diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2017-11-17 15:39:52 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2017-11-17 15:39:52 +0000 |
| commit | 2f6c2b9dab4d8fb2c13128a3d9638e362839377d (patch) | |
| tree | bdf598d43bc24a205e4e50ebc8c5007199e5c720 /regress/sys/net | |
| parent | 7ab6647727d4a6e1eaf80eea4b775041c887270c (diff) | |
Let packets jump between routing domains until the ttl is used up.
Use tcpdump to check that the ttl decrements to one.
Diffstat (limited to 'regress/sys/net')
| -rw-r--r-- | regress/sys/net/loop/Makefile | 100 | ||||
| -rw-r--r-- | regress/sys/net/loop/pf.conf | 3 |
2 files changed, 91 insertions, 12 deletions
diff --git a/regress/sys/net/loop/Makefile b/regress/sys/net/loop/Makefile index 69671ab7e98..4694f62b13a 100644 --- a/regress/sys/net/loop/Makefile +++ b/regress/sys/net/loop/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2017/11/17 10:26:58 bluhm Exp $ +# $OpenBSD: Makefile,v 1.2 2017/11/17 15:39:51 bluhm Exp $ # Copyright (c) 2017 Alexander Bluhm <bluhm@openbsd.org> # @@ -16,7 +16,8 @@ # Set up two loopback interfaces in different routing domains. # Try to ping existing and non existing addresses in these domains. -# Also test pinging to different rdomains via pf. +# Also test pinging to different rdomains via pf. Check that the +# ttl is decremented while looping though loopback interfaces. SYSCTL_FORWARDING != sysctl net.inet.ip.forwarding @@ -42,13 +43,14 @@ check-rdomains: echo routing domain ${n} is already used >&2; exit 1; fi .endfor -ifconfig: check-rdomains +ifconfig: check-rdomains unconfig # create and configure loopback interfaces .for n in ${NUMS} ${SUDO} /sbin/ifconfig lo${n} rdomain ${n} ${SUDO} /sbin/ifconfig lo${n} inet 127.0.0.1/8 ${SUDO} /sbin/ifconfig lo${n} inet 127.0.0.${n} alias - ${SUDO} /sbin/route -n -T ${n} add -inet -host 127.6.6.6 127.0.0.1 + ${SUDO} /sbin/route -n -T ${n} add -inet -host 10.6.6.6 127.0.0.1 + ${SUDO} /sbin/route -n -T ${n} add -inet -host 10.7.7.7 127.0.0.1 .endfor ${SUDO} /sbin/route -n -T ${N1} add -inet -host 127.0.0.${N2} 127.0.0.1 ${SUDO} /sbin/route -n -T ${N2} add -inet -host 127.0.0.${N1} 127.0.0.1 @@ -71,6 +73,7 @@ addr.py: Makefile rm -f $@ $@.tmp .for var in N1 N2 echo '${var}="${${var}}"' >>$@.tmp + echo 'IF_${var}="lo${${var}}"' >>$@.tmp echo 'ADDR_${var}="127.0.0.${${var}}"' >>$@.tmp .endfor mv $@.tmp $@ @@ -82,22 +85,48 @@ stamp-pfctl: addr.py pf.conf stamp-setup cat addr.py ${.CURDIR}/pf.conf | ${SUDO} pfctl -a regress -f - @date >$@ +# run tcpdump on lo devices +DUMPCMD = tcpdump -l -e -vvv -s 2048 -ni + +stamp-bpf: stamp-bpf-${N1} stamp-bpf-${N2} + sleep 2 # XXX + @date >$@ + +.for n in ${N1} ${N2} + +stamp-bpf-${n}: stamp-setup + @echo '\n======== $@ ========' + rm -f lo${n}.tcpdump + pkill -f '^${DUMPCMD} lo${n}' || true + ${SUDO} ${DUMPCMD} lo${n} >lo${n}.tcpdump & + rm -f stamp-stop + @date >$@ + +.endfor + +stamp-stop: + @echo '\n======== $@ ========' + sleep 2 # XXX + -${SUDO} pkill -f '^${DUMPCMD}' + rm -f stamp-bpf* + @date >$@ + .for n in ${N1} ${N2} REGRESS_TARGETS += run-regress-ping-local-${n} -run-regress-ping-local-${n}: stamp-setup +run-regress-ping-local-${n}: stamp-setup stamp-bpf @echo '\n======== $@ ========' # Ping localhost in routing domain ${n}. /sbin/ping -n -w 1 -c 1 -V ${n} 127.0.0.1 REGRESS_TARGETS += run-regress-ping-loop-${n} -run-regress-ping-loop-${n}: stamp-setup +run-regress-ping-loop-${n}: stamp-setup stamp-bpf @echo '\n======== $@ ========' # Ping non existing address with loopback route in routing domain ${n}. - ! /sbin/ping -n -w 1 -c 1 -V ${n} 127.6.6.6 + ! /sbin/ping -n -w 1 -c 1 -V ${n} 10.6.6.6 REGRESS_TARGETS += run-regress-ping-address-${n} -run-regress-ping-address-${n}: stamp-pfctl +run-regress-ping-address-${n}: stamp-setup stamp-pfctl @echo '\n======== $@ ========' # Ping local address in routing domain ${n}. /sbin/ping -n -w 1 -c 1 -V ${n} 127.0.0.${n} @@ -105,22 +134,69 @@ run-regress-ping-address-${n}: stamp-pfctl .endfor REGRESS_TARGETS += run-regress-ping-rdomain-pass -run-regress-ping-rdomain-pass: stamp-pfctl +run-regress-ping-rdomain-pass: stamp-setup stamp-pfctl @echo '\n======== $@ ========' # Pass ping packets between routing domains with pf rule. /sbin/ping -n -w 1 -c 1 -V ${N1} 127.0.0.${N2} REGRESS_TARGETS += run-regress-ping-rdomain-block -run-regress-ping-rdomain-block: stamp-pfctl +run-regress-ping-rdomain-block: stamp-setup stamp-pfctl @echo '\n======== $@ ========' # Check that reverse direction without pf rule is not allowed. ! /sbin/ping -n -w 1 -c 1 -V ${N2} 127.0.0.${N1} +REGRESS_TARGETS += run-regress-ping-rdomain-loop +run-regress-ping-rdomain-loop: stamp-setup stamp-pfctl stamp-bpf + @echo '\n======== $@ ========' + # Ping non existing address and loop between routing domains. + ! /sbin/ping -n -w 1 -c 1 -V ${N1} 10.7.7.7 + +.for n in ${N1} ${N2} + +REGRESS_TARGETS += run-regress-bpf-local-${n} +run-regress-bpf-local-${n}: stamp-stop + @echo '\n======== $@ ========' + # Check that the ping packet went through loopback. + grep '127.0.0.1 > 127.0.0.1: icmp: echo request' lo${n}.tcpdump + +REGRESS_TARGETS += run-regress-bpf-loop-${n} +run-regress-bpf-loop-${n}: stamp-stop + @echo '\n======== $@ ========' + # Check that the ping packet went multiple times through loopback. + grep '[0-9] 127.0.0.1 > 10.6.6.6: icmp: echo request .*ttl 255,' \ + lo${n}.tcpdump + grep '[0-9] 127.0.0.1 > 10.6.6.6: icmp: echo request .* \[ttl 1\]' \ + lo${n}.tcpdump + +.endfor + +REGRESS_TARGETS += run-regress-bpf-rdomain-loop-${N1} +run-regress-bpf-rdomain-loop-${N1}: stamp-stop + @echo '\n======== $@ ========' + # Check the ping packet went multiple times in routing domains. + grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 255,' \ + lo${N1}.tcpdump + ! grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 254,' \ + lo${N1}.tcpdump + grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .* \[ttl 1\]' \ + lo${N1}.tcpdump + +REGRESS_TARGETS += run-regress-bpf-rdomain-loop-${N2} +run-regress-bpf-rdomain-loop-${N2}: stamp-stop + @echo '\n======== $@ ========' + # Check the ping packet went multiple times in routing domains. + grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 254,' \ + lo${N2}.tcpdump + grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 2,' \ + lo${N2}.tcpdump + ! grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .* \[ttl 1\]' \ + lo${N2}.tcpdump + REGRESS_TARGETS += run-regress-cleanup -run-regress-cleanup: stamp-setup +run-regress-cleanup: stamp-stop @echo '\n======== $@ ========' ${.MAKE} -C ${.CURDIR} unconfig -CLEANFILES += addr.py *.pyc *.log stamp-* +CLEANFILES += addr.py *.pyc *.tcpdump *.log stamp-* .include <bsd.regress.mk> diff --git a/regress/sys/net/loop/pf.conf b/regress/sys/net/loop/pf.conf index 1587f5233e3..66ecf188933 100644 --- a/regress/sys/net/loop/pf.conf +++ b/regress/sys/net/loop/pf.conf @@ -1,3 +1,6 @@ # pf must have these rules in the regress anchor pass in on rdomain $N1 to $ADDR_N2 rtable $N2 + +pass in on rdomain $N1 to 10.7.7.7 rtable $N2 no state +pass in on rdomain $N2 to 10.7.7.7 rtable $N1 no state |