-# $OpenBSD: Makefile,v 1.5 2014/07/12 21:41:49 bluhm Exp $
+# $OpenBSD: Makefile,v 1.6 2014/07/12 22:43:31 bluhm Exp $
# The following ports must be installed:
#
@echo check wether your test machines are set up properly
.endif
-# pf rules on PF must look like this:
-#
-# pass to { $PF_IN/24 $PF_IN6/64 }
-# pass to { $RT_IN/24 $RT_IN6/64 }
-# pass to { $ECO_IN/24 $DST_IN6/64 }
-# pass to { $RDR_IN/24 $RDR_IN6/64 }
-#
-# pass in to $RDR_IN/24 rdr-to $ECO_IN tag rdr
-# pass out nat-to $PF_OUT tagged rdr
-# pass in to $RDR_IN6/64 rdr-to $ECO_IN6 tag rdr
-# pass out nat-to $PF_OUT6 tagged rdr
+.MAIN: all
-# pass in to $AF_IN/24 af-to inet6 from $PF_OUT6 to $ECO_IN6/120 tag af
-# pass out inet6 tagged af
-# pass in to $AF_IN6/64 af-to inet from $PF_OUT to $ECO_IN/24 tag af
-# pass out inet tagged af
+.if ! empty (PF_SSH)
+.if make (regress) || make (all)
+.BEGIN: pf.conf addr.py
+ @echo
+ ${SUDO} true
+ ssh -t ${PF_SSH} ${SUDO} true
+ rm -f stamp-pfctl
+.endif
+.endif
# Currently these test fail as pf does not fix the checksum of
# NATed packets inside of icmp packets.
.endfor
mv $@.tmp $@
+# load the pf rules into the kernel of the PF machine
+stamp-pfctl: addr.py
+ cat addr.py ${.CURDIR}/pf.conf | \
+ ssh ${PF_SSH} ${SUDO} pfctl -a regress -f -
+ @date >$@
+
# Set variables so that make runs with and without obj directory.
# Only do that if necessary to keep visible output short.
.if ${.CURDIR} == ${.OBJDIR}
# by PF and handled by ECO.
TARGETS += ping ping6
-run-regress-ping:
+run-regress-ping: stamp-pfctl
@echo '\n======== $@ ========'
.for ip in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT ECO_IN RDR_IN AF_IN
@echo Check ping ${ip}:
ping -n -c 1 ${${ip}}
.endfor
-run-regress-ping6:
+run-regress-ping6: stamp-pfctl
@echo '\n======== $@ ========'
.for ip in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT ECO_IN RDR_IN AF_IN
@echo Check ping ${ip}6:
# quoted packet are the same.
TARGETS += ping-mtu ping6-mtu
-run-regress-ping-mtu: addr.py
+run-regress-ping-mtu: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check path MTU to ${ip} is 1300
@echo Check path MTU to AF_IN is 1280
${SUDO} ${PYTHON}ping_mtu.py ${AF_IN} 1280
-run-regress-ping6-mtu: addr.py
+run-regress-ping6-mtu: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check path MTU to ${ip}6 is 1300
# The response must arrive in 1 second.
TARGETS += udp udp6
-run-regress-udp:
+run-regress-udp: stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN AF_IN
@echo Check udp ${ip}:
( echo $$$$ | nc -u ${${ip}} 7 & sleep 1; kill $$! ) | grep $$$$
.endfor
-run-regress-udp6:
+run-regress-udp6: stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN AF_IN
@echo Check udp ${ip}6:
# Count the reflected bytes and compare with the transmitted ones.
TARGETS += tcp tcp6
-run-regress-tcp:
+run-regress-tcp: stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN AF_IN
@echo Check tcp ${ip}:
openssl rand 200000 | nc ${${ip}} 7 | wc -c | grep '200000$$'
.endfor
-run-regress-tcp6:
+run-regress-tcp6: stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN AF_IN
@echo Check tcp ${ip}6:
REGRESS_TARGETS = ${TARGETS:S/^/run-regress-/}
-CLEANFILES += addr.py *.pyc *.log
+CLEANFILES += addr.py *.pyc *.log stamp-*
.PHONY: check-setup
-# $OpenBSD: Makefile,v 1.8 2014/07/12 21:41:49 bluhm Exp $
+# $OpenBSD: Makefile,v 1.9 2014/07/12 22:43:31 bluhm Exp $
# The following ports must be installed:
#
@echo check wether your test machines are set up properly
.endif
-# pf rules on PF must look like this:
-#
-# pass to { $PF_IN/24 $PF_IN6/64 }
-# pass to { $RT_IN/24 $RT_IN6/64 }
-# pass to { $ECO_IN/24 $DST_IN6/64 }
-# pass to { $RDR_IN/24 $RDR_IN6/64 }
-#
-# pass in to $RDR_IN/24 rdr-to $ECO_IN allow-opts tag rdr
-# pass out nat-to $PF_OUT allow-opts tagged rdr
-# pass in to $RDR_IN6/64 rdr-to $ECO_IN6 allow-opts tag rdr
-# pass out nat-to $PF_OUT6 allow-opts tagged rdr
+.MAIN: all
+
+.if ! empty (PF_SSH)
+.if make (regress) || make (all)
+.BEGIN: pf.conf addr.py
+ @echo
+ ${SUDO} true
+ ssh -t ${PF_SSH} ${SUDO} true
+ rm -f stamp-pfctl
+.endif
+.endif
# Currently these test fail as pf does not fix the checksum of
# NATed packets inside of icmp packets.
.endfor
mv $@.tmp $@
+# load the pf rules into the kernel of the PF machine
+stamp-pfctl: addr.py
+ cat addr.py ${.CURDIR}/pf.conf | \
+ ssh ${PF_SSH} ${SUDO} pfctl -a regress -f -
+ @date >$@
+
# Set variables so that make runs with and without obj directory.
# Only do that if necessary to keep visible output short.
.if ${.CURDIR} == ${.OBJDIR}
# by PF and handled by ECO.
TARGETS += ping ping6
-run-regress-ping:
+run-regress-ping: stamp-pfctl
@echo '\n======== $@ ========'
.for ip in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT ECO_IN RDR_IN
@echo Check ping ${ip}:
ping -n -c 1 ${${ip}}
.endfor
-run-regress-ping6:
+run-regress-ping6: stamp-pfctl
@echo '\n======== $@ ========'
.for ip in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT ECO_IN RDR_IN
@echo Check ping ${ip}6:
# Send 1 packet in advance for Path-MTU discovery.
TARGETS += fragping fragping6
-run-regress-fragping:
+run-regress-fragping: stamp-pfctl
@echo '\n======== $@ ========'
.for ip in PF_IN PF_OUT RT_IN RT_OUT ECO_IN RDR_IN
@echo Check ping ${ip}:
ping -n -c 1 -s 5000 ${${ip}}
.endfor
-run-regress-fragping6:
+run-regress-fragping6: stamp-pfctl
@echo '\n======== $@ ========'
.for ip in PF_IN PF_OUT RT_IN RT_OUT ECO_IN RDR_IN
@echo Check ping ${ip}6:
# the router RT before.
TARGETS += ping-mtu ping6-mtu
-run-regress-ping-mtu: addr.py
+run-regress-ping-mtu: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check path MTU to ${ip}
${SUDO} ${PYTHON}ping_mtu_1300.py ${${ip}}
.endfor
-run-regress-ping6-mtu: addr.py
+run-regress-ping6-mtu: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check path MTU to ${ip}6
# Check that checksum of the quoted original packet in icmp is correct.
TARGETS += ping-cksum ping6-cksum udp-cksum udp6-cksum
-run-regress-ping-cksum: addr.py
+run-regress-ping-cksum: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check icmp chksum in fragmentation needed to ${ip}
${SUDO} ${PYTHON}ping_cksum.py ${${ip}}
.endfor
-run-regress-ping6-cksum: addr.py
+run-regress-ping6-cksum: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check icmp6 chksum in packet too big to ${ip}6
${SUDO} ${PYTHON}ping6_cksum.py ${${ip}6}
.endfor
-run-regress-udp-cksum: addr.py
+run-regress-udp-cksum: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check udp chksum in packet too big to ${ip}
${SUDO} ${PYTHON}udp_cksum.py ${${ip}}
.endfor
-run-regress-udp6-cksum: addr.py
+run-regress-udp6-cksum: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check udp6 chksum in packet too big to ${ip}6
# Send handcrafted fragmented packets with overlaps
TARGETS += frag frag6
-run-regress-frag: addr.py
+run-regress-frag: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check ping reassembly ${ip}
${SUDO} ${PYTHON}frag.py ${${ip}}
.endfor
-run-regress-frag6: addr.py
+run-regress-frag6: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check ping6 reassembly ${ip}6
TARGETS += frag6-ext
-run-regress-frag6-ext: addr.py
+run-regress-frag6-ext: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check ping6 extension header reassembly ${ip}6
TARGETS += frag-cutnew frag6-cutnew
-run-regress-frag-cutnew: addr.py
+run-regress-frag-cutnew: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check ping head overlap reassembly ${ip}
${SUDO} ${PYTHON}frag_cutnew.py ${${ip}}
.endfor
-run-regress-frag6-cutnew: addr.py
+run-regress-frag6-cutnew: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check ping6 head overlap reassembly ${ip}6
TARGETS += frag-cutold frag6-cutold
-run-regress-frag-cutold: addr.py
+run-regress-frag-cutold: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check ping tail overlap reassembly ${ip}
${SUDO} ${PYTHON}frag_cutold.py ${${ip}}
.endfor
-run-regress-frag6-cutold: addr.py
+run-regress-frag6-cutold: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check ping6 tail overlap reassembly ${ip}6
TARGETS += frag-dropold frag6-dropold
-run-regress-frag-dropold: addr.py
+run-regress-frag-dropold: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check ping total overlapping reassembly ${ip}
${SUDO} ${PYTHON}frag_dropold.py ${${ip}}
.endfor
-run-regress-frag6-dropold: addr.py
+run-regress-frag6-dropold: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check ping6 total overlapping reassembly ${ip}6
TARGETS += frag-dropnew frag6-dropnew
-run-regress-frag-dropnew: addr.py
+run-regress-frag-dropnew: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check ping total overlaped reassembly ${ip}
${SUDO} ${PYTHON}frag_dropnew.py ${${ip}}
.endfor
-run-regress-frag6-dropnew: addr.py
+run-regress-frag6-dropnew: addr.py stamp-pfctl
@echo '\n======== $@ ========'
.for ip in ECO_IN RDR_IN
@echo Check ping6 total overlaped reassembly ${ip}6
REGRESS_TARGETS = ${TARGETS:S/^/run-regress-/}
-CLEANFILES += addr.py *.pyc *.log
+CLEANFILES += addr.py *.pyc *.log stamp-*
.PHONY: check-setup
projects / openbsd / commitdiff