1*427e22f8Santon# $OpenBSD: Makefile,v 1.5 2023/10/19 18:36:40 anton Exp $ 2f01a0a47Sbluhm 3f01a0a47Sbluhm# Copyright (c) 2021 Alexander Bluhm <bluhm@openbsd.org> 4f01a0a47Sbluhm# 5f01a0a47Sbluhm# Permission to use, copy, modify, and distribute this software for any 6f01a0a47Sbluhm# purpose with or without fee is hereby granted, provided that the above 7f01a0a47Sbluhm# copyright notice and this permission notice appear in all copies. 8f01a0a47Sbluhm# 9f01a0a47Sbluhm# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10f01a0a47Sbluhm# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11f01a0a47Sbluhm# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12f01a0a47Sbluhm# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13f01a0a47Sbluhm# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14f01a0a47Sbluhm# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15f01a0a47Sbluhm# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16f01a0a47Sbluhm 17f01a0a47Sbluhm# Setup two pair(4) and one lo(4) interface in different routing 18f01a0a47Sbluhm# domains and with different interface MTU. 19f01a0a47Sbluhm 20f01a0a47Sbluhm# pair1 with MTU 8000 <-> pair2 <-> loopback3 21f01a0a47Sbluhm 22f01a0a47Sbluhm# Both pairs are patched. Between pair2 and loopback3 pf switches 23f01a0a47Sbluhm# the routing table. Do extensive ping tests to check that packets 24f01a0a47Sbluhm# get through. Use tcpbench for TCP path MTU discovery. The jumbo 25f01a0a47Sbluhm# frames with MTU 8000 together with switching the routing domain 26f01a0a47Sbluhm# trigger unusual code paths in the kernel. 27f01a0a47Sbluhm 28f01a0a47Sbluhm# This test uses routing domain 11, 12, 13. 29f01a0a47Sbluhm# Adjust it here, if you want to use something else. 30f01a0a47SbluhmN1 = 11 31f01a0a47SbluhmN2 = 12 32f01a0a47SbluhmN3 = 13 33f01a0a47SbluhmNUMS = ${N1} ${N2} ${N3} 34f01a0a47SbluhmPAIRS = ${N1} ${N2} 35f01a0a47SbluhmIP_${N1} = 169.254.1.${N1} 36f01a0a47SbluhmIP6_${N1} = fc00:0:0:1::${N1} 37f01a0a47SbluhmIP_${N2} = 169.254.1.${N2} 38f01a0a47SbluhmIP6_${N2} = fc00:0:0:1::${N2} 39f01a0a47SbluhmIP_${N3} = 169.254.0.${N3} 40f01a0a47SbluhmIP6_${N3} = fc00::${N3} 41f01a0a47Sbluhm 42f01a0a47Sbluhm.include <bsd.own.mk> 43f01a0a47Sbluhm 44f01a0a47Sbluhm.if ! (make(clean) || make(cleandir) || make(obj)) 45f01a0a47Sbluhm 46f01a0a47SbluhmSYSCTL_FORWARDING != sysctl net.inet.ip.forwarding 47f01a0a47SbluhmSYSCTL_FORWARDING6 != sysctl net.inet6.ip6.forwarding 48f01a0a47Sbluhm.if ${SYSCTL_FORWARDING:C/.*=//} != 1 || ${SYSCTL_FORWARDING6:C/.*=//} != 1 49f01a0a47Sbluhmregress: 50f01a0a47Sbluhm @echo sysctl: "${SYSCTL_FORWARDING}" "${SYSCTL_FORWARDING6}" 51f01a0a47Sbluhm @echo Set sysctl to 1 to run this regress. 52f01a0a47Sbluhm @echo SKIPPED 53f01a0a47Sbluhm.endif 54f01a0a47Sbluhm 553a262c66SbluhmPF_STATUS != ${SUDO} /sbin/pfctl -si | sed -n 's/^Status: \([^ ]*\) .*/\1/p' 56f01a0a47Sbluhm.if empty(PF_STATUS:MEnabled) 57f01a0a47Sbluhmregress: 58f01a0a47Sbluhm @echo pf status: "${PF_STATUS}" 59f01a0a47Sbluhm @echo Enable pf to run this regress. 60f01a0a47Sbluhm @echo SKIPPED 61f01a0a47Sbluhm.endif 62f01a0a47Sbluhm 634be5cdd0SantonPF_SKIP != ${SUDO} /sbin/pfctl -sI -v | sed -n 's/ (skip)//p' | \ 644be5cdd0Santon grep -w -e lo${N1} -e lo${N2} -e lo${N3} || : 654be5cdd0Santon.if ! empty(PF_SKIP) 66f01a0a47Sbluhmregress: 67f01a0a47Sbluhm @echo pf skip: "${PF_SKIP}" 684be5cdd0Santon @echo Do not set skip on interface lo, lo${N1}, lo${N2} or lo${N3}. 69f01a0a47Sbluhm @echo SKIPPED 70f01a0a47Sbluhm.endif 71f01a0a47Sbluhm 723a262c66SbluhmPF_ANCHOR != ${SUDO} /sbin/pfctl -sr |\ 733a262c66Sbluhm sed -n 's/^anchor "\([^"]*\)" all$$/\1/p' 74f01a0a47Sbluhm.if empty(PF_ANCHOR:Mregress) 75f01a0a47Sbluhmregress: 76f01a0a47Sbluhm @echo pf anchor: "${PF_ANCHOR}" 77f01a0a47Sbluhm @echo Need anchor '"regress"' in pf.conf to load additional rules. 78f01a0a47Sbluhm @echo SKIPPED 79f01a0a47Sbluhm.endif 80f01a0a47Sbluhm 81f01a0a47Sbluhm.endif 82f01a0a47Sbluhm 83f01a0a47Sbluhm.PHONY: ifconfig unconfig pfctl 84f01a0a47Sbluhm 85f01a0a47SbluhmREGRESS_SETUP_ONCE += ifconfig 86f01a0a47Sbluhmifconfig: unconfig 87f01a0a47Sbluhm # Create and configure pflog and loopback interfaces. 88f01a0a47Sbluhm.for n in ${NUMS} 893a262c66Sbluhm ${SUDO} /sbin/ifconfig lo$n rdomain $n 903a262c66Sbluhm ${SUDO} /sbin/ifconfig lo$n inet 127.0.0.1/8 913a262c66Sbluhm ${SUDO} /sbin/ifconfig lo$n inet6 ::1/128 923a262c66Sbluhm ${SUDO} /sbin/route -n -T $n add -inet 169.254.0.0/16 127.0.0.1 933a262c66Sbluhm ${SUDO} /sbin/route -n -T $n add -inet6 fc00::/48 ::1 94f01a0a47Sbluhm.endfor 95f01a0a47Sbluhm.for n in ${PAIRS} 963a262c66Sbluhm ${SUDO} /sbin/ifconfig pair$n rdomain $n 973a262c66Sbluhm ${SUDO} /sbin/ifconfig pair$n inet ${IP_$n}/24 983a262c66Sbluhm ${SUDO} /sbin/ifconfig pair$n inet6 ${IP6_$n}/64 99f01a0a47Sbluhm.endfor 1003a262c66Sbluhm ${SUDO} /sbin/ifconfig pair${N1} patch pair${N2} 1013a262c66Sbluhm ${SUDO} /sbin/ifconfig lo${N3} inet ${IP_${N3}}/24 alias 1023a262c66Sbluhm ${SUDO} /sbin/ifconfig lo${N3} inet6 ${IP6_${N3}}/64 1033a262c66Sbluhm ${SUDO} /sbin/ifconfig pair${N1} mtu 8000 1043a262c66Sbluhm ${SUDO} /sbin/route -n -T ${N1} add -inet ${IP_${N3}} ${IP_${N2}} 1053a262c66Sbluhm ${SUDO} /sbin/route -n -T ${N1} add -inet6 ${IP6_${N3}} ${IP6_${N2}} 106f01a0a47Sbluhm # Wait until IPv6 addresses are no longer tentative. 107f01a0a47Sbluhm for i in `jot 50`; do\ 1083a262c66Sbluhm if ! { /sbin/ifconfig pair${N1}; /sbin/ifconfig pair${N2};\ 1093a262c66Sbluhm /sbin/ifconfig lo${N3}; } | fgrep -q tentative; then\ 110f01a0a47Sbluhm break;\ 111f01a0a47Sbluhm fi;\ 112f01a0a47Sbluhm sleep .1;\ 113f01a0a47Sbluhm done 1143a262c66Sbluhm ! { /sbin/ifconfig pair${N1}; /sbin/ifconfig pair${N2};\ 1153a262c66Sbluhm /sbin/ifconfig lo${N3}; } | fgrep tentative 116f01a0a47Sbluhm 117f01a0a47SbluhmREGRESS_CLEANUP += unconfig 118f01a0a47Sbluhmunconfig: 119f01a0a47Sbluhm # Destroy interfaces. 1203a262c66Sbluhm -${SUDO} /sbin/route -n -T ${N1} delete -inet ${IP_${N3}} 1213a262c66Sbluhm -${SUDO} /sbin/route -n -T ${N1} delete -inet6 ${IP6_${N3}} 1223a262c66Sbluhm -${SUDO} /sbin/ifconfig lo${N3} rdomain ${N3} 1233a262c66Sbluhm -${SUDO} /sbin/ifconfig lo${N3} inet ${IP_${N3}} delete 1243a262c66Sbluhm -${SUDO} /sbin/ifconfig lo${N3} inet6 ${IP6_${N3}} delete 125f01a0a47Sbluhm.for n in ${PAIRS} 1263a262c66Sbluhm -${SUDO} /sbin/ifconfig pair$n destroy 127f01a0a47Sbluhm.endfor 128f01a0a47Sbluhm.for n in ${NUMS} 1293a262c66Sbluhm -${SUDO} /sbin/route -n -T $n delete -inet 169.254.0.0/16 1303a262c66Sbluhm -${SUDO} /sbin/route -n -T $n delete -inet6 fc00::/48 1313a262c66Sbluhm -${SUDO} /sbin/ifconfig lo$n inet 127.0.0.1 delete 1323a262c66Sbluhm -${SUDO} /sbin/ifconfig lo$n inet6 ::1 delete 133*427e22f8Santon -${SUDO} /sbin/ifconfig lo$n destroy 134f01a0a47Sbluhm.endfor 135f01a0a47Sbluhm rm -f stamp-ifconfig 136f01a0a47Sbluhm 137f01a0a47Sbluhmaddr.py: Makefile 138f01a0a47Sbluhm # Create python include file containing the addresses. 139f01a0a47Sbluhm rm -f $@ $@.tmp 140f01a0a47Sbluhm.for var in N1 N2 N3 141f01a0a47Sbluhm echo '${var}="${${var}}"' >>$@.tmp 142f01a0a47Sbluhm echo 'LO_${var}="lo${${var}}"' >>$@.tmp 143f01a0a47Sbluhm echo 'PAIR_${var}="pair${${var}}"' >>$@.tmp 144f01a0a47Sbluhm echo 'IP_${var}="${IP_${${var}}}"' >>$@.tmp 145f01a0a47Sbluhm echo 'IP6_${var}="${IP6_${${var}}}"' >>$@.tmp 146f01a0a47Sbluhm.endfor 147f01a0a47Sbluhm mv $@.tmp $@ 148f01a0a47Sbluhm 149f01a0a47SbluhmREGRESS_SETUP_ONCE += pfctl 150f01a0a47Sbluhmpfctl: addr.py pf.conf 151f01a0a47Sbluhm # Load the pf rules into the kernel. 152f01a0a47Sbluhm cat addr.py ${.CURDIR}/pf.conf | /sbin/pfctl -n -f - 1533a262c66Sbluhm cat addr.py ${.CURDIR}/pf.conf | ${SUDO} /sbin/pfctl -a regress -f - 154f01a0a47Sbluhm 155f01a0a47Sbluhm.for f in 1 2 3 156f01a0a47Sbluhm.for t in 1 2 3 157f01a0a47SbluhmREGRESS_TARGETS += run-ping-$f-$t 158f01a0a47Sbluhmrun-ping-$f-$t: 1593a262c66Sbluhm /sbin/ping -c 1 -w 1 -n -V ${N$f} -I ${IP_${N$f}} ${IP_${N$t}} 160f01a0a47Sbluhm 161f01a0a47SbluhmREGRESS_TARGETS += run-ping6-$f-$t 162f01a0a47Sbluhmrun-ping6-$f-$t: 1633a262c66Sbluhm /sbin/ping6 -c 1 -w 1 -n -V ${N$f} -I ${IP6_${N$f}} ${IP6_${N$t}} 164f01a0a47Sbluhm 165f01a0a47SbluhmREGRESS_TARGETS += run-tcpbench-$f-$t 166f01a0a47Sbluhmrun-tcpbench-$f-$t: 167f01a0a47Sbluhm rm -f nc.log 168b2a5e65bSbluhm nc -4 -v -l -V ${N$t} ${IP_${N$t}} 12345 >/dev/null 2>nc.log & 169f01a0a47Sbluhm # Wait until nc is listening. 170f01a0a47Sbluhm for i in `jot 30`; do\ 171f01a0a47Sbluhm if fgrep -q Listening nc.log; then break; fi; sleep .1; done 172f01a0a47Sbluhm fgrep Listening nc.log 173f01a0a47Sbluhm # Test that path MTU dicovery is working. 174b2a5e65bSbluhm tcpbench -4 -t 5 -V ${N$f} -b ${IP_${N$f}} ${IP_${N$t}} 175b2a5e65bSbluhm.if $f == "3" && $t == "1" 176b2a5e65bSbluhm # path MTU discovery must create a dynamic route 1773a262c66Sbluhm /sbin/route -T ${N$f} -n get -host -inet ${IP_${N$t}} | grep DYNAMIC 178b2a5e65bSbluhm.endif 179b2a5e65bSbluhm 180b2a5e65bSbluhmREGRESS_TARGETS += run-tcpbench6-$f-$t 181b2a5e65bSbluhmrun-tcpbench6-$f-$t: 182b2a5e65bSbluhm rm -f nc.log 183b2a5e65bSbluhm nc -6 -v -l -V ${N$t} ${IP6_${N$t}} 12345 >/dev/null 2>nc.log & 184b2a5e65bSbluhm # Wait until nc is listening. 185b2a5e65bSbluhm for i in `jot 30`; do\ 186b2a5e65bSbluhm if fgrep -q Listening nc.log; then break; fi; sleep .1; done 187b2a5e65bSbluhm fgrep Listening nc.log 188b2a5e65bSbluhm # Test that path MTU dicovery is working. 189b2a5e65bSbluhm tcpbench -6 -t 5 -V ${N$f} -b ${IP6_${N$f}} ${IP6_${N$t}} 190b2a5e65bSbluhm.if $f == "3" && $t == "1" 191b2a5e65bSbluhm # path MTU discovery in other rtable does not work in ip6_output() 1923a262c66Sbluhm /sbin/route -T ${N$f} -n get -host -inet6 ${IP6_${N$t}} 193b2a5e65bSbluhm @echo DISABLED 194b2a5e65bSbluhm.endif 195b2a5e65bSbluhm 196f01a0a47Sbluhm.endfor 197f01a0a47Sbluhm.endfor 198f01a0a47Sbluhm 199f01a0a47SbluhmCLEANFILES += addr.py *.pyc *.log stamp-* 200f01a0a47Sbluhm 201f01a0a47Sbluhm.include <bsd.regress.mk> 202