src - OpenBSD base system

diff options


context:
space:
mode:

author	Alexander Bluhm <bluhm@cvs.openbsd.org>	2017-11-24 22:53:56 +0000
committer	Alexander Bluhm <bluhm@cvs.openbsd.org>	2017-11-24 22:53:56 +0000
commit	f42512db36ffcaca87fe5acd38eb7f241fda918d (patch)
tree	d393c9ff5acef3f1907c77141bc1a9d9c07691c9
parent	47e3416eeab58ab4ec98a77d25078af4e53df626 (diff)

Use the environment variable PFCTL to specify a different executable

for testing. Default is /sbin/pfctl. This makes test driven development easier.

Diffstat

-rw-r--r--

regress/sbin/pfctl/Makefile

-rw-r--r--

regress/sbin/pfctl/if2ip

-rw-r--r--

regress/sbin/pfctl/pfr.exec

3 files changed, 73 insertions, 66 deletions

diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile
index d42bb446e68..adc236cc8b7 100644
--- a/regress/sbin/pfctl/Makefile
+++ b/regress/sbin/pfctl/Makefile

@@ -1,4 +1,4 @@

-# $OpenBSD: Makefile,v 1.227 2017/08/11 22:30:38 benno Exp $

+# $OpenBSD: Makefile,v 1.228 2017/11/24 22:53:55 bluhm Exp $

# TARGETS

# pf: feed pfNN.in through pfctl and check whether the output matches pfNN.ok

@@ -6,7 +6,7 @@

# pfail: invalid rulesets pfctl must reject; pfailNN.in and pfailNN.ok

# pfsetup: set up lo1 and perform more tests

# pfr: table tests

-# pfsimple: just check whether pfctl accepts a given ruleset, not checking output

+# pfsimple: check whether pfctl accepts a given ruleset, not checking output

# pfload: load ruleset into anchor regress and verify pfctl -vvsr

# pfoptimize: as pfload, with -o flag to pfctl

# pfopt: as target pf, but supply extra command line options

@@ -31,6 +31,8 @@ PFCHKSUM=1 2 3

PFCMD=1

PFCMDFAIL=1

+PFCTL ?= /sbin/pfctl

MAKEOBJDIRPREFIX=

SHELL=/bin/sh

@@ -62,15 +64,15 @@ PFAIL_TARGETS+=pfail${n}

PFAIL_UPDATES+=pfail${n}-update

pfail${n}:

- pfctl -o none -nv -f - < ${.CURDIR}/pfail${n}.in 2>&1 | \

+ ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfail${n}.in 2>&1 | \

diff -u ${.CURDIR}/pfail${n}.ok /dev/stdin

pfail${n}-update:

- if pfctl -o none -nv -f - < ${.CURDIR}/pfail${n}.in > \

+ if ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfail${n}.in > \

${.CURDIR}/pfail${n}.ok 2>&1; then \

true; \

fi;

.endfor

pfail: ${PFAIL_TARGETS}

@@ -83,15 +85,15 @@ PF_TARGETS+=pf${n}

PF_UPDATES+=pf${n}-update

pf${n}:

- pfctl -o none -nv -f - < ${.CURDIR}/pf${n}.in | \

+ ${PFCTL} -o none -nv -f - < ${.CURDIR}/pf${n}.in | \

diff -u ${.CURDIR}/pf${n}.ok /dev/stdin

pf${n}-update:

- pfctl -o none -nv -f - < ${.CURDIR}/pf${n}.in > ${.CURDIR}/pf${n}.ok

+ ${PFCTL} -o none -nv -f - < ${.CURDIR}/pf${n}.in > ${.CURDIR}/pf${n}.ok

SELFPF_TARGETS+=selfpf${n}

selfpf${n}:

- pfctl -o none -nv -f - < ${.CURDIR}/pf${n}.ok | \

+ ${PFCTL} -o none -nv -f - < ${.CURDIR}/pf${n}.ok | \

diff -u ${.CURDIR}/pf${n}.ok /dev/stdin

.endfor

@@ -113,7 +115,7 @@ pf-include-setup:

PFSIMPLE_TARGETS+=pfsimple${n}

pfsimple${n}:

- pfctl -o none -nf - < ${.CURDIR}/pfsimple${n}.in

+ ${PFCTL} -o none -nf - < ${.CURDIR}/pfsimple${n}.in

.endfor

@@ -125,18 +127,18 @@ PFLOAD_TARGETS+=pfload${n}

PFLOAD_UPDATES+=pfload${n}-update

pfload${n}:

- ${SUDO} pfctl -o none -a regress -f - < ${.CURDIR}/pf${n}.in

- (${SUDO} pfctl -o none -a 'regress/*' -gvvsr | \

+ ${SUDO} ${PFCTL} -o none -a regress -f - < ${.CURDIR}/pf${n}.in

+ (${SUDO} ${PFCTL} -o none -a 'regress/*' -gvvsr | \

sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g' ) | \

diff -u ${.CURDIR}/pf${n}.loaded /dev/stdin

- ${SUDO} pfctl -o none -a regress -Fr >/dev/null 2>&1

+ ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1

pfload${n}-update:

- ${SUDO} pfctl -o none -a regress -f - < ${.CURDIR}/pf${n}.in

- (${SUDO} pfctl -o none -a 'regress/*' -gvvsr | \

+ ${SUDO} ${PFCTL} -o none -a regress -f - < ${.CURDIR}/pf${n}.in

+ (${SUDO} ${PFCTL} -o none -a 'regress/*' -gvvsr | \

sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g' ) \

> ${.CURDIR}/pf${n}.loaded

- ${SUDO} pfctl -o none -a regress -Fr >/dev/null 2>&1

+ ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1

.endfor

@@ -151,18 +153,18 @@ PFOPTIMIZE_TARGETS+=pfoptimize${n}

PFOPTIMIZE_UPDATES+=pfoptimize${n}-update

pfoptimize${n}:

- ${SUDO} pfctl -obasic -a regress -f - < ${.CURDIR}/pf${n}.in

- (${SUDO} pfctl -o none -a regress -gvvsr | \

+ ${SUDO} ${PFCTL} -obasic -a regress -f - < ${.CURDIR}/pf${n}.in

+ (${SUDO} ${PFCTL} -o none -a regress -gvvsr | \

sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g') | \

diff -u ${.CURDIR}/pf${n}.optimized /dev/stdin

- ${SUDO} pfctl -o none -a regress -Fr >/dev/null 2>&1

+ ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1

pfoptimize${n}-update:

- ${SUDO} pfctl -obasic -a regress -f - < ${.CURDIR}/pf${n}.in

- (${SUDO} pfctl -o none -a regress -gvvsr | \

+ ${SUDO} ${PFCTL} -obasic -a regress -f - < ${.CURDIR}/pf${n}.in

+ (${SUDO} ${PFCTL} -o none -a regress -gvvsr | \

sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g' ) \

> ${.CURDIR}/pf${n}.optimized

- ${SUDO} pfctl -o none -a regress -Fr >/dev/null 2>&1

+ ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1

.endfor

@@ -197,7 +199,7 @@ PFI_UPDATES+=pfi${n}-update

pfi${n}:

xargs ${SUDO} /bin/ksh ${.CURDIR}/if2ip <${.CURDIR}/pfi${n}.in | \

- diff -u ${.CURDIR}/pfi${n}.ok /dev/stdin

+ diff -u ${.CURDIR}/pfi${n}.ok /dev/stdin

pfi${n}-update:

xargs ${SUDO} /bin/ksh ${.CURDIR}/if2ip <${.CURDIR}/pfi${n}.in \

@@ -216,12 +218,12 @@ PFOPT_TARGETS+=pfopt${n}

PFOPT_UPDATES+=pfopt${n}-update

pfopt${n}:

- pfctl -o none -nv -f - `cat ${.CURDIR}/pfopt${n}.opts` \

+ ${PFCTL} -o none -nv -f - `cat ${.CURDIR}/pfopt${n}.opts` \

< ${.CURDIR}/pfopt${n}.in | \

diff -u ${.CURDIR}/pfopt${n}.ok /dev/stdin

pfopt${n}-update:

- pfctl -o none -nv -f - `cat ${.CURDIR}/pfopt${n}.opts` \

+ ${PFCTL} -o none -nv -f - `cat ${.CURDIR}/pfopt${n}.opts` \

< ${.CURDIR}/pfopt${n}.in > ${.CURDIR}/pfopt${n}.ok

.endfor

@@ -236,11 +238,11 @@ PFCMD_TARGETS+=pfcmd${n}

PFCMD_UPDATES+=pfcmd${n}-update

pfcmd${n}:

- ${SUDO} pfctl `cat ${.CURDIR}/pfcmd${n}.opts` \

+ ${SUDO} ${PFCTL} `cat ${.CURDIR}/pfcmd${n}.opts` \

-f ${.CURDIR}/pfcmd${n}.in

pfcmd${n}-update:

- ${SUDO} pfctl -f - `cat ${.CURDIR}/pfcmd${n}.opts` \

+ ${SUDO} ${PFCTL} -f - `cat ${.CURDIR}/pfcmd${n}.opts` \

< ${.CURDIR}/pfcmd${n}.in > ${.CURDIR}/pfcmd${n}.ok

.endfor

@@ -258,12 +260,12 @@ PFCMDFAIL_TARGETS+=pfcmdfail${n}

PFCMDFAIL_UPDATES+=pfcmdfail${n}-update

pfcmdfail${n}:

- ${SUDO} pfctl `cat ${.CURDIR}/pfcmdfail${n}.opts` \

+ ${SUDO} ${PFCTL} `cat ${.CURDIR}/pfcmdfail${n}.opts` \

-f - < ${.CURDIR}/pfcmdfail${n}.in 2>&1 | \

- diff -u ${.CURDIR}/pfcmdfail${n}.ok /dev/stdin

+ diff -u ${.CURDIR}/pfcmdfail${n}.ok /dev/stdin

pfcmdfail${n}-update:

- if ${SUDO} pfctl `cat ${.CURDIR}/pfcmdfail${n}.opts` \

+ if ${SUDO} ${PFCTL} `cat ${.CURDIR}/pfcmdfail${n}.opts` \

-f - < ${.CURDIR}/pfcmdfail${n}.in > \

${.CURDIR}/pfcmdfail${n}.ok 2>&1; then \

true; \

@@ -285,13 +287,13 @@ PFSETUP_UPDATES+=pfsetup${n}-update

pfsetup${n}:

${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.setup

- pfctl -o none -nv -f - < ${.CURDIR}/pfsetup${n}.in | \

+ ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfsetup${n}.in | \

diff -u ${.CURDIR}/pfsetup${n}.ok /dev/stdin

${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.clean

pfsetup${n}-update:

${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.setup

- pfctl -o none -nv -f - < ${.CURDIR}/pfsetup${n}.in \

+ ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfsetup${n}.in \

> ${.CURDIR}/pfsetup${n}.ok

${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.clean

@@ -308,17 +310,18 @@ PFCHKSUM_TARGETS+=pfchksum${n}

PFCHKSUM_UPDATES+=pfchksum${n}-update

pfchksum${n}:

- ${SUDO} pfctl -o none -Fa >/dev/null 2>&1

- ${SUDO} pfctl -o none -f - < ${.CURDIR}/pfchksum${n}.in

- ${SUDO} pfctl -o none -vsi | grep '^Checksum:' | \

- diff -u ${.CURDIR}/pfchksum${n}.ok /dev/stdin

- ${SUDO} pfctl -o none -Fa >/dev/null 2>&1

+ ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1

+ ${SUDO} ${PFCTL} -o none -f - < ${.CURDIR}/pfchksum${n}.in

+ ${SUDO} ${PFCTL} -o none -vsi | grep '^Checksum:' | \

+ diff -u ${.CURDIR}/pfchksum${n}.ok /dev/stdin

+ ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1

pfchksum${n}-update:

- ${SUDO} pfctl -o none -Fa >/dev/null 2>&1

- ${SUDO} pfctl -o none -f - < ${.CURDIR}/pfchksum${n}.in

- ${SUDO} pfctl -o none -vsi | grep '^Checksum:' > ${.CURDIR}/pfchksum${n}.ok

- ${SUDO} pfctl -o none -Fa >/dev/null 2>&1

+ ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1

+ ${SUDO} ${PFCTL} -o none -f - < ${.CURDIR}/pfchksum${n}.in

+ ${SUDO} ${PFCTL} -o none -vsi | grep '^Checksum:' \

+ > ${.CURDIR}/pfchksum${n}.ok

+ ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1

.endfor

diff --git a/regress/sbin/pfctl/if2ip b/regress/sbin/pfctl/if2ip
index a1424366244..9cdca64836b 100644
--- a/regress/sbin/pfctl/if2ip
+++ b/regress/sbin/pfctl/if2ip

@@ -2,8 +2,10 @@

# simple script that compare and display interface to address translation

# done by the userland pfctl tool and by the kernel PF dynamic code.

+PFCTL="${PFCTL:=/sbin/pfctl}"

if2ip_user() {

- echo "pass in from $1" | pfctl -o none -nvf- 2>/dev/null \

+ echo "pass in from $1" | $PFCTL -o none -nvf- 2>/dev/null \

| awk '{print " "(($3=="on")?$7:$5)}' | sort -u

}

@@ -17,10 +19,10 @@ kernel_spec() {

}

if2ip_kernel() {

- T=`echo "pass in on tun100 from $1" | pfctl -a regress/if2ip -f- \

- -vf- | awk '{ print $6}' | tr -d "()"`

- pfctl -a _pf -t "$T" -Ts | sort

- pfctl -a regress/if2ip -qFr

+ T=`echo "pass in on tun100 from $1" | $PFCTL -a regress/if2ip -f- \

+ -vf- | awk '{ print $6}' | tr -d "()"`

+ $PFCTL -a _pf -t "$T" -Ts | sort

+ $PFCTL -a regress/if2ip -qFr

}

while [ "X$1" != "X" ]; do

diff --git a/regress/sbin/pfctl/pfr.exec b/regress/sbin/pfctl/pfr.exec
index 701eebf8416..677bcf6bd96 100644
--- a/regress/sbin/pfctl/pfr.exec
+++ b/regress/sbin/pfctl/pfr.exec

@@ -1,8 +1,9 @@

#!/bin/ksh

+PFCTL="${PFCTL:=/sbin/pfctl}"

D=`dirname $1`

A='regress'

-pfctl -a $A -FT 2>/dev/null

-pfctl -a $A -Fr 2>/dev/null

+$PFCTL -a $A -FT 2>/dev/null

+$PFCTL -a $A -Fr 2>/dev/null

KT_R=`vmstat -mv | awk '/pfrktable/{print $3}'`

KT_I=`vmstat -mv | awk '/pfrktable/{print $5}'`

KEP_R=`vmstat -mv | awk '/pfrke_plain /{print $3}'`

@@ -12,14 +13,14 @@ KER_I=`vmstat -mv | awk '/pfrke_route /{print $5}'`

KEC_R=`vmstat -mv | awk '/pfrke_cost /{print $3}'`

KEC_I=`vmstat -mv | awk '/pfrke_cost /{print $5}'`

echo "# create"

-echo "table <regress> persist" | pfctl -a $A -f - 2>&1 || exit 1

-for LINE in `sed -e "s/ /_/g" $1`; do

+echo "table <regress> persist" | $PFCTL -a $A -f - 2>&1 || exit 1

+for LINE in `sed -e "s/ /_/g" $1`; do

RESULT=`echo $LINE | awk '{split($1,a,"_");print a[1]}'`

case $RESULT in

pass|fail) ;;

*) continue ;;

esac

- CMD=`echo $LINE | awk '{split($1,a,"_");print a[2]}'`

+ CMD=`echo $LINE | awk '{split($1,a,"_");print a[2]}'`

ARGSX=`echo $LINE | awk '{split($1,a,"_");for(i=3;a[i];i++)print a[i]}'`

ARGS=""

for ARG in $ARGSX; do

@@ -32,58 +33,58 @@ for LINE in `sed -e "s/ /_/g" $1`; do

if [ "$RESULT" = "pass" ]; then case $CMD in

add|delete|replace)

echo "# pass $CMD -n $ARGS"

- pfctl -a $A -t regress -nT $CMD $ARGS 2>&1 | sort || exit 1

+ $PFCTL -a $A -t regress -nT $CMD $ARGS 2>&1 | sort || exit 1

echo "# pass $CMD -nf-"

- echo "# test\n" $ARGSX | pfctl -a $A -t regress -nT $CMD -f- \

+ echo "# test\n" $ARGSX | $PFCTL -a $A -t regress -nT $CMD -f- \

2>&1 | sort || exit 1

echo "# pass $CMD -nqv $ARGS"

- pfctl -a $A -t regress -nqvT $CMD $ARGS 2>&1 | sort || exit 1

+ $PFCTL -a $A -t regress -nqvT $CMD $ARGS 2>&1 | sort || exit 1

echo "# pass $CMD -nqvv $ARGS"

- pfctl -a $A -t regress -nqvvT $CMD $ARGS 2>&1 | sort || exit 1

+ $PFCTL -a $A -t regress -nqvvT $CMD $ARGS 2>&1 | sort || exit 1

;;

esac fi

echo "# $RESULT $CMD $ARGS"

if [ "$RESULT" = "pass" ]; then

case $CMD in

list)

- pfctl -a $A -sT 2>&1

+ $PFCTL -a $A -sT 2>&1

echo "# pass $CMD -v"

- pfctl -a $A -gvsT 2>&1

+ $PFCTL -a $A -gvsT 2>&1

;;

load)

- echo $ARGS | sed "s,DIR,$D,g" | pfctl -a $A -f- \

+ echo $ARGS | sed "s,DIR,$D,g" | $PFCTL -a $A -f- \

|| exit 1

;;

rule)

- echo $ARGS | pfctl -a $A -f- 2>&1 || exit 1

+ echo $ARGS | $PFCTL -a $A -f- 2>&1 || exit 1

;;

show)

- pfctl -qvv -a $A -t regress -T $CMD $ARGS 2>&1 | \

+ $PFCTL -qvv -a $A -t regress -T $CMD $ARGS 2>&1 | \

grep -v "Cleared:"

;;

- pfctl -a $A -t regress -T $CMD $ARGS 2>&1 | sort \

+ $PFCTL -a $A -t regress -T $CMD $ARGS 2>&1 | sort \

|| exit 1

;;

esac

else

case $CMD in

load)

- echo ARGS | sed "s,DIR,$D,g" | pfctl -a $A -Tl -f- \

+ echo ARGS | sed "s,DIR,$D,g" | $PFCTL -a $A -Tl -f- \

&& exit 1

;;

rule)

- echo $ARGS | pfctl -a $A -f- 2>&1 && exit 1

+ echo $ARGS | $PFCTL -a $A -f- 2>&1 && exit 1

;;

- pfctl -a $A -t regress -T $CMD $ARGS 2>&1 && exit 1

+ $PFCTL -a $A -t regress -T $CMD $ARGS 2>&1 && exit 1

;;

esac

done

echo "# kill"

-pfctl -a $A -FT 2>&1

-pfctl -a $A -Fr 2>&1

+$PFCTL -a $A -FT 2>&1

+$PFCTL -a $A -Fr 2>&1

let KT_R=`vmstat -mv | awk '/pfrktable/{print $3}'`-$KT_R

let KT_I=`vmstat -mv | awk '/pfrktable/{print $5}'`-$KT_I

let KT_RL=$KT_R-$KT_I

@@ -100,4 +101,5 @@ echo "ktable: $KT_R allocated, $KT_RL released, $KT_I leaked."

echo "pfrke_plain: $KEP_R allocated, $KEP_RL released, $KEP_I leaked."

echo "pfrke_route: $KER_R allocated, $KER_RL released, $KER_I leaked."

echo "pfrke_cost: $KEC_R allocated, $KEC_RL released, $KEC_I leaked."

-[ "$KT_I" = "0" -a "$KEP_I" = "0" -a "$KER_I" = "0" -a "$KEC_I" = "0" ] || exit 1

+[ "$KT_I" = "0" -a "$KEP_I" = "0" -a "$KER_I" = "0" -a "$KEC_I" = "0" ] || \

+ exit 1