From 02079822b2a7209fbd0a910f9a911ee559432505 Mon Sep 17 00:00:00 2001 From: bluhm Date: Sat, 12 Jul 2014 21:00:46 +0000 Subject: [PATCH] Use a saner and consistent address layout for my network tests that run over 4 machines. Add a check-setup target to verify that interface addresses and routes are properly set up. --- regress/sys/net/pf_divert/Makefile | 5 +- regress/sys/net/pf_forward/Makefile | 205 ++++++++++++++++--------- regress/sys/net/pf_fragment/Makefile | 216 +++++++++++++++++---------- 3 files changed, 279 insertions(+), 147 deletions(-) diff --git a/regress/sys/net/pf_divert/Makefile b/regress/sys/net/pf_divert/Makefile index 97eda670b9a..ad3f65cdca4 100644 --- a/regress/sys/net/pf_divert/Makefile +++ b/regress/sys/net/pf_divert/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.9 2014/07/11 20:41:20 bluhm Exp $ +# $OpenBSD: Makefile,v 1.10 2014/07/12 21:00:46 bluhm Exp $ # The following ports must be installed for the regression tests: # p5-IO-Socket-INET6 object interface for AF_INET and AF_INET6 domain sockets @@ -26,6 +26,8 @@ regress: # local and remote. # You must have an anchor "regress" for the divert rules in the pf.conf # of the remote machine. The kernel of the remote machine gets testet. +# +# Run make check-setup to see if you got the setup correct. LOCAL_ADDR ?= REMOTE_ADDR ?= @@ -145,6 +147,7 @@ stamp-syntax: ${ARGS} # Check wether the address, route and remote setup is correct check-setup: + @echo '\n======== $@ ========' ping -n -c 1 ${LOCAL_ADDR} ping -n -c 1 ${REMOTE_ADDR} ping6 -n -c 1 ${LOCAL_ADDR6} diff --git a/regress/sys/net/pf_forward/Makefile b/regress/sys/net/pf_forward/Makefile index 623e0b90c6f..8bb0e1c8072 100644 --- a/regress/sys/net/pf_forward/Makefile +++ b/regress/sys/net/pf_forward/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.3 2012/07/10 16:58:29 bluhm Exp $ +# $OpenBSD: Makefile,v 1.4 2014/07/12 21:00:46 bluhm Exp $ # The following ports must be installed: # @@ -8,59 +8,68 @@ # This test needs a manual setup of four machines # The setup is the same as for regress/sys/net/pf_fragment -# Set up machines: SRC PF RT DST +# Set up machines: SRC PF RT ECO # SRC is the machine where this makefile is running. # PF is running OpenBSD forwarding through pf, it is the test target. # RT is a router forwarding packets, maximum MTU is 1300. -# DST is reflecting the ping and UDP and TCP echo packets. -# RDR does not exist, PF redirects the traffic to DST. -# AF does not exist, PF translates address family and sends to DST. +# ECO is reflecting the ping and UDP and TCP echo packets. +# RDR does not exist, PF redirects the traffic to ECO. +# AF does not exist, PF translates address family and sends to ECO. # -# +---+ 1 +--+ 2 +--+ 3 +---+ 4 +---+ 5 +--+ -# |SRC| ----> |PF| ----> |RT| ----> |DST| |RDR| |AF| +# +---+ 0 +--+ 1 +--+ 2 +---+ 3 +---+ 4 +--+ +# |SRC| ----> |PF| ----> |RT| ----> |ECO| |RDR| |AF| # +---+ +--+ +--+ +---+ +---+ +--+ # out in out in out in in in -# Configure Addresses on the machines, there must be routes for the networks. -# Adapt interface and addresse variables to your local setup. +# Configure Addresses on the machines, there must be routes for the +# networks. Adapt interface and addresse variables to your local +# setup. To control the remote machine you need a hostname for +# ssh to log in. +# You must have an anchor "regress" for the divert rules in the pf.conf +# of the PF machine. The kernel of the PF machine gets testet. # -SRC_IF = tun0 -SRC_MAC = fe:e1:ba:d1:0a:dc -PF_MAC = 52:54:00:12:34:50 - -SRC_OUT = 10.188.211.10 -PF_IN = 10.188.211.50 -PF_OUT = 10.188.212.50 -RT_IN = 10.188.212.51 -RT_OUT = 10.188.213.51 -DST_IN = 10.188.213.52 -RDR_IN = 10.188.214.1 -AF_IN = 10.188.215.82 - -SRC_OUT6 = fdd7:e83e:66bc:211:fce1:baff:fed1:561f -PF_IN6 = fdd7:e83e:66bc:211:5054:ff:fe12:3450 -PF_OUT6 = fdd7:e83e:66bc:212:5054:ff:fe12:3450 -RT_IN6 = fdd7:e83e:66bc:212:5054:ff:fe12:3451 -RT_OUT6 = fdd7:e83e:66bc:213:5054:ff:fe12:3451 -DST_IN6 = fdd7:e83e:66bc:213:5054:ff:fe12:3452 -RDR_IN6 = fdd7:e83e:66bc:214::1 -AF_IN6 = fdd7:e83e:66bc:215:5054:ff:fe12:3434 +# Run make check-setup to see if you got the setup correct. + +SRC_IF ?= tun0 +SRC_MAC ?= fe:e1:ba:d1:0a:dc +PF_MAC ?= 52:54:00:12:34:50 +PF_SSH ?= q50 +RT_SSH ?= q51 +ECO_SSH ?= q52 + +SRC_OUT ?= 10.188.210.10 +PF_IN ?= 10.188.210.50 +PF_OUT ?= 10.188.211.50 +RT_IN ?= 10.188.211.51 +RT_OUT ?= 10.188.212.51 +ECO_IN ?= 10.188.212.52 +RDR_IN ?= 10.188.213.188 +AF_IN ?= 10.188.214.188 + +SRC_OUT6 ?= fdd7:e83e:66bc:210:fce1:baff:fed1:561f +PF_IN6 ?= fdd7:e83e:66bc:210:5054:ff:fe12:3450 +PF_OUT6 ?= fdd7:e83e:66bc:211:5054:ff:fe12:3450 +RT_IN6 ?= fdd7:e83e:66bc:211:5054:ff:fe12:3451 +RT_OUT6 ?= fdd7:e83e:66bc:212:5054:ff:fe12:3451 +ECO_IN6 ?= fdd7:e83e:66bc:212:5054:ff:fe12:3452 +RDR_IN6 ?= fdd7:e83e:66bc:213::188 +AF_IN6 ?= fdd7:e83e:66bc:214::188 # pf rules on PF must look like this: # # pass to { $PF_IN/24 $PF_IN6/64 } # pass to { $RT_IN/24 $RT_IN6/64 } -# pass to { $DST_IN/24 $DST_IN6/64 } +# pass to { $ECO_IN/24 $DST_IN6/64 } # pass to { $RDR_IN/24 $RDR_IN6/64 } # -# pass in to $RDR_IN/24 rdr-to $DST_IN tag rdr +# pass in to $RDR_IN/24 rdr-to $ECO_IN tag rdr # pass out nat-to $PF_OUT tagged rdr -# pass in to $RDR_IN6/64 rdr-to $DST_IN6 tag rdr +# pass in to $RDR_IN6/64 rdr-to $ECO_IN6 tag rdr # pass out nat-to $PF_OUT6 tagged rdr -# pass in to $AF_IN/24 af-to inet6 from $PF_OUT6 to $DST_IN6/120 tag af +# pass in to $AF_IN/24 af-to inet6 from $PF_OUT6 to $ECO_IN6/120 tag af # pass out inet6 tagged af -# pass in to $AF_IN6/64 af-to inet from $PF_OUT to $DST_IN/24 tag af +# pass in to $AF_IN6/64 af-to inet from $PF_OUT to $ECO_IN/24 tag af # pass out inet tagged af # Currently these test fail as pf does not fix the checksum of @@ -75,52 +84,28 @@ addr.py: Makefile echo 'SRC_IF="${SRC_IF}"' >>$@.tmp echo 'SRC_MAC="${SRC_MAC}"' >>$@.tmp echo 'PF_MAC="${PF_MAC}"' >>$@.tmp -.for var in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT DST_IN RDR_IN AF_IN +.for var in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT ECO_IN RDR_IN AF_IN echo '${var}="${${var}}"' >>$@.tmp echo '${var}6="${${var}6}"' >>$@.tmp .endfor mv $@.tmp $@ -# Make sure that the routing table on the SRC machine is correct. -# All packets must be forwarded to PF target machine. -TARGETS += route route6 - -run-regress-route: - @echo '\n======== $@ ========' - @echo Check route SRC_OUT: - route -n get -inet ${SRC_OUT} | fgrep -q 'interface: lo0' - @echo Check route PF_IN: - route -n get -inet ${PF_IN} | fgrep -q 'if address: ${SRC_OUT}' -.for ip in PF_OUT RT_IN RT_OUT DST_IN RDR_IN AF_IN - @echo Check route ${ip}: - route -n get -inet ${${ip}} | fgrep -q 'gateway: ${PF_IN}' -.endfor - -run-regress-route6: - @echo '\n======== $@ ========' - @echo Check route SRC_OUT6: - route -n get -inet6 ${SRC_OUT6} | fgrep -q 'interface: lo0' -.for ip in PF_OUT RT_IN RT_OUT DST_IN RDR_IN AF_IN - @echo Check route ${ip}6: - route -n get -inet6 ${${ip}6} | fgrep -q 'gateway: ${PF_IN6}' -.endfor - # Ping all addresses. This ensures that the ip addresses are configured # and all routing table are set up to allow bidirectional packet flow. # Note that RDR does not exist physically. So this traffic is rewritten -# by PF and handled by DST. +# by PF and handled by ECO. TARGETS += ping ping6 run-regress-ping: @echo '\n======== $@ ========' -.for ip in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT DST_IN RDR_IN AF_IN +.for ip in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT ECO_IN RDR_IN AF_IN @echo Check ping ${ip}: ping -n -c 1 ${${ip}} .endfor run-regress-ping6: @echo '\n======== $@ ========' -.for ip in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT DST_IN RDR_IN AF_IN +.for ip in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT ECO_IN RDR_IN AF_IN @echo Check ping ${ip}6: ping6 -n -c 1 ${${ip}6} .endfor @@ -135,7 +120,7 @@ TARGETS += ping-mtu ping6-mtu run-regress-ping-mtu: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check path MTU to ${ip} is 1300 ${SUDO} python2.7 ping_mtu.py ${${ip}} 1300 .endfor @@ -144,7 +129,7 @@ run-regress-ping-mtu: addr.py run-regress-ping6-mtu: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check path MTU to ${ip}6 is 1300 ${SUDO} python2.7 ping6_mtu.py ${${ip}6} 1300 .endfor @@ -157,14 +142,14 @@ TARGETS += udp udp6 run-regress-udp: @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN AF_IN +.for ip in ECO_IN RDR_IN AF_IN @echo Check udp ${ip}: ( echo $$$$ | nc -u ${${ip}} 7 & sleep 1; kill $$! ) | grep $$$$ .endfor run-regress-udp6: @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN AF_IN +.for ip in ECO_IN RDR_IN AF_IN @echo Check udp ${ip}6: ( echo $$$$ | nc -u ${${ip}6} 7 & sleep 1; kill $$! ) | grep $$$$ .endfor @@ -176,14 +161,14 @@ TARGETS += tcp tcp6 run-regress-tcp: @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN AF_IN +.for ip in ECO_IN RDR_IN AF_IN @echo Check tcp ${ip}: openssl rand 200000 | nc ${${ip}} 7 | wc -c | grep '200000$$' .endfor run-regress-tcp6: @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN AF_IN +.for ip in ECO_IN RDR_IN AF_IN @echo Check tcp ${ip}6: openssl rand 200000 | nc ${${ip}6} 7 | wc -c | grep '200000$$' .endfor @@ -192,4 +177,86 @@ REGRESS_TARGETS = ${TARGETS:S/^/run-regress-/} CLEANFILES += addr.py *.pyc *.log +.PHONY: check-setup + +# Check wether the address, route and remote setup is correct +check-setup: + @echo '\n======== $@ SRC ========' + ping -n -c 1 ${SRC_OUT} # SRC_OUT + route -n get -inet ${SRC_OUT} | fgrep -q 'interface: lo0' # SRC_OUT + ping -n -c 1 ${PF_IN} # PF_IN + route -n get -inet ${PF_IN} | fgrep -q 'interface: ${SRC_IF}' # PF_IN SRC_IF +.for ip in PF_OUT RT_IN RT_OUT ECO_IN RDR_IN AF_IN + route -n get -inet ${${ip}} | fgrep -q 'gateway: ${PF_IN}' # ${ip} PF_IN +.endfor + ping6 -n -c 1 ${SRC_OUT6} # SRC_OUT6 + route -n get -inet6 ${SRC_OUT6} | fgrep -q 'interface: lo0' # SRC_OUT6 + ping6 -n -c 1 ${PF_IN6} # PF_IN6 + route -n get -inet6 ${PF_IN6} | fgrep -q 'interface: ${SRC_IF}' # PF_IN6 SRC_IF +.for ip in PF_OUT RT_IN RT_OUT ECO_IN RDR_IN AF_IN + route -n get -inet6 ${${ip}6} | fgrep -q 'gateway: ${PF_IN6}' # ${ip}6 PF_IN6 +.endfor + @echo '\n======== $@ PF ========' + ssh ${PF_SSH} ping -n -c 1 ${PF_IN} # PF_IN + ssh ${PF_SSH} route -n get -inet ${PF_IN} | fgrep -q 'interface: lo0' # PF_IN + ssh ${PF_SSH} ping -n -c 1 ${SRC_OUT} # SRC_OUT + ssh ${PF_SSH} ping -n -c 1 ${PF_OUT} # PF_OUT + ssh ${PF_SSH} route -n get -inet ${PF_OUT} | fgrep -q 'interface: lo0' # PF_OUT + ssh ${PF_SSH} ping -n -c 1 ${RT_IN} # RT_IN +.for ip in RT_OUT ECO_IN + ssh ${PF_SSH} route -n get -inet ${${ip}} | fgrep -q 'gateway: ${RT_IN}' # ${ip} RT_IN +.endfor + ssh ${PF_SSH} ping6 -n -c 1 ${PF_IN6} # PF_IN6 + ssh ${PF_SSH} route -n get -inet6 ${PF_IN6} | fgrep -q 'interface: lo0' # PF_IN6 + ssh ${PF_SSH} ping6 -n -c 1 ${SRC_OUT6} # SRC_OUT6 + ssh ${PF_SSH} ping6 -n -c 1 ${PF_OUT6} # PF_OUT6 + ssh ${PF_SSH} route -n get -inet6 ${PF_OUT6} | fgrep -q 'interface: lo0' # PF_OUT6 + ssh ${PF_SSH} ping6 -n -c 1 ${RT_IN6} # RT_IN6 +.for ip in RT_OUT ECO_IN + ssh ${PF_SSH} route -n get -inet6 ${${ip}6} | fgrep -q 'gateway: ${RT_IN6}' # ${ip}6 RT_IN6 +.endfor + ssh ${PF_SSH} ${SUDO} pfctl -sr | grep '^anchor "regress" all$$' + ssh ${PF_SSH} ${SUDO} pfctl -si | grep '^Status: Enabled ' + ssh ${PF_SSH} sysctl net.inet.ip.forwarding | fgrep 1 + ssh ${PF_SSH} sysctl net.inet6.ip6.forwarding | fgrep 1 + @echo '\n======== $@ RT ========' + ssh ${RT_SSH} ping -n -c 1 ${RT_IN} # RT_IN + ssh ${RT_SSH} route -n get -inet ${RT_IN} | fgrep -q 'interface: lo0' # RT_IN + ssh ${RT_SSH} ping -n -c 1 ${PF_OUT} # PF_OUT +.for ip in PF_IN SRC_OUT + ssh ${RT_SSH} route -n get -inet ${${ip}} | fgrep -q 'gateway: ${PF_OUT}' # ${ip} PF_OUT +.endfor + ssh ${RT_SSH} ping -n -c 1 ${RT_OUT} # RT_OUT + ssh ${RT_SSH} route -n get -inet ${RT_OUT} | fgrep -q 'interface: lo0' # RT_OUT + ssh ${RT_SSH} ping -n -c 1 ${ECO_IN} # ECO_IN + ssh ${RT_SSH} ping6 -n -c 1 ${RT_IN6} # RT_IN6 + ssh ${RT_SSH} route -n get -inet6 ${RT_IN6} | fgrep -q 'interface: lo0' # RT_IN6 + ssh ${RT_SSH} ping6 -n -c 1 ${PF_OUT6} # PF_OUT6 +.for ip in PF_IN SRC_OUT + ssh ${RT_SSH} route -n get -inet6 ${${ip}6} | fgrep -q 'gateway: ${PF_OUT6}' # ${ip}6 PF_OUT6 +.endfor + ssh ${RT_SSH} ping6 -n -c 1 ${RT_OUT6} # RT_OUT6 + ssh ${RT_SSH} route -n get -inet6 ${RT_OUT6} | fgrep -q 'interface: lo0' # RT_OUT6 + ssh ${RT_SSH} ping6 -n -c 1 ${ECO_IN6} # ECO_IN6 + ssh ${RT_SSH} sysctl net.inet.ip.forwarding | fgrep 1 + ssh ${RT_SSH} sysctl net.inet6.ip6.forwarding | fgrep 1 + @echo '\n======== $@ ECO ========' + ssh ${ECO_SSH} ping -n -c 1 ${ECO_IN} # ECO_IN + ssh ${ECO_SSH} route -n get -inet ${ECO_IN} | fgrep -q 'interface: lo0' # ECO_IN + ssh ${ECO_SSH} ping -n -c 1 ${RT_OUT} # RT_OUT +.for ip in RT_IN PF_OUT PF_IN SRC_OUT + ssh ${ECO_SSH} route -n get -inet ${${ip}} | fgrep -q 'gateway: ${RT_OUT}' # ${ip} RT_OUT +.endfor + ssh ${ECO_SSH} ping6 -n -c 1 ${ECO_IN6} # ECO_IN6 + ssh ${ECO_SSH} route -n get -inet6 ${ECO_IN6} | fgrep -q 'interface: lo0' # ECO_IN6 + ssh ${ECO_SSH} ping6 -n -c 1 ${RT_OUT6} # RT_OUT6 +.for ip in RT_IN PF_OUT PF_IN SRC_OUT + ssh ${ECO_SSH} route -n get -inet6 ${${ip}6} | fgrep -q 'gateway: ${RT_OUT6}' # ${ip}6 RT_OUT6 +.endfor +.for af in inet inet6 +.for proto in udp tcp + ssh ${ECO_SSH} netstat -a -f ${af} -p ${proto} | fgrep ' *.echo ' +.endfor +.endfor + .include diff --git a/regress/sys/net/pf_fragment/Makefile b/regress/sys/net/pf_fragment/Makefile index 9f21aaebae0..710e351d4f3 100644 --- a/regress/sys/net/pf_fragment/Makefile +++ b/regress/sys/net/pf_fragment/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.6 2013/10/17 02:20:15 lteo Exp $ +# $OpenBSD: Makefile,v 1.7 2014/07/12 21:00:46 bluhm Exp $ # The following ports must be installed: # @@ -7,51 +7,60 @@ # scapy powerful interactive packet manipulation in python # This test needs a manual setup of four machines -# Set up machines: SRC PF RT DST +# Set up machines: SRC PF RT ECO # SRC is the machine where this makefile is running. # PF is running OpenBSD forwarding through pf, it is the test target. # RT is a router forwarding packets, maximum MTU is 1300. -# DST is reflecting the ping and UDP echo packets. -# RDR does not exist, PF redirects the traffic to DST. +# ECO is reflecting the ping and UDP echo packets. +# RDR does not exist, PF redirects the traffic to ECO. # -# +---+ 1 +--+ 2 +--+ 3 +---+ 4 +---+ -# |SRC| ----> |PF| ----> |RT| ----> |DST| |RDR| +# +---+ 0 +--+ 1 +--+ 2 +---+ 3 +---+ +# |SRC| ----> |PF| ----> |RT| ----> |ECO| |RDR| # +---+ +--+ +--+ +---+ +---+ # out in out in out in in -# Configure Addresses on the machines, there must be routes for the networks. -# Adapt interface and addresse variables to your local setup. +# Configure Addresses on the machines, there must be routes for the +# networks. Adapt interface and addresse variables to your local +# setup. To control the remote machine you need a hostname for +# ssh to log in. +# You must have an anchor "regress" for the divert rules in the pf.conf +# of the PF machine. The kernel of the PF machine gets testet. # -SRC_IF = tun0 -SRC_MAC = fe:e1:ba:d1:0a:dc -PF_MAC = 52:54:00:12:34:50 - -SRC_OUT = 10.188.211.10 -PF_IN = 10.188.211.50 -PF_OUT = 10.188.212.50 -RT_IN = 10.188.212.51 -RT_OUT = 10.188.213.51 -DST_IN = 10.188.213.52 -RDR_IN = 10.188.214.1 - -SRC_OUT6 = fdd7:e83e:66bc:211:fce1:baff:fed1:561f -PF_IN6 = fdd7:e83e:66bc:211:5054:ff:fe12:3450 -PF_OUT6 = fdd7:e83e:66bc:212:5054:ff:fe12:3450 -RT_IN6 = fdd7:e83e:66bc:212:5054:ff:fe12:3451 -RT_OUT6 = fdd7:e83e:66bc:213:5054:ff:fe12:3451 -DST_IN6 = fdd7:e83e:66bc:213:5054:ff:fe12:3452 -RDR_IN6 = fdd7:e83e:66bc:214::1 +# Run make check-setup to see if you got the setup correct. + +SRC_IF ?= tun0 +SRC_MAC ?= fe:e1:ba:d1:0a:dc +PF_MAC ?= 52:54:00:12:34:50 +PF_SSH ?= q50 +RT_SSH ?= q51 +ECO_SSH ?= q52 + +SRC_OUT ?= 10.188.210.10 +PF_IN ?= 10.188.210.50 +PF_OUT ?= 10.188.211.50 +RT_IN ?= 10.188.211.51 +RT_OUT ?= 10.188.212.51 +ECO_IN ?= 10.188.212.52 +RDR_IN ?= 10.188.213.188 + +SRC_OUT6 ?= fdd7:e83e:66bc:210:fce1:baff:fed1:561f +PF_IN6 ?= fdd7:e83e:66bc:210:5054:ff:fe12:3450 +PF_OUT6 ?= fdd7:e83e:66bc:211:5054:ff:fe12:3450 +RT_IN6 ?= fdd7:e83e:66bc:211:5054:ff:fe12:3451 +RT_OUT6 ?= fdd7:e83e:66bc:212:5054:ff:fe12:3451 +ECO_IN6 ?= fdd7:e83e:66bc:212:5054:ff:fe12:3452 +RDR_IN6 ?= fdd7:e83e:66bc:213::188 # pf rules on PF must look like this: # # pass to { $PF_IN/24 $PF_IN6/64 } # pass to { $RT_IN/24 $RT_IN6/64 } -# pass to { $DST_IN/24 $DST_IN6/64 } +# pass to { $ECO_IN/24 $DST_IN6/64 } # pass to { $RDR_IN/24 $RDR_IN6/64 } # -# pass in to $RDR_IN/24 rdr-to $DST_IN allow-opts tag rdr +# pass in to $RDR_IN/24 rdr-to $ECO_IN allow-opts tag rdr # pass out nat-to $PF_OUT allow-opts tagged rdr -# pass in to $RDR_IN6/64 rdr-to $DST_IN6 allow-opts tag rdr +# pass in to $RDR_IN6/64 rdr-to $ECO_IN6 allow-opts tag rdr # pass out nat-to $PF_OUT6 allow-opts tagged rdr # Currently these test fail as pf does not fix the checksum of @@ -70,52 +79,28 @@ addr.py: Makefile echo 'SRC_IF="${SRC_IF}"' >>$@.tmp echo 'SRC_MAC="${SRC_MAC}"' >>$@.tmp echo 'PF_MAC="${PF_MAC}"' >>$@.tmp -.for var in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT DST_IN RDR_IN +.for var in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT ECO_IN RDR_IN echo '${var}="${${var}}"' >>$@.tmp echo '${var}6="${${var}6}"' >>$@.tmp .endfor mv $@.tmp $@ -# Make sure that the routing table on the SRC machine is correct. -# All packets must be forwarded to PF target machine. -TARGETS += route route6 - -run-regress-route: - @echo '\n======== $@ ========' - @echo Check route SRC_OUT: - route -n get -inet ${SRC_OUT} | fgrep -q 'interface: lo0' - @echo Check route PF_IN: - route -n get -inet ${PF_IN} | fgrep -q 'if address: ${SRC_OUT}' -.for ip in PF_OUT RT_IN RT_OUT DST_IN RDR_IN - @echo Check route ${ip}: - route -n get -inet ${${ip}} | fgrep -q 'gateway: ${PF_IN}' -.endfor - -run-regress-route6: - @echo '\n======== $@ ========' - @echo Check route SRC_OUT6: - route -n get -inet6 ${SRC_OUT6} | fgrep -q 'interface: lo0' -.for ip in PF_OUT RT_IN RT_OUT DST_IN RDR_IN - @echo Check route ${ip}6: - route -n get -inet6 ${${ip}6} | fgrep -q 'gateway: ${PF_IN6}' -.endfor - # Ping all addresses. This ensures that the ip addresses are configured # and all routing table are set up to allow bidirectional packet flow. # Note that RDR does not exist physically. So this traffic is rewritten -# by PF and handled by DST. +# by PF and handled by ECO. TARGETS += ping ping6 run-regress-ping: @echo '\n======== $@ ========' -.for ip in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT DST_IN RDR_IN +.for ip in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT ECO_IN RDR_IN @echo Check ping ${ip}: ping -n -c 1 ${${ip}} .endfor run-regress-ping6: @echo '\n======== $@ ========' -.for ip in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT DST_IN RDR_IN +.for ip in SRC_OUT PF_IN PF_OUT RT_IN RT_OUT ECO_IN RDR_IN @echo Check ping ${ip}6: ping6 -n -c 1 ${${ip}6} .endfor @@ -127,7 +112,7 @@ TARGETS += fragping fragping6 run-regress-fragping: @echo '\n======== $@ ========' -.for ip in PF_IN PF_OUT RT_IN RT_OUT DST_IN RDR_IN +.for ip in PF_IN PF_OUT RT_IN RT_OUT ECO_IN RDR_IN @echo Check ping ${ip}: -ping -n -c 1 -s 1400 -D ${${ip}} ping -n -c 1 -s 5000 ${${ip}} @@ -135,7 +120,7 @@ run-regress-fragping: run-regress-fragping6: @echo '\n======== $@ ========' -.for ip in PF_IN PF_OUT RT_IN RT_OUT DST_IN RDR_IN +.for ip in PF_IN PF_OUT RT_IN RT_OUT ECO_IN RDR_IN @echo Check ping ${ip}6: -ping6 -n -c 1 -s 1400 -m ${${ip}6} ping6 -n -c 1 -s 5000 -m ${${ip}6} @@ -149,14 +134,14 @@ TARGETS += ping-mtu ping6-mtu run-regress-ping-mtu: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check path MTU to ${ip} ${SUDO} python2.7 ping_mtu_1300.py ${${ip}} .endfor run-regress-ping6-mtu: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check path MTU to ${ip}6 ${SUDO} python2.7 ping6_mtu_1300.py ${${ip}6} .endfor @@ -167,28 +152,28 @@ TARGETS += ping-cksum ping6-cksum udp-cksum udp6-cksum run-regress-ping-cksum: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check icmp chksum in fragmentation needed to ${ip} ${SUDO} python2.7 ping_cksum.py ${${ip}} .endfor run-regress-ping6-cksum: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check icmp6 chksum in packet too big to ${ip}6 ${SUDO} python2.7 ping6_cksum.py ${${ip}6} .endfor run-regress-udp-cksum: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check udp chksum in packet too big to ${ip} ${SUDO} python2.7 udp_cksum.py ${${ip}} .endfor run-regress-udp6-cksum: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check udp6 chksum in packet too big to ${ip}6 ${SUDO} python2.7 udp6_cksum.py ${${ip}6} .endfor @@ -198,14 +183,14 @@ TARGETS += frag frag6 run-regress-frag: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check ping reassembly ${ip} ${SUDO} python2.7 frag.py ${${ip}} .endfor run-regress-frag6: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check ping6 reassembly ${ip}6 ${SUDO} python2.7 frag6.py ${${ip}6} .endfor @@ -214,7 +199,7 @@ TARGETS += frag6-ext run-regress-frag6-ext: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check ping6 extension header reassembly ${ip}6 ${SUDO} python2.7 frag6_ext.py ${${ip}6} .endfor @@ -223,14 +208,14 @@ TARGETS += frag-cutnew frag6-cutnew run-regress-frag-cutnew: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check ping head overlap reassembly ${ip} ${SUDO} python2.7 frag_cutnew.py ${${ip}} .endfor run-regress-frag6-cutnew: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check ping6 head overlap reassembly ${ip}6 ${SUDO} python2.7 frag6_cutnew.py ${${ip}6} .endfor @@ -239,14 +224,14 @@ TARGETS += frag-cutold frag6-cutold run-regress-frag-cutold: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check ping tail overlap reassembly ${ip} ${SUDO} python2.7 frag_cutold.py ${${ip}} .endfor run-regress-frag6-cutold: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check ping6 tail overlap reassembly ${ip}6 ${SUDO} python2.7 frag6_cutold.py ${${ip}6} .endfor @@ -255,14 +240,14 @@ TARGETS += frag-dropold frag6-dropold run-regress-frag-dropold: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check ping total overlapping reassembly ${ip} ${SUDO} python2.7 frag_dropold.py ${${ip}} .endfor run-regress-frag6-dropold: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check ping6 total overlapping reassembly ${ip}6 ${SUDO} python2.7 frag6_dropold.py ${${ip}6} .endfor @@ -271,14 +256,14 @@ TARGETS += frag-dropnew frag6-dropnew run-regress-frag-dropnew: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check ping total overlaped reassembly ${ip} ${SUDO} python2.7 frag_dropnew.py ${${ip}} .endfor run-regress-frag6-dropnew: addr.py @echo '\n======== $@ ========' -.for ip in DST_IN RDR_IN +.for ip in ECO_IN RDR_IN @echo Check ping6 total overlaped reassembly ${ip}6 ${SUDO} python2.7 frag6_dropnew.py ${${ip}6} .endfor @@ -287,4 +272,81 @@ REGRESS_TARGETS = ${TARGETS:S/^/run-regress-/} CLEANFILES += addr.py *.pyc *.log +.PHONY: check-setup + +# Check wether the address, route and remote setup is correct +check-setup: + @echo '\n======== $@ SRC ========' + ping -n -c 1 ${SRC_OUT} # SRC_OUT + route -n get -inet ${SRC_OUT} | fgrep -q 'interface: lo0' # SRC_OUT + ping -n -c 1 ${PF_IN} # PF_IN + route -n get -inet ${PF_IN} | fgrep -q 'interface: ${SRC_IF}' # PF_IN SRC_IF +.for ip in PF_OUT RT_IN RT_OUT ECO_IN RDR_IN + route -n get -inet ${${ip}} | fgrep -q 'gateway: ${PF_IN}' # ${ip} PF_IN +.endfor + ping6 -n -c 1 ${SRC_OUT6} # SRC_OUT6 + route -n get -inet6 ${SRC_OUT6} | fgrep -q 'interface: lo0' # SRC_OUT6 + ping6 -n -c 1 ${PF_IN6} # PF_IN6 + route -n get -inet6 ${PF_IN6} | fgrep -q 'interface: ${SRC_IF}' # PF_IN6 SRC_IF +.for ip in PF_OUT RT_IN RT_OUT ECO_IN RDR_IN + route -n get -inet6 ${${ip}6} | fgrep -q 'gateway: ${PF_IN6}' # ${ip}6 PF_IN6 +.endfor + @echo '\n======== $@ PF ========' + ssh ${PF_SSH} ping -n -c 1 ${PF_IN} # PF_IN + ssh ${PF_SSH} route -n get -inet ${PF_IN} | fgrep -q 'interface: lo0' # PF_IN + ssh ${PF_SSH} ping -n -c 1 ${SRC_OUT} # SRC_OUT + ssh ${PF_SSH} ping -n -c 1 ${PF_OUT} # PF_OUT + ssh ${PF_SSH} route -n get -inet ${PF_OUT} | fgrep -q 'interface: lo0' # PF_OUT + ssh ${PF_SSH} ping -n -c 1 ${RT_IN} # RT_IN +.for ip in RT_OUT ECO_IN + ssh ${PF_SSH} route -n get -inet ${${ip}} | fgrep -q 'gateway: ${RT_IN}' # ${ip} RT_IN +.endfor + ssh ${PF_SSH} ping6 -n -c 1 ${PF_IN6} # PF_IN6 + ssh ${PF_SSH} route -n get -inet6 ${PF_IN6} | fgrep -q 'interface: lo0' # PF_IN6 + ssh ${PF_SSH} ping6 -n -c 1 ${SRC_OUT6} # SRC_OUT6 + ssh ${PF_SSH} ping6 -n -c 1 ${PF_OUT6} # PF_OUT6 + ssh ${PF_SSH} route -n get -inet6 ${PF_OUT6} | fgrep -q 'interface: lo0' # PF_OUT6 + ssh ${PF_SSH} ping6 -n -c 1 ${RT_IN6} # RT_IN6 +.for ip in RT_OUT ECO_IN + ssh ${PF_SSH} route -n get -inet6 ${${ip}6} | fgrep -q 'gateway: ${RT_IN6}' # ${ip}6 RT_IN6 +.endfor + ssh ${PF_SSH} ${SUDO} pfctl -sr | grep '^anchor "regress" all$$' + ssh ${PF_SSH} ${SUDO} pfctl -si | grep '^Status: Enabled ' + ssh ${PF_SSH} sysctl net.inet.ip.forwarding | fgrep 1 + ssh ${PF_SSH} sysctl net.inet6.ip6.forwarding | fgrep 1 + @echo '\n======== $@ RT ========' + ssh ${RT_SSH} ping -n -c 1 ${RT_IN} # RT_IN + ssh ${RT_SSH} route -n get -inet ${RT_IN} | fgrep -q 'interface: lo0' # RT_IN + ssh ${RT_SSH} ping -n -c 1 ${PF_OUT} # PF_OUT +.for ip in PF_IN SRC_OUT + ssh ${RT_SSH} route -n get -inet ${${ip}} | fgrep -q 'gateway: ${PF_OUT}' # ${ip} PF_OUT +.endfor + ssh ${RT_SSH} ping -n -c 1 ${RT_OUT} # RT_OUT + ssh ${RT_SSH} route -n get -inet ${RT_OUT} | fgrep -q 'interface: lo0' # RT_OUT + ssh ${RT_SSH} ping -n -c 1 ${ECO_IN} # ECO_IN + ssh ${RT_SSH} ping6 -n -c 1 ${RT_IN6} # RT_IN6 + ssh ${RT_SSH} route -n get -inet6 ${RT_IN6} | fgrep -q 'interface: lo0' # RT_IN6 + ssh ${RT_SSH} ping6 -n -c 1 ${PF_OUT6} # PF_OUT6 +.for ip in PF_IN SRC_OUT + ssh ${RT_SSH} route -n get -inet6 ${${ip}6} | fgrep -q 'gateway: ${PF_OUT6}' # ${ip}6 PF_OUT6 +.endfor + ssh ${RT_SSH} ping6 -n -c 1 ${RT_OUT6} # RT_OUT6 + ssh ${RT_SSH} route -n get -inet6 ${RT_OUT6} | fgrep -q 'interface: lo0' # RT_OUT6 + ssh ${RT_SSH} ping6 -n -c 1 ${ECO_IN6} # ECO_IN6 + ssh ${RT_SSH} sysctl net.inet.ip.forwarding | fgrep 1 + ssh ${RT_SSH} sysctl net.inet6.ip6.forwarding | fgrep 1 + @echo '\n======== $@ ECO ========' + ssh ${ECO_SSH} ping -n -c 1 ${ECO_IN} # ECO_IN + ssh ${ECO_SSH} route -n get -inet ${ECO_IN} | fgrep -q 'interface: lo0' # ECO_IN + ssh ${ECO_SSH} ping -n -c 1 ${RT_OUT} # RT_OUT +.for ip in RT_IN PF_OUT PF_IN SRC_OUT + ssh ${ECO_SSH} route -n get -inet ${${ip}} | fgrep -q 'gateway: ${RT_OUT}' # ${ip} RT_OUT +.endfor + ssh ${ECO_SSH} ping6 -n -c 1 ${ECO_IN6} # ECO_IN6 + ssh ${ECO_SSH} route -n get -inet6 ${ECO_IN6} | fgrep -q 'interface: lo0' # ECO_IN6 + ssh ${ECO_SSH} ping6 -n -c 1 ${RT_OUT6} # RT_OUT6 +.for ip in RT_IN PF_OUT PF_IN SRC_OUT + ssh ${ECO_SSH} route -n get -inet6 ${${ip}6} | fgrep -q 'gateway: ${RT_OUT6}' # ${ip}6 RT_OUT6 +.endfor + .include -- 2.20.1