1# $OpenBSD: Makefile,v 1.11 2023/10/19 18:36:40 anton Exp $ 2 3# Copyright (c) 2017-2020 Alexander Bluhm <bluhm@openbsd.org> 4# 5# Permission to use, copy, modify, and distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 17# Set up two loopback interfaces in different routing domains. 18# Try to ping existing and non existing addresses in these domains. 19# Also test pinging to different rdomains via pf. Check that the 20# ttl is decremented while looping though loopback interfaces. 21 22# This test uses routing domain and interface number 11 and 12. 23# Adjust it here, if you want to use something else. 24N1 = 11 25N2 = 12 26NUMS = ${N1} ${N2} 27 28.include <bsd.own.mk> 29 30.if ! (make(clean) || make(cleandir) || make(obj)) 31 32SYSCTL_FORWARDING != sysctl net.inet.ip.forwarding 33.if ${SYSCTL_FORWARDING:C/.*=//} != 1 34regress: 35 @echo sysctl: "${SYSCTL_FORWARDING}" 36 @echo Set sysctl to 1 to run this regress. 37 @echo SKIPPED 38.endif 39 40PF_STATUS != ${SUDO} /sbin/pfctl -si | sed -n 's/^Status: \([^ ]*\) .*/\1/p' 41.if empty(PF_STATUS:MEnabled) 42regress: 43 @echo pf status: "${PF_STATUS}" 44 @echo Enable pf to run this regress. 45 @echo SKIPPED 46.endif 47 48PF_SKIP != ${SUDO} /sbin/pfctl -sI -v | sed -n 's/ (skip)//p' | \ 49 grep -w -e lo${N1} -e lo${N2} || : 50.if ! empty(PF_SKIP) 51regress: 52 @echo pf skip: "${PF_SKIP}" 53 @echo Do not set skip on interface lo, lo${N1}, or lo${N2}. 54 @echo SKIPPED 55.endif 56 57PF_ANCHOR != ${SUDO} /sbin/pfctl -sr |\ 58 sed -n 's/^anchor "\([^"]*\)" all$$/\1/p' 59.if empty(PF_ANCHOR:Mregress) 60regress: 61 @echo pf anchor: "${PF_ANCHOR}" 62 @echo Need anchor '"regress"' in pf.conf to load additional rules. 63 @echo SKIPPED 64.endif 65 66.endif 67 68.PHONY: busy-rdomains ifconfig unconfig pfctl 69 70REGRESS_SETUP_ONCE += busy-rdomains 71busy-rdomains: 72 # Check if rdomains are busy. 73.for n in ${NUMS} 74 @if /sbin/ifconfig | grep -v '^lo$n:' | grep ' rdomain $n '; then\ 75 echo routing domain $n is already used >&2; exit 1; fi 76.endfor 77 78REGRESS_SETUP_ONCE += ifconfig 79ifconfig: unconfig 80 # Create and configure loopback interfaces. 81.for n in ${NUMS} 82 ${SUDO} /sbin/ifconfig lo$n rdomain $n 83 ${SUDO} /sbin/ifconfig lo$n inet 127.0.0.1/8 84 ${SUDO} /sbin/ifconfig lo$n inet 127.0.0.$n alias 85 ${SUDO} /sbin/route -n -T $n add -inet -host 10.6.6.6 127.0.0.1 86 ${SUDO} /sbin/route -n -T $n add -inet -host 10.7.7.7 127.0.0.1 87.endfor 88 ${SUDO} /sbin/route -n -T ${N1} add -inet -host 127.0.0.${N2} 127.0.0.1 89 ${SUDO} /sbin/route -n -T ${N2} add -inet -host 127.0.0.${N1} 127.0.0.1 90 # Wait until IPv6 addresses are no longer tentative. 91 for i in `jot 50`; do\ 92 if ! { /sbin/ifconfig lo${N1}; /sbin/ifconfig lo${N2}; }\ 93 | fgrep -q tentative; then\ 94 break;\ 95 fi;\ 96 sleep .1;\ 97 done 98 ! { /sbin/ifconfig lo${N1}; /sbin/ifconfig lo${N2}; }\ 99 | fgrep tentative 100 101REGRESS_CLEANUP += unconfig 102unconfig: stamp-stop 103 # Destroy interfaces. 104.for n in ${NUMS} 105 -${SUDO} /sbin/ifconfig lo$n rdomain $n 106 -${SUDO} /sbin/ifconfig lo$n inet 127.0.0.1 delete 107 -${SUDO} /sbin/ifconfig lo$n inet 127.0.0.$n delete 108 -${SUDO} /sbin/ifconfig lo$n destroy 109.endfor 110 rm -f stamp-ifconfig 111 112addr.py: Makefile 113 # Create python include file containing the addresses. 114 rm -f $@ $@.tmp 115.for var in N1 N2 116 echo '${var}="${${var}}"' >>$@.tmp 117 echo 'IF_${var}="lo${${var}}"' >>$@.tmp 118 echo 'ADDR_${var}="127.0.0.${${var}}"' >>$@.tmp 119.endfor 120 mv $@.tmp $@ 121 122REGRESS_SETUP_ONCE += pfctl 123pfctl: addr.py pf.conf 124 # Load the pf rules into the kernel. 125 cat addr.py ${.CURDIR}/pf.conf | /sbin/pfctl -n -f - 126 cat addr.py ${.CURDIR}/pf.conf | ${SUDO} /sbin/pfctl -a regress -f - 127 128# run tcpdump on lo devices 129DUMPCMD = /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni 130 131stamp-bpf: stamp-bpf-${N1} stamp-bpf-${N2} 132 sleep 2 # XXX 133 @date >$@ 134 135.for n in ${N1} ${N2} 136 137stamp-bpf-$n: stamp-ifconfig 138 rm -f lo$n.tcpdump 139 ${SUDO} pkill -f '^${DUMPCMD} lo$n' || true 140 ${SUDO} ${DUMPCMD} lo$n >lo$n.tcpdump & 141 rm -f stamp-stop 142 @date >$@ 143 144.endfor 145 146stamp-stop: 147 sleep 2 # XXX 148 -${SUDO} pkill -f '^${DUMPCMD}' 149 rm -f stamp-bpf* 150 @date >$@ 151 152.for n in ${N1} ${N2} 153 154REGRESS_TARGETS += run-ping-local-$n 155run-ping-local-$n: stamp-bpf 156 # Ping localhost in routing domain $n. 157 /sbin/ping -n -w 1 -c 1 -V $n 127.0.0.1 158 159REGRESS_TARGETS += run-ping-loop-$n 160run-ping-loop-$n: stamp-bpf 161 # Ping non existing address with loopback route in routing domain $n. 162 ! /sbin/ping -n -w 1 -c 1 -V $n 10.6.6.6 163 164REGRESS_TARGETS += run-ping-address-$n 165run-ping-address-$n: 166 # Ping local address in routing domain $n. 167 /sbin/ping -n -w 1 -c 1 -V $n 127.0.0.$n 168 169.endfor 170 171REGRESS_TARGETS += run-ping-rdomain-pass 172run-ping-rdomain-pass: 173 # Pass ping packets between routing domains with pf rule. 174 /sbin/ping -n -w 1 -c 1 -V ${N1} 127.0.0.${N2} 175 176REGRESS_TARGETS += run-ping-rdomain-block 177run-ping-rdomain-block: 178 # Check that reverse direction without pf rule is not allowed. 179 ! /sbin/ping -n -w 1 -c 1 -V ${N2} 127.0.0.${N1} 180 181REGRESS_TARGETS += run-ping-rdomain-loop 182run-ping-rdomain-loop: stamp-bpf 183 # Ping non existing address and loop between routing domains. 184 ! /sbin/ping -n -w 1 -c 1 -V ${N1} 10.7.7.7 185 186.for n in ${N1} ${N2} 187 188REGRESS_TARGETS += run-bpf-local-$n 189run-bpf-local-$n: stamp-stop 190 # Check that the ping packet went through loopback. 191 grep '127.0.0.1 > 127.0.0.1: icmp: echo request' lo$n.tcpdump 192 193REGRESS_TARGETS += run-bpf-loop-$n 194run-bpf-loop-$n: stamp-stop 195 # Check that the ping packet went multiple times through loopback. 196 grep '[0-9] 127.0.0.1 > 10.6.6.6: icmp: echo request .*ttl 255,' \ 197 lo$n.tcpdump 198 grep '[0-9] 127.0.0.1 > 10.6.6.6: icmp: echo request .* \[ttl 1\]' \ 199 lo$n.tcpdump 200 201.endfor 202 203REGRESS_TARGETS += run-bpf-rdomain-loop-${N1} 204run-bpf-rdomain-loop-${N1}: stamp-stop 205 # Check the ping packet went multiple times in routing domains. 206 grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 255,' \ 207 lo${N1}.tcpdump 208 ! grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 254,' \ 209 lo${N1}.tcpdump 210 grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .* \[ttl 1\]' \ 211 lo${N1}.tcpdump 212 213REGRESS_TARGETS += run-bpf-rdomain-loop-${N2} 214run-bpf-rdomain-loop-${N2}: stamp-stop 215 # Check the ping packet went multiple times in routing domains. 216 grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 254,' \ 217 lo${N2}.tcpdump 218 grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 2,' \ 219 lo${N2}.tcpdump 220 ! grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .* \[ttl 1\]' \ 221 lo${N2}.tcpdump 222 223CLEANFILES += addr.py *.pyc *.tcpdump *.log stamp-* 224 225.include <bsd.regress.mk> 226