xref: /openbsd/regress/sys/netinet/frag/Makefile (revision d89ec533) 
1#	$OpenBSD: Makefile,v 1.11 2021/05/22 18:38:40 bluhm Exp $
2
3# The following ports must be installed:
4#
5# scapy               powerful interactive packet manipulation in python
6
7.if ! exists(/usr/local/bin/scapy)
8.BEGIN:
9	@true
10regress:
11	@echo Install scapy package to run this regress.
12	@echo SKIPPED
13.endif
14
15# This test needs a manual setup of two machines
16# Set up machines: LOCAL REMOTE
17# LOCAL is the machine where this makefile is running.
18# REMOTE is running OpenBSD with or without pf to test fragment reassemly
19# Enable echo udp in inetd.conf on REMOTE to test UDP fragments.
20# REMOTE_SSH is used to login and enable or disable pf automatically.
21
22# Configure addresses on the machines.
23# Adapt interface and addresse variables to your local setup.
24
25LOCAL_IF ?=	em1
26LOCAL_MAC ?=	00:1b:21:0e:6e:8e
27REMOTE_MAC ?=	00:04:23:b0:68:8e
28
29LOCAL_ADDR ?=	10.188.81.21
30REMOTE_ADDR ?=	10.188.81.22
31
32REMOTE_SSH ?=
33
34.if empty (LOCAL_IF) || empty (LOCAL_MAC) || empty (REMOTE_MAC) || \
35    empty (LOCAL_ADDR) || empty (REMOTE_ADDR) || empty (REMOTE_SSH)
36.BEGIN:
37	@true
38regress:
39	@echo This tests needs a remote machine to operate on.
40	@echo LOCAL_IF LOCAL_MAC REMOTE_MAC LOCAL_ADDR REMOTE_ADDR REMOTE_SSH
41	@echo Fill out these variables for additional tests.
42	@echo SKIPPED
43.endif
44
45.MAIN: all
46
47.if make (regress) || make (all)
48.BEGIN:
49	${SUDO} true
50	ssh -t ${REMOTE_SSH} ${SUDO} true
51	rm -f stamp-stack stamp-pf
52	@echo
53.endif
54
55# Create python include file containing the addresses.
56addr.py: Makefile
57	rm -f $@ $@.tmp
58	echo 'LOCAL_IF = "${LOCAL_IF}"' >>$@.tmp
59	echo 'LOCAL_MAC = "${LOCAL_MAC}"' >>$@.tmp
60	echo 'REMOTE_MAC = "${REMOTE_MAC}"' >>$@.tmp
61.for var in LOCAL_ADDR REMOTE_ADDR
62	echo '${var} = "${${var}}"' >>$@.tmp
63.endfor
64	mv $@.tmp $@
65
66# Set variables so that make runs with and without obj directory.
67# Only do that if necessary to keep visible output short.
68.if ${.CURDIR} == ${.OBJDIR}
69PYTHON =	python3 -u ./
70.else
71PYTHON =	PYTHONPATH=${.OBJDIR} python3 -u ${.CURDIR}/
72.endif
73
74stamp-stack:
75	rm -f stamp-stack stamp-pf
76	-ssh ${REMOTE_SSH} ${SUDO} pfctl -d
77	ssh ${REMOTE_SSH} ${SUDO} pfctl -a regress -Fr
78	date >$@
79
80stamp-pf: addr.py pf.conf
81	rm -f stamp-stack stamp-pf
82	cat addr.py ${.CURDIR}/pf.conf | /sbin/pfctl -n -f -
83	cat addr.py ${.CURDIR}/pf.conf | \
84	    ssh ${REMOTE_SSH} ${SUDO} pfctl -a regress -f -
85	-ssh ${REMOTE_SSH} ${SUDO} pfctl -e
86	date >$@
87
88REGRESS_TARGETS =
89FRAG_SCRIPTS !!=	cd ${.CURDIR} && ls -1 frag*.py
90
91run-stack-frag_maxpacket0.py:
92	# the stack allows fragments with data behind maximum packt length
93	@echo DISABLED
94
95run-stack-frag_mf0long.py:
96	# the stack allows fragments with data behind a fragment without MF
97	@echo DISABLED
98
99run-stack-frag_mf0short.py:
100	# the stack allows fragments without MF ending before other fragments
101	@echo DISABLED
102
103run-stack-frag_mf1end.py:
104	# the stack allows fragments with MF together with fragments without MF
105	@echo DISABLED
106
107run-stack-frag_queuelimit.py run-stack-frag_overlimit.py:
108	# the stack does not limit the amount of fragments during reassembly
109	@echo DISABLED
110
111.for sp in stack pf
112
113# Ping all addresses.  This ensures that the ip addresses are configured
114# and all routing table are set up to allow bidirectional packet flow.
115${sp}: run-${sp}-ping
116REGRESS_TARGETS +=	run-${sp}-ping
117run-${sp}-ping: stamp-${sp}
118.for ip in LOCAL_ADDR REMOTE_ADDR
119	@echo Check ping ${ip}:
120	ping -n -c 1 ${${ip}}
121.endfor
122
123# Ping all addresses again but with 5000 bytes payload.  These large
124# packets get fragmented by LOCAL and must be handled by REMOTE.
125${sp}: run-${sp}-fragping
126REGRESS_TARGETS +=	run-${sp}-fragping
127run-${sp}-fragping: stamp-${sp}
128.for ip in LOCAL_ADDR REMOTE_ADDR
129	@echo Check ping ${ip}:
130	ping -n -c 1 -s 5000 ${${ip}}
131.endfor
132
133.for s in ${FRAG_SCRIPTS}
134${sp}: run-${sp}-${s}
135REGRESS_TARGETS +=	run-${sp}-${s}
136run-${sp}-${s}: addr.py stamp-${sp}
137	${SUDO} ${PYTHON}${s}
138.endfor
139
140.endfor
141
142# After running the tests, turn on pf on remote machine.
143# This is the expected default configuration.
144REGRESS_CLEANUP +=	cleanup-pf
145cleanup-pf:
146	rm -f stamp-stack stamp-pf
147	ssh ${REMOTE_SSH} ${SUDO} pfctl -a regress -Fa
148	-ssh ${REMOTE_SSH} ${SUDO} pfctl -e || true
149
150CLEANFILES +=		addr.py *.pyc *.log stamp-*
151
152.PHONY: check-setup check-setup-local check-setup-remote
153
154# Check wether the address, route and remote setup is correct
155check-setup: check-setup-local check-setup-remote
156
157check-setup-local:
158	@echo '\n======== $@ ========'
159	ping -n -c 1 ${LOCAL_ADDR}  # LOCAL_ADDR
160	route -n get -inet ${LOCAL_ADDR} |\
161	    grep -q 'flags: .*LOCAL'  # LOCAL_ADDR
162	ping -n -c 1 ${REMOTE_ADDR}  # REMOTE_ADDR
163	route -n get -inet ${REMOTE_ADDR} |\
164	    grep -q 'interface: ${LOCAL_IF}$$'  # REMOTE_ADDR LOCAL_IF
165	arp -n ${REMOTE_ADDR} |\
166	    grep -q ' ${REMOTE_MAC} '  # REMOTE_ADDR REMOTE_MAC
167
168check-setup-remote:
169	@echo '\n======== $@ ========'
170	ssh ${REMOTE_SSH} ping -n -c 1 ${REMOTE_ADDR}  # REMOTE_ADDR
171	ssh ${REMOTE_SSH} route -n get -inet ${REMOTE_ADDR} |\
172	    grep -q 'flags: .*LOCAL'  # REMOTE_ADDR
173	ssh ${REMOTE_SSH} ping -n -c 1 ${LOCAL_ADDR}  # LOCAL_ADDR
174	ssh ${REMOTE_SSH} arp -n ${LOCAL_ADDR} |\
175	    grep -q ' ${LOCAL_MAC} '  # LOCAL_ADDR LOCAL_MAC
176
177.include <bsd.regress.mk>
178