Makefile (revision 1073f88e) - OpenGrok cross reference for /openbsd/regress/sys/net/pf_divert/Makefile

*1073f88eSbluhm#	$OpenBSD: Makefile,v 1.24 2021/12/12 21:16:53 bluhm Exp $
336dfed2Sbluhm
336dfed2Sbluhm# The following ports must be installed for the regression tests:
336dfed2Sbluhm# p5-Socket6		Perl defines relating to AF_INET6 sockets
1e607023Sbluhm#
1e607023Sbluhm# Check wether all required perl packages are installed.  If some
1e607023Sbluhm# are missing print a warning and skip the tests, but do not fail.
336dfed2Sbluhm
1e607023SbluhmPERL_REQUIRE !=	perl -Mstrict -Mwarnings -e ' \
1e607023Sbluhm    eval { require Socket6 } or print $@; \
1e607023Sbluhm'
1e607023Sbluhm.if ! empty(PERL_REQUIRE)
1e607023Sbluhmregress:
1e607023Sbluhm	@echo "${PERL_REQUIRE}"
1e607023Sbluhm	@echo install these perl packages for additional tests
54eefd0cSbluhm	@echo SKIPPED
336dfed2Sbluhm.endif
336dfed2Sbluhm
336dfed2Sbluhm# Fill out these variables as you have to test divert with the pf
336dfed2Sbluhm# kernel running on a remote machine.  You have to specify a local
336dfed2Sbluhm# and remote ip address for the test connections.  The fake ip address
336dfed2Sbluhm# will be routed via the remote address to test divert with non-existing
336dfed2Sbluhm# addresses.  To control the remote machine you need a hostname for
336dfed2Sbluhm# ssh to log in.  All the test files must be in the same directory
336dfed2Sbluhm# local and remote.
336dfed2Sbluhm# You must have an anchor "regress" for the divert rules in the pf.conf
336dfed2Sbluhm# of the remote machine.  The kernel of the remote machine gets testet.
02079822Sbluhm#
02079822Sbluhm# Run make check-setup to see if you got the setup correct.
336dfed2Sbluhm
11f7eadfSbluhmLOCAL_ADDR ?=
11f7eadfSbluhmREMOTE_ADDR ?=
11f7eadfSbluhmFAKE_ADDR ?=
11f7eadfSbluhmLOCAL_ADDR6 ?=
11f7eadfSbluhmREMOTE_ADDR6 ?=
11f7eadfSbluhmFAKE_ADDR6 ?=
11f7eadfSbluhmREMOTE_SSH ?=
336dfed2Sbluhm
1e607023Sbluhm.if empty (LOCAL_ADDR) || empty (REMOTE_ADDR) || empty (FAKE_ADDR) || \
1e607023Sbluhm    empty (LOCAL_ADDR6) || empty (REMOTE_ADDR6) || empty (FAKE_ADDR6) || \
1e607023Sbluhm    empty (REMOTE_SSH)
1e607023Sbluhmregress:
aa8f1300Sbluhm	@echo This tests needs a remote machine to operate on.
1e607023Sbluhm	@echo LOCAL_ADDR REMOTE_ADDR FAKE_ADDR LOCAL_ADDR6
aa8f1300Sbluhm	@echo REMOTE_ADDR6 FAKE_ADDR6 REMOTE_SSH are empty.
aa8f1300Sbluhm	@echo Fill out these variables for additional tests.
54eefd0cSbluhm	@echo SKIPPED
1e607023Sbluhm.endif
1e607023Sbluhm
1e607023Sbluhm# Automatically generate regress targets from test cases in directory.
1e607023Sbluhm
068b97e5SbluhmPERLS =			Client.pm Packet.pm Proc.pm Remote.pm Server.pm \
068b97e5Sbluhm			funcs.pl remote.pl
1e607023SbluhmARGS !=			cd ${.CURDIR} && ls args-*.pl
d76821b9SbluhmTARGETS ?=		\
d76821b9Sbluhm	inet-args-tcp-to inet6-args-tcp-to \
d0e91fd6Sbluhm	inet-args-tcp-reply inet6-args-tcp-reply \
d0e91fd6Sbluhm	inet-args-udp-to inet6-args-udp-to \
d0e91fd6Sbluhm	inet-args-udp-reply inet6-args-udp-reply \
c30a42c2Sbluhm	inet-args-udp-reply-to inet6-args-udp-reply-to \
d0e91fd6Sbluhm	inet-args-rip-to inet6-args-rip-to \
d0e91fd6Sbluhm	inet-args-rip-reply inet6-args-rip-reply \
c30a42c2Sbluhm	inet-args-rip-reply-to inet6-args-rip-reply-to \
d0e91fd6Sbluhm	inet-args-icmp-to inet6-args-icmp-to \
c30a42c2Sbluhm	inet-args-icmp-reply-to inet6-args-icmp-reply-to \
c30a42c2Sbluhm	inet-args-icmp-reply-reuse inet6-args-icmp-reply-reuse \
6a1cb87eSbluhm	inet-reuse-tcp-to-to inet6-reuse-tcp-to-to \
6a1cb87eSbluhm	inet-reuse-tcp-to-reply inet6-reuse-tcp-to-reply \
6a1cb87eSbluhm	inet-reuse-tcp-reply-to inet6-reuse-tcp-reply-to \
6a1cb87eSbluhm	inet-reuse-tcp-reply-reply inet6-reuse-tcp-reply-reply \
6a1cb87eSbluhm	inet-reuse-udp-to-to inet6-reuse-udp-to-to \
6a1cb87eSbluhm	inet-reuse-udp-to-reply inet6-reuse-udp-to-reply \
6a1cb87eSbluhm	inet-reuse-udp-to-reply-to inet6-reuse-udp-to-reply-to \
6a1cb87eSbluhm	inet-reuse-udp-reply-to inet6-reuse-udp-reply-to \
6a1cb87eSbluhm	inet-reuse-udp-reply-reply inet6-reuse-udp-reply-reply \
6a1cb87eSbluhm	inet-reuse-udp-reply-reply-to inet6-reuse-udp-reply-reply-to \
6a1cb87eSbluhm	inet-reuse-udp-reply-to-to inet6-reuse-udp-reply-to-to \
6a1cb87eSbluhm	inet-reuse-udp-reply-to-reply inet6-reuse-udp-reply-to-reply \
6a1cb87eSbluhm	inet-reuse-udp-reply-to-reply-to inet6-reuse-udp-reply-to-reply-to \
6a1cb87eSbluhm	inet-reuse-rip-to-to inet6-reuse-rip-to-to \
6a1cb87eSbluhm	inet-reuse-rip-to-reply inet6-reuse-rip-to-reply \
6a1cb87eSbluhm	inet-reuse-rip-to-reply-to inet6-reuse-rip-to-reply-to \
6a1cb87eSbluhm	inet-reuse-rip-reply-to inet6-reuse-rip-reply-to \
6a1cb87eSbluhm	inet-reuse-rip-reply-reply inet6-reuse-rip-reply-reply \
6a1cb87eSbluhm	inet-reuse-rip-reply-reply-to inet6-reuse-rip-reply-reply-to \
6a1cb87eSbluhm	inet-reuse-rip-reply-to-to inet6-reuse-rip-reply-to-to \
6a1cb87eSbluhm	inet-reuse-rip-reply-to-reply inet6-reuse-rip-reply-to-reply \
068b97e5Sbluhm	inet-reuse-rip-reply-to-reply-to inet6-reuse-rip-reply-to-reply-to \
0c490069Sbluhm	inet-args-udp-packet-in inet6-args-udp-packet-in \
40df215eSbluhm	inet-args-udp-packet-out inet6-args-udp-packet-out
31432b1dSbluhmREGRESS_TARGETS =	${TARGETS:S/^/run-/}
d76821b9SbluhmCLEANFILES +=		*.log *.port *.ktrace ktrace.out stamp-*
1e607023Sbluhm
336dfed2Sbluhm.MAIN: all
336dfed2Sbluhm
1e607023Sbluhm.if ! empty (REMOTE_SSH)
336dfed2Sbluhm.if make (regress) || make (all)
336dfed2Sbluhm.BEGIN:
336dfed2Sbluhm	@echo
336dfed2Sbluhm	${SUDO} true
1e607023Sbluhm	ssh -t ${REMOTE_SSH} ${SUDO} true
1e607023Sbluhm.if ! empty (FAKE_ADDR) && ! empty (REMOTE_ADDR)
336dfed2Sbluhm	-${SUDO} route -n delete -inet -host ${FAKE_ADDR} 2>/dev/null
336dfed2Sbluhm	${SUDO} route -n add -inet -host ${FAKE_ADDR} ${REMOTE_ADDR}
1e607023Sbluhm.endif
1e607023Sbluhm.if ! empty (FAKE_ADDR6) && ! empty (REMOTE_ADDR6)
336dfed2Sbluhm	-${SUDO} route -n delete -inet6 -host ${FAKE_ADDR6} 2>/dev/null
336dfed2Sbluhm	${SUDO} route -n add -inet6 -host ${FAKE_ADDR6} ${REMOTE_ADDR6}
336dfed2Sbluhm.endif
1e607023Sbluhm.endif
1e607023Sbluhm.endif
336dfed2Sbluhm
336dfed2Sbluhm# Set variables so that make runs with and without obj directory.
336dfed2Sbluhm# Only do that if necessary to keep visible output short.
336dfed2Sbluhm
336dfed2Sbluhm.if ${.CURDIR} == ${.OBJDIR}
336dfed2SbluhmPERLINC =	-I.
336dfed2SbluhmPERLPATH =
336dfed2Sbluhm.else
336dfed2SbluhmPERLINC =	-I${.CURDIR}
336dfed2SbluhmPERLPATH =	${.CURDIR}/
336dfed2Sbluhm.endif
336dfed2Sbluhm
336dfed2Sbluhm# The arg tests take a perl hash with arguments controlling the test
336dfed2Sbluhm# parameters.  The remote.pl test has local client or server and the
336dfed2Sbluhm# diverted process is running on the remote machine reachable with
336dfed2Sbluhm# ssh.
336dfed2Sbluhm
d0e91fd6Sbluhm.for  inet addr  in  inet ADDR  inet6 ADDR6
d0e91fd6Sbluhm
31432b1dSbluhmrun-${inet}-reuse-rip-to-reply-to:
6a1cb87eSbluhm	@echo 'rip to before reply is broken, it does not remove the state.'
6a1cb87eSbluhm	@echo DISABLED
6a1cb87eSbluhm
336dfed2Sbluhm.for a in ${ARGS}
31432b1dSbluhmrun-${inet}-${a:R}: ${a}
068b97e5Sbluhm.if ${@:M*-packet-*}
d76821b9Sbluhm	time ${SUDO} SUDO=${SUDO} KTRACE=${KTRACE} \
d76821b9Sbluhm	    perl ${PERLINC} ${PERLPATH}remote.pl -f ${inet} \
d76821b9Sbluhm	    ${LOCAL_${addr}} ${REMOTE_${addr}} ${REMOTE_SSH} \
d76821b9Sbluhm	    ${PERLPATH}${a}
068b97e5Sbluhm.else
d76821b9Sbluhm	time ${SUDO} SUDO=${SUDO} KTRACE=${KTRACE} \
d76821b9Sbluhm	    perl ${PERLINC} ${PERLPATH}remote.pl -f ${inet} \
d76821b9Sbluhm	    ${LOCAL_${addr}} ${FAKE_${addr}} ${REMOTE_SSH} \
d76821b9Sbluhm	    ${PERLPATH}${a}
068b97e5Sbluhm.endif
d0e91fd6Sbluhm.endfor
d0e91fd6Sbluhm
2316dd1bSbluhmSTATE_EXIST_tcp_to =		!
2316dd1bSbluhmSTATE_EXIST_udp_to =
2316dd1bSbluhmSTATE_EXIST_rip_to =
2316dd1bSbluhmSTATE_EXIST_tcp_reply =		!
2316dd1bSbluhmSTATE_EXIST_udp_reply =		!
2316dd1bSbluhmSTATE_EXIST_rip_reply =		!
2316dd1bSbluhmSTATE_EXIST_tcp_reply-to =	!
2316dd1bSbluhmSTATE_EXIST_udp_reply-to =	!
2316dd1bSbluhmSTATE_EXIST_rip_reply-to =	!
2316dd1bSbluhm
d0e91fd6Sbluhm.for proto in tcp udp rip
6a1cb87eSbluhm
6a1cb87eSbluhm.for  first second  in  to to  to reply  to reply-to  reply to  reply reply  reply reply-to  reply-to to  reply-to reply  reply-to reply-to
6a1cb87eSbluhm
31432b1dSbluhmrun-${inet}-reuse-${proto}-${first}-${second}:
2316dd1bSbluhm	# create state with ${first} divert rule
d76821b9Sbluhm	time ${SUDO} SUDO=${SUDO} KTRACE=${KTRACE} \
d76821b9Sbluhm	    perl ${PERLINC} ${PERLPATH}remote.pl -f ${inet} \
d76821b9Sbluhm	    ${LOCAL_${addr}} ${FAKE_${addr}} ${REMOTE_SSH} \
d76821b9Sbluhm	    ${PERLPATH}args-${proto}-${first}.pl
d0e91fd6Sbluhm	sed -n '/^connect peer:/s/.* //p' client.log >client.port
d0e91fd6Sbluhm	sed -n '/^connect sock:/s/.* //p' client.log >server.port
d0e91fd6Sbluhm.if "tcp" == ${proto}
2316dd1bSbluhm	# drop client tcp socket still in time wait to allow reuse
2316dd1bSbluhm.if "reply" == ${first} || "reply-to" == ${first}
d76821b9Sbluhm	${SUDO} tcpdrop \
d76821b9Sbluhm	    ${LOCAL_${addr}} `cat client.port` \
d76821b9Sbluhm	    ${FAKE_${addr}} `cat server.port`
0c2ea69fSbluhm	# to avoid SYN retransmit, kill local tcp state that will be reused
0c2ea69fSbluhm.if "inet" == ${inet}
0c2ea69fSbluhm	${SUDO} pfctl -k key -k '${proto} ${LOCAL_${addr}}:'`cat client.port`' <- ${FAKE_${addr}}:'`cat server.port`''
0c2ea69fSbluhm.elif "inet6" == ${inet}
0c2ea69fSbluhm	${SUDO} pfctl -k key -k '${proto} ${LOCAL_${addr}}['`cat client.port`'] <- ${FAKE_${addr}}['`cat server.port`']'
0c2ea69fSbluhm.endif
2316dd1bSbluhm.else # "to" == ${first}
0c2ea69fSbluhm	# to avoid SYN retransmit, kill local tcp state that will be reused
0c2ea69fSbluhm.if "inet" == ${inet}
0c2ea69fSbluhm	${SUDO} pfctl -k key -k '${proto} ${LOCAL_${addr}}:'`cat server.port`' -> ${FAKE_${addr}}:'`cat client.port`''
0c2ea69fSbluhm.elif "inet6" == ${inet}
0c2ea69fSbluhm	${SUDO} pfctl -k key -k '${proto} ${LOCAL_${addr}}['`cat server.port`'] -> ${FAKE_${addr}}['`cat client.port`']'
0c2ea69fSbluhm.endif
2316dd1bSbluhm	# tcp socket is in time wait so state must still exist
2316dd1bSbluhm	ssh ${REMOTE_SSH} ${SUDO} pfctl -ss | \
0c2ea69fSbluhm	    egrep 'all ${proto} ${FAKE_${addr}}:?\[?'`cat client.port`'\]? .. ${LOCAL_${addr}}:?\[?'`cat server.port`'\]? '
d76821b9Sbluhm	ssh ${REMOTE_SSH} ${SUDO} tcpdrop \
d76821b9Sbluhm	    ${FAKE_${addr}} `cat client.port` \
d76821b9Sbluhm	    ${LOCAL_${addr}} `cat server.port`
2316dd1bSbluhm	# divert-to state disappeared when the tcp socket was dropped
2316dd1bSbluhm	ssh ${REMOTE_SSH} ${SUDO} pfctl -ss | ! \
0c2ea69fSbluhm	    egrep 'all ${proto} ${FAKE_${addr}}:?\[?'`cat client.port`'\]? .. ${LOCAL_${addr}}:?\[?'`cat server.port`'\]? '
6a1cb87eSbluhm.endif
6a1cb87eSbluhm.endif
2316dd1bSbluhm.if "to" == ${first}
2316dd1bSbluhm.if "tcp" == ${proto}
2316dd1bSbluhm	# divert-to state has disappeared as tcp socket is always connected
2316dd1bSbluhm.else
2316dd1bSbluhm	# divert-to state still exists as the socket is unconnected
2316dd1bSbluhm.endif
2316dd1bSbluhm.else
2316dd1bSbluhm	# divert-reply state has disappeared when the connected socket closed
2316dd1bSbluhm.endif
2316dd1bSbluhm	ssh ${REMOTE_SSH} ${SUDO} pfctl -ss | ${STATE_EXIST_${proto}_${first}} \
2316dd1bSbluhm	    egrep ' (tcp|udp|254) ${FAKE_${addr}}[][0-9:]* .. ${LOCAL_${addr}}[][0-9:]* '
2316dd1bSbluhm	# create state again with ${second} divert rule
d76821b9Sbluhm	time ${SUDO} SUDO=${SUDO} KTRACE=${KTRACE} \
d76821b9Sbluhm	    perl ${PERLINC} ${PERLPATH}remote.pl ${inet} \
d76821b9Sbluhm	    ${LOCAL_${addr}} ${FAKE_${addr}} ${REMOTE_SSH} \
d76821b9Sbluhm	    `cat client.port` `cat server.port` \
d76821b9Sbluhm	    ${PERLPATH}args-${proto}-${second}.pl
3c0bd7e8Sbluhm.if "tcp" == ${proto}
2316dd1bSbluhm.if "reply" == ${second} || "reply-to" == ${second}
2316dd1bSbluhm	# drop client tcp socket still in time wait to clean up
d76821b9Sbluhm	${SUDO} tcpdrop \
d76821b9Sbluhm	    ${LOCAL_${addr}} `cat server.port` \
d76821b9Sbluhm	    ${FAKE_${addr}} `cat client.port`
2316dd1bSbluhm.else # "to" == ${second}
2316dd1bSbluhm	# dropping the server tcp socket in time wait must remove the state
6a1cb87eSbluhm	ssh ${REMOTE_SSH} ${SUDO} pfctl -ss | \
0c2ea69fSbluhm	    egrep 'all ${proto} ${FAKE_${addr}}:?\[?'`cat server.port`'\]? .. ${LOCAL_${addr}}:?\[?'`cat client.port`'\]? '
d76821b9Sbluhm	ssh ${REMOTE_SSH} ${SUDO} tcpdrop \
d76821b9Sbluhm	    ${FAKE_${addr}} `cat server.port` \
d76821b9Sbluhm	    ${LOCAL_${addr}} `cat client.port`
2316dd1bSbluhm	ssh ${REMOTE_SSH} ${SUDO} pfctl -ss | ! \
0c2ea69fSbluhm	    egrep 'all ${proto} ${FAKE_${addr}}:?\[?'`cat server.port`'\]? .. ${LOCAL_${addr}}:?\[?'`cat client.port`'\]? '
cee6974dSbluhm.endif
cee6974dSbluhm.endif
2316dd1bSbluhm	# states must disappear after connected socket has been closed
2316dd1bSbluhm	ssh ${REMOTE_SSH} ${SUDO} pfctl -ss | ${STATE_EXIST_${proto}_${second}} \
2316dd1bSbluhm	    egrep ' (tcp|udp|254) ${FAKE_${addr}}[][0-9:]* .. ${LOCAL_${addr}}[][0-9:]* '
d0e91fd6Sbluhm
336dfed2Sbluhm.endfor
6a1cb87eSbluhm.endfor
6a1cb87eSbluhm.endfor
336dfed2Sbluhm
79a2adffSbluhm.PHONY: syntax check-setup
336dfed2Sbluhm
3c0bd7e8Sbluhm# make perl syntax check for all args files
336dfed2Sbluhmsyntax: stamp-syntax
336dfed2Sbluhm
068b97e5Sbluhmstamp-syntax: ${PERLS} ${ARGS}
068b97e5Sbluhm.for p in ${PERLS}
068b97e5Sbluhm	@perl -c ${PERLINC} ${PERLPATH}$p
068b97e5Sbluhm.endfor
336dfed2Sbluhm.for a in ${ARGS}
336dfed2Sbluhm	@perl -c ${PERLPATH}$a
336dfed2Sbluhm.endfor
336dfed2Sbluhm	@date >$@
336dfed2Sbluhm
79a2adffSbluhm# Check wether the address, route and remote setup is correct
79a2adffSbluhmcheck-setup:
02079822Sbluhm	@echo '\n======== $@ ========'
79a2adffSbluhm	ping -n -c 1 ${LOCAL_ADDR}
79a2adffSbluhm	ping -n -c 1 ${REMOTE_ADDR}
79a2adffSbluhm	ping6 -n -c 1 ${LOCAL_ADDR6}
79a2adffSbluhm	ping6 -n -c 1 ${REMOTE_ADDR6}
3c0bd7e8Sbluhm	route -n get -inet ${FAKE_ADDR} | grep 'if address: ${LOCAL_ADDR}$$'
3c0bd7e8Sbluhm	route -n get -inet ${FAKE_ADDR} | grep 'gateway: ${REMOTE_ADDR}$$'
3c0bd7e8Sbluhm	route -n get -inet6 ${FAKE_ADDR6} | grep 'if address: ${LOCAL_ADDR6}$$'
3c0bd7e8Sbluhm	route -n get -inet6 ${FAKE_ADDR6} | grep 'gateway: ${REMOTE_ADDR6}$$'
79a2adffSbluhm	ssh ${REMOTE_SSH} ${SUDO} pfctl -sr | grep '^anchor "regress" all$$'
79a2adffSbluhm	ssh ${REMOTE_SSH} ${SUDO} pfctl -si | grep '^Status: Enabled '
*1073f88eSbluhm	ssh ${REMOTE_SSH} perl -MSocket6 -e 1
79a2adffSbluhm
336dfed2Sbluhm.include <bsd.regress.mk>