1# $OpenBSD: Makefile,v 1.8 2021/07/06 11:26:47 bluhm Exp $ 2 3# Copyright (c) 2017-2020 Alexander Bluhm <bluhm@openbsd.org> 4# 5# Permission to use, copy, modify, and distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 17# Set up two loopback interfaces in different routing domains. 18# Try to ping existing and non existing addresses in these domains. 19# Also test pinging to different rdomains via pf. Check that the 20# ttl is decremented while looping though loopback interfaces. 21 22# This test uses routing domain and interface number 11 and 12. 23# Adjust it here, if you want to use something else. 24N1 = 11 25N2 = 12 26NUMS = ${N1} ${N2} 27 28.include <bsd.own.mk> 29 30.if ! (make(clean) || make(cleandir) || make(obj)) 31 32SYSCTL_FORWARDING != sysctl net.inet.ip.forwarding 33.if ${SYSCTL_FORWARDING:C/.*=//} != 1 34regress: 35 @echo sysctl: "${SYSCTL_FORWARDING}" 36 @echo Set sysctl to 1 to run this regress. 37 @echo SKIPPED 38.endif 39 40PF_STATUS != ${SUDO} pfctl -si | sed -n 's/^Status: \([^ ]*\) .*/\1/p' 41.if empty(PF_STATUS:MEnabled) 42regress: 43 @echo pf status: "${PF_STATUS}" 44 @echo Enable pf to run this regress. 45 @echo SKIPPED 46.endif 47 48PF_SKIP != ${SUDO} pfctl -sI -v | sed -n 's/ (skip)//p' 49.if ! empty(PF_SKIP:Mlo*:Nlo0) 50regress: 51 @echo pf skip: "${PF_SKIP}" 52 @echo Do not set skip on interface lo, lo${N1}, or lo${N2}. 53 @echo SKIPPED 54.endif 55 56PF_ANCHOR != ${SUDO} pfctl -sr | sed -n 's/^anchor "\([^"]*\)" all$$/\1/p' 57.if empty(PF_ANCHOR:Mregress) 58regress: 59 @echo pf anchor: "${PF_ANCHOR}" 60 @echo Need anchor '"regress"' in pf.conf to load additional rules. 61 @echo SKIPPED 62.endif 63 64.endif 65 66.PHONY: busy-rdomains ifconfig unconfig pfctl 67 68REGRESS_SETUP_ONCE += busy-rdomains 69busy-rdomains: 70 # Check if rdomains are busy. 71.for n in ${NUMS} 72 @if /sbin/ifconfig | grep -v '^lo$n:' | grep ' rdomain $n '; then\ 73 echo routing domain $n is already used >&2; exit 1; fi 74.endfor 75 76REGRESS_SETUP_ONCE += ifconfig 77ifconfig: unconfig 78 # Create and configure loopback interfaces. 79.for n in ${NUMS} 80 ${SUDO} ifconfig lo$n rdomain $n 81 ${SUDO} ifconfig lo$n inet 127.0.0.1/8 82 ${SUDO} ifconfig lo$n inet 127.0.0.$n alias 83 ${SUDO} route -n -T $n add -inet -host 10.6.6.6 127.0.0.1 84 ${SUDO} route -n -T $n add -inet -host 10.7.7.7 127.0.0.1 85.endfor 86 ${SUDO} route -n -T ${N1} add -inet -host 127.0.0.${N2} 127.0.0.1 87 ${SUDO} route -n -T ${N2} add -inet -host 127.0.0.${N1} 127.0.0.1 88 89REGRESS_CLEANUP += unconfig 90unconfig: stamp-stop 91 # Destroy interfaces. 92.for n in ${NUMS} 93 -${SUDO} ifconfig lo$n 127.0.0.1 delete 94 -${SUDO} ifconfig lo$n 127.0.0.$n delete 95.endfor 96 rm -f stamp-ifconfig 97 98addr.py: Makefile 99 # Create python include file containing the addresses. 100 rm -f $@ $@.tmp 101.for var in N1 N2 102 echo '${var}="${${var}}"' >>$@.tmp 103 echo 'IF_${var}="lo${${var}}"' >>$@.tmp 104 echo 'ADDR_${var}="127.0.0.${${var}}"' >>$@.tmp 105.endfor 106 mv $@.tmp $@ 107 108REGRESS_SETUP_ONCE += pfctl 109pfctl: addr.py pf.conf 110 # Load the pf rules into the kernel. 111 cat addr.py ${.CURDIR}/pf.conf | /sbin/pfctl -n -f - 112 cat addr.py ${.CURDIR}/pf.conf | ${SUDO} pfctl -a regress -f - 113 114# run tcpdump on lo devices 115DUMPCMD = /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni 116 117stamp-bpf: stamp-bpf-${N1} stamp-bpf-${N2} 118 sleep 2 # XXX 119 @date >$@ 120 121.for n in ${N1} ${N2} 122 123stamp-bpf-$n: stamp-ifconfig 124 rm -f lo$n.tcpdump 125 ${SUDO} pkill -f '^${DUMPCMD} lo$n' || true 126 ${SUDO} ${DUMPCMD} lo$n >lo$n.tcpdump & 127 rm -f stamp-stop 128 @date >$@ 129 130.endfor 131 132stamp-stop: 133 sleep 2 # XXX 134 -${SUDO} pkill -f '^${DUMPCMD}' 135 rm -f stamp-bpf* 136 @date >$@ 137 138.for n in ${N1} ${N2} 139 140REGRESS_TARGETS += run-ping-local-$n 141run-ping-local-$n: stamp-bpf 142 # Ping localhost in routing domain $n. 143 /sbin/ping -n -w 1 -c 1 -V $n 127.0.0.1 144 145REGRESS_TARGETS += run-ping-loop-$n 146run-ping-loop-$n: stamp-bpf 147 # Ping non existing address with loopback route in routing domain $n. 148 ! /sbin/ping -n -w 1 -c 1 -V $n 10.6.6.6 149 150REGRESS_TARGETS += run-ping-address-$n 151run-ping-address-$n: 152 # Ping local address in routing domain $n. 153 /sbin/ping -n -w 1 -c 1 -V $n 127.0.0.$n 154 155.endfor 156 157REGRESS_TARGETS += run-ping-rdomain-pass 158run-ping-rdomain-pass: 159 # Pass ping packets between routing domains with pf rule. 160 /sbin/ping -n -w 1 -c 1 -V ${N1} 127.0.0.${N2} 161 162REGRESS_TARGETS += run-ping-rdomain-block 163run-ping-rdomain-block: 164 # Check that reverse direction without pf rule is not allowed. 165 ! /sbin/ping -n -w 1 -c 1 -V ${N2} 127.0.0.${N1} 166 167REGRESS_TARGETS += run-ping-rdomain-loop 168run-ping-rdomain-loop: stamp-bpf 169 # Ping non existing address and loop between routing domains. 170 ! /sbin/ping -n -w 1 -c 1 -V ${N1} 10.7.7.7 171 172.for n in ${N1} ${N2} 173 174REGRESS_TARGETS += run-bpf-local-$n 175run-bpf-local-$n: stamp-stop 176 # Check that the ping packet went through loopback. 177 grep '127.0.0.1 > 127.0.0.1: icmp: echo request' lo$n.tcpdump 178 179REGRESS_TARGETS += run-bpf-loop-$n 180run-bpf-loop-$n: stamp-stop 181 # Check that the ping packet went multiple times through loopback. 182 grep '[0-9] 127.0.0.1 > 10.6.6.6: icmp: echo request .*ttl 255,' \ 183 lo$n.tcpdump 184 grep '[0-9] 127.0.0.1 > 10.6.6.6: icmp: echo request .* \[ttl 1\]' \ 185 lo$n.tcpdump 186 187.endfor 188 189REGRESS_TARGETS += run-bpf-rdomain-loop-${N1} 190run-bpf-rdomain-loop-${N1}: stamp-stop 191 # Check the ping packet went multiple times in routing domains. 192 grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 255,' \ 193 lo${N1}.tcpdump 194 ! grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 254,' \ 195 lo${N1}.tcpdump 196 grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .* \[ttl 1\]' \ 197 lo${N1}.tcpdump 198 199REGRESS_TARGETS += run-bpf-rdomain-loop-${N2} 200run-bpf-rdomain-loop-${N2}: stamp-stop 201 # Check the ping packet went multiple times in routing domains. 202 grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 254,' \ 203 lo${N2}.tcpdump 204 grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 2,' \ 205 lo${N2}.tcpdump 206 ! grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .* \[ttl 1\]' \ 207 lo${N2}.tcpdump 208 209CLEANFILES += addr.py *.pyc *.tcpdump *.log stamp-* 210 211.include <bsd.regress.mk> 212