ipsockopt.c revision 136384 
1/*-
2 * Copyright (c) 2004 Robert N. M. Watson
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $FreeBSD: head/tools/regression/netinet/ipsockopt/ipsockopt.c 136384 2004-10-11 16:09:45Z rwatson $
27 */
28
29#include <sys/types.h>
30#include <sys/socket.h>
31
32#include <netinet/in.h>
33#include <netinet/in_systm.h>
34#include <netinet/ip.h>
35
36#include <err.h>
37#include <errno.h>
38#include <stdio.h>
39#include <stdlib.h>
40#include <string.h>
41#include <unistd.h>
42
43/*
44 * The test tool exercises IP-level socket options by interrogating the
45 * getsockopt()/setsockopt() APIs.  It does not currently test that the
46 * intended semantics of each option are implemented (i.e., that setting IP
47 * options on the socket results in packets with the desired IP options in
48 * it).
49 */
50
51/*
52 * Exercise the IP_OPTIONS socket option.  Confirm the following properties:
53 *
54 * - That there is no initial set of options (length returned is 0).
55 * - That if we set a specific set of options, we can read it back.
56 * - That if we then reset the options, they go away.
57 *
58 * Use a UDP socket for this.
59 */
60static void
61test_ip_options(void)
62{
63	u_int32_t new_options, test_options[2];
64	socklen_t len;
65	int sock;
66
67	sock = socket(PF_INET, SOCK_DGRAM, 0);
68	if (sock == -1)
69		err(-1, "test_ip_options: socket(SOCK_DGRAM)");
70
71	/*
72	 * Start off by confirming the default IP options on a socket are to
73	 * have no options set.
74	 */
75	len = sizeof(test_options);
76	if (getsockopt(sock, IPPROTO_IP, IP_OPTIONS, test_options, &len) < 0)
77		err(-1, "test_ip_options: initial getsockopt()");
78
79	if (len != 0)
80		errx(-1, "test_ip_options: initial getsockopt() returned "
81		    "%d bytes", len);
82
83#define	TEST_MAGIC	0xc34e4212
84#define	NEW_OPTIONS	htonl(IPOPT_EOL | (IPOPT_NOP << 8) | (IPOPT_NOP << 16) \
85			 | (IPOPT_NOP << 24))
86
87	/*
88	 * Write some new options into the socket.
89	 */
90	new_options = NEW_OPTIONS;
91	if (setsockopt(sock, IPPROTO_IP, IP_OPTIONS, &new_options,
92	    sizeof(new_options)) < 0)
93		err(-1, "test_ip_options: setsockopt(NOP|NOP|NOP|EOL)");
94
95	/*
96	 * Store some random cruft in a local variable and retrieve the
97	 * options to make sure they set.  Note that we pass in an array
98	 * of u_int32_t's so that if whatever ended up in the option was
99	 * larger than what we put in, we find out about it here.
100	 */
101	test_options[0] = TEST_MAGIC;
102	test_options[1] = TEST_MAGIC;
103	len = sizeof(test_options);
104	if (getsockopt(sock, IPPROTO_IP, IP_OPTIONS, test_options, &len) < 0)
105		err(-1, "test_ip_options: getsockopt() after set");
106
107	/*
108	 * Getting the right amount back is important.
109	 */
110	if (len != sizeof(new_options))
111		errx(-1, "test_ip_options: getsockopt() after set returned "
112		    "%d bytes of data", len);
113
114	/*
115	 * One posible failure mode is that the call succeeds but neglects to
116	 * copy out the data.
117 	 */
118	if (test_options[0] == TEST_MAGIC)
119		errx(-1, "test_ip_options: getsockopt() after set didn't "
120		    "return data");
121
122	/*
123	 * Make sure we get back what we wrote on.
124	 */
125	if (new_options != test_options[0])
126		errx(-1, "test_ip_options: getsockopt() after set returned "
127		    "wrong options (%08x, %08x)", new_options,
128		    test_options[0]);
129
130	/*
131	 * Now we reset the value to make sure clearing works.
132	 */
133	if (setsockopt(sock, IPPROTO_IP, IP_OPTIONS, NULL, 0) < 0)
134		err(-1, "test_ip_options: setsockopt() to reset");
135
136	/*
137	 * Make sure it was really cleared.
138	 */
139	test_options[0] = TEST_MAGIC;
140	test_options[1] = TEST_MAGIC;
141	len = sizeof(test_options);
142	if (getsockopt(sock, IPPROTO_IP, IP_OPTIONS, test_options, &len) < 0)
143		err(-1, "test_ip_options: getsockopt() after reset");
144
145	if (len != 0)
146		errx(-1, "test_ip_options: getsockopt() after reset returned "
147		    "%d bytes", len);
148
149	close(sock);
150}
151
152/*
153 * This test checks the behavior of the IP_HDRINCL socket option, which
154 * allows users with privilege to specify the full header on an IP raw
155 * socket.  We test that the option can only be used with raw IP sockets, not
156 * with UDP or TCP sockets.  We also confirm that the raw socket is only
157 * available to a privileged user (subject to the UID when called).  We
158 * confirm that it defaults to off
159 */
160static void
161test_ip_hdrincl(void)
162{
163	int flag[2], sock;
164	socklen_t len;
165
166	/*
167	 * Try to receive or set the IP_HDRINCL flag on a TCP socket.
168	 */
169	sock = socket(PF_INET, SOCK_STREAM, 0);
170	if (sock == -1) {
171		perror("socket");
172		exit(-1);
173	}
174
175	flag[0] = -1;
176	len = sizeof(flag[0]);
177	if (getsockopt(sock, IPPROTO_IP, IP_HDRINCL, flag, &len) == 0) {
178		fprintf(stderr, "getsockopt(IP_HDRINCL) on TCP succeeded\n");
179		exit(-1);
180	}
181
182	if (errno != ENOPROTOOPT) {
183		fprintf(stderr, "getsockopt(IP_HDRINCL) on TCP returned %d "
184		    "(%s) not ENOPROTOOPT\n", errno, strerror(errno));
185		exit(-1);
186	}
187
188	flag[0] = 1;
189	if (setsockopt(sock, IPPROTO_IP, IP_HDRINCL, flag, sizeof(flag[0]))
190	    == 0) {
191		fprintf(stderr, "setsockopt(IP_HDRINCL) on TCP succeeded\n");
192		exit(-1);
193	}
194
195	if (errno != ENOPROTOOPT) {
196		fprintf(stderr, "setsockopt(IP_HDRINCL) on TCP returned %d "
197		    "(%s) not ENOPROTOOPT\n", errno, strerror(errno));
198		exit(-1);
199	}
200
201	close(sock);
202
203	/*
204	 * Try to receive or set the IP_HDRINCL flag on a UDP socket.
205	 */
206	sock = socket(PF_INET, SOCK_DGRAM, 0);
207	if (sock == -1) {
208		perror("socket");
209		exit(-1);
210	}
211
212	flag[0] = -1;
213	len = sizeof(flag[0]);
214	if (getsockopt(sock, IPPROTO_IP, IP_HDRINCL, flag, &len) == 0) {
215		fprintf(stderr, "getsockopt(IP_HDRINCL) on UDP succeeded\n");
216		exit(-1);
217	}
218
219	if (errno != ENOPROTOOPT) {
220		fprintf(stderr, "getsockopt(IP_HDRINCL) on UDP returned %d "
221		    "(%s) not ENOPROTOOPT\n", errno, strerror(errno));
222		exit(-1);
223	}
224
225	if (setsockopt(sock, IPPROTO_IP, IP_HDRINCL, flag, sizeof(flag[0]))
226	    == 0) {
227		fprintf(stderr, "setsockopt(IP_HDRINCL) on UDPsucceeded\n");
228		exit(-1);
229	}
230
231	if (errno != ENOPROTOOPT) {
232		fprintf(stderr, "setsockopt(IP_HDRINCL) on UDP returned %d "
233		    "(%s) not ENOPROTOOPT\n", errno, strerror(errno));
234		exit(-1);
235	}
236
237	close(sock);
238
239	/*
240	 * Now try on a raw socket.  Access ontrol should prevent non-root
241	 * users from creating the raw socket, so check that here based on
242	 * geteuid().  If we're non-root, we just return assuming the socket
243	 * create fails since the remainder of the tests apply only on a raw
244	 * socket.
245	 */
246	sock = socket(PF_INET, SOCK_RAW, 0);
247	if (geteuid() != 0) {
248		if (sock != -1)
249			errx(-1, "test_ip_hdrincl: created raw socket as "
250			    "uid %d", geteuid());
251		return;
252	}
253	if (sock == -1) {
254		perror("test_ip_hdrincl: socket(PF_INET, SOCK_RAW)");
255		exit(-1);
256	}
257
258	/*
259	 * Make sure the initial value of the flag is 0 (disabled).
260	 */
261	flag[0] = -1;
262	flag[1] = -1;
263	len = sizeof(flag);
264	if (getsockopt(sock, IPPROTO_IP, IP_HDRINCL, flag, &len) < 0) {
265		perror("test_ip_hdrincl: getsockopt(IP_HDRINCL) on raw");
266		exit(-1);
267	}
268
269	if (len != sizeof(flag[0])) {
270		fprintf(stderr, "test_ip_hdrincl: %d bytes returned on "
271		    "initial get\n", len);
272		exit(-1);
273	}
274
275	if (flag[0] != 0) {
276		fprintf(stderr, "test_ip_hdrincl: initial flag value of %d\n",
277		    flag[0]);
278		exit(-1);
279	}
280
281	/*
282	 * Enable the IP_HDRINCL flag.
283	 */
284	flag[0] = 1;
285	if (setsockopt(sock, IPPROTO_IP, IP_HDRINCL, flag, sizeof(flag[0]))
286	    < 0) {
287		perror("test_ip_hdrincl: setsockopt(IP_HDRINCL, 1)");
288		exit(-1);
289	}
290
291	/*
292	 * Check that the IP_HDRINCL flag was set.
293	 */
294	flag[0] = -1;
295	flag[1] = -1;
296	len = sizeof(flag);
297	if (getsockopt(sock, IPPROTO_IP, IP_HDRINCL, flag, &len) < 0) {
298		perror("test_ip_hdrincl: getsockopt(IP_HDRINCL) after set");
299		exit(-1);
300	}
301
302	if (flag[0] == 0) {
303		fprintf(stderr, "test_ip_hdrincl: getsockopt(IP_HDRINCL) "
304		    "after set had flag of %d\n", flag[0]);
305		exit(-1);
306	}
307
308#define	HISTORICAL_INP_HDRINCL	8
309	if (flag[0] != HISTORICAL_INP_HDRINCL) {
310		fprintf(stderr, "test_ip_hdrincl: WARNING: getsockopt(IP_H"
311		    "DRINCL) after set had non-historical value of %d\n",
312		    flag[0]);
313	}
314
315	/*
316	 * Reset the IP_HDRINCL flag to 0.
317	 */
318	flag[0] = 0;
319	if (setsockopt(sock, IPPROTO_IP, IP_HDRINCL, flag, sizeof(flag[0]))
320	    < 0) {
321		perror("test_ip_hdrincl: setsockopt(IP_HDRINCL, 0)");
322		exit(-1);
323	}
324
325	/*
326	 * Check that the IP_HDRINCL flag was reset to 0.
327	 */
328	flag[0] = -1;
329	flag[1] = -1;
330	len = sizeof(flag);
331	if (getsockopt(sock, IPPROTO_IP, IP_HDRINCL, flag, &len) < 0) {
332		perror("test_ip_hdrincl: getsockopt(IP_HDRINCL) after reset");
333		exit(-1);
334	}
335
336	if (flag[0] != 0) {
337		fprintf(stderr, "test_ip_hdrincl: getsockopt(IP_HDRINCL) "
338		    "after set had flag of %d\n", flag[0]);
339		exit(-1);
340	}
341
342	close(sock);
343}
344
345/*
346 * As with other non-int or larger sized socket options, the IP_TOS and
347 * IP_TTL fields in kernel is stored as an 8-bit value, reflecting the IP
348 * header fields, but useful I/O to the field occurs using 32-bit integers.
349 * The FreeBSD kernel will permit writes from variables at least an int in
350 * size (and ignore additional bytes), and will permit a read to buffers 1
351 * byte or larger (but depending on endianness, may truncate out useful
352 * values if the caller provides less room).
353 *
354 * Given the limitations of the API, use a UDP socket to confirm that the
355 * following are true:
356 *
357 * - We can read the IP_TOS/IP_TTL options.
358 * - The initial value of the TOS option is 0, TTL is 64.
359 * - That if we provide more than 32 bits of storage, we get back only 32
360 *   bits of data.
361 * - When we set it to a non-zero value expressible with a u_char, we can
362 *   read that value back.
363 * - When we reset it back to zero, we can read it as 0.
364 * - When we set it to a value >255, the value is truncated to something less
365 *   than 255.
366 */
367static void
368test_ip_uchar(int option, char *optionname, int initial)
369{
370	int sock, val[2];
371	socklen_t len;
372
373	sock = socket(PF_INET, SOCK_DGRAM, 0);
374	if (sock == -1)
375		err(-1, "test_ip_tosttl(%s): socket", optionname);
376
377	/*
378	 * Check that the initial value is 0, and that the size is one
379	 * u_char;
380	 */
381	val[0] = -1;
382	val[1] = -1;
383	len = sizeof(val);
384	if (getsockopt(sock, IPPROTO_IP, option, val, &len) < 0)
385		err(-1, "test_ip_tosttl: initial getsockopt(%s)",
386		    optionname);
387
388	if (len != sizeof(val[0]))
389		errx(-1, "test_ip_tosttl(%s): initial getsockopt() returned "
390		    "%d bytes", optionname, len);
391
392	if (val[0] == -1)
393		errx(-1, "test_ip_tosttl(%s): initial getsockopt() didn't "
394		    "return data", optionname);
395
396	if (val[0] != initial)
397		errx(-1, "test_ip_tosttl(%s): initial getsockopt() returned "
398		   "value of %d, not %d", optionname, val[0], initial);
399
400	/*
401	 * Set the field to a valid value.
402	 */
403	val[0] = 128;
404	val[1] = -1;
405	if (setsockopt(sock, IPPROTO_IP, option, val, sizeof(val[0])) < 0)
406		err(-1, "test_ip_tosttl(%s): setsockopt(128)", optionname);
407
408	/*
409	 * Check that when we read back the field, we get the same value.
410	 */
411	val[0] = -1;
412	val[1] = -1;
413	len = sizeof(val);
414	if (getsockopt(sock, IPPROTO_IP, option, val, &len) < 0)
415		err(-1, "test_ip_tosttl(%s): getsockopt() after set to 128",
416		    optionname);
417
418	if (len != sizeof(val[0]))
419		errx(-1, "test_ip_tosttl(%s): getsockopt() after set to 128 "
420		    "returned %d bytes", optionname, len);
421
422	if (val[0] == -1)
423		errx(-1, "test_ip_tosttl(%s): getsockopt() after set to 128 "
424		    "didn't return data", optionname);
425
426	if (val[0] != 128)
427		errx(-1, "test_ip_tosttl(%s): getsockopt() after set to 128 "
428		    "returned %d", optionname, val[0]);
429
430	/*
431	 * Reset the value to 0, check that it was reset.
432	 */
433	val[0] = 0;
434	val[1] = 0;
435	if (setsockopt(sock, IPPROTO_IP, option, val, sizeof(val[0])) < 0)
436		err(-1, "test_ip_tosttl(%s): setsockopt() to reset from 128",
437		    optionname);
438
439	if (len != sizeof(val[0]))
440		errx(-1, "test_ip_tosttl(%s): getsockopt() after reset from "
441		    "128 returned %d bytes", optionname, len);
442
443	if (val[0] == -1)
444		errx(-1, "test_ip_tosttl(%s): getsockopt() after reset from "
445		    "128 didn't return data", optionname);
446
447	if (val[0] != 0)
448		errx(-1, "test_ip_tosttl(%s): getsockopt() after reset from "
449		    "128 returned %d", optionname, val[0]);
450
451	/*
452	 * Set the value to something out of range and check that it comes
453	 * back truncated, or that we get EINVAL back.  Traditional u_char
454	 * IP socket options truncate, but newer ones (such as multicast
455	 * socket options) will return EINVAL.
456	 */
457	val[0] = 32000;
458	val[1] = -1;
459	if (setsockopt(sock, IPPROTO_IP, option, val, sizeof(val[0])) < 0) {
460		/*
461		 * EINVAL is a fine outcome, no need to run the truncation
462		 * tests.
463		 */
464		if (errno == EINVAL) {
465			close(sock);
466			return;
467		}
468		err(-1, "test_ip_tosttl(%s): getsockopt(32000)", optionname);
469	}
470
471	val[0] = -1;
472	val[1] = -1;
473	len = sizeof(val);
474	if (getsockopt(sock, IPPROTO_IP, option, val, &len) < 0)
475		err(-1, "test_ip_tosttl(%s): getsockopt() after set to 32000",
476		    optionname);
477
478	if (len != sizeof(val[0]))
479		errx(-1, "test_ip_tosttl(%s): getsockopt() after set to 32000"
480		    "returned %d bytes",  optionname, len);
481
482	if (val[0] == -1)
483		errx(-1, "test_ip_tosttl(%s): getsockopt() after set to 32000"
484		    "didn't return data", optionname);
485
486	if (val[0] == 32000)
487		errx(-1, "test_ip_tosttl(%s): getsockopt() after set to 32000"
488		    "returned 32000: failed to truncate", optionname);
489
490	close(sock);
491}
492
493/*
494 * Generic test for a boolean socket option.  Caller provides the option
495 * number, string name, expected default (initial) value, and whether or not
496 * the option is root-only.  For each option, test:
497 *
498 * - That we can read the option.
499 * - That the initial value is as expected.
500 * - That we can modify the value.
501 * - That on modification, the new value can be read back.
502 * - That we can reset the value.
503 * - that on reset, the new value can be read back.
504 *
505 * Test using a UDP socket.
506 */
507#define	BOOLEAN_ANYONE		1
508#define	BOOLEAN_ROOTONLY	1
509static void
510test_ip_boolean(int option, char *optionname, int initial, int rootonly)
511{
512	int newvalue, sock, val[2];
513	socklen_t len;
514
515	sock = socket(PF_INET, SOCK_DGRAM, 0);
516	if (sock == -1)
517		err(-1, "test_ip_boolean(%s): socket", optionname);
518
519	/*
520	 * The default for a boolean might be true or false.  If it's false,
521	 * we will try setting it to true (but using a non-1 value of true).
522	 * If it's true, we'll set it to false.
523	 */
524	if (initial == 0)
525		newvalue = 0xff;
526	else
527		newvalue = 0;
528
529	val[0] = -1;
530	val[1] = -1;
531	len = sizeof(val);
532	if (getsockopt(sock, IPPROTO_IP, option, val, &len) < 0)
533		err(-1, "test_ip_boolean: initial getsockopt()");
534
535	if (len != sizeof(val[0]))
536		errx(-1, "test_ip_boolean(%s): initial getsockopt() returned "
537		   "%d bytes", optionname, len);
538
539	if (val[0] == -1)
540		errx(-1, "test_ip_boolean(%s): initial getsockopt() didn't "
541		    "return data", optionname);
542
543	if (val[0] != initial)
544		errx(-1, "test_ip_boolean(%s): initial getsockopt() returned "
545		    "%d (expected %d)", optionname, val[0], initial);
546
547	/*
548	 * Set the socket option to a new non-default value.
549	 */
550	if (setsockopt(sock, IPPROTO_IP, option, &newvalue, sizeof(newvalue))
551	    < 0)
552		err(-1, "test_ip_boolean(%s): setsockopt() to %d", optionname,
553		    newvalue);
554
555	/*
556	 * Read the value back and see if it is not the default (note: will
557	 * not be what we set it to, as we set it to 0xff above).
558	 */
559	val[0] = -1;
560	val[1] = -1;
561	len = sizeof(val);
562	if (getsockopt(sock, IPPROTO_IP, option, val, &len) < 0)
563		err(-1, "test_ip_boolean(%s): getsockopt() after set to %d",
564		    optionname, newvalue);
565
566	if (len != sizeof(val[0]))
567		errx(-1, "test_ip_boolean(%s): getsockopt() after set to %d "
568		    "returned %d bytes", optionname, newvalue, len);
569
570	if (val[0] == -1)
571		errx(-1, "test_ip_boolean(%s): getsockopt() after set to %d "
572		    "didn't return data", optionname, newvalue);
573
574	/*
575	 * If we set it to true, check for '1', otherwise '0.
576	 */
577	if (val[0] != (newvalue ? 1 : 0))
578		errx(-1, "test_ip_boolean(%s): getsockopt() after set to %d "
579		    "returned %d", optionname, newvalue, val[0]);
580
581	/*
582	 * Reset to initial value.
583	 */
584	newvalue = initial;
585	if (setsockopt(sock, IPPROTO_IP, option, &newvalue, sizeof(newvalue))
586	    < 0)
587		err(-1, "test_ip_boolean(%s): setsockopt() to reset",
588		    optionname);
589
590	/*
591	 * Check reset version.
592	 */
593	val[0] = -1;
594	val[1] = -1;
595	len = sizeof(val);
596	if (getsockopt(sock, IPPROTO_IP, option, val, &len) < 0)
597		err(-1, "test_ip_boolean(%s): getsockopt() after reset",
598		    optionname);
599
600	if (len != sizeof(val[0]))
601		errx(-1, "test_ip_boolean(%s): getsockopt() after reset "
602		    "returned %d bytes", optionname, len);
603
604	if (val[0] == -1)
605		errx(-1, "test_ip_boolean(%s): getsockopt() after reset "
606		    "didn't return data", optionname);
607
608	if (val[0] != newvalue)
609		errx(-1, "test_ip_boolean(%s): getsockopt() after reset "
610		    "returned %d", optionname, newvalue);
611
612	close(sock);
613}
614
615/*
616 * XXX: For now, nothing here.
617 */
618static void
619test_ip_multicast_if(void)
620{
621
622	/*
623	 * It's probably worth trying INADDR_ANY and INADDR_LOOPBACK here
624	 * to see what happens.
625	 */
626}
627
628/*
629 * XXX: For now, nothing here.
630 */
631static void
632test_ip_multicast_vif(void)
633{
634
635	/*
636	 * This requires some knowledge of the number of virtual interfaces,
637	 * and what is valid.
638	 */
639}
640
641/*
642 * XXX: For now, nothing here.
643 */
644static void
645test_ip_multicast_membership(void)
646{
647
648}
649
650static void
651test_ip_multicast(void)
652{
653
654	test_ip_multicast_if();
655	test_ip_multicast_vif();
656
657	/*
658	 * Test the multicast TTL exactly as we would the regular TTL, only
659	 * expect a different default.
660	 */
661	test_ip_uchar(IP_MULTICAST_TTL, "IP_MULTICAST_TTL", 1);
662
663	/*
664	 * The multicast loopback flag can be tested using our boolean
665	 * tester, but only because the FreeBSD API is a bit more flexible
666	 * than earlir APIs and will accept an int as well as a u_char.
667	 * Loopback is enabled by default.
668	 */
669	test_ip_boolean(IP_MULTICAST_LOOP, "IP_MULTICAST_LOOP", 1,
670	    BOOLEAN_ANYONE);
671
672	test_ip_multicast_membership();
673}
674
675static void
676testsuite(void)
677{
678
679	test_ip_hdrincl();
680
681	test_ip_uchar(IP_TOS, "IP_TOS", 0);
682	test_ip_uchar(IP_TTL, "IP_TTL", 64);
683
684	test_ip_boolean(IP_RECVOPTS, "IP_RECVOPTS", 0, BOOLEAN_ANYONE);
685	test_ip_boolean(IP_RECVRETOPTS, "IP_RECVRETOPTS", 0, BOOLEAN_ANYONE);
686	test_ip_boolean(IP_RECVDSTADDR, "IP_RECVDSTADDR", 0, BOOLEAN_ANYONE);
687	test_ip_boolean(IP_RECVTTL, "IP_RECVTTL", 0, BOOLEAN_ANYONE);
688	test_ip_boolean(IP_RECVIF, "IP_RECVIF", 0, BOOLEAN_ANYONE);
689	test_ip_boolean(IP_FAITH, "IP_FAITH", 0, BOOLEAN_ANYONE);
690	test_ip_boolean(IP_ONESBCAST, "IP_ONESBCAST", 0, BOOLEAN_ANYONE);
691
692	/*
693	 * XXX: Still need to test:
694	 * IP_PORTRANGE
695	 * IP_IPSEC_POLICY?
696	 */
697
698	test_ip_multicast();
699
700	test_ip_options();
701}
702
703/*
704 * Very simply exercise that we can get and set each option.  If we're running
705 * as root, run it also as nobody.  If not as root, complain about that.
706 */
707int
708main(int argc, char *argv[])
709{
710
711	if (geteuid() != 0) {
712		warnx("Not running as root, can't run as-root tests");
713		fprintf(stderr, "\n");
714		fprintf(stderr, "Running tests with uid %d\n", geteuid());
715		testsuite();
716		fprintf(stderr, "PASS\n");
717	} else {
718		fprintf(stderr, "Running tests with uid 0\n");
719		testsuite();
720		if (setuid(65534) != 0)
721			err(-1, "setuid(65534)");
722		fprintf(stderr, "Running tests with uid 65535\n");
723		testsuite();
724		fprintf(stderr, "PASS\n");
725	}
726	exit(0);
727}
728