1# $OpenBSD: Makefile,v 1.25 2019/05/10 02:22:34 bluhm Exp $ 2 3# The following ports must be installed: 4# 5# python-2.7 interpreted object-oriented programming language 6# scapy powerful interactive packet manipulation in python 7 8.if ! exists(/usr/local/bin/python2.7) || ! exists(/usr/local/bin/scapy) 9.BEGIN: 10 @true 11regress: 12 @echo Install python and the scapy module for additional tests. 13 @echo SKIPPED 14.endif 15 16# This test needs a manual setup of two machines 17# Set up machines: LOCAL REMOTE 18# LOCAL is the machine where this makefile is running. 19# REMOTE is running OpenBSD with or without pf to test fragment reassemly 20# Enable echo udp6 in inetd.conf on REMOTE to test UDP fragments. 21# REMOTE_SSH is used to login and enable or disable pf automatically. 22 23# Configure addresses on the machines. 24# Adapt interface and addresse variables to your local setup. 25 26LOCAL_IF ?= em1 27LOCAL_MAC ?= 00:1b:21:0e:6e:8e 28REMOTE_MAC ?= 00:04:23:b0:68:8e 29 30LOCAL_ADDR6 ?= fdd7:e83e:66bc:81::21 31REMOTE_ADDR6 ?= fdd7:e83e:66bc:81::22 32 33REMOTE_SSH ?= 34 35.if empty (LOCAL_IF) || empty (LOCAL_MAC) || empty (REMOTE_MAC) || \ 36 empty (LOCAL_ADDR6) || empty (REMOTE_ADDR6) || empty (REMOTE_SSH) 37.BEGIN: 38 @true 39regress: 40 @echo This tests needs a remote machine to operate on. 41 @echo LOCAL_IF LOCAL_MAC REMOTE_MAC LOCAL_ADDR6 REMOTE_ADDR6 REMOTE_SSH 42 @echo Fill out these variables for additional tests. 43 @echo SKIPPED 44.endif 45 46.MAIN: all 47 48.if make (regress) || make (all) 49.BEGIN: 50 @echo 51 ${SUDO} true 52 ssh -t ${REMOTE_SSH} ${SUDO} true 53 rm -f stamp-stack stamp-pf 54.endif 55 56# Create python include file containing the addresses. 57addr.py: Makefile 58 rm -f $@ $@.tmp 59 echo 'LOCAL_IF = "${LOCAL_IF}"' >>$@.tmp 60 echo 'LOCAL_MAC = "${LOCAL_MAC}"' >>$@.tmp 61 echo 'REMOTE_MAC = "${REMOTE_MAC}"' >>$@.tmp 62.for var in LOCAL_ADDR REMOTE_ADDR 63 echo '${var}6 = "${${var}6}"' >>$@.tmp 64.endfor 65 mv $@.tmp $@ 66 67# Set variables so that make runs with and without obj directory. 68# Only do that if necessary to keep visible output short. 69.if ${.CURDIR} == ${.OBJDIR} 70PYTHON = python2.7 -u ./ 71.else 72PYTHON = PYTHONPATH=${.OBJDIR} python2.7 -u ${.CURDIR}/ 73.endif 74 75stamp-stack: 76 @echo '\n======== $@ ========' 77 rm -f stamp-stack stamp-pf 78 -ssh ${REMOTE_SSH} ${SUDO} pfctl -d 79 ssh ${REMOTE_SSH} ${SUDO} pfctl -a regress -Fr 80 date >$@ 81 82stamp-pf: addr.py pf.conf 83 @echo '\n======== $@ ========' 84 rm -f stamp-stack stamp-pf 85 cat addr.py ${.CURDIR}/pf.conf | pfctl -n -f - 86 cat addr.py ${.CURDIR}/pf.conf | \ 87 ssh ${REMOTE_SSH} ${SUDO} pfctl -a regress -f - 88 -ssh ${REMOTE_SSH} ${SUDO} pfctl -e 89 date >$@ 90 91FRAG6_SCRIPTS !!= cd ${.CURDIR} && ls -1 frag6*.py 92 93run-stack-frag6_queuelimit.py: 94 @echo '\n======== $@ ========' 95 # the stack does not limit the amount of fragments during reassembly 96 @echo DISABLED 97 98.for sp in stack pf 99 100# Ping all addresses. This ensures that the ip addresses are configured 101# and all routing table are set up to allow bidirectional packet flow. 102${sp}: run-${sp}-ping6 103REGRESS_TARGETS += run-${sp}-ping6 104run-${sp}-ping6: stamp-${sp} 105 @echo '\n======== $@ ========' 106.for ip in LOCAL_ADDR REMOTE_ADDR 107 @echo Check ping6 ${ip}6: 108 ping6 -n -c 1 ${${ip}6} 109.endfor 110 111# Ping all addresses again but with 5000 bytes payload. These large 112# packets get fragmented by LOCAL and must be handled by REMOTE. 113${sp}: run-${sp}-fragping6 114REGRESS_TARGETS += run-${sp}-fragping6 115run-${sp}-fragping6: stamp-${sp} 116 @echo '\n======== $@ ========' 117.for ip in LOCAL_ADDR REMOTE_ADDR 118 @echo Check ping6 ${ip}6: 119 ping6 -n -c 1 -s 5000 -m ${${ip}6} 120.endfor 121 122.for s in ${FRAG6_SCRIPTS} 123${sp}: run-${sp}-${s} 124REGRESS_TARGETS += run-${sp}-${s} 125run-${sp}-${s}: addr.py stamp-${sp} 126 @echo '\n======== $@ ========' 127 ${SUDO} ${PYTHON}${s} 128.endfor 129 130.endfor 131 132# After running the tests, turn on pf on remote machine. 133# This is the expected default configuration. 134REGRESS_CLEANUP += cleanup-pf 135cleanup-pf: 136 rm -f stamp-stack stamp-pf 137 ssh ${REMOTE_SSH} ${SUDO} pfctl -a regress -Fa 138 -ssh ${REMOTE_SSH} ${SUDO} pfctl -e || true 139 140CLEANFILES += addr.py *.pyc *.log stamp-* 141 142.PHONY: check-setup check-setup-local check-setup-remote 143 144# Check wether the address, route and remote setup is correct 145check-setup: check-setup-local check-setup-remote 146 147check-setup-local: 148 @echo '\n======== $@ ========' 149 ping6 -n -c 1 ${LOCAL_ADDR6} # LOCAL_ADDR6 150 route -n get -inet6 ${LOCAL_ADDR6} |\ 151 grep -q 'flags: .*LOCAL' # LOCAL_ADDR6 152 ping6 -n -c 1 ${REMOTE_ADDR6} # REMOTE_ADDR6 153 route -n get -inet6 ${REMOTE_ADDR6} |\ 154 grep -q 'interface: ${LOCAL_IF}$$' # REMOTE_ADDR6 LOCAL_IF 155 ndp -n ${REMOTE_ADDR6} |\ 156 grep -q ' ${REMOTE_MAC} ' # REMOTE_ADDR6 REMOTE_MAC 157 158check-setup-remote: 159 @echo '\n======== $@ ========' 160 ssh ${REMOTE_SSH} ping6 -n -c 1 ${REMOTE_ADDR6} # REMOTE_ADDR6 161 ssh ${REMOTE_SSH} route -n get -inet6 ${REMOTE_ADDR6} |\ 162 grep -q 'flags: .*LOCAL' # REMOTE_ADDR6 163 ssh ${REMOTE_SSH} ping6 -n -c 1 ${LOCAL_ADDR6} # LOCAL_ADDR6 164 ssh ${REMOTE_SSH} ndp -n ${LOCAL_ADDR6} |\ 165 grep -q ' ${LOCAL_MAC} ' # LOCAL_ADDR6 LOCAL_MAC 166 ssh ${REMOTE_SSH} route -n get -inet6 ${FAKE_NET_ADDR6} |\ 167 grep -q 'gateway: ${LOCAL_ADDR6}' # FAKE_NET_ADDR6 LOCAL_ADDR6 168 ssh ${REMOTE_SSH} netstat -na -f inet6 -p udp | fgrep ' *.7 ' 169 170.include <bsd.regress.mk> 171