freebsd-dev/sbin/pfctl/tests/pfctl_test_list.inc

/*-
 * SPDX-License-Identifier: BSD-2-Clause
 *
 * Copyright 2020 Alex Richardson <arichardson@FreeBSD.org>
 *
 * This software was developed by SRI International and the University of
 * Cambridge Computer Laboratory (Department of Computer Science and
 * Technology) under DARPA contract HR0011-18-C-0016 ("ECATS"), as part of the
 * DARPA SSITH research programme.
 *
 * This work was supported by Innovate UK project 105694, "Digital Security by
 * Design (DSbD) Technology Platform Prototype".
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * 1. Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 *    this list of conditions and the following disclaimer in the documentation
 *    and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * $FreeBSD$
 */

/*
 * No include guards since this file is included multiple times by pfctl_test
 * to avoid duplicating code.
 */
PFCTL_TEST(0001, "Pass with labels")
PFCTL_TEST(0002, "Block/pass")
PFCTL_TEST(0003, "Block/pass with flags")
PFCTL_TEST(0004, "Block")
PFCTL_TEST(0005, "Block with variables")
PFCTL_TEST(0006, "Variables")
PFCTL_TEST(0007, "Block/pass with return")
PFCTL_TEST(0008, "Block with address list")
PFCTL_TEST(0009, "Block with interface list")
PFCTL_TEST(0010, "Block/pass with return")
PFCTL_TEST(0011, "Block/pass ICMP")
PFCTL_TEST(0012, "Pass to subnets")
PFCTL_TEST(0013, "Pass quick")
PFCTL_TEST(0014, "Pass quick IPv6")
PFCTL_TEST(0016, "Pass with no state")
PFCTL_TEST(0018, "Address lists")
PFCTL_TEST(0019, "Lists")
PFCTL_TEST(0020, "Lists")
PFCTL_TEST(0022, "Set options")
PFCTL_TEST(0023, "Block on negated interface")
PFCTL_TEST(0024, "Variable concatenation")
PFCTL_TEST(0025, "Antispoof")
PFCTL_TEST(0026, "Block from negated interface")
PFCTL_TEST(0028, "Block with log and quick")
PFCTL_TEST(0030, "Line continuation")
PFCTL_TEST(0031, "Block policy")
PFCTL_TEST(0032, "Pass to any")
PFCTL_TEST(0034, "Pass with probability")
PFCTL_TEST(0035, "Matching on TOS")
PFCTL_TEST(0038, "Pass with user")
PFCTL_TEST(0039, "Ordered opts")
PFCTL_TEST(0040, "Block/pass")
PFCTL_TEST(0041, "Anchors")
PFCTL_TEST(0047, "Pass with labels")
PFCTL_TEST(0048, "Tables")
PFCTL_TEST(0049, "Broadcast and network modifiers")
PFCTL_TEST(0050, "Double macro set")
PFCTL_TEST(0052, "Set optimization")
PFCTL_TEST(0053, "Pass with labels")
PFCTL_TEST(0055, "Set options")
PFCTL_TEST(0056, "State opts")
PFCTL_TEST(0057, "Variables")
PFCTL_TEST(0060, "Pass from multicast")
PFCTL_TEST(0061, "Dynaddr with netmask")
PFCTL_TEST(0065, "Antispoof with labels")
PFCTL_TEST(0067, "Tags")
PFCTL_TEST(0069, "Tags")
PFCTL_TEST(0070, "Tags")
PFCTL_TEST(0071, "Tags")
PFCTL_TEST(0072, "Tags")
PFCTL_TEST(0074, "Synproxy")
PFCTL_TEST(0075, "Block quick with tags")
PFCTL_TEST(0077, "Dynaddr with netmask")
PFCTL_TEST(0078, "Table with label")
PFCTL_TEST(0079, "No-route with label")
PFCTL_TEST(0081, "Address list and table list with no-route")
PFCTL_TEST(0082, "Pass with interface, table and no-route")
PFCTL_TEST(0084, "Source track")
PFCTL_TEST(0085, "Tag macro expansion")
PFCTL_TEST(0087, "Optimization rule reordering")
PFCTL_TEST(0088, "Optimization duplicate rules handling")
PFCTL_TEST(0089, "TCP connection tracking")
PFCTL_TEST(0090, "Log opts")
PFCTL_TEST(0091, "Nested anchors")
PFCTL_TEST(0092, "Comments")
PFCTL_TEST(0094, "Address ranges")
PFCTL_TEST(0095, "Include")
PFCTL_TEST(0096, "Variables")
PFCTL_TEST(0097, "Divert-to")
PFCTL_TEST(0098, "Pass")
PFCTL_TEST(0100, "Anchor with multiple path components")
PFCTL_TEST(0101, "Prio")
PFCTL_TEST(0102, "Address lists with mixed address family")
PFCTL_TEST(0104, "Divert-to with localhost")
PFCTL_TEST(1001, "Binat")
PFCTL_TEST(1002, "Set timeout interval")
PFCTL_TEST(1003, "ALTQ")
PFCTL_TEST(1004, "ALTQ with Codel")
PFCTL_TEST(1005, "PR 231323")
PFCTL_TEST(1006, "pfctl crashes with certain fairq configurations")
PFCTL_TEST(1007, "Basic ethernet rule")
PFCTL_TEST(1008, "Ethernet rule with mask length")
PFCTL_TEST(1009, "Ethernet rule with mask")
PFCTL_TEST(1010, "POM_STICKYADDRESS test")
Rewrite pfctl_test in C to reduce testsuite run time The new C test takes 25 seconds on QEMU-RISC-V, wheras the shell version takes 332 seconds. Even with the latest optimizations to atf-sh this test still takes a few seconds to startup in QEMU. Re-writing it in C reduces the runtime for a single test from about 2-3 seconds to less than .5 seconds. Since there are ~80 tests, this adds up to about 3-4 minutes. This may not seem like a big speedup, but before the recent optimizations to avoid atf_get_srcdir, each test took almost 100 seconds on QEMU RISC-V instead of 3. This also significantly reduces the time it takes to list the available test cases, which speeds up running the tests via kyua: ``` root@qemu-riscv64-alex:~ # /usr/bin/time kyua test -k /usr/tests/sbin/pfctl/Kyuafile pfctl_test_old ... 158/158 passed (0 failed) 332.08 real 42.58 user 286.17 sys root@qemu-riscv64-alex:~ # /usr/bin/time kyua test -k /usr/tests/sbin/pfctl/Kyuafile pfctl_test 158/158 passed (0 failed) 24.96 real 9.75 user 14.26 sys root@qemu-riscv64-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test pf1001 pfctl_test: WARNING: Running test cases outside of kyua(1) is unsupported pfctl_test: WARNING: No isolation nor timeout control is being applied; you may get unexpected failures; see atf-test-case(4) Running pfctl -o none -nvf /usr/tests/sbin/pfctl/./files/pf1001.in --- binat on em0 inet6 from fc00::/64 to any -> fc00:0:0:1::/64 binat on em0 inet6 from any to fc00:0:0:1::/64 -> fc00::/64 --- passed 0.17 real 0.06 user 0.08 sys root@qemu-riscv64-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test_old pf1001 pfctl_test_old: WARNING: Running test cases outside of kyua(1) is unsupported pfctl_test_old: WARNING: No isolation nor timeout control is being applied; you may get unexpected failures; see atf-test-case(4) Id Refs Name 141 1 pf Executing command [ pfctl -o none -nvf - ] passed 1.73 real 0.25 user 1.41 sys root@qemu-riscv64-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test_old -l > /dev/null 24.36 real 2.26 user 21.86 sys root@qemu-riscv64-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test -l > /dev/null 0.04 real 0.02 user 0.01 sys ``` The speedups are even more noticeable on CHERI-RISC-V (since QEMU runs slower when emulating CHERI instructions): ``` root@qemu-cheri-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test_new -l > /dev/null 0.51 real 0.49 user 0.00 sys root@qemu-cheri-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test -l > /dev/null 34.20 real 32.69 user 0.16 sys root@qemu-cheri-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test pf1001 pfctl_test: WARNING: Running test cases outside of kyua(1) is unsupported pfctl_test: WARNING: No isolation nor timeout control is being applied; you may get unexpected failures; see atf-test-case(4) Id Refs Name 147 1 pf Executing command [ pfctl -o none -nvf - ] passed 5.74 real 5.41 user 0.03 sys root@qemu-cheri-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test_new pf1001 pfctl_test_new: WARNING: Running test cases outside of kyua(1) is unsupported pfctl_test_new: WARNING: No isolation nor timeout control is being applied; you may get unexpected failures; see atf-test-case(4) Running pfctl -o none -nvf /usr/tests/sbin/pfctl/./files/pf1001.in --- binat on em0 inet6 from fc00::/64 to any -> fc00:0:0:1::/64 binat on em0 inet6 from any to fc00:0:0:1::/64 -> fc00::/64 --- passed 0.68 real 0.66 user 0.00 sys root@qemu-cheri-alex:/usr/tests/sbin/pfctl # ``` Reviewed By: kp Differential Revision: https://reviews.freebsd.org/D26779 2020-10-14 17:39:50 +00:00			`/*-`
			`* SPDX-License-Identifier: BSD-2-Clause`
			`*`
			`* Copyright 2020 Alex Richardson <arichardson@FreeBSD.org>`
			`*`
			`* This software was developed by SRI International and the University of`
			`* Cambridge Computer Laboratory (Department of Computer Science and`
			`* Technology) under DARPA contract HR0011-18-C-0016 ("ECATS"), as part of the`
			`* DARPA SSITH research programme.`
			`*`
			`* This work was supported by Innovate UK project 105694, "Digital Security by`
			`* Design (DSbD) Technology Platform Prototype".`
			`*`
			`* Redistribution and use in source and binary forms, with or without`
			`* modification, are permitted provided that the following conditions are met:`
			`* 1. Redistributions of source code must retain the above copyright notice,`
			`* this list of conditions and the following disclaimer.`
			`* 2. Redistributions in binary form must reproduce the above copyright notice,`
			`* this list of conditions and the following disclaimer in the documentation`
			`* and/or other materials provided with the distribution.`
			`*`
			* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
			`* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED`
			`* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE`
			`* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY`
			`* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES`
			`* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;`
			`* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND`
			`* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT`
			`* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF`
			`* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.`
			`*`
			`* $FreeBSD$`
			`*/`

			`/*`
			`* No include guards since this file is included multiple times by pfctl_test`
			`* to avoid duplicating code.`
			`*/`
			`PFCTL_TEST(0001, "Pass with labels")`
			`PFCTL_TEST(0002, "Block/pass")`
			`PFCTL_TEST(0003, "Block/pass with flags")`
			`PFCTL_TEST(0004, "Block")`
			`PFCTL_TEST(0005, "Block with variables")`
			`PFCTL_TEST(0006, "Variables")`
			`PFCTL_TEST(0007, "Block/pass with return")`
			`PFCTL_TEST(0008, "Block with address list")`
			`PFCTL_TEST(0009, "Block with interface list")`
			`PFCTL_TEST(0010, "Block/pass with return")`
			`PFCTL_TEST(0011, "Block/pass ICMP")`
			`PFCTL_TEST(0012, "Pass to subnets")`
			`PFCTL_TEST(0013, "Pass quick")`
			`PFCTL_TEST(0014, "Pass quick IPv6")`
			`PFCTL_TEST(0016, "Pass with no state")`
			`PFCTL_TEST(0018, "Address lists")`
			`PFCTL_TEST(0019, "Lists")`
			`PFCTL_TEST(0020, "Lists")`
			`PFCTL_TEST(0022, "Set options")`
			`PFCTL_TEST(0023, "Block on negated interface")`
			`PFCTL_TEST(0024, "Variable concatenation")`
			`PFCTL_TEST(0025, "Antispoof")`
			`PFCTL_TEST(0026, "Block from negated interface")`
			`PFCTL_TEST(0028, "Block with log and quick")`
			`PFCTL_TEST(0030, "Line continuation")`
			`PFCTL_TEST(0031, "Block policy")`
			`PFCTL_TEST(0032, "Pass to any")`
			`PFCTL_TEST(0034, "Pass with probability")`
			`PFCTL_TEST(0035, "Matching on TOS")`
			`PFCTL_TEST(0038, "Pass with user")`
			`PFCTL_TEST(0039, "Ordered opts")`
			`PFCTL_TEST(0040, "Block/pass")`
			`PFCTL_TEST(0041, "Anchors")`
			`PFCTL_TEST(0047, "Pass with labels")`
			`PFCTL_TEST(0048, "Tables")`
			`PFCTL_TEST(0049, "Broadcast and network modifiers")`
			`PFCTL_TEST(0050, "Double macro set")`
			`PFCTL_TEST(0052, "Set optimization")`
			`PFCTL_TEST(0053, "Pass with labels")`
			`PFCTL_TEST(0055, "Set options")`
			`PFCTL_TEST(0056, "State opts")`
			`PFCTL_TEST(0057, "Variables")`
			`PFCTL_TEST(0060, "Pass from multicast")`
			`PFCTL_TEST(0061, "Dynaddr with netmask")`
			`PFCTL_TEST(0065, "Antispoof with labels")`
			`PFCTL_TEST(0067, "Tags")`
			`PFCTL_TEST(0069, "Tags")`
			`PFCTL_TEST(0070, "Tags")`
			`PFCTL_TEST(0071, "Tags")`
			`PFCTL_TEST(0072, "Tags")`
			`PFCTL_TEST(0074, "Synproxy")`
			`PFCTL_TEST(0075, "Block quick with tags")`
			`PFCTL_TEST(0077, "Dynaddr with netmask")`
			`PFCTL_TEST(0078, "Table with label")`
			`PFCTL_TEST(0079, "No-route with label")`
			`PFCTL_TEST(0081, "Address list and table list with no-route")`
			`PFCTL_TEST(0082, "Pass with interface, table and no-route")`
			`PFCTL_TEST(0084, "Source track")`
			`PFCTL_TEST(0085, "Tag macro expansion")`
			`PFCTL_TEST(0087, "Optimization rule reordering")`
			`PFCTL_TEST(0088, "Optimization duplicate rules handling")`
			`PFCTL_TEST(0089, "TCP connection tracking")`
			`PFCTL_TEST(0090, "Log opts")`
			`PFCTL_TEST(0091, "Nested anchors")`
			`PFCTL_TEST(0092, "Comments")`
			`PFCTL_TEST(0094, "Address ranges")`
			`PFCTL_TEST(0095, "Include")`
			`PFCTL_TEST(0096, "Variables")`
			`PFCTL_TEST(0097, "Divert-to")`
			`PFCTL_TEST(0098, "Pass")`
			`PFCTL_TEST(0100, "Anchor with multiple path components")`
			`PFCTL_TEST(0101, "Prio")`
			`PFCTL_TEST(0102, "Address lists with mixed address family")`
			`PFCTL_TEST(0104, "Divert-to with localhost")`
			`PFCTL_TEST(1001, "Binat")`
			`PFCTL_TEST(1002, "Set timeout interval")`
			`PFCTL_TEST(1003, "ALTQ")`
			`PFCTL_TEST(1004, "ALTQ with Codel")`
			`PFCTL_TEST(1005, "PR 231323")`
pfctl tests: Test fairq configuration We used to have a bug where pfctl could crash setting fairq queues. Test this case and ensure it does not crash pfctl. Reviewed by: donner MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30348 2021-05-19 07:52:50 +00:00			`PFCTL_TEST(1006, "pfctl crashes with certain fairq configurations")`
pfctl tests: Ethernet rule parsing tests A few basic test cases for Ethernet rule parsing. Sponsored by: Rubicon Communications, LLC ("Netgate") 2022-01-21 15:48:03 +00:00			`PFCTL_TEST(1007, "Basic ethernet rule")`
			`PFCTL_TEST(1008, "Ethernet rule with mask length")`
			`PFCTL_TEST(1009, "Ethernet rule with mask")`
pfctl tests: test case for the POM_STICKYADDRESS fix In 1e73fbd8b we fixed an issue with POM_STICKYADDRESS being checked in the wrong struct. Add a basic test case for this fix. MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") 2022-08-08 07:30:42 +00:00			`PFCTL_TEST(1010, "POM_STICKYADDRESS test")`