1*90f50367Sbluhm# $OpenBSD: Makefile,v 1.2 2017/11/17 15:39:51 bluhm Exp $ 23effdb81Sbluhm 33effdb81Sbluhm# Copyright (c) 2017 Alexander Bluhm <bluhm@openbsd.org> 43effdb81Sbluhm# 53effdb81Sbluhm# Permission to use, copy, modify, and distribute this software for any 63effdb81Sbluhm# purpose with or without fee is hereby granted, provided that the above 73effdb81Sbluhm# copyright notice and this permission notice appear in all copies. 83effdb81Sbluhm# 93effdb81Sbluhm# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 103effdb81Sbluhm# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 113effdb81Sbluhm# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 123effdb81Sbluhm# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 133effdb81Sbluhm# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 143effdb81Sbluhm# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 153effdb81Sbluhm# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 163effdb81Sbluhm 173effdb81Sbluhm# Set up two loopback interfaces in different routing domains. 183effdb81Sbluhm# Try to ping existing and non existing addresses in these domains. 19*90f50367Sbluhm# Also test pinging to different rdomains via pf. Check that the 20*90f50367Sbluhm# ttl is decremented while looping though loopback interfaces. 213effdb81Sbluhm 223effdb81SbluhmSYSCTL_FORWARDING != sysctl net.inet.ip.forwarding 233effdb81Sbluhm 243effdb81Sbluhm.if ${SYSCTL_FORWARDING:C/.*=//} != 1 253effdb81Sbluhmregress: 263effdb81Sbluhm @echo "${SYSCTL_FORWARDING}" 273effdb81Sbluhm @echo set this sysctl to 1 for additional tests 283effdb81Sbluhm @echo SKIPPED 293effdb81Sbluhm.endif 303effdb81Sbluhm 313effdb81Sbluhm# This test uses routing doamin and interface number 11 and 12. 323effdb81Sbluhm# Adjust it here, if ue want to use something else. 333effdb81SbluhmN1 = 11 343effdb81SbluhmN2 = 12 353effdb81SbluhmNUMS = ${N1} ${N2} 363effdb81Sbluhm 373effdb81Sbluhm.PHONY: check-interfaces check-rdomains ifconfig unconfig 383effdb81Sbluhm 393effdb81Sbluhmcheck-rdomains: 403effdb81Sbluhm # check if rdomains are busy 413effdb81Sbluhm.for n in ${NUMS} 423effdb81Sbluhm @if /sbin/ifconfig | grep -v '^lo${n}:' | grep ' rdomain ${n} '; then\ 433effdb81Sbluhm echo routing domain ${n} is already used >&2; exit 1; fi 443effdb81Sbluhm.endfor 453effdb81Sbluhm 46*90f50367Sbluhmifconfig: check-rdomains unconfig 473effdb81Sbluhm # create and configure loopback interfaces 483effdb81Sbluhm.for n in ${NUMS} 493effdb81Sbluhm ${SUDO} /sbin/ifconfig lo${n} rdomain ${n} 503effdb81Sbluhm ${SUDO} /sbin/ifconfig lo${n} inet 127.0.0.1/8 513effdb81Sbluhm ${SUDO} /sbin/ifconfig lo${n} inet 127.0.0.${n} alias 52*90f50367Sbluhm ${SUDO} /sbin/route -n -T ${n} add -inet -host 10.6.6.6 127.0.0.1 53*90f50367Sbluhm ${SUDO} /sbin/route -n -T ${n} add -inet -host 10.7.7.7 127.0.0.1 543effdb81Sbluhm.endfor 553effdb81Sbluhm ${SUDO} /sbin/route -n -T ${N1} add -inet -host 127.0.0.${N2} 127.0.0.1 563effdb81Sbluhm ${SUDO} /sbin/route -n -T ${N2} add -inet -host 127.0.0.${N1} 127.0.0.1 573effdb81Sbluhm 583effdb81Sbluhmunconfig: 593effdb81Sbluhm # destroy interfaces 603effdb81Sbluhm.for n in ${NUMS} 613effdb81Sbluhm -${SUDO} /sbin/ifconfig lo${n} 127.0.0.1 delete 623effdb81Sbluhm -${SUDO} /sbin/ifconfig lo${n} 127.0.0.${n} delete 633effdb81Sbluhm.endfor 643effdb81Sbluhm rm -f stamp-setup 653effdb81Sbluhm 663effdb81Sbluhmstamp-setup: Makefile 673effdb81Sbluhm @echo '\n======== $@ ========' 683effdb81Sbluhm ${.MAKE} -C ${.CURDIR} ifconfig 693effdb81Sbluhm date >$@ 703effdb81Sbluhm 713effdb81Sbluhm# Create python include file containing the addresses. 723effdb81Sbluhmaddr.py: Makefile 733effdb81Sbluhm rm -f $@ $@.tmp 743effdb81Sbluhm.for var in N1 N2 753effdb81Sbluhm echo '${var}="${${var}}"' >>$@.tmp 76*90f50367Sbluhm echo 'IF_${var}="lo${${var}}"' >>$@.tmp 773effdb81Sbluhm echo 'ADDR_${var}="127.0.0.${${var}}"' >>$@.tmp 783effdb81Sbluhm.endfor 793effdb81Sbluhm mv $@.tmp $@ 803effdb81Sbluhm 813effdb81Sbluhm# Load the pf rules into the kernel. 823effdb81Sbluhmstamp-pfctl: addr.py pf.conf stamp-setup 833effdb81Sbluhm @echo '\n======== $@ ========' 843effdb81Sbluhm cat addr.py ${.CURDIR}/pf.conf | pfctl -n -f - 853effdb81Sbluhm cat addr.py ${.CURDIR}/pf.conf | ${SUDO} pfctl -a regress -f - 863effdb81Sbluhm @date >$@ 873effdb81Sbluhm 88*90f50367Sbluhm# run tcpdump on lo devices 89*90f50367SbluhmDUMPCMD = tcpdump -l -e -vvv -s 2048 -ni 90*90f50367Sbluhm 91*90f50367Sbluhmstamp-bpf: stamp-bpf-${N1} stamp-bpf-${N2} 92*90f50367Sbluhm sleep 2 # XXX 93*90f50367Sbluhm @date >$@ 94*90f50367Sbluhm 95*90f50367Sbluhm.for n in ${N1} ${N2} 96*90f50367Sbluhm 97*90f50367Sbluhmstamp-bpf-${n}: stamp-setup 98*90f50367Sbluhm @echo '\n======== $@ ========' 99*90f50367Sbluhm rm -f lo${n}.tcpdump 100*90f50367Sbluhm pkill -f '^${DUMPCMD} lo${n}' || true 101*90f50367Sbluhm ${SUDO} ${DUMPCMD} lo${n} >lo${n}.tcpdump & 102*90f50367Sbluhm rm -f stamp-stop 103*90f50367Sbluhm @date >$@ 104*90f50367Sbluhm 105*90f50367Sbluhm.endfor 106*90f50367Sbluhm 107*90f50367Sbluhmstamp-stop: 108*90f50367Sbluhm @echo '\n======== $@ ========' 109*90f50367Sbluhm sleep 2 # XXX 110*90f50367Sbluhm -${SUDO} pkill -f '^${DUMPCMD}' 111*90f50367Sbluhm rm -f stamp-bpf* 112*90f50367Sbluhm @date >$@ 113*90f50367Sbluhm 1143effdb81Sbluhm.for n in ${N1} ${N2} 1153effdb81Sbluhm 1163effdb81SbluhmREGRESS_TARGETS += run-regress-ping-local-${n} 117*90f50367Sbluhmrun-regress-ping-local-${n}: stamp-setup stamp-bpf 1183effdb81Sbluhm @echo '\n======== $@ ========' 1193effdb81Sbluhm # Ping localhost in routing domain ${n}. 1203effdb81Sbluhm /sbin/ping -n -w 1 -c 1 -V ${n} 127.0.0.1 1213effdb81Sbluhm 1223effdb81SbluhmREGRESS_TARGETS += run-regress-ping-loop-${n} 123*90f50367Sbluhmrun-regress-ping-loop-${n}: stamp-setup stamp-bpf 1243effdb81Sbluhm @echo '\n======== $@ ========' 1253effdb81Sbluhm # Ping non existing address with loopback route in routing domain ${n}. 126*90f50367Sbluhm ! /sbin/ping -n -w 1 -c 1 -V ${n} 10.6.6.6 1273effdb81Sbluhm 1283effdb81SbluhmREGRESS_TARGETS += run-regress-ping-address-${n} 129*90f50367Sbluhmrun-regress-ping-address-${n}: stamp-setup stamp-pfctl 1303effdb81Sbluhm @echo '\n======== $@ ========' 1313effdb81Sbluhm # Ping local address in routing domain ${n}. 1323effdb81Sbluhm /sbin/ping -n -w 1 -c 1 -V ${n} 127.0.0.${n} 1333effdb81Sbluhm 1343effdb81Sbluhm.endfor 1353effdb81Sbluhm 1363effdb81SbluhmREGRESS_TARGETS += run-regress-ping-rdomain-pass 137*90f50367Sbluhmrun-regress-ping-rdomain-pass: stamp-setup stamp-pfctl 1383effdb81Sbluhm @echo '\n======== $@ ========' 1393effdb81Sbluhm # Pass ping packets between routing domains with pf rule. 1403effdb81Sbluhm /sbin/ping -n -w 1 -c 1 -V ${N1} 127.0.0.${N2} 1413effdb81Sbluhm 1423effdb81SbluhmREGRESS_TARGETS += run-regress-ping-rdomain-block 143*90f50367Sbluhmrun-regress-ping-rdomain-block: stamp-setup stamp-pfctl 1443effdb81Sbluhm @echo '\n======== $@ ========' 1453effdb81Sbluhm # Check that reverse direction without pf rule is not allowed. 1463effdb81Sbluhm ! /sbin/ping -n -w 1 -c 1 -V ${N2} 127.0.0.${N1} 1473effdb81Sbluhm 148*90f50367SbluhmREGRESS_TARGETS += run-regress-ping-rdomain-loop 149*90f50367Sbluhmrun-regress-ping-rdomain-loop: stamp-setup stamp-pfctl stamp-bpf 150*90f50367Sbluhm @echo '\n======== $@ ========' 151*90f50367Sbluhm # Ping non existing address and loop between routing domains. 152*90f50367Sbluhm ! /sbin/ping -n -w 1 -c 1 -V ${N1} 10.7.7.7 153*90f50367Sbluhm 154*90f50367Sbluhm.for n in ${N1} ${N2} 155*90f50367Sbluhm 156*90f50367SbluhmREGRESS_TARGETS += run-regress-bpf-local-${n} 157*90f50367Sbluhmrun-regress-bpf-local-${n}: stamp-stop 158*90f50367Sbluhm @echo '\n======== $@ ========' 159*90f50367Sbluhm # Check that the ping packet went through loopback. 160*90f50367Sbluhm grep '127.0.0.1 > 127.0.0.1: icmp: echo request' lo${n}.tcpdump 161*90f50367Sbluhm 162*90f50367SbluhmREGRESS_TARGETS += run-regress-bpf-loop-${n} 163*90f50367Sbluhmrun-regress-bpf-loop-${n}: stamp-stop 164*90f50367Sbluhm @echo '\n======== $@ ========' 165*90f50367Sbluhm # Check that the ping packet went multiple times through loopback. 166*90f50367Sbluhm grep '[0-9] 127.0.0.1 > 10.6.6.6: icmp: echo request .*ttl 255,' \ 167*90f50367Sbluhm lo${n}.tcpdump 168*90f50367Sbluhm grep '[0-9] 127.0.0.1 > 10.6.6.6: icmp: echo request .* \[ttl 1\]' \ 169*90f50367Sbluhm lo${n}.tcpdump 170*90f50367Sbluhm 171*90f50367Sbluhm.endfor 172*90f50367Sbluhm 173*90f50367SbluhmREGRESS_TARGETS += run-regress-bpf-rdomain-loop-${N1} 174*90f50367Sbluhmrun-regress-bpf-rdomain-loop-${N1}: stamp-stop 175*90f50367Sbluhm @echo '\n======== $@ ========' 176*90f50367Sbluhm # Check the ping packet went multiple times in routing domains. 177*90f50367Sbluhm grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 255,' \ 178*90f50367Sbluhm lo${N1}.tcpdump 179*90f50367Sbluhm ! grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 254,' \ 180*90f50367Sbluhm lo${N1}.tcpdump 181*90f50367Sbluhm grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .* \[ttl 1\]' \ 182*90f50367Sbluhm lo${N1}.tcpdump 183*90f50367Sbluhm 184*90f50367SbluhmREGRESS_TARGETS += run-regress-bpf-rdomain-loop-${N2} 185*90f50367Sbluhmrun-regress-bpf-rdomain-loop-${N2}: stamp-stop 186*90f50367Sbluhm @echo '\n======== $@ ========' 187*90f50367Sbluhm # Check the ping packet went multiple times in routing domains. 188*90f50367Sbluhm grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 254,' \ 189*90f50367Sbluhm lo${N2}.tcpdump 190*90f50367Sbluhm grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 2,' \ 191*90f50367Sbluhm lo${N2}.tcpdump 192*90f50367Sbluhm ! grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .* \[ttl 1\]' \ 193*90f50367Sbluhm lo${N2}.tcpdump 194*90f50367Sbluhm 1953effdb81SbluhmREGRESS_TARGETS += run-regress-cleanup 196*90f50367Sbluhmrun-regress-cleanup: stamp-stop 1973effdb81Sbluhm @echo '\n======== $@ ========' 1983effdb81Sbluhm ${.MAKE} -C ${.CURDIR} unconfig 1993effdb81Sbluhm 200*90f50367SbluhmCLEANFILES += addr.py *.pyc *.tcpdump *.log stamp-* 2013effdb81Sbluhm 2023effdb81Sbluhm.include <bsd.regress.mk> 203