3 # SPDX-License-Identifier: BSD-2-Clause-FreeBSD
5 # Copyright (c) 2020 Mark Johnston <markj@FreeBSD.org>
7 # Redistribution and use in source and binary forms, with or without
8 # modification, are permitted provided that the following conditions
10 # 1. Redistributions of source code must retain the above copyright
11 # notice, this list of conditions and the following disclaimer.
12 # 2. Redistributions in binary form must reproduce the above copyright
13 # notice, this list of conditions and the following disclaimer in the
14 # documentation and/or other materials provided with the distribution.
16 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 . $(atf_get_srcdir)/utils.subr
30 TABLE_STATS_ZERO_REGEXP='Packets: 0[[:space:]]*Bytes: 0[[:space:]]'
31 TABLE_STATS_NONZERO_REGEXP='Packets: [1-9][0-9]*[[:space:]]*Bytes: [1-9][0-9]*[[:space:]]'
33 atf_test_case "v4_counters" "cleanup"
36 atf_set descr 'Verify per-address counters for v4'
37 atf_set require.user root
44 epair_send=$(vnet_mkepair)
45 ifconfig ${epair_send}a 192.0.2.1/24 up
47 vnet_mkjail alcatraz ${epair_send}b
48 jexec alcatraz ifconfig ${epair_send}b 192.0.2.2/24 up
49 jexec alcatraz pfctl -e
51 pft_set_rules alcatraz \
52 "table <foo> counters { 192.0.2.1 }" \
54 "pass in from <foo> to any" \
55 "pass out from any to <foo>"
57 atf_check -s exit:0 -o ignore ping -c 3 192.0.2.2
59 atf_check -s exit:0 -e ignore \
60 -o match:'In/Block:.*'"$TABLE_STATS_ZERO_REGEXP" \
61 -o match:'In/Pass:.*'"$TABLE_STATS_NONZERO_REGEXP" \
62 -o match:'Out/Block:.*'"$TABLE_STATS_ZERO_REGEXP" \
63 -o match:'Out/Pass:.*'"$TABLE_STATS_NONZERO_REGEXP" \
64 jexec alcatraz pfctl -t foo -T show -vv
72 atf_test_case "v6_counters" "cleanup"
75 atf_set descr 'Verify per-address counters for v6'
76 atf_set require.user root
83 epair_send=$(vnet_mkepair)
84 ifconfig ${epair_send}a inet6 2001:db8:42::1/64 up no_dad -ifdisabled
86 vnet_mkjail alcatraz ${epair_send}b
87 jexec alcatraz ifconfig ${epair_send}b inet6 2001:db8:42::2/64 up no_dad
88 jexec alcatraz pfctl -e
90 pft_set_rules alcatraz \
91 "table <foo6> counters { 2001:db8:42::1 }" \
93 "pass in from <foo6> to any" \
94 "pass out from any to <foo6>"
96 atf_check -s exit:0 -o ignore ping -6 -c 3 2001:db8:42::2
98 atf_check -s exit:0 -e ignore \
99 -o match:'In/Block:.*'"$TABLE_STATS_ZERO_REGEXP" \
100 -o match:'In/Pass:.*'"$TABLE_STATS_NONZERO_REGEXP" \
101 -o match:'Out/Block:.*'"$TABLE_STATS_ZERO_REGEXP" \
102 -o match:'Out/Pass:.*'"$TABLE_STATS_NONZERO_REGEXP" \
103 jexec alcatraz pfctl -t foo6 -T show -vv
106 v6_counters_cleanup()
111 atf_test_case "pr251414" "cleanup"
114 atf_set descr 'Test PR 251414'
115 atf_set require.user root
122 epair_send=$(vnet_mkepair)
123 ifconfig ${epair_send}a 192.0.2.1/24 up
125 vnet_mkjail alcatraz ${epair_send}b
126 jexec alcatraz ifconfig ${epair_send}b 192.0.2.2/24 up
127 jexec alcatraz pfctl -e
129 pft_set_rules alcatraz \
131 "table <tab> { self }" \
132 "pass in log to <tab>"
134 pft_set_rules noflush alcatraz \
136 "table <tab> counters { self }" \
137 "pass in log to <tab>"
139 atf_check -s exit:0 -o ignore ping -c 3 192.0.2.2
141 jexec alcatraz pfctl -t tab -T show -vv
149 atf_test_case "network" "cleanup"
152 atf_set descr 'Test <ifgroup>:network'
153 atf_set require.user root
160 epair=$(vnet_mkepair)
161 ifconfig ${epair}a 192.0.2.1/24 up
163 vnet_mkjail alcatraz ${epair}b
164 jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up
165 jexec alcatraz pfctl -e
167 pft_set_rules alcatraz \
168 "table <allow> const { epair:network }"\
170 "pass in from <allow>"
172 atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
180 atf_init_test_cases()
182 atf_add_test_case "v4_counters"
183 atf_add_test_case "v6_counters"
184 atf_add_test_case "pr251414"
185 atf_add_test_case "network"