From c7a5bce153e8c5ab08efd057e4de32b3d9f254c1 Mon Sep 17 00:00:00 2001 From: bluhm Date: Wed, 31 May 2017 09:25:17 +0000 Subject: [PATCH] As pf blocks packets with IPv6 options header, the tests needs an allow-opts rule. --- regress/sys/netinet6/frag6/Makefile | 10 +++++----- regress/sys/netinet6/frag6/pf.conf | 6 ++++++ 2 files changed, 11 insertions(+), 5 deletions(-) create mode 100644 regress/sys/netinet6/frag6/pf.conf diff --git a/regress/sys/netinet6/frag6/Makefile b/regress/sys/netinet6/frag6/Makefile index 69f4ba6fb6c..7061ac670c9 100644 --- a/regress/sys/netinet6/frag6/Makefile +++ b/regress/sys/netinet6/frag6/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.18 2017/03/01 00:58:22 bluhm Exp $ +# $OpenBSD: Makefile,v 1.19 2017/05/31 09:25:17 bluhm Exp $ # The following ports must be installed: # @@ -88,11 +88,11 @@ stamp-stack: ssh ${REMOTE_SSH} ${SUDO} pfctl -a regress -Fr date >$@ -stamp-pf: +stamp-pf: addr.py pf.conf rm -f stamp-stack stamp-pf - echo 'pass proto tcp from port ssh no state\n'\ - 'pass proto tcp to port ssh no state'|\ - ssh ${REMOTE_SSH} ${SUDO} pfctl -a regress -f - + cat addr.py ${.CURDIR}/pf.conf | pfctl -n -f - + cat addr.py ${.CURDIR}/pf.conf | \ + ssh ${IPS_SSH} ${SUDO} pfctl -a regress -f - -ssh ${REMOTE_SSH} ${SUDO} pfctl -e date >$@ diff --git a/regress/sys/netinet6/frag6/pf.conf b/regress/sys/netinet6/frag6/pf.conf new file mode 100644 index 00000000000..a3f0ff4a088 --- /dev/null +++ b/regress/sys/netinet6/frag6/pf.conf @@ -0,0 +1,6 @@ +# pf drops IPv6 options header by default, test combines frag with opt header +pass allow-opts + +# turning on and off pf via ssh connection does not work with states +pass proto tcp from port ssh no state +pass proto tcp to port ssh no state -- 2.20.1