2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright 2020 Alex Richardson <arichardson@FreeBSD.org>
6 * This software was developed by SRI International and the University of
7 * Cambridge Computer Laboratory (Department of Computer Science and
8 * Technology) under DARPA contract HR0011-18-C-0016 ("ECATS"), as part of the
9 * DARPA SSITH research programme.
11 * This work was supported by Innovate UK project 105694, "Digital Security by
12 * Design (DSbD) Technology Platform Prototype".
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions are met:
16 * 1. Redistributions of source code must retain the above copyright notice,
17 * this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright notice,
19 * this list of conditions and the following disclaimer in the documentation
20 * and/or other materials provided with the distribution.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
23 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
24 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
25 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
26 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
27 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
29 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <sys/types.h>
37 #include <sys/param.h>
45 #include <sys/module.h>
53 * Tests 0001-0999 are copied from OpenBSD's regress/sbin/pfctl.
54 * Tests 1001-1999 are ours (FreeBSD's own).
56 * pf: Run pfctl -nv on pfNNNN.in and check that the output matches pfNNNN.ok.
57 * Copied from OpenBSD. Main differences are some things not working
59 * * The action 'match'
60 * * The command 'set reassemble'
61 * * The 'from'/'to' options together with 'route-to'
62 * * The option 'scrub' (it is an action in FreeBSD)
63 * * Accepting undefined routing tables in actions (??: see pf0093.in)
64 * * The 'route' option
65 * * The 'set queue def' option
66 * selfpf: Feed pfctl output through pfctl again and verify it stays the same.
67 * Copied from OpenBSD.
71 check_pf_module_available(void)
74 struct module_stat stat;
76 if ((modid = modfind("pf")) < 0) {
77 warn("pf module not found");
80 stat.version = sizeof(struct module_stat);
81 if (modstat(modid, &stat) < 0) {
82 warn("can't stat pf module id %d", modid);
88 extern char **environ;
91 read_fd(int fd, size_t sizehint)
95 char buffer[MAXBSIZE];
97 sb = sbuf_new(NULL, NULL, sizehint, SBUF_AUTOEXTEND);
99 while ((count = read(fd, buffer, sizeof(buffer) - 1)) > 0) {
100 sbuf_bcat(sb, buffer, count);
102 ATF_REQUIRE_ERRNO(0, count == 0 && "Should have reached EOF");
103 sbuf_finish(sb); /* Ensure NULL-termination */
108 read_file(const char *filename)
115 ATF_REQUIRE_EQ_MSG(stat(filename, &s), 0, "cannot stat %s", filename);
116 fd = open(filename, O_RDONLY);
117 ATF_REQUIRE_ERRNO(0, fd > 0);
118 result = read_fd(fd, s.st_size);
119 ATF_REQUIRE_ERRNO(0, close(fd) == 0);
124 run_pfctl_test(const char *input_path, const char *expected_path,
130 char input_files_path[PATH_MAX];
131 struct sbuf *expected_output;
132 struct sbuf *real_output;
133 posix_spawn_file_actions_t action;
135 if (!check_pf_module_available())
136 atf_tc_skip("pf(4) is not loaded");
138 /* The test inputs need to be able to use relative includes. */
139 snprintf(input_files_path, sizeof(input_files_path), "%s/files",
140 atf_tc_get_config_var(tc, "srcdir"));
141 ATF_REQUIRE_ERRNO(0, chdir(input_files_path) == 0);
143 ATF_REQUIRE_ERRNO(0, pipe(pipefds) == 0);
144 expected_output = read_file(expected_path);
146 posix_spawn_file_actions_init(&action);
147 posix_spawn_file_actions_addclose(&action, STDIN_FILENO);
148 posix_spawn_file_actions_addclose(&action, pipefds[1]);
149 posix_spawn_file_actions_adddup2(&action, pipefds[0], STDOUT_FILENO);
150 posix_spawn_file_actions_adddup2(&action, pipefds[0], STDERR_FILENO);
152 const char *argv[] = { "pfctl", "-o", "none", "-nvf", input_path,
154 printf("Running %s %s %s %s %s\n", argv[0], argv[1], argv[2], argv[3],
156 status = posix_spawnp(
157 &pid, "pfctl", &action, NULL, __DECONST(char **, argv), environ);
159 status, 0, "posix_spawn failed: %s", strerror(errno));
160 posix_spawn_file_actions_destroy(&action);
163 real_output = read_fd(pipefds[1], 0);
164 printf("---\n%s---\n", sbuf_data(real_output));
165 ATF_REQUIRE_EQ(waitpid(pid, &status, 0), pid);
166 ATF_REQUIRE_MSG(WIFEXITED(status),
167 "pfctl returned non-zero! Output:\n %s", sbuf_data(real_output));
169 ATF_CHECK_STREQ(sbuf_data(expected_output), sbuf_data(real_output));
170 sbuf_delete(expected_output);
171 sbuf_delete(real_output);
176 do_pf_test(const char *number, const atf_tc_t *tc)
180 asprintf(&input_path, "%s/files/pf%s.in",
181 atf_tc_get_config_var(tc, "srcdir"), number);
182 asprintf(&expected_path, "%s/files/pf%s.ok",
183 atf_tc_get_config_var(tc, "srcdir"), number);
184 run_pfctl_test(input_path, expected_path, tc);
190 do_selfpf_test(const char *number, const atf_tc_t *tc)
193 asprintf(&expected_path, "%s/files/pf%s.ok",
194 atf_tc_get_config_var(tc, "srcdir"), number);
195 run_pfctl_test(expected_path, expected_path, tc);
199 #define PFCTL_TEST(number, descr) \
200 ATF_TC(pf##number); \
201 ATF_TC_HEAD(pf##number, tc) \
203 atf_tc_set_md_var(tc, "descr", descr); \
205 ATF_TC_BODY(pf##number, tc) \
207 do_pf_test(#number, tc); \
209 ATF_TC(selfpf##number); \
210 ATF_TC_HEAD(selfpf##number, tc) \
212 atf_tc_set_md_var(tc, "descr", "Self " descr); \
214 ATF_TC_BODY(selfpf##number, tc) \
216 do_selfpf_test(#number, tc); \
218 #include "pfctl_test_list.inc"
223 #define PFCTL_TEST(number, descr) \
224 ATF_TP_ADD_TC(tp, pf##number); \
225 ATF_TP_ADD_TC(tp, selfpf##number);
226 #include "pfctl_test_list.inc"
229 return atf_no_error();