1*4be5cdd0Santon# $OpenBSD: Makefile,v 1.7 2023/10/11 18:07:56 anton Exp $ 2b4d308b4Sbluhm 3b4d308b4Sbluhm# Copyright (c) 2022 Alexander Bluhm <bluhm@openbsd.org> 4b4d308b4Sbluhm# 5b4d308b4Sbluhm# Permission to use, copy, modify, and distribute this software for any 6b4d308b4Sbluhm# purpose with or without fee is hereby granted, provided that the above 7b4d308b4Sbluhm# copyright notice and this permission notice appear in all copies. 8b4d308b4Sbluhm# 9b4d308b4Sbluhm# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10b4d308b4Sbluhm# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11b4d308b4Sbluhm# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12b4d308b4Sbluhm# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13b4d308b4Sbluhm# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14b4d308b4Sbluhm# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15b4d308b4Sbluhm# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16b4d308b4Sbluhm 17b4d308b4Sbluhm# Set up two loopback interfaces in different routing domains. 18b4d308b4Sbluhm# One loopback interface has a allow-opts pf rule, the other has 19b4d308b4Sbluhm# default pass policy. Send packets with IP options and IPv6 20b4d308b4Sbluhm# option header and check wheter tcpdump finds them on lo or pflog. 21b4d308b4Sbluhm 22b4d308b4Sbluhm# The following ports must be installed: 23b4d308b4Sbluhm# 24b4d308b4Sbluhm# scapy powerful interactive packet manipulation in python 25b4d308b4Sbluhm 26b4d308b4Sbluhm.if ! exists(/usr/local/bin/scapy) 27b4d308b4Sbluhmregress: 28b4d308b4Sbluhm @echo Install scapy package to run this regress. 29b4d308b4Sbluhm @echo SKIPPED 30b4d308b4Sbluhm.endif 31b4d308b4Sbluhm 32b4d308b4Sbluhm# This test uses routing domain and interface number 11 and 12. 33b4d308b4Sbluhm# Adjust it here, if you want to use something else. 34b4d308b4SbluhmN1 = 11 35b4d308b4SbluhmN2 = 12 36b4d308b4SbluhmNUMS = ${N1} ${N2} 37b4d308b4Sbluhm 38b4d308b4Sbluhm.include <bsd.own.mk> 39b4d308b4Sbluhm 40b4d308b4Sbluhm.if ! (make(clean) || make(cleandir) || make(obj)) 41b4d308b4Sbluhm 423a262c66SbluhmPF_STATUS != ${SUDO} /sbin/pfctl -si | sed -n 's/^Status: \([^ ]*\) .*/\1/p' 43b4d308b4Sbluhm.if empty(PF_STATUS:MEnabled) 44b4d308b4Sbluhmregress: 45b4d308b4Sbluhm @echo pf status: "${PF_STATUS}" 46b4d308b4Sbluhm @echo Enable pf to run this regress. 47b4d308b4Sbluhm @echo SKIPPED 48b4d308b4Sbluhm.endif 49b4d308b4Sbluhm 50*4be5cdd0SantonPF_SKIP != ${SUDO} /sbin/pfctl -sI -v | sed -n 's/ (skip)//p' | \ 51*4be5cdd0Santon grep -w -e lo${N1} -e lo${N2} || : 52*4be5cdd0Santon.if ! empty(PF_SKIP) 53b4d308b4Sbluhmregress: 54b4d308b4Sbluhm @echo pf skip: "${PF_SKIP}" 55b4d308b4Sbluhm @echo Do not set skip on interface lo, lo${N1}, or lo${N2}. 56b4d308b4Sbluhm @echo SKIPPED 57b4d308b4Sbluhm.endif 58b4d308b4Sbluhm 593a262c66SbluhmPF_ANCHOR != ${SUDO} /sbin/pfctl -sr |\ 603a262c66Sbluhm sed -n 's/^anchor "\([^"]*\)" all$$/\1/p' 61b4d308b4Sbluhm.if empty(PF_ANCHOR:Mregress) 62b4d308b4Sbluhmregress: 63b4d308b4Sbluhm @echo pf anchor: "${PF_ANCHOR}" 64b4d308b4Sbluhm @echo Need anchor '"regress"' in pf.conf to load additional rules. 65b4d308b4Sbluhm @echo SKIPPED 66b4d308b4Sbluhm.endif 67b4d308b4Sbluhm 68b4d308b4Sbluhm.endif 69b4d308b4Sbluhm 70b4d308b4Sbluhm.PHONY: busy-rdomains ifconfig unconfig pfctl 71b4d308b4Sbluhm 72b4d308b4SbluhmREGRESS_SETUP_ONCE += busy-rdomains 73b4d308b4Sbluhmbusy-rdomains: 74b4d308b4Sbluhm # Check if rdomains are busy. 75b4d308b4Sbluhm.for n in ${NUMS} 76b4d308b4Sbluhm @if /sbin/ifconfig | grep -v '^lo$n:' | grep ' rdomain $n '; then\ 77b4d308b4Sbluhm echo routing domain $n is already used >&2; exit 1; fi 78b4d308b4Sbluhm.endfor 79b4d308b4Sbluhm 80b4d308b4SbluhmREGRESS_SETUP_ONCE += ifconfig 81b4d308b4Sbluhmifconfig: unconfig 82b4d308b4Sbluhm # Create and configure loopback interfaces. 83b4d308b4Sbluhm.for n in ${NUMS} 84a2e32536Sbluhm ${SUDO} /sbin/ifconfig lo$n rdomain $n 85a2e32536Sbluhm ${SUDO} /sbin/ifconfig lo$n inet 127.0.0.1/8 86a2e32536Sbluhm ${SUDO} /sbin/ifconfig lo$n inet 127.0.0.$n alias 87a2e32536Sbluhm ${SUDO} /sbin/ifconfig lo$n inet6 ::1/128 88a2e32536Sbluhm ${SUDO} /sbin/ifconfig lo$n inet6 fe80::$n/64 891a65535dSbluhm ${SUDO} /sbin/route -n -T $n add -inet 224.0.0.0/4 127.0.0.1 90b4d308b4Sbluhm.endfor 913a262c66Sbluhm # Wait until IPv6 addresses are no longer tentative. 923a262c66Sbluhm for i in `jot 50`; do\ 933a262c66Sbluhm if ! { /sbin/ifconfig lo${N1}; /sbin/ifconfig lo${N2}; }\ 943a262c66Sbluhm | fgrep -q tentative; then\ 953a262c66Sbluhm break;\ 963a262c66Sbluhm fi;\ 973a262c66Sbluhm sleep .1;\ 983a262c66Sbluhm done 993a262c66Sbluhm ! { /sbin/ifconfig lo${N1}; /sbin/ifconfig lo${N2}; }\ 1003a262c66Sbluhm | fgrep tentative 101b4d308b4Sbluhm 102b4d308b4SbluhmREGRESS_CLEANUP += unconfig 103b4d308b4Sbluhmunconfig: stamp-stop 104b4d308b4Sbluhm # Destroy interfaces. 105b4d308b4Sbluhm.for n in ${NUMS} 1063a262c66Sbluhm -${SUDO} /sbin/ifconfig lo$n rdomain $n 107a2e32536Sbluhm -${SUDO} /sbin/ifconfig lo$n inet 127.0.0.1 delete 108a2e32536Sbluhm -${SUDO} /sbin/ifconfig lo$n inet 127.0.0.$n delete 109a2e32536Sbluhm -${SUDO} /sbin/ifconfig lo$n inet6 ::1 delete 110a2e32536Sbluhm -${SUDO} /sbin/ifconfig lo$n inet6 fe80::$n/64 delete 111b4d308b4Sbluhm.endfor 112b4d308b4Sbluhm rm -f stamp-ifconfig 113b4d308b4Sbluhm 114b4d308b4Sbluhmaddr.py: Makefile 115b4d308b4Sbluhm # Create python include file containing the addresses. 116b4d308b4Sbluhm rm -f $@ $@.tmp 117b4d308b4Sbluhm.for var in N1 N2 118b4d308b4Sbluhm echo '${var}="${${var}}"' >>$@.tmp 119b4d308b4Sbluhm echo 'IF_${var}="lo${${var}}"' >>$@.tmp 120b4d308b4Sbluhm echo 'ADDR_${var}="127.0.0.${${var}}"' >>$@.tmp 121b4d308b4Sbluhm echo 'ADDR6_${var}="fe80::${${var}}"' >>$@.tmp 122b4d308b4Sbluhm.endfor 123b4d308b4Sbluhm mv $@.tmp $@ 124b4d308b4Sbluhm 125b4d308b4SbluhmREGRESS_SETUP_ONCE += pfctl 126b4d308b4Sbluhmpfctl: addr.py pf.conf 127b4d308b4Sbluhm # Load the pf rules into the kernel. 128b4d308b4Sbluhm cat addr.py ${.CURDIR}/pf.conf | /sbin/pfctl -n -f - 1293a262c66Sbluhm cat addr.py ${.CURDIR}/pf.conf | ${SUDO} /sbin/pfctl -a regress -f - 130b4d308b4Sbluhm 131b4d308b4Sbluhm# run tcpdump on lo and pflog device 132b4d308b4SbluhmDUMPCMD = /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni 133b4d308b4Sbluhm 134b4d308b4Sbluhmstamp-bpf: stamp-bpf-lo${N1} stamp-bpf-lo${N2} stamp-bpf-pflog0 135b4d308b4Sbluhm sleep 2 # XXX 136b4d308b4Sbluhm @date >$@ 137b4d308b4Sbluhm 138b4d308b4Sbluhm.for i in lo${N1} lo${N2} pflog0 139b4d308b4Sbluhm 140b4d308b4Sbluhmstamp-bpf-$i: stamp-ifconfig 141b4d308b4Sbluhm rm -f $i.tcpdump 142b4d308b4Sbluhm ${SUDO} pkill -f '^${DUMPCMD} $i' || true 143b4d308b4Sbluhm ${SUDO} ${DUMPCMD} $i >$i.tcpdump & 144b4d308b4Sbluhm rm -f stamp-stop 145b4d308b4Sbluhm @date >$@ 146b4d308b4Sbluhm 147b4d308b4Sbluhm.endfor 148b4d308b4Sbluhm 149b4d308b4Sbluhmstamp-stop: 150b4d308b4Sbluhm sleep 2 # XXX 151b4d308b4Sbluhm -${SUDO} pkill -f '^${DUMPCMD}' 152b4d308b4Sbluhm rm -f stamp-bpf* 153b4d308b4Sbluhm @date >$@ 154b4d308b4Sbluhm 155b4d308b4Sbluhm# Set variables so that make runs with and without obj directory. 156b4d308b4Sbluhm# Only do that if necessary to keep visible output short. 157b4d308b4Sbluhm.if ${.CURDIR} == ${.OBJDIR} 158b4d308b4SbluhmPYTHON = python3 -u ./ 159b4d308b4Sbluhm.else 1603a262c66SbluhmPYTHON = env PYTHONPATH=${.OBJDIR} python3 -u ${.CURDIR}/ 161b4d308b4Sbluhm.endif 162b4d308b4Sbluhm 163b4d308b4Sbluhm# ping 164b4d308b4Sbluhm 165b4d308b4SbluhmREGRESS_TARGETS += run-ping 166b4d308b4Sbluhmrun-ping: stamp-bpf 167b4d308b4Sbluhm # Ping localhost on loopback 168b4d308b4Sbluhm /sbin/ping -n -w 1 -c 1 -V ${N1} 127.0.0.${N1} 169b4d308b4Sbluhm /sbin/ping -n -w 1 -c 1 -V ${N2} 127.0.0.${N2} 170b4d308b4Sbluhm 171b4d308b4SbluhmREGRESS_TARGETS += run-ping6 172b4d308b4Sbluhmrun-ping6: stamp-bpf 173b4d308b4Sbluhm # Ping localhost on loopback 174b4d308b4Sbluhm /sbin/ping6 -n -w 1 -c 1 -V ${N1} fe80::${N1}%lo${N1} 175b4d308b4Sbluhm /sbin/ping6 -n -w 1 -c 1 -V ${N2} fe80::${N2}%lo${N2} 176b4d308b4Sbluhm 177b4d308b4SbluhmREGRESS_TARGETS += run-bpf-ping 178b4d308b4Sbluhmrun-bpf-ping: stamp-stop 179b4d308b4Sbluhm # Check that ping packet went through loopback. 180b4d308b4Sbluhm grep ' 127.0.0.${N1}: icmp: echo request' lo${N1}.tcpdump 181b4d308b4Sbluhm grep ' 127.0.0.${N2}: icmp: echo request' lo${N2}.tcpdump 182b4d308b4Sbluhm grep ' fe80:.*::${N1}: icmp6: echo request' lo${N1}.tcpdump 183b4d308b4Sbluhm grep ' fe80:.*::${N2}: icmp6: echo request' lo${N2}.tcpdump 184b4d308b4Sbluhm ! grep ': icmp: echo request' pflog0.tcpdump 185b4d308b4Sbluhm ! grep ': icmp6: echo request' pflog0.tcpdump 186b4d308b4Sbluhm 187b4d308b4Sbluhm# ping with RR option 188b4d308b4Sbluhm 189b4d308b4SbluhmREGRESS_TARGETS += run-ping-record 190b4d308b4Sbluhmrun-ping-record: stamp-bpf 191b4d308b4Sbluhm # Ping localhost with record route option 192b4d308b4Sbluhm /sbin/ping -n -w 1 -c 1 -V ${N1} -R 127.0.0.${N1} 193b4d308b4Sbluhm ! /sbin/ping -n -w 1 -c 1 -V ${N2} -R 127.0.0.${N2} 194b4d308b4Sbluhm 195b4d308b4SbluhmREGRESS_TARGETS += run-bpf-ping-record 196b4d308b4Sbluhmrun-bpf-ping-record: stamp-stop 197b4d308b4Sbluhm # Check that ping packet with options is in pflog0. 198b4d308b4Sbluhm grep ' 127.0.0.${N1}: icmp: echo request .*\ 199b4d308b4Sbluhm optlen=40 RR' lo${N1}.tcpdump 200b4d308b4Sbluhm grep ' 127.0.0.${N2}: icmp: echo request .*\ 201b4d308b4Sbluhm optlen=40 RR' pflog0.tcpdump 202b4d308b4Sbluhm 203b4d308b4Sbluhm# icmp 204b4d308b4Sbluhm 205b4d308b4SbluhmREGRESS_TARGETS += run-icmp 206b4d308b4Sbluhmrun-icmp: stamp-bpf 2073a262c66Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp.py N1 2083a262c66Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp.py N2 209b4d308b4Sbluhm 210b4d308b4SbluhmREGRESS_TARGETS += run-icmp6 211b4d308b4Sbluhmrun-icmp6: stamp-bpf 2123a262c66Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp6.py N1 2133a262c66Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp6.py N2 214b4d308b4Sbluhm 215b4d308b4SbluhmREGRESS_TARGETS += run-bpf-icmp 216b4d308b4Sbluhmrun-bpf-icmp: stamp-stop 217b4d308b4Sbluhm # Check that icmp packet went through loopback. 218b4d308b4Sbluhm grep ' 127.0.0.${N1}: icmp: type-#6' lo${N1}.tcpdump 219b4d308b4Sbluhm grep ' 127.0.0.${N2}: icmp: type-#6' lo${N2}.tcpdump 220b4d308b4Sbluhm grep ' fe80::${N1}: icmp6: type-#6' lo${N1}.tcpdump 221b4d308b4Sbluhm grep ' fe80::${N2}: icmp6: type-#6' lo${N2}.tcpdump 222b4d308b4Sbluhm ! grep ': icmp: type-#6' pflog0.tcpdump 223b4d308b4Sbluhm ! grep ': icmp6: type-#6' pflog0.tcpdump 224b4d308b4Sbluhm 225b4d308b4Sbluhm# option extension header 226b4d308b4Sbluhm 227b4d308b4SbluhmREGRESS_TARGETS += run-icmp6-hop 228b4d308b4Sbluhmrun-icmp6-hop: stamp-bpf 2293a262c66Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp6_hop.py N1 2303a262c66Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp6_hop.py N2 231b4d308b4Sbluhm 232b4d308b4SbluhmREGRESS_TARGETS += run-icmp6-dst 233b4d308b4Sbluhmrun-icmp6-dst: stamp-bpf 2343a262c66Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp6_dst.py N1 2353a262c66Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp6_dst.py N2 236b4d308b4Sbluhm 237b4d308b4SbluhmREGRESS_TARGETS += run-bpf-ext 238b4d308b4Sbluhmrun-bpf-ext: stamp-stop 239b4d308b4Sbluhm # Check that icmp6 packet with extension headers were blocked 240b6589a98Sbluhm fgrep ' fe80::${N2}: HBH icmp6:' pflog0.tcpdump 241b6589a98Sbluhm fgrep ' fe80::${N2}: DSTOPT icmp6:' pflog0.tcpdump 242b4d308b4Sbluhm ! grep fe80::${N1} pflog0.tcpdump 243b4d308b4Sbluhm 244b4d308b4Sbluhm# icmp with options 245b4d308b4Sbluhm 246b4d308b4SbluhmREGRESS_TARGETS += run-icmp-pad 247b4d308b4Sbluhmrun-icmp-pad: stamp-bpf 2483a262c66Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp_pad.py N1 2493a262c66Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp_pad.py N2 250b4d308b4Sbluhm 251b4d308b4SbluhmREGRESS_TARGETS += run-icmp-eol 252b4d308b4Sbluhmrun-icmp-eol: stamp-bpf 2533a262c66Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp_eol.py N1 2543a262c66Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp_eol.py N2 255b4d308b4Sbluhm 256b4d308b4SbluhmREGRESS_TARGETS += run-icmp6-pad 257b4d308b4Sbluhmrun-icmp6-pad: stamp-bpf 2583a262c66Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp6_hop_pad.py N1 2593a262c66Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp6_hop_pad.py N2 260b4d308b4Sbluhm 261b6589a98SbluhmREGRESS_TARGETS += run-icmp-max 262b6589a98Sbluhmrun-icmp-max: stamp-bpf 263b6589a98Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp_max.py N1 264b6589a98Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp_max.py N2 265b6589a98Sbluhm 266b6589a98SbluhmREGRESS_TARGETS += run-icmp6-max 267b6589a98Sbluhmrun-icmp6-max: stamp-bpf 268b6589a98Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp6_hop_max.py N1 269b6589a98Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp6_hop_max.py N2 270b6589a98Sbluhm 271b4d308b4SbluhmREGRESS_TARGETS += run-icmp-ra 272b4d308b4Sbluhmrun-icmp-ra: stamp-bpf 2733a262c66Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp_ra.py N1 2743a262c66Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp_ra.py N2 275b4d308b4Sbluhm 276b4d308b4SbluhmREGRESS_TARGETS += run-icmp6-ra 277b4d308b4Sbluhmrun-icmp6-ra: stamp-bpf 2783a262c66Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp6_hop_ra.py N1 2793a262c66Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp6_hop_ra.py N2 280b4d308b4Sbluhm 281b4d308b4SbluhmREGRESS_TARGETS += run-icmp-bad 282b4d308b4Sbluhmrun-icmp-bad: stamp-bpf 2833a262c66Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp_bad.py N1 2843a262c66Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp_bad.py N2 285b4d308b4Sbluhm 286b4d308b4SbluhmREGRESS_TARGETS += run-icmp6-bad 287b4d308b4Sbluhmrun-icmp6-bad: stamp-bpf 2883a262c66Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp6_hop_bad.py N1 2893a262c66Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp6_hop_bad.py N2 290b4d308b4Sbluhm 291b4d308b4SbluhmREGRESS_TARGETS += run-bpf-opts 292b4d308b4Sbluhmrun-bpf-opts: stamp-stop 293b4d308b4Sbluhm # Check that icmp packet with options were blocked 294b4d308b4Sbluhm grep ' 127.0.0.${N2}:.* optlen=4 NOP NOP NOP NOP)' pflog0.tcpdump 295b4d308b4Sbluhm grep ' 127.0.0.${N2}:.* optlen=4 NOP EOL-2)' pflog0.tcpdump 296b6589a98Sbluhm grep ' 127.0.0.${N2}:.* optlen=40 NOP ' pflog0.tcpdump 297b4d308b4Sbluhm grep ' 127.0.0.${N2}:.* optlen=8 NOP IPOPT-148{4} NOP ' pflog0.tcpdump 298b4d308b4Sbluhm grep ' 127.0.0.${N2}:.* optlen=4 IPOPT-3{4})' pflog0.tcpdump 299b6589a98Sbluhm grep ' fe80::${N2}: HBH icmp6:.* (len 28,' pflog0.tcpdump 300b6589a98Sbluhm grep ' fe80::${N2}: HBH icmp6:.* (len 284,' pflog0.tcpdump 301b6589a98Sbluhm grep ' fe80::${N2}: HBH (rtalert: 0x0000) icmp6:' pflog0.tcpdump 302b6589a98Sbluhm grep ' fe80::${N2}: HBH (type 0x03: len=0) icmp6:' pflog0.tcpdump 303b4d308b4Sbluhm ! grep '127.0.0.${N1}' pflog0.tcpdump 304b4d308b4Sbluhm ! grep 'fe80::${N1}' pflog0.tcpdump 305b4d308b4Sbluhm 306a2e32536Sbluhm# multicast with router alert 307a2e32536Sbluhm 308a2e32536SbluhmREGRESS_TARGETS += run-igmp 309a2e32536Sbluhmrun-igmp: stamp-bpf 3103a262c66Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}igmp_ra.py N1 3113a262c66Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}igmp_ra.py N2 312a2e32536Sbluhm 313a2e32536SbluhmREGRESS_TARGETS += run-icmp6-mld 314a2e32536Sbluhmrun-icmp6-mld: stamp-bpf 3153a262c66Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp6_mld_ra.py N1 3163a262c66Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp6_mld_ra.py N2 317a2e32536Sbluhm 318a2e32536SbluhmREGRESS_TARGETS += run-bpf-mcast 319a2e32536Sbluhmrun-bpf-mcast: stamp-stop 320a2e32536Sbluhm # Check that multicast protocol packet with router alert passed 3211a65535dSbluhm grep '127.0.0.${N2} > 224.0.0.1:\ 3221a65535dSbluhm igmp query .* IPOPT-148{4}' lo${N2}.tcpdump 3231a65535dSbluhm grep 'fe80::${N2} > ff02::1:\ 3241a65535dSbluhm HBH (rtalert:.* icmp6: multicast ' lo${N2}.tcpdump 325a2e32536Sbluhm ! grep '127.0.0.${N1}' pflog0.tcpdump 326a2e32536Sbluhm ! grep 'fe80::${N1}' pflog0.tcpdump 327a2e32536Sbluhm ! grep '127.0.0.${N2}' pflog0.tcpdump 328a2e32536Sbluhm ! grep 'fe80::${N2}' pflog0.tcpdump 3291a65535dSbluhm ! grep '224.0.0.1' pflog0.tcpdump 3301a65535dSbluhm ! grep 'ff02::1' pflog0.tcpdump 331a2e32536Sbluhm 332a2e32536SbluhmREGRESS_TARGETS += run-igmp-bad 333a2e32536Sbluhmrun-igmp-bad: stamp-bpf 3343a262c66Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}igmp_bad.py N1 3353a262c66Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}igmp_bad.py N2 336a2e32536Sbluhm 337a2e32536SbluhmREGRESS_TARGETS += run-icmp6-mld-bad 338a2e32536Sbluhmrun-icmp6-mld-bad: stamp-bpf 3393a262c66Sbluhm ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp6_mld_bad.py N1 3403a262c66Sbluhm ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp6_mld_bad.py N2 341a2e32536Sbluhm 342a2e32536SbluhmREGRESS_TARGETS += run-bpf-mcast-bad 343a2e32536Sbluhmrun-bpf-mcast-bad: stamp-stop 344a2e32536Sbluhm # Check that multicast protocol packet with options were blocked 3451a65535dSbluhm grep '127.0.0.${N2} > 224.0.0.1:\ 3461a65535dSbluhm igmp query .* IPOPT-3{4}' pflog0.tcpdump 3471a65535dSbluhm grep 'fe80::${N2} > ff02::1:\ 3481a65535dSbluhm HBH (type 0x03:.* icmp6: multicast ' pflog0.tcpdump 349a2e32536Sbluhm ! grep '127.0.0.${N1}' pflog0.tcpdump 350a2e32536Sbluhm ! grep 'fe80::${N1}' pflog0.tcpdump 351a2e32536Sbluhm 352b4d308b4SbluhmCLEANFILES += addr.py *.pyc *.tcpdump *.log stamp-* 353b4d308b4Sbluhm 354b4d308b4Sbluhm.include <bsd.regress.mk> 355