As pf blocks packets with IPv6 options header, the tests needs an

allow-opts rule.

diff --git a/regress/sys/netinet6/frag6/Makefile b/regress/sys/netinet6/frag6/Makefile
index 69f4ba6..7061ac6 100644 (file)
--- a/regress/sys/netinet6/frag6/Makefile
+++ b/regress/sys/netinet6/frag6/Makefile
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.18 2017/03/01 00:58:22 bluhm Exp $
+#      $OpenBSD: Makefile,v 1.19 2017/05/31 09:25:17 bluhm Exp $
 
 # The following ports must be installed:
 #
@@ -88,11 +88,11 @@ stamp-stack:
        ssh ${REMOTE_SSH} ${SUDO} pfctl -a regress -Fr
        date >$@
 
-stamp-pf:
+stamp-pf: addr.py pf.conf
        rm -f stamp-stack stamp-pf
-       echo 'pass proto tcp from port ssh no state\n'\
-           'pass proto tcp to port ssh no state'|\
-           ssh ${REMOTE_SSH} ${SUDO} pfctl -a regress -f -
+       cat addr.py ${.CURDIR}/pf.conf | pfctl -n -f -
+       cat addr.py ${.CURDIR}/pf.conf | \
+           ssh ${IPS_SSH} ${SUDO} pfctl -a regress -f -
        -ssh ${REMOTE_SSH} ${SUDO} pfctl -e
        date >$@
 

diff --git a/regress/sys/netinet6/frag6/pf.conf b/regress/sys/netinet6/frag6/pf.conf
new file mode 100644 (file)
index 0000000..a3f0ff4
--- /dev/null
+++ b/regress/sys/netinet6/frag6/pf.conf
@@ -0,0 +1,6 @@
+# pf drops IPv6 options header by default, test combines frag with opt header
+pass allow-opts
+
+# turning on and off pf via ssh connection does not work with states
+pass proto tcp from port ssh no state
+pass proto tcp to port ssh no state