2 * Copyright (c) 2018 Kristof Provost <kp@FreeBSD.org>
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 #include <sys/param.h>
29 #include <sys/module.h>
30 #include <sys/types.h>
31 #include <sys/ioctl.h>
32 #include <sys/socket.h>
35 #include <net/pfvar.h>
44 #define COMMON_HEAD() \
45 if (modfind("pf") == -1) \
46 atf_tc_skip("pf not loaded"); \
47 dev = open("/dev/pf", O_RDWR); \
49 atf_tc_skip("Failed to open /dev/pf");
51 #define COMMON_CLEANUP() \
55 common_init_tbl(struct pfr_table *tbl)
57 bzero(tbl, sizeof(struct pfr_table));
58 strcpy(tbl->pfrt_anchor, "anchor");
59 strcpy(tbl->pfrt_name, "name");
64 ATF_TC_WITH_CLEANUP(addtables);
65 ATF_TC_HEAD(addtables, tc)
67 atf_tc_set_md_var(tc, "require.user", "root");
70 ATF_TC_BODY(addtables, tc)
72 struct pfioc_table io;
74 struct pfr_table tbls[4];
81 bzero(&io, sizeof(io));
82 io.pfrio_flags = flags;
83 io.pfrio_buffer = &tbl;
84 io.pfrio_esize = sizeof(tbl);
88 if (ioctl(dev, DIOCRADDTABLES, &io) == 0)
89 atf_tc_fail("Request with size -1 succeeded");
91 /* Overly large size */
92 io.pfrio_size = 1 << 24;
93 if (ioctl(dev, DIOCRADDTABLES, &io) == 0)
94 atf_tc_fail("Request with size 1 << 24 succeeded");
98 io.pfrio_buffer = NULL;
99 if (ioctl(dev, DIOCRADDTABLES, &io) == 0)
100 atf_tc_fail("Request with NULL buffer succeeded");
102 /* This can provoke a memory leak, see r331225. */
104 for (int i = 0; i < io.pfrio_size; i++)
105 common_init_tbl(&tbls[i]);
107 io.pfrio_buffer = &tbls;
108 ioctl(dev, DIOCRADDTABLES, &io);
111 ATF_TC_CLEANUP(addtables, tc)
116 ATF_TC_WITH_CLEANUP(deltables);
117 ATF_TC_HEAD(deltables, tc)
119 atf_tc_set_md_var(tc, "require.user", "root");
122 ATF_TC_BODY(deltables, tc)
124 struct pfioc_table io;
125 struct pfr_table tbl;
132 bzero(&io, sizeof(io));
133 io.pfrio_flags = flags;
134 io.pfrio_buffer = &tbl;
135 io.pfrio_esize = sizeof(tbl);
139 if (ioctl(dev, DIOCRDELTABLES, &io) == 0)
140 atf_tc_fail("Request with size -1 succeeded");
142 /* Overly large size */
143 io.pfrio_size = 1 << 24;
144 if (ioctl(dev, DIOCRDELTABLES, &io) == 0)
145 atf_tc_fail("Request with size 1 << 24 succeeded");
149 io.pfrio_buffer = NULL;
150 if (ioctl(dev, DIOCRDELTABLES, &io) == 0)
151 atf_tc_fail("Request with NULL buffer succeeded");
154 ATF_TC_CLEANUP(deltables, tc)
159 ATF_TC_WITH_CLEANUP(gettables);
160 ATF_TC_HEAD(gettables, tc)
162 atf_tc_set_md_var(tc, "require.user", "root");
165 ATF_TC_BODY(gettables, tc)
167 struct pfioc_table io;
168 struct pfr_table tbl;
175 bzero(&io, sizeof(io));
176 io.pfrio_flags = flags;
177 io.pfrio_buffer = &tbl;
178 io.pfrio_esize = sizeof(tbl);
180 /* Negative size. This will succeed, because the kernel will not copy
181 * tables than it has. */
183 if (ioctl(dev, DIOCRGETTABLES, &io) != 0)
184 atf_tc_fail("Request with size -1 failed");
186 /* Overly large size. See above. */
187 io.pfrio_size = 1 << 24;
188 if (ioctl(dev, DIOCRGETTABLES, &io) != 0)
189 atf_tc_fail("Request with size 1 << 24 failed");
192 ATF_TC_CLEANUP(gettables, tc)
197 ATF_TC_WITH_CLEANUP(gettstats);
198 ATF_TC_HEAD(gettstats, tc)
200 atf_tc_set_md_var(tc, "require.user", "root");
203 ATF_TC_BODY(gettstats, tc)
205 struct pfioc_table io;
206 struct pfr_tstats stats;
213 bzero(&io, sizeof(io));
214 io.pfrio_flags = flags;
215 io.pfrio_buffer = &stats;
216 io.pfrio_esize = sizeof(stats);
218 /* Negative size. This will succeed, because the kernel will not copy
219 * tables than it has. */
221 if (ioctl(dev, DIOCRGETTSTATS, &io) != 0)
222 atf_tc_fail("Request with size -1 failed");
224 /* Overly large size. See above. */
225 io.pfrio_size = 1 << 24;
226 if (ioctl(dev, DIOCRGETTSTATS, &io) != 0)
227 atf_tc_fail("Request with size 1 << 24 failed");
230 ATF_TC_CLEANUP(gettstats, tc)
235 ATF_TC_WITH_CLEANUP(clrtstats);
236 ATF_TC_HEAD(clrtstats, tc)
238 atf_tc_set_md_var(tc, "require.user", "root");
241 ATF_TC_BODY(clrtstats, tc)
243 struct pfioc_table io;
244 struct pfr_table tbl;
251 common_init_tbl(&tbl);
253 bzero(&io, sizeof(io));
254 io.pfrio_flags = flags;
255 io.pfrio_buffer = &tbl;
256 io.pfrio_esize = sizeof(tbl);
258 /* Negative size. This will succeed, because the kernel will not copy
259 * tables than it has. */
261 if (ioctl(dev, DIOCRCLRTSTATS, &io) != 0)
262 atf_tc_fail("Request with size -1 failed ");
264 /* Overly large size. See above. */
265 io.pfrio_size = 1 << 24;
266 if (ioctl(dev, DIOCRCLRTSTATS, &io) != 0)
267 atf_tc_fail("Request with size 1 << 24 failed");
270 ATF_TC_CLEANUP(clrtstats, tc)
275 ATF_TC_WITH_CLEANUP(settflags);
276 ATF_TC_HEAD(settflags, tc)
278 atf_tc_set_md_var(tc, "require.user", "root");
281 ATF_TC_BODY(settflags, tc)
283 struct pfioc_table io;
284 struct pfr_table tbl;
291 common_init_tbl(&tbl);
293 bzero(&io, sizeof(io));
294 io.pfrio_flags = flags;
295 io.pfrio_buffer = &tbl;
296 io.pfrio_esize = sizeof(tbl);
298 /* Negative size. This will succeed, because the kernel will not copy
299 * tables than it has. */
301 if (ioctl(dev, DIOCRSETTFLAGS, &io) != 0)
302 atf_tc_fail("Request with size -1 failed");
304 /* Overly large size. See above. */
305 io.pfrio_size = 1 << 28;
306 if (ioctl(dev, DIOCRSETTFLAGS, &io) != 0)
307 atf_tc_fail("Request with size 1 << 24 failed");
310 io.pfrio_buffer = NULL;
311 if (ioctl(dev, DIOCRSETTFLAGS, &io) != -1)
312 atf_tc_fail("Request with NULL buffer succeeded");
315 ATF_TC_CLEANUP(settflags, tc)
320 ATF_TC_WITH_CLEANUP(addaddrs);
321 ATF_TC_HEAD(addaddrs, tc)
323 atf_tc_set_md_var(tc, "require.user", "root");
326 ATF_TC_BODY(addaddrs, tc)
328 struct pfioc_table io;
329 struct pfr_addr addr;
333 bzero(&addr, sizeof(addr));
334 bzero(&io, sizeof(io));
336 io.pfrio_buffer = &addr;
337 io.pfrio_esize = sizeof(addr);
341 if (ioctl(dev, DIOCRADDADDRS, &io) == 0)
342 atf_tc_fail("Request with size -1 succeeded");
344 /* Overly large size. */
345 io.pfrio_size = 1 << 28;
346 if (ioctl(dev, DIOCRADDADDRS, &io) == 0)
347 atf_tc_fail("Reuqest with size 1 << 28 failed");
350 ATF_TC_CLEANUP(addaddrs, tc)
355 ATF_TC_WITH_CLEANUP(deladdrs);
356 ATF_TC_HEAD(deladdrs, tc)
358 atf_tc_set_md_var(tc, "require.user", "root");
361 ATF_TC_BODY(deladdrs, tc)
363 struct pfioc_table io;
364 struct pfr_addr addr;
368 bzero(&addr, sizeof(addr));
369 bzero(&io, sizeof(io));
371 io.pfrio_buffer = &addr;
372 io.pfrio_esize = sizeof(addr);
376 if (ioctl(dev, DIOCRDELADDRS, &io) == 0)
377 atf_tc_fail("Request with size -1 succeeded");
379 /* Overly large size. */
380 io.pfrio_size = 1 << 28;
381 if (ioctl(dev, DIOCRDELADDRS, &io) == 0)
382 atf_tc_fail("Reuqest with size 1 << 28 failed");
385 ATF_TC_CLEANUP(deladdrs, tc)
390 ATF_TC_WITH_CLEANUP(setaddrs);
391 ATF_TC_HEAD(setaddrs, tc)
393 atf_tc_set_md_var(tc, "require.user", "root");
396 ATF_TC_BODY(setaddrs, tc)
398 struct pfioc_table io;
399 struct pfr_addr addr;
403 bzero(&addr, sizeof(addr));
404 bzero(&io, sizeof(io));
406 io.pfrio_buffer = &addr;
407 io.pfrio_esize = sizeof(addr);
411 if (ioctl(dev, DIOCRSETADDRS, &io) == 0)
412 atf_tc_fail("Request with size -1 succeeded");
414 /* Overly large size. */
415 io.pfrio_size = 1 << 28;
416 if (ioctl(dev, DIOCRSETADDRS, &io) == 0)
417 atf_tc_fail("Reuqest with size 1 << 28 failed");
420 ATF_TC_CLEANUP(setaddrs, tc)
425 ATF_TC_WITH_CLEANUP(getaddrs);
426 ATF_TC_HEAD(getaddrs, tc)
428 atf_tc_set_md_var(tc, "require.user", "root");
431 ATF_TC_BODY(getaddrs, tc)
433 struct pfioc_table io;
434 struct pfr_addr addr;
438 bzero(&addr, sizeof(addr));
439 bzero(&io, sizeof(io));
441 io.pfrio_buffer = &addr;
442 io.pfrio_esize = sizeof(addr);
444 common_init_tbl(&io.pfrio_table);
448 if (ioctl(dev, DIOCRGETADDRS, &io) == 0)
449 atf_tc_fail("Request with size -1 succeeded");
451 /* Overly large size. */
452 io.pfrio_size = 1 << 24;
453 if (ioctl(dev, DIOCRGETADDRS, &io) == 0)
454 atf_tc_fail("Request with size 1 << 24 failed");
457 ATF_TC_CLEANUP(getaddrs, tc)
462 ATF_TC_WITH_CLEANUP(getastats);
463 ATF_TC_HEAD(getastats, tc)
465 atf_tc_set_md_var(tc, "require.user", "root");
468 ATF_TC_BODY(getastats, tc)
470 struct pfioc_table io;
471 struct pfr_astats astats;
475 bzero(&astats, sizeof(astats));
476 bzero(&io, sizeof(io));
478 io.pfrio_buffer = &astats;
479 io.pfrio_esize = sizeof(astats);
481 common_init_tbl(&io.pfrio_table);
485 if (ioctl(dev, DIOCRGETASTATS, &io) == 0)
486 atf_tc_fail("Request with size -1 succeeded");
488 /* Overly large size. */
489 io.pfrio_size = 1 << 24;
490 if (ioctl(dev, DIOCRGETASTATS, &io) == 0)
491 atf_tc_fail("Request with size 1 << 24 failed");
494 ATF_TC_CLEANUP(getastats, tc)
499 ATF_TC_WITH_CLEANUP(clrastats);
500 ATF_TC_HEAD(clrastats, tc)
502 atf_tc_set_md_var(tc, "require.user", "root");
505 ATF_TC_BODY(clrastats, tc)
507 struct pfioc_table io;
508 struct pfr_addr addr;
512 bzero(&addr, sizeof(addr));
513 bzero(&io, sizeof(io));
515 io.pfrio_buffer = &addr;
516 io.pfrio_esize = sizeof(addr);
518 common_init_tbl(&io.pfrio_table);
522 if (ioctl(dev, DIOCRCLRASTATS, &io) == 0)
523 atf_tc_fail("Request with size -1 succeeded");
525 /* Overly large size. */
526 io.pfrio_size = 1 << 24;
527 if (ioctl(dev, DIOCRCLRASTATS, &io) == 0)
528 atf_tc_fail("Request with size 1 << 24 failed");
531 ATF_TC_CLEANUP(clrastats, tc)
536 ATF_TC_WITH_CLEANUP(tstaddrs);
537 ATF_TC_HEAD(tstaddrs, tc)
539 atf_tc_set_md_var(tc, "require.user", "root");
542 ATF_TC_BODY(tstaddrs, tc)
544 struct pfioc_table io;
545 struct pfr_addr addr;
549 bzero(&addr, sizeof(addr));
550 bzero(&io, sizeof(io));
552 io.pfrio_buffer = &addr;
553 io.pfrio_esize = sizeof(addr);
555 common_init_tbl(&io.pfrio_table);
559 if (ioctl(dev, DIOCRTSTADDRS, &io) == 0)
560 atf_tc_fail("Request with size -1 succeeded");
562 /* Overly large size. */
563 io.pfrio_size = 1 << 24;
564 if (ioctl(dev, DIOCRTSTADDRS, &io) == 0)
565 atf_tc_fail("Request with size 1 << 24 failed");
568 ATF_TC_CLEANUP(tstaddrs, tc)
573 ATF_TC_WITH_CLEANUP(inadefine);
574 ATF_TC_HEAD(inadefine, tc)
576 atf_tc_set_md_var(tc, "require.user", "root");
579 ATF_TC_BODY(inadefine, tc)
581 struct pfioc_table io;
582 struct pfr_addr addr;
586 bzero(&addr, sizeof(addr));
587 bzero(&io, sizeof(io));
589 io.pfrio_buffer = &addr;
590 io.pfrio_esize = sizeof(addr);
592 common_init_tbl(&io.pfrio_table);
596 if (ioctl(dev, DIOCRINADEFINE, &io) == 0)
597 atf_tc_fail("Request with size -1 succeeded");
599 /* Overly large size. */
600 io.pfrio_size = 1 << 24;
601 if (ioctl(dev, DIOCRINADEFINE, &io) == 0)
602 atf_tc_fail("Request with size 1 << 24 failed");
605 ATF_TC_CLEANUP(inadefine, tc)
610 ATF_TC_WITH_CLEANUP(igetifaces);
611 ATF_TC_HEAD(igetifaces, tc)
613 atf_tc_set_md_var(tc, "require.user", "root");
616 ATF_TC_BODY(igetifaces, tc)
618 struct pfioc_iface io;
623 bzero(&io, sizeof(io));
625 io.pfiio_buffer = &kif;
626 io.pfiio_esize = sizeof(kif);
630 if (ioctl(dev, DIOCIGETIFACES, &io) == 0)
631 atf_tc_fail("request with size -1 succeeded");
634 io.pfiio_size = 1 << 31;
635 if (ioctl(dev, DIOCIGETIFACES, &io) == 0)
636 atf_tc_fail("request with size 1 << 31 succeeded");
639 ATF_TC_CLEANUP(igetifaces, tc)
644 ATF_TC_WITH_CLEANUP(cxbegin);
645 ATF_TC_HEAD(cxbegin, tc)
647 atf_tc_set_md_var(tc, "require.user", "root");
650 ATF_TC_BODY(cxbegin, tc)
652 struct pfioc_trans io;
653 struct pfioc_trans_e ioe;
657 bzero(&io, sizeof(io));
658 io.esize = sizeof(ioe);
663 if (ioctl(dev, DIOCXBEGIN, &io) == 0)
664 atf_tc_fail("request with size -1 succeeded");
668 if (ioctl(dev, DIOCXBEGIN, &io) == 0)
669 atf_tc_fail("request with size 1 << 30 succeeded");
674 if (ioctl(dev, DIOCXBEGIN, &io) == 0)
675 atf_tc_fail("request with size -1 succeeded");
678 ATF_TC_CLEANUP(cxbegin, tc)
683 ATF_TC_WITH_CLEANUP(cxrollback);
684 ATF_TC_HEAD(cxrollback, tc)
686 atf_tc_set_md_var(tc, "require.user", "root");
689 ATF_TC_BODY(cxrollback, tc)
691 struct pfioc_trans io;
692 struct pfioc_trans_e ioe;
696 bzero(&io, sizeof(io));
697 io.esize = sizeof(ioe);
702 if (ioctl(dev, DIOCXROLLBACK, &io) == 0)
703 atf_tc_fail("request with size -1 succeeded");
707 if (ioctl(dev, DIOCXROLLBACK, &io) == 0)
708 atf_tc_fail("request with size 1 << 30 succeeded");
713 if (ioctl(dev, DIOCXROLLBACK, &io) == 0)
714 atf_tc_fail("request with size -1 succeeded");
717 ATF_TC_CLEANUP(cxrollback, tc)
722 ATF_TC_WITH_CLEANUP(commit);
723 ATF_TC_HEAD(commit, tc)
725 atf_tc_set_md_var(tc, "require.user", "root");
728 ATF_TC_BODY(commit, tc)
730 struct pfioc_trans io;
731 struct pfioc_trans_e ioe;
735 bzero(&io, sizeof(io));
736 io.esize = sizeof(ioe);
741 if (ioctl(dev, DIOCXCOMMIT, &io) == 0)
742 atf_tc_fail("request with size -1 succeeded");
746 if (ioctl(dev, DIOCXCOMMIT, &io) == 0)
747 atf_tc_fail("request with size 1 << 30 succeeded");
752 if (ioctl(dev, DIOCXCOMMIT, &io) == 0)
753 atf_tc_fail("request with size -1 succeeded");
756 ATF_TC_CLEANUP(commit, tc)
761 ATF_TC_WITH_CLEANUP(getsrcnodes);
762 ATF_TC_HEAD(getsrcnodes, tc)
764 atf_tc_set_md_var(tc, "require.user", "root");
767 ATF_TC_BODY(getsrcnodes, tc)
769 struct pfioc_src_nodes psn;
773 bzero(&psn, sizeof(psn));
776 if (ioctl(dev, DIOCGETSRCNODES, &psn) != 0)
777 atf_tc_fail("request with size -1 failed");
779 psn.psn_len = 1 << 30;
780 if (ioctl(dev, DIOCGETSRCNODES, &psn) != 0)
781 atf_tc_fail("request with size << 30 failed");
783 psn.psn_len = 1 << 31;
784 if (ioctl(dev, DIOCGETSRCNODES, &psn) != 0)
785 atf_tc_fail("request with size << 30 failed");
788 ATF_TC_CLEANUP(getsrcnodes, tc)
795 ATF_TP_ADD_TC(tp, addtables);
796 ATF_TP_ADD_TC(tp, deltables);
797 ATF_TP_ADD_TC(tp, gettables);
798 ATF_TP_ADD_TC(tp, getastats);
799 ATF_TP_ADD_TC(tp, gettstats);
800 ATF_TP_ADD_TC(tp, clrtstats);
801 ATF_TP_ADD_TC(tp, settflags);
802 ATF_TP_ADD_TC(tp, addaddrs);
803 ATF_TP_ADD_TC(tp, deladdrs);
804 ATF_TP_ADD_TC(tp, setaddrs);
805 ATF_TP_ADD_TC(tp, getaddrs);
806 ATF_TP_ADD_TC(tp, clrastats);
807 ATF_TP_ADD_TC(tp, tstaddrs);
808 ATF_TP_ADD_TC(tp, inadefine);
809 ATF_TP_ADD_TC(tp, igetifaces);
810 ATF_TP_ADD_TC(tp, cxbegin);
811 ATF_TP_ADD_TC(tp, cxrollback);
812 ATF_TP_ADD_TC(tp, commit);
813 ATF_TP_ADD_TC(tp, getsrcnodes);
815 return (atf_no_error());