1 1.1 joe /* 2 1.1 joe * NPF layer 2 ruleset tests. 3 1.1 joe * 4 1.1 joe * Public Domain. 5 1.1 joe */ 6 1.1 joe 7 1.1 joe #ifdef _KERNEL 8 1.1 joe #include <sys/types.h> 9 1.1 joe #endif 10 1.1 joe 11 1.1 joe #include "npf_impl.h" 12 1.1 joe #include "npf_test.h" 13 1.1 joe 14 1.1 joe #define RESULT_PASS 0 15 1.1 joe #define RESULT_BLOCK ENETUNREACH 16 1.1 joe 17 1.1 joe /* 18 1.1 joe * in this module, we run tests on layer 2 packets for configs that has only layer 3 rules 19 1.1 joe * All incoming frames at layer 2 should pass so we ensure that 20 1.1 joe * npf config with no layer 2 rules should for no chance be blocked by npf 21 1.1 joe * at layer 2 22 1.1 joe * config to be loaded is ../npfl3test.conf 23 1.1 joe */ 24 1.1 joe 25 1.1 joe static const struct test_case { 26 1.1 joe const char *src; 27 1.1 joe const char *dst; 28 1.1 joe uint16_t etype; 29 1.1 joe const char *ifname; 30 1.1 joe int di; 31 1.1 joe int ret; 32 1.1 joe } test_cases[] = { 33 1.1 joe { 34 1.1 joe .src = "00:00:5E:00:53:00", .dst = "00:00:5E:00:53:01", 35 1.1 joe .ifname = IFNAME_INT, .etype = ETHERTYPE_IPV6, 36 1.1 joe .di = PFIL_IN, .ret = RESULT_PASS 37 1.1 joe }, 38 1.1 joe { 39 1.1 joe .src = "00:00:5E:00:53:01", .dst = "00:00:5E:00:53:02", 40 1.1 joe .ifname = IFNAME_INT, .etype = ETHERTYPE_IP, 41 1.1 joe .di = PFIL_OUT, .ret = RESULT_PASS 42 1.1 joe }, 43 1.1 joe { 44 1.1 joe .src = "00:00:5E:00:53:00", .dst = "00:00:5E:00:53:02", 45 1.1 joe .ifname = IFNAME_INT, .etype = ETHERTYPE_IP, 46 1.1 joe .di = PFIL_IN, .ret = RESULT_PASS 47 1.1 joe }, 48 1.1 joe }; 49 1.1 joe 50 1.1 joe static int 51 1.1 joe run_handler_testcase(unsigned i) 52 1.1 joe { 53 1.1 joe const struct test_case *t = &test_cases[i]; 54 1.1 joe ifnet_t *ifp = npf_test_getif(t->ifname); 55 1.1 joe npf_t *npf = npf_getkernctx(); 56 1.1 joe struct mbuf *m; 57 1.1 joe int error; 58 1.1 joe 59 1.1 joe m = mbuf_get_frame(t->src, t->dst, htons(t->etype)); 60 1.1 joe error = npfk_layer2_handler(npf, &m, ifp, t->di); 61 1.1 joe if (m) { 62 1.1 joe m_freem(m); 63 1.1 joe } 64 1.1 joe return error; 65 1.1 joe } 66 1.1 joe 67 1.1 joe static bool 68 1.1 joe test_static(bool verbose) 69 1.1 joe { 70 1.1 joe for (unsigned i = 0; i < __arraycount(test_cases); i++) { 71 1.1 joe const struct test_case *t = &test_cases[i]; 72 1.1 joe int error; 73 1.1 joe 74 1.1 joe if (npf_test_getif(t->ifname) == NULL) { 75 1.1 joe printf("Interface %s is not configured.\n", t->ifname); 76 1.1 joe return false; 77 1.1 joe } 78 1.1 joe 79 1.1 joe error = run_handler_testcase(i); 80 1.1 joe 81 1.1 joe if (verbose) { 82 1.1 joe printf("rule test %d:\texpected %d\n" 83 1.1 joe "\t\t-> returned %d\n", 84 1.1 joe i + 1, t->ret, error); 85 1.1 joe } 86 1.1 joe CHECK_TRUE(error == t->ret); 87 1.1 joe } 88 1.1 joe return true; 89 1.1 joe } 90 1.1 joe 91 1.1 joe /* sorry for long function name */ 92 1.1 joe bool 93 1.1 joe npf_layer2only_test(bool verbose) 94 1.1 joe { 95 1.1 joe bool ok; 96 1.1 joe 97 1.1 joe ok = test_static(verbose); 98 1.1 joe CHECK_TRUE(ok); 99 1.1 joe 100 1.1 joe return true; 101 1.1 joe } 102
Indexes created Mon Sep 22 05:09:51 GMT 2025