1*427e22f8Santon# $OpenBSD: Makefile,v 1.10 2023/10/19 18:36:40 anton Exp $ 28476bea7Sbluhm 38476bea7Sbluhm# Copyright (c) 2021 Alexander Bluhm <bluhm@openbsd.org> 48476bea7Sbluhm# 58476bea7Sbluhm# Permission to use, copy, modify, and distribute this software for any 68476bea7Sbluhm# purpose with or without fee is hereby granted, provided that the above 78476bea7Sbluhm# copyright notice and this permission notice appear in all copies. 88476bea7Sbluhm# 98476bea7Sbluhm# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 108476bea7Sbluhm# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 118476bea7Sbluhm# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 128476bea7Sbluhm# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 138476bea7Sbluhm# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 148476bea7Sbluhm# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 158476bea7Sbluhm# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 168476bea7Sbluhm 178476bea7Sbluhm# Basic testing of the pflog(4) interface. Create special routing 18e668bc18Sbluhm# domain, load rules into pf(4) regress anchor, tcpdump on pflog, 198476bea7Sbluhm# send packets over lo(4), grep for expected result in tcpdump output. 208476bea7Sbluhm 218476bea7Sbluhm# This test uses routing domain 11 and pflog interface number 11, 12, 13. 228476bea7Sbluhm# Adjust it here, if you want to use something else. 238476bea7SbluhmN1 = 11 248476bea7SbluhmN2 = 12 258476bea7SbluhmN3 = 13 268476bea7SbluhmN = ${N1} 278476bea7SbluhmNUMS = ${N1} ${N2} ${N3} 2812def084SbluhmIPS = 1 2 3 4 5 6 11 12 14 298476bea7Sbluhm 308476bea7SbluhmUID !!= id -u 318476bea7Sbluhm 328476bea7Sbluhm.include <bsd.own.mk> 338476bea7Sbluhm 348476bea7Sbluhm.if ! (make(clean) || make(cleandir) || make(obj)) 358476bea7Sbluhm 363a262c66SbluhmPF_STATUS != ${SUDO} /sbin/pfctl -si | sed -n 's/^Status: \([^ ]*\) .*/\1/p' 378476bea7Sbluhm.if empty(PF_STATUS:MEnabled) 388476bea7Sbluhmregress: 398476bea7Sbluhm @echo pf status: "${PF_STATUS}" 408476bea7Sbluhm @echo Enable pf to run this regress. 418476bea7Sbluhm @echo SKIPPED 428476bea7Sbluhm.endif 438476bea7Sbluhm 444be5cdd0SantonPF_SKIP != ${SUDO} /sbin/pfctl -sI -v | sed -n 's/ (skip)//p' | \ 454be5cdd0Santon grep -w -e lo${N1} -e lo${N2} -e lo${N3} || : 464be5cdd0Santon.if ! empty(PF_SKIP) 478476bea7Sbluhmregress: 488476bea7Sbluhm @echo pf skip: "${PF_SKIP}" 494be5cdd0Santon @echo Do not set skip on interface lo, lo${N1}, lo${N2}, or lo${N3}. 508476bea7Sbluhm @echo SKIPPED 518476bea7Sbluhm.endif 528476bea7Sbluhm 533a262c66SbluhmPF_ANCHOR != ${SUDO} /sbin/pfctl -sr |\ 543a262c66Sbluhm sed -n 's/^anchor "\([^"]*\)" all$$/\1/p' 558476bea7Sbluhm.if empty(PF_ANCHOR:Mregress) 568476bea7Sbluhmregress: 578476bea7Sbluhm @echo pf anchor: "${PF_ANCHOR}" 588476bea7Sbluhm @echo Need anchor '"regress"' in pf.conf to load additional rules. 598476bea7Sbluhm @echo SKIPPED 608476bea7Sbluhm.endif 618476bea7Sbluhm 624c71f9caSbluhmSYSCTL_FORWARDING != sysctl net.inet.ip.forwarding 634c71f9caSbluhmSYSCTL_FORWARDING6 != sysctl net.inet6.ip6.forwarding 644c71f9caSbluhm.if ${SYSCTL_FORWARDING:C/.*=//} != 1 || ${SYSCTL_FORWARDING6:C/.*=//} != 1 654c71f9caSbluhm# Do not skip, but run tests. Although they fail, their packets are logged. 664c71f9caSbluhmREGRESS_EXPECTED_FAILURES = run-ping-14 run-ping6-14 674c71f9caSbluhm.endif 684c71f9caSbluhm 698476bea7Sbluhm.endif 708476bea7Sbluhm 718476bea7Sbluhm.PHONY: busy-rdomains ifconfig unconfig pfctl 728476bea7Sbluhm 738476bea7SbluhmREGRESS_SETUP_ONCE += busy-rdomains 748476bea7Sbluhmbusy-rdomains: 758476bea7Sbluhm # Check if rdomains are busy. 768476bea7Sbluhm @if /sbin/ifconfig | grep -v '^lo$N:' | grep ' rdomain $N '; then\ 778476bea7Sbluhm echo routing domain $N is already used >&2; exit 1; fi 788476bea7Sbluhm 798476bea7SbluhmREGRESS_SETUP_ONCE += ifconfig 808476bea7Sbluhmifconfig: unconfig 818476bea7Sbluhm # Create and configure pflog and loopback interfaces. 828476bea7Sbluhm.for n in ${NUMS} 833a262c66Sbluhm ${SUDO} /sbin/ifconfig pflog$n create 848476bea7Sbluhm.endfor 853a262c66Sbluhm ${SUDO} /sbin/ifconfig lo$N rdomain $N 863a262c66Sbluhm ${SUDO} /sbin/ifconfig lo$N inet 127.0.0.1/8 873a262c66Sbluhm ${SUDO} /sbin/ifconfig lo$N inet6 ::1/128 8812def084Sbluhm.for i in ${IPS} 21 22 23 24 893a262c66Sbluhm ${SUDO} /sbin/ifconfig lo$N inet 169.254.0.$i/32 alias 903a262c66Sbluhm ${SUDO} /sbin/ifconfig lo$N inet6 fc00::$i/128 918476bea7Sbluhm.endfor 923a262c66Sbluhm # Wait until IPv6 addresses are no longer tentative. 933a262c66Sbluhm for i in `jot 50`; do\ 943a262c66Sbluhm if ! { /sbin/ifconfig pair${N1}; /sbin/ifconfig pair${N2};\ 953a262c66Sbluhm /sbin/ifconfig lo${N3}; } | fgrep -q tentative; then\ 963a262c66Sbluhm break;\ 973a262c66Sbluhm fi;\ 983a262c66Sbluhm sleep .1;\ 993a262c66Sbluhm done 1003a262c66Sbluhm ! { /sbin/ifconfig pair${N1}; /sbin/ifconfig pair${N2};\ 1013a262c66Sbluhm /sbin/ifconfig lo${N3}; } | fgrep tentative 1023a262c66Sbluhm 1038476bea7Sbluhm 1048476bea7SbluhmREGRESS_CLEANUP += unconfig 1058476bea7Sbluhmunconfig: stamp-stop 1068476bea7Sbluhm # Destroy interfaces. 1073a262c66Sbluhm -${SUDO} /sbin/ifconfig lo$N rdomain $N 10812def084Sbluhm.for i in ${IPS} 21 22 23 24 1093a262c66Sbluhm -${SUDO} /sbin/ifconfig lo$N inet 169.254.0.$i delete 1103a262c66Sbluhm -${SUDO} /sbin/ifconfig lo$N inet6 fc00::$i delete 1118476bea7Sbluhm.endfor 1123a262c66Sbluhm -${SUDO} /sbin/ifconfig lo$N inet 127.0.0.1 delete 1133a262c66Sbluhm -${SUDO} /sbin/ifconfig lo$N inet6 ::1 delete 1148476bea7Sbluhm.for n in ${NUMS} 1153a262c66Sbluhm -${SUDO} /sbin/ifconfig pflog$n destroy 1168476bea7Sbluhm.endfor 117*427e22f8Santon -${SUDO} /sbin/ifconfig lo$N destroy 1188476bea7Sbluhm rm -f stamp-ifconfig 1198476bea7Sbluhm 1208476bea7Sbluhmaddr.py: Makefile 1218476bea7Sbluhm # Create python include file containing the addresses. 1228476bea7Sbluhm rm -f $@ $@.tmp 1238476bea7Sbluhm echo 'N="$N"' >>$@.tmp 1248476bea7Sbluhm echo 'LO="lo$N"' >>$@.tmp 1258476bea7Sbluhm.for var in N1 N2 N3 1268476bea7Sbluhm echo '${var}="${${var}}"' >>$@.tmp 1278476bea7Sbluhm echo 'PFLOG_${var}="pflog${${var}}"' >>$@.tmp 1288476bea7Sbluhm.endfor 1298476bea7Sbluhm mv $@.tmp $@ 1308476bea7Sbluhm 1318476bea7SbluhmREGRESS_SETUP_ONCE += pfctl 1328476bea7Sbluhmpfctl: addr.py pf.conf 1338476bea7Sbluhm # Load the pf rules into the kernel. 1348476bea7Sbluhm cat addr.py ${.CURDIR}/pf.conf | /sbin/pfctl -n -f - 1353a262c66Sbluhm cat addr.py ${.CURDIR}/pf.conf | ${SUDO} /sbin/pfctl -a regress -f - 1368476bea7Sbluhm 1378476bea7Sbluhm# Run tcpdump on pflog devices. 1388476bea7SbluhmDUMPCMD = /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni 1398476bea7Sbluhm 1408476bea7Sbluhmstamp-bpf: stamp-bpf-${N1} stamp-bpf-${N2} stamp-bpf-${N3} 1418476bea7Sbluhm sleep 2 # XXX 1428476bea7Sbluhm @date >$@ 1438476bea7Sbluhm 1448476bea7Sbluhm.for n in ${NUMS} 1458476bea7Sbluhm 1468476bea7Sbluhmstamp-bpf-$n: stamp-ifconfig 1478476bea7Sbluhm rm -f pflog$n.tcpdump 1488476bea7Sbluhm ${SUDO} pkill -f '^${DUMPCMD} pflog$n' || true 1498476bea7Sbluhm ${SUDO} ${DUMPCMD} pflog$n >pflog$n.tcpdump & 1508476bea7Sbluhm rm -f stamp-stop 1518476bea7Sbluhm @date >$@ 1528476bea7Sbluhm 1538476bea7Sbluhm.endfor 1548476bea7Sbluhm 1558476bea7Sbluhmstamp-stop: 1568476bea7Sbluhm sleep 2 # XXX 1578476bea7Sbluhm -${SUDO} pkill -f '^${DUMPCMD}' 1588476bea7Sbluhm rm -f stamp-bpf* 1598476bea7Sbluhm @date >$@ 1608476bea7Sbluhm 1618476bea7Sbluhm.for i in ${IPS} 1628476bea7SbluhmREGRESS_TARGETS += run-ping-$i 1638476bea7Sbluhmrun-ping-$i: stamp-bpf 1643a262c66Sbluhm /sbin/ping -n -w 1 -c 1 -V $N 169.254.0.$i 1658476bea7Sbluhm 166e668bc18SbluhmREGRESS_TARGETS += run-ping6-$i 167e668bc18Sbluhmrun-ping6-$i: stamp-bpf 1683a262c66Sbluhm /sbin/ping6 -n -w 1 -c 1 -V $N fc00::$i 169e668bc18Sbluhm 1708476bea7SbluhmREGRESS_TARGETS += run-udp-$i 1718476bea7Sbluhmrun-udp-$i: stamp-bpf 17281b25c19Sbluhm # ignore errors, just send packet fast 17312def084Sbluhm echo foo | nc -u -w 1 -V $N 169.254.0.$i discard & 174e668bc18Sbluhm 175e668bc18SbluhmREGRESS_TARGETS += run-udp6-$i 176e668bc18Sbluhmrun-udp6-$i: stamp-bpf 17781b25c19Sbluhm # ignore errors, just send packet fast 17881b25c19Sbluhm echo foo | nc -u -w 1 -V $N fc00::$i discard & 1798476bea7Sbluhm.endfor 1808476bea7Sbluhm 181e668bc18SbluhmREGRESS_TARGETS += run-ping6-0 182e668bc18Sbluhmrun-ping6-0: stamp-bpf 1833a262c66Sbluhm /sbin/ping6 -n -w 1 -c 1 -V $N ::1 184e668bc18Sbluhm 185e668bc18SbluhmREGRESS_TARGETS += run-udp6-0 186e668bc18Sbluhmrun-udp6-0: stamp-bpf 187e668bc18Sbluhm echo foo | nc -u -w 1 -V $N ::1 discard 188e668bc18Sbluhm 1898476bea7Sbluhm.for n in ${NUMS} 1908476bea7SbluhmREGRESS_TARGETS += run-bpf-$n 1918476bea7Sbluhmrun-bpf-$n: stamp-stop 192e668bc18Sbluhm # show full logs 1938476bea7Sbluhm cat pflog$n.tcpdump 1948476bea7Sbluhm.endfor 1958476bea7Sbluhm 1968476bea7SbluhmREGRESS_TARGETS += run-bpf-nothing 1978476bea7Sbluhmrun-bpf-nothing: stamp-stop 1988476bea7Sbluhm # rule with pflog${N3} is never used 1998476bea7Sbluhm ! grep . pflog${N3}.tcpdump 2008476bea7Sbluhm 2018476bea7SbluhmREGRESS_TARGETS += run-bpf-everything 2028476bea7Sbluhmrun-bpf-everything: stamp-stop 2038476bea7Sbluhm # rule with pflog${N2} matches on every packet 2048476bea7Sbluhm.for i in ${IPS} 20512def084Sbluhm grep 'regress\.1/.* > 169.254.0.$i:' pflog${N2}.tcpdump 2068476bea7Sbluhm.endfor 2078476bea7Sbluhm 208e668bc18SbluhmREGRESS_TARGETS += run-bpf-everything6 209e668bc18Sbluhmrun-bpf-everything6: stamp-stop 210e668bc18Sbluhm # rule with pflog${N2} matches on every packet 211e668bc18Sbluhm.for i in ${IPS} 21281b25c19Sbluhm grep 'regress\.1/.* > fc00::$i:' pflog${N2}.tcpdump 213e668bc18Sbluhm.endfor 214e668bc18Sbluhm 2158476bea7SbluhmREGRESS_TARGETS += run-bpf-all 2168476bea7Sbluhmrun-bpf-all: stamp-stop 2178476bea7Sbluhm # reply without keep state 21812def084Sbluhm grep 'regress\.3/.* 169.254.0.1 > 169.254.0.1:\ 21912def084Sbluhm icmp: echo request' pflog${N1}.tcpdump 22012def084Sbluhm grep 'regress\.3/.* 169.254.0.1 > 169.254.0.1:\ 22112def084Sbluhm icmp: echo reply' pflog${N1}.tcpdump 2228476bea7Sbluhm # no reply with keep state and without all 22312def084Sbluhm grep 'regress\.4/.* 169.254.0.2 > 169.254.0.2:\ 22412def084Sbluhm icmp: echo request' pflog${N1}.tcpdump 22512def084Sbluhm ! grep 'regress\.4/.* 169.254.0.2 >169.254.0.2:\ 22612def084Sbluhm icmp: echo reply' pflog${N1}.tcpdump 2278476bea7Sbluhm # reply with keep state and with all 22812def084Sbluhm grep 'regress\.5/.* 169.254.0.3 > 169.254.0.3:\ 22912def084Sbluhm icmp: echo request' pflog${N1}.tcpdump 2308476bea7Sbluhm # XXX anchor name missing 23112def084Sbluhm grep '/.* 169.254.0.3 > 169.254.0.3:\ 23212def084Sbluhm icmp: echo reply' pflog${N1}.tcpdump 233e668bc18Sbluhm 234e668bc18SbluhmREGRESS_TARGETS += run-bpf-all6 235e668bc18Sbluhmrun-bpf-all6: stamp-stop 236e668bc18Sbluhm # reply without keep state 23712def084Sbluhm grep 'regress\.11/.* fc00::1 > fc00::1:\ 23812def084Sbluhm icmp6: echo request' pflog${N1}.tcpdump 23912def084Sbluhm grep 'regress\.11/.* fc00::1 > fc00::1:\ 24012def084Sbluhm icmp6: echo reply' pflog${N1}.tcpdump 241e668bc18Sbluhm # no reply with keep state and without all 24212def084Sbluhm grep 'regress\.12/.* fc00::2 > fc00::2:\ 24312def084Sbluhm icmp6: echo request' pflog${N1}.tcpdump 24412def084Sbluhm ! grep 'regress\.12/.* fc00::2 > fc00::2:\ 24512def084Sbluhm icmp6: echo reply' pflog${N1}.tcpdump 246e668bc18Sbluhm # reply with keep state and with all 24712def084Sbluhm grep 'regress\.13/.* fc00::3 > fc00::3:\ 24812def084Sbluhm icmp6: echo request' pflog${N1}.tcpdump 249e668bc18Sbluhm # XXX anchor name missing 25012def084Sbluhm grep '/.* fc00::3 > fc00::3:\ 25112def084Sbluhm icmp6: echo reply' pflog${N1}.tcpdump 2528476bea7Sbluhm 2538476bea7SbluhmREGRESS_TARGETS += run-bpf-user 2548476bea7Sbluhmrun-bpf-user: stamp-stop 2558476bea7Sbluhm # out rule creates log entry with uid 2568476bea7Sbluhm grep 'regress\.6/.* pass out on lo$N: \[uid ${UID}, pid [0-9]*\]\ 25712def084Sbluhm 169.254.0.4\.[0-9]* > 169.254.0.4\.9:\ 25812def084Sbluhm .* udp [0-9]' pflog${N1}.tcpdump 2598476bea7Sbluhm # in rule has no uid at log entry 2608476bea7Sbluhm grep 'regress\.6/.* pass in on lo$N:\ 26112def084Sbluhm 169.254.0.4\.[0-9]* > 169.254.0.4\.9:\ 26212def084Sbluhm .* udp [0-9]' pflog${N1}.tcpdump 2638476bea7Sbluhm # icmp has no uid at log entry 2648476bea7Sbluhm grep 'regress\.6/.* pass out on lo$N:\ 26512def084Sbluhm 169.254.0.4 > 169.254.0\.4:\ 26612def084Sbluhm icmp: echo request' pflog${N1}.tcpdump 26786338b0dSbluhm # rule without user has no uid in log entry 26886338b0dSbluhm grep 'regress\.3/.* pass out on lo$N:\ 26912def084Sbluhm 169.254.0.1\.[0-9]* > 169.254.0.1\.9:\ 27012def084Sbluhm .* udp [0-9]' pflog${N1}.tcpdump 2718476bea7Sbluhm 272e668bc18SbluhmREGRESS_TARGETS += run-bpf-user6 273e668bc18Sbluhmrun-bpf-user6: stamp-stop 274e668bc18Sbluhm # out rule creates log entry with uid 275e668bc18Sbluhm grep 'regress\.14/.* pass out on lo$N: \[uid ${UID}, pid [0-9]*\]\ 27612def084Sbluhm fc00::4\.[0-9]* > fc00::4\.9:.* udp [0-9]' pflog${N1}.tcpdump 277e668bc18Sbluhm # in rule has no uid at log entry 278e668bc18Sbluhm grep 'regress\.14/.* pass in on lo$N:\ 27912def084Sbluhm fc00::4\.[0-9]* > fc00::4\.9:.* udp [0-9]' pflog${N1}.tcpdump 280e668bc18Sbluhm # icmp has no uid at log entry 281e668bc18Sbluhm grep 'regress\.14/.* pass out on lo$N:\ 28212def084Sbluhm fc00::4 > fc00::4: icmp6: echo request' pflog${N1}.tcpdump 283e668bc18Sbluhm # rule without user has no uid in log entry 284e668bc18Sbluhm grep 'regress\.11/.* pass out on lo$N:\ 28512def084Sbluhm fc00::1\.[0-9]* > fc00::1\.9:.* udp [0-9]' pflog${N1}.tcpdump 286e668bc18Sbluhm 287e668bc18Sbluhmrun-bpf-matches run-bpf-matches6: 2888476bea7Sbluhm # XXX The log matches keyword seems to be totally broken. 2898476bea7Sbluhm # pf_log_matches() is never called. Investigate later. 2908476bea7Sbluhm @echo DISABLED 2918476bea7Sbluhm 2928476bea7SbluhmREGRESS_TARGETS += run-bpf-matches 2938476bea7Sbluhmrun-bpf-matches: stamp-stop 29412def084Sbluhm grep 'regress\.9/.* .*: 169.254.0.6 > 169.254.0.6:\ 29512def084Sbluhm icmp: echo request' pflog${N1}.tcpdump 2968476bea7Sbluhm ! grep 'regress\.8/.* icmp: echo request' pflog${N1}.tcpdump 2978476bea7Sbluhm ! grep 'regress\.7/.* icmp: echo request' pflog${N1}.tcpdump 2988476bea7Sbluhm 29981b25c19SbluhmREGRESS_TARGETS += run-bpf-rdr 30081b25c19Sbluhmrun-bpf-rdr: stamp-stop 30181b25c19Sbluhm # loopback input logs redirected packet 3021ee80485Sbluhm grep 'regress\.2/.* pass in .*:.* 169.254.0.11 > 169.254.0.21:\ 30381b25c19Sbluhm icmp: echo request' pflog${N1}.tcpdump 30481b25c19Sbluhm # loopback output redirects and logs original packet 3051ee80485Sbluhm grep 'regress\.18/.* pass out .*:.* 169.254.0.11 > 169.254.0.11:\ 30681b25c19Sbluhm icmp: echo request' pflog${N1}.tcpdump 30781b25c19Sbluhm 30881b25c19SbluhmREGRESS_TARGETS += run-bpf-rdr6 30981b25c19Sbluhmrun-bpf-rdr6: stamp-stop 31081b25c19Sbluhm # loopback input logs redirected packet 3111ee80485Sbluhm grep 'regress\.10/.* pass in .*:.* fc00::11 > fc00::21:\ 31281b25c19Sbluhm icmp6: echo request' pflog${N1}.tcpdump 31381b25c19Sbluhm # loopback output redirects and logs original packet 3141ee80485Sbluhm grep 'regress\.20/.* pass out .*:.* fc00::11 > fc00::11:\ 31581b25c19Sbluhm icmp6: echo request' pflog${N1}.tcpdump 31681b25c19Sbluhm 31712def084SbluhmREGRESS_TARGETS += run-bpf-nat 31812def084Sbluhmrun-bpf-nat: stamp-stop 31912def084Sbluhm # loopback input logs redirected packet 3201ee80485Sbluhm grep 'regress\.2/.* pass in .*:.* 169.254.0.22 > 169.254.0.12:\ 32112def084Sbluhm icmp: echo request' pflog${N1}.tcpdump 32212def084Sbluhm # loopback output redirects and logs original packet 3231ee80485Sbluhm grep 'regress\.19/.* pass out .*:.* 169.254.0.12 > 169.254.0.12:\ 32412def084Sbluhm icmp: echo request' pflog${N1}.tcpdump 32512def084Sbluhm 32681b25c19SbluhmREGRESS_TARGETS += run-bpf-nat6 32781b25c19Sbluhmrun-bpf-nat6: stamp-stop 32881b25c19Sbluhm # loopback input logs redirected packet 3291ee80485Sbluhm grep 'regress\.10/.* pass in .*:.* fc00::22 > fc00::12:\ 33081b25c19Sbluhm icmp6: echo request' pflog${N1}.tcpdump 33181b25c19Sbluhm # loopback output redirects and logs original packet 3321ee80485Sbluhm grep 'regress\.21/.* pass out .*:.* fc00::12 > fc00::12:\ 33381b25c19Sbluhm icmp6: echo request' pflog${N1}.tcpdump 33481b25c19Sbluhm 33512def084SbluhmREGRESS_TARGETS += run-bpf-af 33612def084Sbluhmrun-bpf-af: stamp-stop 33712def084Sbluhm # pf in rule logs original IPv4 packet 3381ee80485Sbluhm grep 'regress\.22/.* pass in .*:.* 169.254.0.14 > 169.254.0.14:\ 3391ee80485Sbluhm icmp: echo request' pflog${N1}.tcpdump 34012def084Sbluhm 34112def084SbluhmREGRESS_TARGETS += run-bpf-af6 34212def084Sbluhmrun-bpf-af6: stamp-stop 34312def084Sbluhm # pf in rule logs original IPv6 packet 3441ee80485Sbluhm grep 'regress\.23/.* pass in .*:.* fc00::14 > fc00::14:\ 3451ee80485Sbluhm icmp6: echo request' pflog${N1}.tcpdump 3461ee80485Sbluhm 3471ee80485SbluhmREGRESS_TARGETS += run-bpf-rewrite 3481ee80485Sbluhmrun-bpf-rewrite: stamp-stop 3491ee80485Sbluhm # rdr-to address has been rewritten 3501ee80485Sbluhm grep '\[rewritten: src 169.254.0.11:[0-9]*, dst 169.254.0.21:[0-9]*\]\ 3511ee80485Sbluhm 169.254.0.11 > 169.254.0.11' pflog${N1}.tcpdump 3521ee80485Sbluhm # nat-to address has been rewritten 3531ee80485Sbluhm grep '\[rewritten: src 169.254.0.22:[0-9]*, dst 169.254.0.12:[0-9]*\]\ 3541ee80485Sbluhm 169.254.0.12 > 169.254.0.12' pflog${N1}.tcpdump 3551ee80485Sbluhm # af-to address has been rewritten 3561ee80485Sbluhm grep '\[rewritten: src fc00::23:[0-9]*, dst fc00::24:[0-9]*\]\ 3571ee80485Sbluhm 169.254.0.14 > 169.254.0.14' pflog${N1}.tcpdump 3581ee80485Sbluhm 3591ee80485SbluhmREGRESS_TARGETS += run-bpf-rewrite6 3601ee80485Sbluhmrun-bpf-rewrite6: stamp-stop 3611ee80485Sbluhm # rdr-to address has been rewritten 3621ee80485Sbluhm grep '\[rewritten: src fc00::11:[0-9]*, dst fc00::21:[0-9]*\]\ 3631ee80485Sbluhm fc00::11 > fc00::11' pflog${N1}.tcpdump 3641ee80485Sbluhm # nat-to address has been rewritten 3651ee80485Sbluhm grep '\[rewritten: src fc00::22:[0-9]*, dst fc00::12:[0-9]*\]\ 3661ee80485Sbluhm fc00::12 > fc00::12' pflog${N1}.tcpdump 3671ee80485Sbluhm # af-to address has been rewritten 3681ee80485Sbluhm grep '\[rewritten: src 169.254.0.23:[0-9]*, dst 169.254.0.24:[0-9]*\]\ 3691ee80485Sbluhm fc00::14 > fc00::14' pflog${N1}.tcpdump 37012def084Sbluhm 3718476bea7SbluhmCLEANFILES += addr.py *.pyc *.tcpdump *.log stamp-* 3728476bea7Sbluhm 3738476bea7Sbluhm.include <bsd.regress.mk> 374