
820 cap_net_limit_name2addr(limit, TEST_DOMAIN_0, NULL);
821 cap_net_limit_name2addr(limit, "localhost", NULL);
822 ATF_REQUIRE(cap_net_limit(limit) == 0);
824 ATF_REQUIRE(test_gethostbyname(capnet, AF_INET, TEST_DOMAIN_0) == 0);
825 ATF_REQUIRE(test_gethostbyname(capnet, AF_INET, "localhost") == 0);
827 test_gethostbyname(capnet, AF_INET, TEST_DOMAIN_1) == ENOTCAPABLE);
829 /* Limit to TEST_DOMAIN_0 only. */
830 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_NAME2ADDR);
831 ATF_REQUIRE(limit != NULL);
832 cap_net_limit_name2addr(limit, TEST_DOMAIN_0, NULL);
833 ATF_REQUIRE(cap_net_limit(limit) == 0);
836 test_gethostbyname(capnet, AF_INET, "localhost") == ENOTCAPABLE);
838 test_gethostbyname(capnet, AF_INET, TEST_DOMAIN_1) == ENOTCAPABLE);
839 ATF_REQUIRE(test_gethostbyname(capnet, AF_INET, TEST_DOMAIN_0) == 0);
841 /* Unable to set empty limits. Empty limits means full access. */
842 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_NAME2ADDR);
843 ATF_REQUIRE(cap_net_limit(limit) != 0);
848 ATF_TC_WITHOUT_HEAD(capnet__limits_deprecated_name2addr_family);
849 ATF_TC_BODY(capnet__limits_deprecated_name2addr_family, tc)
851 cap_channel_t *capnet;
852 cap_net_limit_t *limit;
853 int family[] = { AF_INET6, AF_INET };
855 capnet = create_network_service();
857 /* Limit to AF_INET and AF_INET6. */
858 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_NAME2ADDR);
859 ATF_REQUIRE(limit != NULL);
860 cap_net_limit_name2addr(limit, TEST_DOMAIN_0, NULL);
861 cap_net_limit_name2addr_family(limit, family, nitems(family));
862 ATF_REQUIRE(cap_net_limit(limit) == 0);
864 ATF_REQUIRE(test_gethostbyname(capnet, AF_INET, TEST_DOMAIN_0) == 0);
865 ATF_REQUIRE(test_gethostbyname(capnet, AF_INET6, TEST_DOMAIN_0) == 0);
867 test_gethostbyname(capnet, PF_LINK, TEST_DOMAIN_0) == ENOTCAPABLE);
869 /* Limit to AF_INET and AF_INET6. */
870 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_NAME2ADDR);
871 ATF_REQUIRE(limit != NULL);
872 cap_net_limit_name2addr(limit, TEST_DOMAIN_0, NULL);
873 cap_net_limit_name2addr_family(limit, &family[0], 1);
874 cap_net_limit_name2addr_family(limit, &family[1], 1);
875 ATF_REQUIRE(cap_net_limit(limit) == 0);
877 ATF_REQUIRE(test_gethostbyname(capnet, AF_INET, TEST_DOMAIN_0) == 0);
878 ATF_REQUIRE(test_gethostbyname(capnet, AF_INET6, TEST_DOMAIN_0) == 0);
880 test_gethostbyname(capnet, PF_LINK, TEST_DOMAIN_0) == ENOTCAPABLE);
882 /* Limit to AF_INET6 only. */
883 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_NAME2ADDR);
884 ATF_REQUIRE(limit != NULL);
885 cap_net_limit_name2addr(limit, TEST_DOMAIN_0, NULL);
886 cap_net_limit_name2addr_family(limit, family, 1);
887 ATF_REQUIRE(cap_net_limit(limit) == 0);
890 test_gethostbyname(capnet, AF_INET, TEST_DOMAIN_0) == ENOTCAPABLE);
891 ATF_REQUIRE(test_gethostbyname(capnet, AF_INET6, TEST_DOMAIN_0) == 0);
893 test_gethostbyname(capnet, PF_LINK, TEST_DOMAIN_0) == ENOTCAPABLE);
895 /* Unable to set empty limits. Empty limits means full access. */
896 limit = cap_net_limit_init(capnet, CAPNET_DEPRECATED_NAME2ADDR);
897 ATF_REQUIRE(cap_net_limit(limit) != 0);
902 ATF_TC_WITHOUT_HEAD(capnet__limits_bind_mode);
903 ATF_TC_BODY(capnet__limits_bind_mode, tc)
905 cap_channel_t *capnet;
906 cap_net_limit_t *limit;
908 capnet = create_network_service();
911 limit = cap_net_limit_init(capnet, CAPNET_BIND);
912 ATF_REQUIRE(limit != NULL);
913 ATF_REQUIRE(cap_net_limit(limit) == 0);
916 ATF_REQUIRE(test_bind(capnet, TEST_BIND_IPV4) == 0);
920 test_gethostbyname(capnet, AF_INET, TEST_DOMAIN_0) == ENOTCAPABLE);
921 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET, TEST_IPV4) ==
923 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET, TEST_IPV4) ==
925 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
927 ATF_REQUIRE(test_connect(capnet, TEST_IPV4, 80) == ENOTCAPABLE);
929 test_extend_mode(capnet, CAPNET_ADDR2NAME);
934 ATF_TC_WITHOUT_HEAD(capnet__limits_bind);
935 ATF_TC_BODY(capnet__limits_bind, tc)
937 cap_channel_t *capnet;
938 cap_net_limit_t *limit;
939 struct sockaddr_in ipv4;
941 capnet = create_network_service();
943 limit = cap_net_limit_init(capnet, CAPNET_BIND);
944 ATF_REQUIRE(limit != NULL);
946 memset(&ipv4, 0, sizeof(ipv4));
947 ipv4.sin_family = AF_INET;
948 inet_pton(AF_INET, TEST_BIND_IPV4, &ipv4.sin_addr);
950 cap_net_limit_bind(limit, (struct sockaddr *)&ipv4, sizeof(ipv4));
951 ATF_REQUIRE(cap_net_limit(limit) == 0);
953 ATF_REQUIRE(test_bind(capnet, TEST_BIND_IPV4) == 0);
954 ATF_REQUIRE(test_bind(capnet, "127.0.0.2") == ENOTCAPABLE);
959 ATF_TC_WITHOUT_HEAD(capnet__limits_connect_mode);
960 ATF_TC_BODY(capnet__limits_connect_mode, tc)
962 cap_channel_t *capnet;
963 cap_net_limit_t *limit;
965 capnet = create_network_service();
968 limit = cap_net_limit_init(capnet, CAPNET_CONNECT);
969 ATF_REQUIRE(limit != NULL);
970 ATF_REQUIRE(cap_net_limit(limit) == 0);
973 ATF_REQUIRE(test_connect(capnet, TEST_IPV4, 80) == 0);
977 test_gethostbyname(capnet, AF_INET, TEST_DOMAIN_0) == ENOTCAPABLE);
978 ATF_REQUIRE(test_getnameinfo(capnet, AF_INET, TEST_IPV4) ==
980 ATF_REQUIRE(test_gethostbyaddr(capnet, AF_INET, TEST_IPV4) ==
982 ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
984 ATF_REQUIRE(test_bind(capnet, TEST_BIND_IPV4) == ENOTCAPABLE);
986 test_extend_mode(capnet, CAPNET_ADDR2NAME);
991 ATF_TC_WITHOUT_HEAD(capnet__limits_connect);
992 ATF_TC_BODY(capnet__limits_connect, tc)
994 cap_channel_t *capnet;
995 cap_net_limit_t *limit;
996 struct sockaddr_in ipv4;
998 capnet = create_network_service();
1000 /* Limit only to TEST_IPV4 on port 80 and 443. */
1001 limit = cap_net_limit_init(capnet, CAPNET_CONNECT);
1002 ATF_REQUIRE(limit != NULL);
1003 memset(&ipv4, 0, sizeof(ipv4));
1004 ipv4.sin_family = AF_INET;
1005 ipv4.sin_port = htons(80);
1006 inet_pton(AF_INET, TEST_IPV4, &ipv4.sin_addr);
1007 cap_net_limit_connect(limit, (struct sockaddr *)&ipv4, sizeof(ipv4));
1009 ipv4.sin_port = htons(443);
1010 cap_net_limit_connect(limit, (struct sockaddr *)&ipv4, sizeof(ipv4));
1011 ATF_REQUIRE(cap_net_limit(limit) == 0);
1013 ATF_REQUIRE(test_connect(capnet, TEST_IPV4, 80) == 0);
1014 ATF_REQUIRE(test_connect(capnet, "8.8.8.8", 80) == ENOTCAPABLE);
1015 ATF_REQUIRE(test_connect(capnet, "8.8.8.8", 433) == ENOTCAPABLE);
1016 ATF_REQUIRE(test_connect(capnet, TEST_IPV4, 443) == 0);
1018 /* Limit only to TEST_IPV4 on port 443. */
1019 limit = cap_net_limit_init(capnet, CAPNET_CONNECT);
1020 cap_net_limit_connect(limit, (struct sockaddr *)&ipv4, sizeof(ipv4));
1021 ATF_REQUIRE(cap_net_limit(limit) == 0);
1023 ATF_REQUIRE(test_connect(capnet, TEST_IPV4, 433) == ENOTCAPABLE);
1024 ATF_REQUIRE(test_connect(capnet, "8.8.8.8", 80) == ENOTCAPABLE);
1025 ATF_REQUIRE(test_connect(capnet, "8.8.8.8", 433) == ENOTCAPABLE);
1026 ATF_REQUIRE(test_connect(capnet, TEST_IPV4, 443) == 0);
1028 /* Unable to set empty limits. Empty limits means full access. */
1029 limit = cap_net_limit_init(capnet, CAPNET_CONNECT);
1030 ATF_REQUIRE(cap_net_limit(limit) != 0);
1035 ATF_TC_WITHOUT_HEAD(capnet__limits_connecttodns);
1036 ATF_TC_BODY(capnet__limits_connecttodns, tc)
1038 cap_channel_t *capnet;
1039 cap_net_limit_t *limit;
1040 struct addrinfo hints, *capres, *res;
1041 int family[] = { AF_INET };
1043 capnet = create_network_service();
1045 limit = cap_net_limit_init(capnet, CAPNET_CONNECTDNS |
1047 ATF_REQUIRE(limit != NULL);
1048 cap_net_limit_name2addr(limit, TEST_IPV4, "80");
1049 cap_net_limit_name2addr_family(limit, family, 1);
1050 ATF_REQUIRE(cap_net_limit(limit) == 0);
1052 memset(&hints, 0, sizeof(hints));
1053 hints.ai_family = AF_INET;
1054 hints.ai_socktype = SOCK_STREAM;
1056 ATF_REQUIRE(test_connect(capnet, "8.8.8.8", 433) == ENOTCAPABLE);
1057 ATF_REQUIRE(cap_getaddrinfo(capnet, TEST_IPV4, "80", &hints, &capres) ==
1059 ATF_REQUIRE(test_connect(capnet, "8.8.8.8", 433) == ENOTCAPABLE);
1061 for (res = capres; res != NULL; res = res->ai_next) {
1064 ATF_REQUIRE(res->ai_family == AF_INET);
1065 ATF_REQUIRE(res->ai_socktype == SOCK_STREAM);
1067 s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
1068 ATF_REQUIRE(s >= 0);
1070 ATF_REQUIRE(cap_connect(capnet, s, res->ai_addr,
1071 res->ai_addrlen) == 0);
1075 freeaddrinfo(capres);
1080 ATF_TC_WITHOUT_HEAD(capnet__limits_deprecated_connecttodns);
1081 ATF_TC_BODY(capnet__limits_deprecated_connecttodns, tc)
1083 cap_channel_t *capnet;
1084 cap_net_limit_t *limit;
1085 struct hostent *caphp;
1086 struct in_addr ipaddr;
1087 struct sockaddr_in connaddr;
1088 int family[] = { AF_INET };
1091 capnet = create_network_service();
1093 limit = cap_net_limit_init(capnet, CAPNET_CONNECTDNS |
1094 CAPNET_DEPRECATED_NAME2ADDR);
1095 ATF_REQUIRE(limit != NULL);
1096 cap_net_limit_name2addr(limit, TEST_IPV4, NULL);
1097 cap_net_limit_name2addr_family(limit, family, 1);
1098 ATF_REQUIRE(cap_net_limit(limit) == 0);
1100 memset(&ipaddr, 0, sizeof(ipaddr));
1101 inet_pton(AF_INET, TEST_IPV4, &ipaddr);
1103 ATF_REQUIRE(test_connect(capnet, "8.8.8.8", 433) == ENOTCAPABLE);
1104 caphp = cap_gethostbyname2(capnet, TEST_IPV4, AF_INET);
1105 ATF_REQUIRE(caphp != NULL);
1106 ATF_REQUIRE(caphp->h_addrtype == AF_INET);
1107 ATF_REQUIRE(test_connect(capnet, "8.8.8.8", 433) == ENOTCAPABLE);
1109 for (i = 0; caphp->h_addr_list[i] != NULL; i++) {
1112 s = socket(AF_INET, SOCK_STREAM, 0);
1113 ATF_REQUIRE(s >= 0);
1115 memset(&connaddr, 0, sizeof(connaddr));
1116 connaddr.sin_family = AF_INET;
1117 memcpy((char *)&connaddr.sin_addr.s_addr,
1118 (char *)caphp->h_addr_list[i], caphp->h_length);
1119 connaddr.sin_port = htons(80);
1121 ATF_REQUIRE(cap_connect(capnet, s, (struct sockaddr *)&connaddr,
1122 sizeof(connaddr)) == 0);
1132 ATF_TP_ADD_TC(tp, capnet__limits_addr2name_mode);
1133 ATF_TP_ADD_TC(tp, capnet__limits_addr2name_family);
1134 ATF_TP_ADD_TC(tp, capnet__limits_addr2name);
1136 ATF_TP_ADD_TC(tp, capnet__limits_deprecated_addr2name_mode);
1137 ATF_TP_ADD_TC(tp, capnet__limits_deprecated_addr2name_family);
1138 ATF_TP_ADD_TC(tp, capnet__limits_deprecated_addr2name);
1140 ATF_TP_ADD_TC(tp, capnet__limits_name2addr_mode);
1141 ATF_TP_ADD_TC(tp, capnet__limits_name2addr_hosts);
1142 ATF_TP_ADD_TC(tp, capnet__limits_name2addr_hosts_servnames_strict);
1143 ATF_TP_ADD_TC(tp, capnet__limits_name2addr_hosts_servnames_mix);
1144 ATF_TP_ADD_TC(tp, capnet__limits_name2addr_family);
1146 ATF_TP_ADD_TC(tp, capnet__limits_deprecated_name2addr_mode);
1147 ATF_TP_ADD_TC(tp, capnet__limits_deprecated_name2addr_hosts);
1148 ATF_TP_ADD_TC(tp, capnet__limits_deprecated_name2addr_family);
1150 ATF_TP_ADD_TC(tp, capnet__limits_bind_mode);
1151 ATF_TP_ADD_TC(tp, capnet__limits_bind);
1153 ATF_TP_ADD_TC(tp, capnet__limits_connect_mode);
1154 ATF_TP_ADD_TC(tp, capnet__limits_connect);
1156 ATF_TP_ADD_TC(tp, capnet__limits_connecttodns);
1157 ATF_TP_ADD_TC(tp, capnet__limits_deprecated_connecttodns);
1159 return (atf_no_error());