diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2019-08-19 10:48:27 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2019-08-19 10:48:27 +0000 |
| commit | 9531253098a1b889520b49a98af0bb81a2373ac0 (patch) | |
| tree | e857dd10200ca5f2d727fcb2fd1cc50f7138e362 /tests/sys | |
| parent | de567a4bef606b118b5f771c863980c3206d781c (diff) | |
| download | src-9531253098a1b889520b49a98af0bb81a2373ac0.tar.gz src-9531253098a1b889520b49a98af0bb81a2373ac0.zip | |
netpfil tests: Move pft_ping.py and sniffer.py to the common test directory
The pft_ping.py and sniffer.py tool is moved from tests/sys/netpfil/pf to
tests/sys/netpfil/common directory because these tools are to be used in
common for all the firewalls.
Submitted by: Ahsan Barkati
Reviewed by: kp, thj
Sponsored by: Google, Inc. (GSoC 2019)
Differential Revision: https://reviews.freebsd.org/D21276
Notes
Notes:
svn path=/head/; revision=351212
Diffstat (limited to 'tests/sys')
| -rw-r--r-- | tests/sys/netpfil/common/Makefile | 6 | ||||
| -rw-r--r-- | tests/sys/netpfil/common/pft_ping.py (renamed from tests/sys/netpfil/pf/pft_ping.py) | 0 | ||||
| -rw-r--r-- | tests/sys/netpfil/common/sniffer.py (renamed from tests/sys/netpfil/pf/sniffer.py) | 0 | ||||
| -rw-r--r-- | tests/sys/netpfil/pf/Makefile | 3 | ||||
| -rwxr-xr-x | tests/sys/netpfil/pf/forward.sh | 18 | ||||
| -rwxr-xr-x | tests/sys/netpfil/pf/set_tos.sh | 14 |
6 files changed, 23 insertions, 18 deletions
diff --git a/tests/sys/netpfil/common/Makefile b/tests/sys/netpfil/common/Makefile index 9301edb1a745..b17641ded7d7 100644 --- a/tests/sys/netpfil/common/Makefile +++ b/tests/sys/netpfil/common/Makefile @@ -11,6 +11,10 @@ ATF_TESTS_SH+= \ ${PACKAGE}FILES+= \ utils.subr \ - runner.subr + runner.subr \ + pft_ping.py \ + sniffer.py + +${PACKAGE}FILESMODE_pft_ping.py= 0555 .include <bsd.test.mk> diff --git a/tests/sys/netpfil/pf/pft_ping.py b/tests/sys/netpfil/common/pft_ping.py index e77d0835134f..e77d0835134f 100644 --- a/tests/sys/netpfil/pf/pft_ping.py +++ b/tests/sys/netpfil/common/pft_ping.py diff --git a/tests/sys/netpfil/pf/sniffer.py b/tests/sys/netpfil/common/sniffer.py index c71f6e1f5729..c71f6e1f5729 100644 --- a/tests/sys/netpfil/pf/sniffer.py +++ b/tests/sys/netpfil/common/sniffer.py diff --git a/tests/sys/netpfil/pf/Makefile b/tests/sys/netpfil/pf/Makefile index bf2510b9c02b..1bec6253649f 100644 --- a/tests/sys/netpfil/pf/Makefile +++ b/tests/sys/netpfil/pf/Makefile @@ -21,12 +21,9 @@ ATF_TESTS_SH+= anchor \ ${PACKAGE}FILES+= utils.subr \ echo_inetd.conf \ - sniffer.py \ - pft_ping.py \ CVE-2019-5597.py \ CVE-2019-5598.py -${PACKAGE}FILESMODE_pft_ping.py= 0555 ${PACKAGE}FILESMODE_CVE-2019-5597.py= 0555 ${PACKAGE}FILESMODE_CVE-2019-5598.py= 0555 diff --git a/tests/sys/netpfil/pf/forward.sh b/tests/sys/netpfil/pf/forward.sh index 8dbff29a41a5..2a3e28e96e52 100755 --- a/tests/sys/netpfil/pf/forward.sh +++ b/tests/sys/netpfil/pf/forward.sh @@ -2,6 +2,8 @@ . $(atf_get_srcdir)/utils.subr +common_dir=$(atf_get_srcdir)/../common + atf_test_case "v4" "cleanup" v4_head() { @@ -43,20 +45,20 @@ v4_body() # Forward with pf enabled pft_set_rules alcatraz "block in" - atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \ + atf_check -s exit:1 ${common_dir}/pft_ping.py \ --sendif ${epair_send}a \ --to 198.51.100.3 \ --recvif ${epair_recv}a pft_set_rules alcatraz "block out" - atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \ + atf_check -s exit:1 ${common_dir}/pft_ping.py \ --sendif ${epair_send}a \ --to 198.51.100.3 \ --recv ${epair_recv}a # Allow ICMP pft_set_rules alcatraz "block in" "pass in proto icmp" - atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \ + atf_check -s exit:0 ${common_dir}/pft_ping.py \ --sendif ${epair_send}a \ --to 198.51.100.3 \ --recvif ${epair_recv}a @@ -98,7 +100,7 @@ v6_body() route add -6 2001:db8:43::/64 2001:db8:42::2 # Sanity check, can we forward ICMP echo requests without pf? - atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \ + atf_check -s exit:0 ${common_dir}/pft_ping.py \ --ip6 \ --sendif ${epair_send}a \ --to 2001:db8:43::3 \ @@ -109,7 +111,7 @@ v6_body() # Block incoming echo request packets pft_set_rules alcatraz \ "block in inet6 proto icmp6 icmp6-type echoreq" - atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \ + atf_check -s exit:1 ${common_dir}/pft_ping.py \ --ip6 \ --sendif ${epair_send}a \ --to 2001:db8:43::3 \ @@ -118,7 +120,7 @@ v6_body() # Block outgoing echo request packets pft_set_rules alcatraz \ "block out inet6 proto icmp6 icmp6-type echoreq" - atf_check -s exit:1 -e ignore $(atf_get_srcdir)/pft_ping.py \ + atf_check -s exit:1 -e ignore ${common_dir}/pft_ping.py \ --ip6 \ --sendif ${epair_send}a \ --to 2001:db8:43::3 \ @@ -128,7 +130,7 @@ v6_body() pft_set_rules alcatraz \ "block out" \ "pass out inet6 proto icmp6" - atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \ + atf_check -s exit:0 ${common_dir}/pft_ping.py \ --ip6 \ --sendif ${epair_send}a \ --to 2001:db8:43::3 \ @@ -138,7 +140,7 @@ v6_body() pft_set_rules alcatraz \ "block out inet6 proto icmp6 icmp6-type echoreq" \ "pass in proto icmp" - atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \ + atf_check -s exit:1 ${common_dir}/pft_ping.py \ --ip6 \ --sendif ${epair_send}a \ --to 2001:db8:43::3 \ diff --git a/tests/sys/netpfil/pf/set_tos.sh b/tests/sys/netpfil/pf/set_tos.sh index dcf2fa278fc3..ebea419c1e56 100755 --- a/tests/sys/netpfil/pf/set_tos.sh +++ b/tests/sys/netpfil/pf/set_tos.sh @@ -2,6 +2,8 @@ . $(atf_get_srcdir)/utils.subr +common_dir=$(atf_get_srcdir)/../common + atf_test_case "v4" "cleanup" v4_head() { @@ -37,7 +39,7 @@ v4_body() # No change is done if not requested pft_set_rules alcatraz "scrub out proto icmp" - atf_check -s exit:1 -o ignore $(atf_get_srcdir)/pft_ping.py \ + atf_check -s exit:1 -o ignore ${common_dir}/pft_ping.py \ --sendif ${epair_send}a \ --to 198.51.100.3 \ --recvif ${epair_recv}a \ @@ -45,7 +47,7 @@ v4_body() # The requested ToS is set pft_set_rules alcatraz "scrub out proto icmp set-tos 42" - atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \ + atf_check -s exit:0 ${common_dir}/pft_ping.py \ --sendif ${epair_send}a \ --to 198.51.100.3 \ --recvif ${epair_recv}a \ @@ -53,7 +55,7 @@ v4_body() # ToS is not changed if the scrub rule does not match pft_set_rules alcatraz "scrub out proto tcp set-tos 42" - atf_check -s exit:1 -o ignore $(atf_get_srcdir)/pft_ping.py \ + atf_check -s exit:1 -o ignore ${common_dir}/pft_ping.py \ --sendif ${epair_send}a \ --to 198.51.100.3 \ --recvif ${epair_recv}a \ @@ -62,14 +64,14 @@ v4_body() # Multiple scrub rules match as expected pft_set_rules alcatraz "scrub out proto tcp set-tos 13" \ "scrub out proto icmp set-tos 14" - atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \ + atf_check -s exit:0 ${common_dir}/pft_ping.py \ --sendif ${epair_send}a \ --to 198.51.100.3 \ --recvif ${epair_recv}a \ --expect-tos 14 # And this works even if the packet already has ToS values set - atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \ + atf_check -s exit:0 ${common_dir}/pft_ping.py \ --sendif ${epair_send}a \ --to 198.51.100.3 \ --recvif ${epair_recv}a \ @@ -78,7 +80,7 @@ v4_body() # ToS values are unmolested if the packets do not match a scrub rule pft_set_rules alcatraz "scrub out proto tcp set-tos 13" - atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \ + atf_check -s exit:0 ${common_dir}/pft_ping.py \ --sendif ${epair_send}a \ --to 198.51.100.3 \ --recvif ${epair_recv}a \ |