1Regression tests for pf tcp state. 2 3The test suite runs on the machine LOCAL, the kernel under test is 4running on REMOTE. On LOCAL a Scapy program is simulating a 5connection to REMOTE TCP echo service. The source address is a non 6existing address on FAKE_NET. The LOCAL machine acts as a router 7between REMOTE and virtual FAKE_NET_ADDR and can create ICMP packets. 8 9The run-regress-challenge-ack subtest checks that the pf firewall 10sends TCP a challenge Ack if the sequence number is out of range. 11 12EXAMPLE 13 14To run this test I use the following configuration files. 15You should choose a different set of MAC and IP addresses. 16 17- My local machine where I run the regression test: 18 19/etc/hosts 20# to login to qemu with SSH via IPv6 link-local 21fe80::725f:caff:fe21:8d70%tap0 q70 22 23cat /etc/hostname.tap4 24lladdr fe:e1:ba:d0:d5:6d up 25inet 10.188.211.17 255.255.255.0 26inet6 fdd7:e83e:66bc:211::17 27!route add -inet 10.188.219.0/24 127.0.0.1 -blackhole 28!route add -inet6 fdd7:e83e:66bc:219::/64 ::1 -blackhole 29 30- My qemu where the kernel under test is running 31 32/etc/hostname.vio1 33lladdr 70:5f:ca:21:8d:80 34inet 10.188.211.70 255.255.255.0 35inet6 fdd7:e83e:66bc:211::70 36!route add -inet 10.188.219.0/24 10.188.211.17 37!route add -inet6 fdd7:e83e:66bc:219::/64 fdd7:e83e:66bc:211::17 38 39/etc/inetd.conf 40chargen stream tcp nowait root internal 41chargen stream tcp6 nowait root internal 42echo dgram udp6 wait root internal 43 44/etc/rc.conf.local 45inetd_flags= 46sshd_flags= 47 48LOCAL_IF=tap4 49LOCAL_MAC=fe:e1:ba:d0:d5:6d 50REMOTE_MAC=70:5f:ca:21:8d:80 51REMOTE_SSH=q70 52 53LOCAL_ADDR=10.188.211.17 54REMOTE_ADDR=10.188.211.70 55FAKE_NET=10.188.219.0/24 56FAKE_NET_ADDR=10.188.219.188 57 58LOCAL_ADDR6=fdd7:e83e:66bc:211::17 59REMOTE_ADDR6=fdd7:e83e:66bc:211::70 60FAKE_NET6=fdd7:e83e:66bc:219::/64 61FAKE_NET_ADDR6=fdd7:e83e:66bc:219::188 62 63- Fix your configuration until make check-setup passes 64