1*6a1cb87eSbluhm# $OpenBSD: Makefile,v 1.15 2016/11/16 16:00:41 bluhm Exp $ 2336dfed2Sbluhm 3336dfed2Sbluhm# The following ports must be installed for the regression tests: 4336dfed2Sbluhm# p5-IO-Socket-INET6 object interface for AF_INET and AF_INET6 domain sockets 5336dfed2Sbluhm# p5-Socket6 Perl defines relating to AF_INET6 sockets 61e607023Sbluhm# 71e607023Sbluhm# Check wether all required perl packages are installed. If some 81e607023Sbluhm# are missing print a warning and skip the tests, but do not fail. 9336dfed2Sbluhm 101e607023SbluhmPERL_REQUIRE != perl -Mstrict -Mwarnings -e ' \ 111e607023Sbluhm eval { require IO::Socket::INET6 } or print $@; \ 121e607023Sbluhm eval { require Socket6 } or print $@; \ 131e607023Sbluhm' 141e607023Sbluhm.if ! empty(PERL_REQUIRE) 151e607023Sbluhmregress: 161e607023Sbluhm @echo "${PERL_REQUIRE}" 171e607023Sbluhm @echo install these perl packages for additional tests 1854eefd0cSbluhm @echo SKIPPED 19336dfed2Sbluhm.endif 20336dfed2Sbluhm 21336dfed2Sbluhm# Fill out these variables as you have to test divert with the pf 22336dfed2Sbluhm# kernel running on a remote machine. You have to specify a local 23336dfed2Sbluhm# and remote ip address for the test connections. The fake ip address 24336dfed2Sbluhm# will be routed via the remote address to test divert with non-existing 25336dfed2Sbluhm# addresses. To control the remote machine you need a hostname for 26336dfed2Sbluhm# ssh to log in. All the test files must be in the same directory 27336dfed2Sbluhm# local and remote. 28336dfed2Sbluhm# You must have an anchor "regress" for the divert rules in the pf.conf 29336dfed2Sbluhm# of the remote machine. The kernel of the remote machine gets testet. 3002079822Sbluhm# 3102079822Sbluhm# Run make check-setup to see if you got the setup correct. 32336dfed2Sbluhm 3311f7eadfSbluhmLOCAL_ADDR ?= 3411f7eadfSbluhmREMOTE_ADDR ?= 3511f7eadfSbluhmFAKE_ADDR ?= 3611f7eadfSbluhmLOCAL_ADDR6 ?= 3711f7eadfSbluhmREMOTE_ADDR6 ?= 3811f7eadfSbluhmFAKE_ADDR6 ?= 3911f7eadfSbluhmREMOTE_SSH ?= 40336dfed2Sbluhm 411e607023Sbluhm.if empty (LOCAL_ADDR) || empty (REMOTE_ADDR) || empty (FAKE_ADDR) || \ 421e607023Sbluhm empty (LOCAL_ADDR6) || empty (REMOTE_ADDR6) || empty (FAKE_ADDR6) || \ 431e607023Sbluhm empty (REMOTE_SSH) 441e607023Sbluhmregress: 45aa8f1300Sbluhm @echo This tests needs a remote machine to operate on. 461e607023Sbluhm @echo LOCAL_ADDR REMOTE_ADDR FAKE_ADDR LOCAL_ADDR6 47aa8f1300Sbluhm @echo REMOTE_ADDR6 FAKE_ADDR6 REMOTE_SSH are empty. 48aa8f1300Sbluhm @echo Fill out these variables for additional tests. 4954eefd0cSbluhm @echo SKIPPED 501e607023Sbluhm.endif 511e607023Sbluhm 521e607023Sbluhm# Automatically generate regress targets from test cases in directory. 531e607023Sbluhm 541e607023SbluhmARGS != cd ${.CURDIR} && ls args-*.pl 55d0e91fd6SbluhmTARGETS ?= inet-args-tcp-to inet6-args-tcp-to \ 56d0e91fd6Sbluhm inet-args-tcp-reply inet6-args-tcp-reply \ 57d0e91fd6Sbluhm inet-args-udp-to inet6-args-udp-to \ 58d0e91fd6Sbluhm inet-args-udp-reply inet6-args-udp-reply \ 59c30a42c2Sbluhm inet-args-udp-reply-to inet6-args-udp-reply-to \ 60d0e91fd6Sbluhm inet-args-rip-to inet6-args-rip-to \ 61d0e91fd6Sbluhm inet-args-rip-reply inet6-args-rip-reply \ 62c30a42c2Sbluhm inet-args-rip-reply-to inet6-args-rip-reply-to \ 63d0e91fd6Sbluhm inet-args-icmp-to inet6-args-icmp-to \ 64c30a42c2Sbluhm inet-args-icmp-reply-to inet6-args-icmp-reply-to \ 65c30a42c2Sbluhm inet-args-icmp-reply-reuse inet6-args-icmp-reply-reuse \ 66*6a1cb87eSbluhm inet-reuse-tcp-to-to inet6-reuse-tcp-to-to \ 67*6a1cb87eSbluhm inet-reuse-tcp-to-reply inet6-reuse-tcp-to-reply \ 68*6a1cb87eSbluhm inet-reuse-tcp-reply-to inet6-reuse-tcp-reply-to \ 69*6a1cb87eSbluhm inet-reuse-tcp-reply-reply inet6-reuse-tcp-reply-reply \ 70*6a1cb87eSbluhm inet-reuse-udp-to-to inet6-reuse-udp-to-to \ 71*6a1cb87eSbluhm inet-reuse-udp-to-reply inet6-reuse-udp-to-reply \ 72*6a1cb87eSbluhm inet-reuse-udp-to-reply-to inet6-reuse-udp-to-reply-to \ 73*6a1cb87eSbluhm inet-reuse-udp-reply-to inet6-reuse-udp-reply-to \ 74*6a1cb87eSbluhm inet-reuse-udp-reply-reply inet6-reuse-udp-reply-reply \ 75*6a1cb87eSbluhm inet-reuse-udp-reply-reply-to inet6-reuse-udp-reply-reply-to \ 76*6a1cb87eSbluhm inet-reuse-udp-reply-to-to inet6-reuse-udp-reply-to-to \ 77*6a1cb87eSbluhm inet-reuse-udp-reply-to-reply inet6-reuse-udp-reply-to-reply \ 78*6a1cb87eSbluhm inet-reuse-udp-reply-to-reply-to inet6-reuse-udp-reply-to-reply-to \ 79*6a1cb87eSbluhm inet-reuse-rip-to-to inet6-reuse-rip-to-to \ 80*6a1cb87eSbluhm inet-reuse-rip-to-reply inet6-reuse-rip-to-reply \ 81*6a1cb87eSbluhm inet-reuse-rip-to-reply-to inet6-reuse-rip-to-reply-to \ 82*6a1cb87eSbluhm inet-reuse-rip-reply-to inet6-reuse-rip-reply-to \ 83*6a1cb87eSbluhm inet-reuse-rip-reply-reply inet6-reuse-rip-reply-reply \ 84*6a1cb87eSbluhm inet-reuse-rip-reply-reply-to inet6-reuse-rip-reply-reply-to \ 85*6a1cb87eSbluhm inet-reuse-rip-reply-to-to inet6-reuse-rip-reply-to-to \ 86*6a1cb87eSbluhm inet-reuse-rip-reply-to-reply inet6-reuse-rip-reply-to-reply \ 87*6a1cb87eSbluhm inet-reuse-rip-reply-to-reply-to inet6-reuse-rip-reply-to-reply-to 881e607023SbluhmREGRESS_TARGETS = ${TARGETS:S/^/run-regress-/} 89d0e91fd6SbluhmCLEANFILES += *.log *.port ktrace.out stamp-* 901e607023Sbluhm 91336dfed2Sbluhm.MAIN: all 92336dfed2Sbluhm 931e607023Sbluhm.if ! empty (REMOTE_SSH) 94336dfed2Sbluhm.if make (regress) || make (all) 95336dfed2Sbluhm.BEGIN: 96336dfed2Sbluhm @echo 97336dfed2Sbluhm ${SUDO} true 981e607023Sbluhm ssh -t ${REMOTE_SSH} ${SUDO} true 991e607023Sbluhm.if ! empty (FAKE_ADDR) && ! empty (REMOTE_ADDR) 100336dfed2Sbluhm -${SUDO} route -n delete -inet -host ${FAKE_ADDR} 2>/dev/null 101336dfed2Sbluhm ${SUDO} route -n add -inet -host ${FAKE_ADDR} ${REMOTE_ADDR} 1021e607023Sbluhm.endif 1031e607023Sbluhm.if ! empty (FAKE_ADDR6) && ! empty (REMOTE_ADDR6) 104336dfed2Sbluhm -${SUDO} route -n delete -inet6 -host ${FAKE_ADDR6} 2>/dev/null 105336dfed2Sbluhm ${SUDO} route -n add -inet6 -host ${FAKE_ADDR6} ${REMOTE_ADDR6} 106336dfed2Sbluhm.endif 1071e607023Sbluhm.endif 1081e607023Sbluhm.endif 109336dfed2Sbluhm 110336dfed2Sbluhm# Set variables so that make runs with and without obj directory. 111336dfed2Sbluhm# Only do that if necessary to keep visible output short. 112336dfed2Sbluhm 113336dfed2Sbluhm.if ${.CURDIR} == ${.OBJDIR} 114336dfed2SbluhmPERLINC = -I. 115336dfed2SbluhmPERLPATH = 116336dfed2Sbluhm.else 117336dfed2SbluhmPERLINC = -I${.CURDIR} 118336dfed2SbluhmPERLPATH = ${.CURDIR}/ 119336dfed2Sbluhm.endif 120336dfed2Sbluhm 121336dfed2Sbluhm# The arg tests take a perl hash with arguments controlling the test 122336dfed2Sbluhm# parameters. The remote.pl test has local client or server and the 123336dfed2Sbluhm# diverted process is running on the remote machine reachable with 124336dfed2Sbluhm# ssh. 125336dfed2Sbluhm 126d0e91fd6Sbluhm.for inet addr in inet ADDR inet6 ADDR6 127d0e91fd6Sbluhm 128*6a1cb87eSbluhmrun-regress-${inet}-reuse-rip-to-reply-to: 129*6a1cb87eSbluhm @echo '\n======== $@ ========' 130*6a1cb87eSbluhm @echo 'rip to before reply is broken, it does not remove the state.' 131*6a1cb87eSbluhm @echo DISABLED 132*6a1cb87eSbluhm 133336dfed2Sbluhm.for a in ${ARGS} 134d0e91fd6Sbluhmrun-regress-${inet}-${a:R}: ${a} 1359b269b52Sbluhm @echo '\n======== $@ ========' 136d8cb2e0fSbluhm time ${SUDO} SUDO=${SUDO} perl ${PERLINC} ${PERLPATH}remote.pl -f ${inet} ${LOCAL_${addr}} ${FAKE_${addr}} ${REMOTE_SSH} ${PERLPATH}${a} 137d0e91fd6Sbluhm.endfor 138d0e91fd6Sbluhm 139d0e91fd6Sbluhm.for proto in tcp udp rip 140*6a1cb87eSbluhm 141*6a1cb87eSbluhm.for first second in to to to reply to reply-to reply to reply reply reply reply-to reply-to to reply-to reply reply-to reply-to 142*6a1cb87eSbluhm 143*6a1cb87eSbluhmrun-regress-${inet}-reuse-${proto}-${first}-${second}: 1449b269b52Sbluhm @echo '\n======== $@ ========' 145*6a1cb87eSbluhm time ${SUDO} SUDO=${SUDO} perl ${PERLINC} ${PERLPATH}remote.pl -f ${inet} ${LOCAL_${addr}} ${FAKE_${addr}} ${REMOTE_SSH} ${PERLPATH}args-${proto}-${first}.pl 146d0e91fd6Sbluhm sed -n '/^connect peer:/s/.* //p' client.log >client.port 147d0e91fd6Sbluhm sed -n '/^connect sock:/s/.* //p' client.log >server.port 148d0e91fd6Sbluhm.if "tcp" == ${proto} 149*6a1cb87eSbluhm.if "reply" == ${first} 150d0e91fd6Sbluhm ${SUDO} tcpdrop ${LOCAL_${addr}} `cat client.port` ${FAKE_${addr}} `cat server.port` 151336dfed2Sbluhm.endif 152*6a1cb87eSbluhm.if "to" == ${first} 153*6a1cb87eSbluhm ssh ${REMOTE_SSH} ${SUDO} tcpdrop ${FAKE_${addr}} `cat client.port` ${LOCAL_${addr}} `cat server.port` 154*6a1cb87eSbluhm.endif 155*6a1cb87eSbluhm.endif 156*6a1cb87eSbluhm time ${SUDO} SUDO=${SUDO} perl ${PERLINC} ${PERLPATH}remote.pl ${inet} ${LOCAL_${addr}} ${FAKE_${addr}} ${REMOTE_SSH} `cat client.port` `cat server.port` ${PERLPATH}args-${proto}-${second}.pl 1573c0bd7e8Sbluhm.if "tcp" == ${proto} 158*6a1cb87eSbluhm.if "reply" == ${second} 159*6a1cb87eSbluhm ${SUDO} tcpdrop ${LOCAL_${addr}} `cat server.port` ${FAKE_${addr}} `cat client.port` 160*6a1cb87eSbluhm.endif 161*6a1cb87eSbluhm.if "to" == ${second} 162*6a1cb87eSbluhm ssh ${REMOTE_SSH} ${SUDO} pfctl -ss | \ 163*6a1cb87eSbluhm egrep 'all ${proto} ${FAKE_${addr}}:?\[?'`cat server.port`\]?' .. ${LOCAL_${addr}}:?\[?'`cat client.port`'\]? ' 1643c0bd7e8Sbluhm ssh ${REMOTE_SSH} ${SUDO} tcpdrop ${FAKE_${addr}} `cat server.port` ${LOCAL_${addr}} `cat client.port` 165*6a1cb87eSbluhm ssh ${REMOTE_SSH} ${SUDO} pfctl -ss | \ 166*6a1cb87eSbluhm ! egrep 'all ${proto} ${FAKE_${addr}}:?\[?'`cat server.port`\]?' .. ${LOCAL_${addr}}:?\[?'`cat client.port`'\]? ' 167cee6974dSbluhm.endif 168cee6974dSbluhm.endif 169d0e91fd6Sbluhm 170336dfed2Sbluhm.endfor 171*6a1cb87eSbluhm.endfor 172*6a1cb87eSbluhm.endfor 173336dfed2Sbluhm 17479a2adffSbluhm.PHONY: syntax check-setup 175336dfed2Sbluhm 1763c0bd7e8Sbluhm# make perl syntax check for all args files 177336dfed2Sbluhmsyntax: stamp-syntax 178336dfed2Sbluhm 179336dfed2Sbluhmstamp-syntax: ${ARGS} 180336dfed2Sbluhm.for a in ${ARGS} 181336dfed2Sbluhm @perl -c ${PERLPATH}$a 182336dfed2Sbluhm.endfor 183336dfed2Sbluhm @date >$@ 184336dfed2Sbluhm 18579a2adffSbluhm# Check wether the address, route and remote setup is correct 18679a2adffSbluhmcheck-setup: 18702079822Sbluhm @echo '\n======== $@ ========' 18879a2adffSbluhm ping -n -c 1 ${LOCAL_ADDR} 18979a2adffSbluhm ping -n -c 1 ${REMOTE_ADDR} 19079a2adffSbluhm ping6 -n -c 1 ${LOCAL_ADDR6} 19179a2adffSbluhm ping6 -n -c 1 ${REMOTE_ADDR6} 1923c0bd7e8Sbluhm route -n get -inet ${FAKE_ADDR} | grep 'if address: ${LOCAL_ADDR}$$' 1933c0bd7e8Sbluhm route -n get -inet ${FAKE_ADDR} | grep 'gateway: ${REMOTE_ADDR}$$' 1943c0bd7e8Sbluhm route -n get -inet6 ${FAKE_ADDR6} | grep 'if address: ${LOCAL_ADDR6}$$' 1953c0bd7e8Sbluhm route -n get -inet6 ${FAKE_ADDR6} | grep 'gateway: ${REMOTE_ADDR6}$$' 19679a2adffSbluhm ssh ${REMOTE_SSH} ${SUDO} pfctl -sr | grep '^anchor "regress" all$$' 19779a2adffSbluhm ssh ${REMOTE_SSH} ${SUDO} pfctl -si | grep '^Status: Enabled ' 198aa8f1300Sbluhm ssh ${REMOTE_SSH} perl -MIO::Socket::INET6 -MSocket6 -e 1 19979a2adffSbluhm 200336dfed2Sbluhm.include <bsd.regress.mk> 201