summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2016-11-16 16:00:42 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2016-11-16 16:00:42 +0000
commit25a8583e59b36ea59a5d8f7dd91b11d576f066cf (patch)
tree97a69e7573e3e6b3ad781c123c36a71be8a5f80c
parent34e3b22d96c2faba8572eec80d8d8149ee05e137 (diff)
Test multiple combinations of divert connections. The socket cleanup
of the first connection must remove the pf state so that the second connection can succeed. Disable two raw IP tests that do not work with the current implementation in the kernel.
-rw-r--r--regress/sys/net/pf_divert/Makefile69
-rw-r--r--regress/sys/net/pf_divert/README8
2 files changed, 55 insertions, 22 deletions
diff --git a/regress/sys/net/pf_divert/Makefile b/regress/sys/net/pf_divert/Makefile
index e5350132921..c4395eb6f16 100644
--- a/regress/sys/net/pf_divert/Makefile
+++ b/regress/sys/net/pf_divert/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.14 2016/11/15 16:00:50 bluhm Exp $
+# $OpenBSD: Makefile,v 1.15 2016/11/16 16:00:41 bluhm Exp $
# The following ports must be installed for the regression tests:
# p5-IO-Socket-INET6 object interface for AF_INET and AF_INET6 domain sockets
@@ -63,9 +63,28 @@ TARGETS ?= inet-args-tcp-to inet6-args-tcp-to \
inet-args-icmp-to inet6-args-icmp-to \
inet-args-icmp-reply-to inet6-args-icmp-reply-to \
inet-args-icmp-reply-reuse inet6-args-icmp-reply-reuse \
- inet-reuse-tcp inet6-reuse-tcp \
- inet-reuse-udp inet6-reuse-udp \
- inet-reuse-rip inet6-reuse-rip
+ inet-reuse-tcp-to-to inet6-reuse-tcp-to-to \
+ inet-reuse-tcp-to-reply inet6-reuse-tcp-to-reply \
+ inet-reuse-tcp-reply-to inet6-reuse-tcp-reply-to \
+ inet-reuse-tcp-reply-reply inet6-reuse-tcp-reply-reply \
+ inet-reuse-udp-to-to inet6-reuse-udp-to-to \
+ inet-reuse-udp-to-reply inet6-reuse-udp-to-reply \
+ inet-reuse-udp-to-reply-to inet6-reuse-udp-to-reply-to \
+ inet-reuse-udp-reply-to inet6-reuse-udp-reply-to \
+ inet-reuse-udp-reply-reply inet6-reuse-udp-reply-reply \
+ inet-reuse-udp-reply-reply-to inet6-reuse-udp-reply-reply-to \
+ inet-reuse-udp-reply-to-to inet6-reuse-udp-reply-to-to \
+ inet-reuse-udp-reply-to-reply inet6-reuse-udp-reply-to-reply \
+ inet-reuse-udp-reply-to-reply-to inet6-reuse-udp-reply-to-reply-to \
+ inet-reuse-rip-to-to inet6-reuse-rip-to-to \
+ inet-reuse-rip-to-reply inet6-reuse-rip-to-reply \
+ inet-reuse-rip-to-reply-to inet6-reuse-rip-to-reply-to \
+ inet-reuse-rip-reply-to inet6-reuse-rip-reply-to \
+ inet-reuse-rip-reply-reply inet6-reuse-rip-reply-reply \
+ inet-reuse-rip-reply-reply-to inet6-reuse-rip-reply-reply-to \
+ inet-reuse-rip-reply-to-to inet6-reuse-rip-reply-to-to \
+ inet-reuse-rip-reply-to-reply inet6-reuse-rip-reply-to-reply \
+ inet-reuse-rip-reply-to-reply-to inet6-reuse-rip-reply-to-reply-to
REGRESS_TARGETS = ${TARGETS:S/^/run-regress-/}
CLEANFILES += *.log *.port ktrace.out stamp-*
@@ -104,7 +123,12 @@ PERLPATH = ${.CURDIR}/
# diverted process is running on the remote machine reachable with
# ssh.
-.for inet addr in inet ADDR inet6 ADDR6
+.for inet addr in inet ADDR inet6 ADDR6
+
+run-regress-${inet}-reuse-rip-to-reply-to:
+ @echo '\n======== $@ ========'
+ @echo 'rip to before reply is broken, it does not remove the state.'
+ @echo DISABLED
.for a in ${ARGS}
run-regress-${inet}-${a:R}: ${a}
@@ -113,32 +137,39 @@ run-regress-${inet}-${a:R}: ${a}
.endfor
.for proto in tcp udp rip
-run-regress-${inet}-reuse-${proto}:
+
+.for first second in to to to reply to reply-to reply to reply reply reply reply-to reply-to to reply-to reply reply-to reply-to
+
+run-regress-${inet}-reuse-${proto}-${first}-${second}:
@echo '\n======== $@ ========'
- time ${SUDO} SUDO=${SUDO} perl ${PERLINC} ${PERLPATH}remote.pl ${inet} ${LOCAL_${addr}} ${FAKE_${addr}} ${REMOTE_SSH} ${PERLPATH}args-${proto}-reply.pl
+ time ${SUDO} SUDO=${SUDO} perl ${PERLINC} ${PERLPATH}remote.pl -f ${inet} ${LOCAL_${addr}} ${FAKE_${addr}} ${REMOTE_SSH} ${PERLPATH}args-${proto}-${first}.pl
sed -n '/^connect peer:/s/.* //p' client.log >client.port
sed -n '/^connect sock:/s/.* //p' client.log >server.port
.if "tcp" == ${proto}
+.if "reply" == ${first}
${SUDO} tcpdrop ${LOCAL_${addr}} `cat client.port` ${FAKE_${addr}} `cat server.port`
.endif
- time ${SUDO} SUDO=${SUDO} perl ${PERLINC} ${PERLPATH}remote.pl ${inet} ${LOCAL_${addr}} ${FAKE_${addr}} ${REMOTE_SSH} `cat client.port` `cat server.port` ${PERLPATH}args-${proto}-to.pl
+.if "to" == ${first}
+ ssh ${REMOTE_SSH} ${SUDO} tcpdrop ${FAKE_${addr}} `cat client.port` ${LOCAL_${addr}} `cat server.port`
+.endif
+.endif
+ time ${SUDO} SUDO=${SUDO} perl ${PERLINC} ${PERLPATH}remote.pl ${inet} ${LOCAL_${addr}} ${FAKE_${addr}} ${REMOTE_SSH} `cat client.port` `cat server.port` ${PERLPATH}args-${proto}-${second}.pl
.if "tcp" == ${proto}
+.if "reply" == ${second}
+ ${SUDO} tcpdrop ${LOCAL_${addr}} `cat server.port` ${FAKE_${addr}} `cat client.port`
+.endif
+.if "to" == ${second}
+ ssh ${REMOTE_SSH} ${SUDO} pfctl -ss | \
+ egrep 'all ${proto} ${FAKE_${addr}}:?\[?'`cat server.port`\]?' .. ${LOCAL_${addr}}:?\[?'`cat client.port`'\]? '
ssh ${REMOTE_SSH} ${SUDO} tcpdrop ${FAKE_${addr}} `cat server.port` ${LOCAL_${addr}} `cat client.port`
-.if "inet" == ${inet}
- if ssh ${REMOTE_SSH} ${SUDO} pfctl -ss | \
- grep 'all ${proto} ${FAKE_${addr}}:'`cat server.port`' .. ${LOCAL_${addr}}:'`cat client.port`' '; \
- then false; \
- fi
-.else
- if ssh ${REMOTE_SSH} ${SUDO} pfctl -ss | \
- grep 'all ${proto} ${FAKE_${addr}}\['`cat server.port`\]' .. ${LOCAL_${addr}}\['`cat client.port`'\] '; \
- then false; \
- fi
+ ssh ${REMOTE_SSH} ${SUDO} pfctl -ss | \
+ ! egrep 'all ${proto} ${FAKE_${addr}}:?\[?'`cat server.port`\]?' .. ${LOCAL_${addr}}:?\[?'`cat client.port`'\]? '
.endif
.endif
-.endfor
.endfor
+.endfor
+.endfor
.PHONY: syntax check-setup
diff --git a/regress/sys/net/pf_divert/README b/regress/sys/net/pf_divert/README
index ffa90c0a0b5..c602d4edd66 100644
--- a/regress/sys/net/pf_divert/README
+++ b/regress/sys/net/pf_divert/README
@@ -43,6 +43,8 @@ has a different ID, so it cannot use the same pf state. Check that
the second reply reaches the client. This can only work, if pf
creates a second outgoing state although all packet use one socket.
-The reuse-... tests run the corresponding args-...-reply and
-args-...-to tests consecutively to check that the pf states to not
-interfere.
+The reuse tests run pairs of corresponding args-...-to and
+args-...-reply and args-...-reply-to tests consecutively to check
+that the pf states to not interfere. The first run flushes the
+state, the second must get rid of the state automatically. For TCP
+the connection in TIME_WAIT is dropped to remove the state.