mirror of
https://github.com/opnsense/src.git
synced 2026-02-04 03:00:53 -06:00
pf tests: add a basic snmp_pf test case
Event: Tokyo Hackathon 202503 (cherry picked from commit c849f533326026501c28cb2c344b16723862551a)
This commit is contained in:
Kristof Provost
Franco Fichtner
parent
04f6aed434
commit
2fa7d46dde
@ -38,6 +38,7 @@ ATF_TESTS_SH+= altq \
|
||||
sctp \
|
||||
set_skip \
|
||||
set_tos \
|
||||
snmp \
|
||||
src_track \
|
||||
syncookie \
|
||||
synproxy \
|
||||
@ -54,7 +55,9 @@ TEST_METADATA+= execenv_jail_params="vnet allow.raw_sockets"
|
||||
|
||||
PROGS= divapp
|
||||
|
||||
${PACKAGE}FILES+= CVE-2019-5597.py \
|
||||
${PACKAGE}FILES+= \
|
||||
bsnmpd.conf \
|
||||
CVE-2019-5597.py \
|
||||
CVE-2019-5598.py \
|
||||
daytime_inetd.conf \
|
||||
echo_inetd.conf \
|
||||
@ -69,6 +72,7 @@ ${PACKAGE}FILES+= CVE-2019-5597.py \
|
||||
rdr-srcport.py \
|
||||
utils.subr
|
||||
|
||||
${PACKAGE}FILESMODE_bsnmpd.conf= 0555
|
||||
${PACKAGE}FILESMODE_CVE-2019-5597.py= 0555
|
||||
${PACKAGE}FILESMODE_CVE-2019-5598.py= 0555
|
||||
${PACKAGE}FILESMODE_fragcommon.py= 0555
|
||||
|
||||
47
tests/sys/netpfil/pf/bsnmpd.conf
Normal file
47
tests/sys/netpfil/pf/bsnmpd.conf
Normal file
@ -0,0 +1,47 @@
|
||||
location := "A galaxy far, far away"
|
||||
contact := "skywalker@Tatooine"
|
||||
system := 1
|
||||
|
||||
read := "public"
|
||||
write := "geheim"
|
||||
trap := "mytrap"
|
||||
|
||||
NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1
|
||||
HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2
|
||||
HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3
|
||||
NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1
|
||||
DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2
|
||||
AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4
|
||||
|
||||
securityModelAny := 0
|
||||
securityModelSNMPv1 := 1
|
||||
securityModelSNMPv2c := 2
|
||||
securityModelUSM := 3
|
||||
|
||||
MPmodelSNMPv1 := 0
|
||||
MPmodelSNMPv2c := 1
|
||||
MPmodelSNMPv3 := 3
|
||||
|
||||
noAuthNoPriv := 1
|
||||
authNoPriv := 2
|
||||
authPriv := 3
|
||||
|
||||
%snmpd
|
||||
begemotSnmpdDebugDumpPdus = 2
|
||||
begemotSnmpdDebugSyslogPri = 7
|
||||
|
||||
begemotSnmpdCommunityString.0.1 = $(read)
|
||||
begemotSnmpdCommunityDisable = 1
|
||||
|
||||
begemotSnmpdTransInetStatus.1.4.0.0.0.0.161.1 = 4
|
||||
begemotSnmpdTransInetStatus.2.16.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.161.1 = 4
|
||||
|
||||
begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
|
||||
begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
|
||||
|
||||
sysContact = $(contact)
|
||||
sysLocation = $(location)
|
||||
sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system)
|
||||
|
||||
begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so"
|
||||
begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so"
|
||||
71
tests/sys/netpfil/pf/snmp.sh
Normal file
71
tests/sys/netpfil/pf/snmp.sh
Normal file
@ -0,0 +1,71 @@
|
||||
#
|
||||
# SPDX-License-Identifier: BSD-2-Clause
|
||||
#
|
||||
# Copyright (c) 2025 Kristof Provost <kp@FreeBSD.org>
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
# SUCH DAMAGE.
|
||||
|
||||
. $(atf_get_srcdir)/utils.subr
|
||||
|
||||
atf_test_case "basic" "cleanup"
|
||||
basic_head()
|
||||
{
|
||||
atf_set descr 'Basic pf_snmp test'
|
||||
atf_set require.user root
|
||||
}
|
||||
|
||||
basic_body()
|
||||
{
|
||||
pft_init
|
||||
|
||||
epair=$(vnet_mkepair)
|
||||
|
||||
ifconfig ${epair}b 192.0.2.2/24 up
|
||||
|
||||
vnet_mkjail alcatraz ${epair}a
|
||||
jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up
|
||||
|
||||
# Start bsnmpd
|
||||
jexec alcatraz bsnmpd -c $(atf_get_srcdir)/bsnmpd.conf
|
||||
|
||||
jexec alcatraz pfctl -e
|
||||
pft_set_rules alcatraz \
|
||||
"pass"
|
||||
|
||||
# Sanity check, and create state
|
||||
atf_check -s exit:0 -o ignore \
|
||||
ping -c 1 192.0.2.1
|
||||
|
||||
# pf should be enabled
|
||||
atf_check -s exit:0 -o match:'pfStatusRunning.0 = true' \
|
||||
bsnmpwalk -s public@192.0.2.1 -i pf_tree.def begemot
|
||||
}
|
||||
|
||||
basic_cleanup()
|
||||
{
|
||||
pft_cleanup
|
||||
}
|
||||
|
||||
atf_init_test_cases()
|
||||
{
|
||||
atf_add_test_case "basic"
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user