# $NetBSD: t_ipf.in,v 1.1 2009/02/20 21:42:59 jmmv Exp $
#
# Copyright (c) 2008 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
#
# (C)opyright 1993-1996 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#

h_copydata()
{
	test -f $(atf_get_srcdir)/input/$1 && \
	    cp $(atf_get_srcdir)/input/$1 in
	test -f $(atf_get_srcdir)/regress/$1 && \
	    cp $(atf_get_srcdir)/regress/$1 reg
	test -f $(atf_get_srcdir)/expected/$1 && \
	    cp $(atf_get_srcdir)/expected/$1 exp
}

h_dotest()
{
	h_copydata $1

	{ while read rule; do
		atf_check -x "echo \"$rule\" | ipftest -F \
$2 -Rbr - -i in $4 >>out"
		echo "--------" >>out
	done; } <reg

	diff -u exp out || atf_fail "results differ"
}

h_mtest()
{
	h_copydata $1

	atf_check -o save:out ipftest -F $2 -Rbr reg -i in
	echo "--------" >>out

	diff -u exp out || atf_fail "results differ"
}

h_itest()
{
	h_copydata $1

	case $3 in
	ipf)
		atf_check -o file:exp -e ignore ipf -Rnvf reg
		;;
	ipftest)
		atf_check -o file:exp ipftest -D -r reg -i /dev/null
		;;
	esac
}

h_itest_i19()
{
	cp "$(atf_get_srcdir)/expected/i19.dist" .

	if [ "`grep LOG_SECURITY /usr/include/sys/syslog.h 2>&1`" = "" ] ; then
		if [ "`grep LOG_AUDIT /usr/include/sys/syslog.h 2>&1`" = "" ] ; then
				sed -e 's/security/!!!/g' i19.dist > i19.p1;
		else
				sed -e 's/security/audit/g' i19.dist > i19.p1;
		fi
	else
		cp i19.dist i19.p1;
	fi
	if [ "`grep LOG_AUTHPRIV /usr/include/sys/syslog.h 2>&1`" = "" ] ; then
		sed -e 's/authpriv/!!!/g' i19.p1 > i19.p2;
	else
		cp i19.p1 i19.p2;
	fi
	if [ "`grep LOG_LOGALERT /usr/include/sys/syslog.h 2>&1`" = "" ] ; then
		sed -e 's/logalert/!!!/g' i19.p2 > i19.p1;
	else
		cp i19.p2 i19.p1;
	fi
	if [ "`grep LOG_FTP /usr/include/sys/syslog.h 2>&1`" = "" ] ; then
		sed -e 's/ftp/!!!/g' i19.p1 > i19.p2;
	else
		cp i19.p1 i19.p2;
	fi
	if [ "`egrep 'LOG_CRON.*15' /usr/include/sys/syslog.h 2>&1`" != "" ] ; then
		sed -e 's/cron/cron2/g' i19.p2 > i19;
	else
		cp i19.p2 i19;
	fi
	/bin/rm i19.p?

	mv i19 exp
	h_itest "$@"
}

h_nattest()
{
	h_copydata $1

	if [ $3 = hex ] ; then
		format="-xF $2"
	else
		format="-F $2"
	fi

	format="$4 $format"

	{ while read rule; do
		atf_check -o save:save -x \
		    "echo \"$rule\" | ipftest $format -RbN - -i in"
		cat save >>out
		echo "-------------------------------" >>out
	done; } <reg

	diff -u exp out || atf_fail "results differ"
}

h_natipftest()
{
	h_copydata $1
	cp $(atf_get_srcdir)/regress/$1.nat nat
	cp $(atf_get_srcdir)/regress/$1.ipf ipf

	if [ $4 = hex ] ; then
		format="-xF $3"
	else
		format="-F $3"
	fi

	case $2 in
	single)
		{ while read rule; do
			atf_check -o save:save -x "echo \"$rule\" | \
ipftest -R $5 $format -b -r ipf -N - -i in"
			cat save >>out
			echo "-------------------------------" >>out
		done; } <nat
		;;
	multi)
		atf_check -o save:out ipftest -R $5 \
			$format -b -r ipf -N nat -i in
		echo "-------------------------------" >>out
		;;
	esac

	diff -u exp out || atf_fail "results differ"
}

h_intest()
{
	h_copydata $1

	atf_check -o file:exp -e ignore ipnat -Rnvf reg
}

h_iptest()
{
	h_copydata $1
	mkdir input
	cp $(atf_get_srcdir)/input/ip2.data input/

	atf_check -o file:exp -e ignore ippool -f reg -nRv
}

h_logtest()
{
	h_copydata $1
	cp $(atf_get_srcdir)/expected/$1.b exp.b

	case `uname -s` in
	OSF1)
		GMT=:
		;;
	*)
		GMT=GMT
		;;
	esac

	{ while read rule; do
		echo $rule >>out
		atf_check -o ignore -x \
		    "echo $rule | ipftest -br - -F $2 -i in -l logout"

		atf_check -o save:save -x "TZ=$GMT ipmon -P /dev/null -f logout"
		cat save >>out
		echo "--------" >>out

		atf_check -o save:save -x "TZ=$GMT ipmon -P /dev/null -bf logout"
		cat save >>out.b
		echo "--------" >>out.b
	done; } <reg

	atf_check -o ignore ipftest -br reg -F $2 -i in -l logout

	atf_check -o save:save -x "TZ=$GMT ipmon -P /dev/null -f logout"
	cat save >>out
	echo "--------" >>out

	atf_check -o save:save -x "TZ=$GMT ipmon -P /dev/null -bf logout"
	cat save >>out.b
	echo "--------" >>out.b

	diff -u exp out || atf_fail "results differ"
	diff -u exp.b out.b || atf_fail "results differ"
}

h_dotest6()
{
	h_copydata $(echo ${1} | tr _ .)

	ipftest -6 -r /dev/null -i /dev/null >/dev/null 2>&1 \
	    || atf_skip "skipping IPv6 tests"

	{ while read rule; do
		atf_check -o save:save -x "echo \"$rule\" | \
ipftest -F $2 -6br - -i in"
		cat save >>out
		echo "--------" >>out
	done; } <reg

	diff -u exp out || atf_fail "results differ"
}

h_ptest()
{
	h_copydata $1
	cp $(atf_get_srcdir)/regress/$1.pool pool 2>/dev/null
	cp $(atf_get_srcdir)/regress/$1.ipf ipf

	if [ -f pool ] ; then
		atf_check -o save:out ipftest -RD -b -P pool -r ipf -i in
	else
		atf_check -o save:out ipftest -RD -b -r ipf -i in
	fi

	echo "-------------------------------" >>out

}

h_bpftest()
{
	h_copydata $(echo ${1} | tr _ .)
	cp "$(atf_get_srcdir)/input/$(echo ${1} | sed s,bpf_,,)" in

	{ while read rule; do
		atf_check -o save:save -x "echo '$rule' | ipftest -Rbr - -i in"
		cat save >>out
		echo "--------" >>out
	done; } <reg

	diff -u exp out || atf_fail "results differ"
}

tc_desc:desc_f:Checks filter rules
tc:f1:dotest:desc_f:text:text
tc:f2:dotest:desc_f:text:text
tc:f3:dotest:desc_f:text:text
tc:f4:dotest:desc_f:text:text
tc:f5:dotest:desc_f:text:text
tc:f6:dotest:desc_f:text:text
tc:f7:dotest:desc_f:text:text
tc:f8:dotest:desc_f:text:text
tc:f9:dotest:desc_f:text:text
tc:f10:dotest:desc_f:text:text
tc:f11:dotest:desc_f:text:text:-D
tc:f12:dotest:desc_f:hex:hex
tc:f13:dotest:desc_f:hex:hex
tc:f14:dotest:desc_f:text:text
tc:f15:mtest:desc_f:text:text
tc:f16:mtest:desc_f:text:text
tc:f17:mtest:desc_f:hex:hex
tc:f18:mtest:desc_f:text:text
tc:f19:dotest:desc_f:text:text:-T fr_statemax=3
tc:f20:mtest:desc_f:text:text
tc:f24:mtest:desc_f:hex:text

tc_desc:desc_i:Checks parsing and printing of ipf rules
tc:i1:itest:desc_i:text:ipf
tc:i2:itest:desc_i:text:ipf
tc:i3:itest:desc_i:text:ipf
tc:i4:itest:desc_i:text:ipf
tc:i5:itest:desc_i:text:ipf
tc:i6:itest:desc_i:text:ipf
tc:i7:itest:desc_i:text:ipf
tc:i8:itest:desc_i:text:ipf
tc:i9:itest:desc_i:text:ipf
tc:i10:itest:desc_i:text:ipf
tc:i11:itest:desc_i:text:ipf
tc:i12:itest:desc_i:text:ipf
tc:i13:itest:desc_i:text:ipf
tc:i14:itest:desc_i:text:ipf
tc:i15:itest:desc_i:text:ipf
tc:i16:itest:desc_i:text:ipf
tc:i17:itest:desc_i:text:ipftest
tc:i18:itest:desc_i:text:ipf
tc:i19:itest_i19:desc_i:text:ipf
tc:i20:itest:desc_i:text:ipf
tc:i21:itest:desc_i:text:ipf

tc_desc:desc_n:Checks NAT
tc:n1:nattest:desc_n:text:text
tc:n2:nattest:desc_n:text:text
tc:n3:nattest:desc_n:text:text
tc:n4:nattest:desc_n:text:text
tc:n5:nattest:desc_n:text:text
tc:n6:nattest:desc_n:text:text
tc:n7:nattest:desc_n:text:text
tc:n8:nattest:desc_n:hex:hex:-T fr_update_ipid=0
tc:n9:nattest:desc_n:hex:hex:-T fr_update_ipid=0
tc:n10:nattest:desc_n:hex:hex:-T fr_update_ipid=0
tc:n11:nattest:desc_n:text:text
tc:n12:nattest:desc_n:hex:hex:-T fr_update_ipid=0
tc:n13:nattest:desc_n:text:text
tc:n14:nattest:desc_n:text:text
tc:n16:nattest:desc_n:hex:hex:-D
tc:n17:nattest:desc_n:hex:hex:-D

tc_desc:desc_ni:Checks combined NAT and IPF
tc:ni1:natipftest:desc_ni:multi:hex:hex:-T fr_update_ipid=1
tc:ni2:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=1
tc:ni3:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=1
tc:ni4:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=1
tc:ni5:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=1
tc:ni6:natipftest:desc_ni:multi:hex:hex:-T fr_update_ipid=1
tc:ni7:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=1
tc:ni8:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=1
tc:ni9:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=1
tc:ni10:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=1
tc:ni11:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=1
tc:ni12:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=1
tc:ni13:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=1
tc:ni14:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=1
tc:ni15:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=1
tc:ni16:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=1
tc:ni19:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=0
tc:ni20:natipftest:desc_ni:single:hex:hex:-T fr_update_ipid=0
tc:ni21:natipftest:desc_ni:multi:text:text
tc:ni23:natipftest:desc_ni:multi:text:text:-D

tc_desc:desc_in:Checks parsing and printing of ipnat rules
tc:in1:intest:desc_in:text:text
tc:in2:intest:desc_in:text:text
tc:in3:intest:desc_in:text:text
tc:in4:intest:desc_in:text:text
tc:in5:intest:desc_in:text:text
tc:in6:intest:desc_in:text:text

tc_desc:desc_p:Checks pools
tc:p1:ptest:desc_p:text:text
tc:p2:ptest:desc_p:text:text
tc:p3:ptest:desc_p:text:text
tc:p5:ptest:desc_p:text:text

tc_desc:desc_ip:Checks pools
tc:ip1:iptest:desc_ip:text:text
tc:ip2:iptest:desc_ip:text:text

tc_desc:desc_log:Checks logging
tc:l1:logtest:desc_log:hex:hex

tc_desc:desc_ipv6:Checks ipv6 filter rules
tc:ipv6_1:dotest6:desc_ipv6:hex:hex
tc:ipv6_2:dotest6:desc_ipv6:hex:hex
tc:ipv6_3:dotest6:desc_ipv6:hex:hex
tc:ipv6_5:dotest6:desc_ipv6:hex:hex
tc:ipv6_6:dotest6:desc_ipv6:hex:text

tc_desc:desc_bpf:Checks BPF
tc:bpf1:itest:desc_bpf:text:ipf
tc:bpf_f1:bpftest:desc_bpf:text:text

atf_init_test_cases()
{
tc_list
}