summaryrefslogtreecommitdiff
path: root/regress/sys
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2017-11-17 15:39:52 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2017-11-17 15:39:52 +0000
commit2f6c2b9dab4d8fb2c13128a3d9638e362839377d (patch)
treebdf598d43bc24a205e4e50ebc8c5007199e5c720 /regress/sys
parent7ab6647727d4a6e1eaf80eea4b775041c887270c (diff)
Let packets jump between routing domains until the ttl is used up.
Use tcpdump to check that the ttl decrements to one.
Diffstat (limited to 'regress/sys')
-rw-r--r--regress/sys/net/loop/Makefile100
-rw-r--r--regress/sys/net/loop/pf.conf3
2 files changed, 91 insertions, 12 deletions
diff --git a/regress/sys/net/loop/Makefile b/regress/sys/net/loop/Makefile
index 69671ab7e98..4694f62b13a 100644
--- a/regress/sys/net/loop/Makefile
+++ b/regress/sys/net/loop/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.1 2017/11/17 10:26:58 bluhm Exp $
+# $OpenBSD: Makefile,v 1.2 2017/11/17 15:39:51 bluhm Exp $
# Copyright (c) 2017 Alexander Bluhm <bluhm@openbsd.org>
#
@@ -16,7 +16,8 @@
# Set up two loopback interfaces in different routing domains.
# Try to ping existing and non existing addresses in these domains.
-# Also test pinging to different rdomains via pf.
+# Also test pinging to different rdomains via pf. Check that the
+# ttl is decremented while looping though loopback interfaces.
SYSCTL_FORWARDING != sysctl net.inet.ip.forwarding
@@ -42,13 +43,14 @@ check-rdomains:
echo routing domain ${n} is already used >&2; exit 1; fi
.endfor
-ifconfig: check-rdomains
+ifconfig: check-rdomains unconfig
# create and configure loopback interfaces
.for n in ${NUMS}
${SUDO} /sbin/ifconfig lo${n} rdomain ${n}
${SUDO} /sbin/ifconfig lo${n} inet 127.0.0.1/8
${SUDO} /sbin/ifconfig lo${n} inet 127.0.0.${n} alias
- ${SUDO} /sbin/route -n -T ${n} add -inet -host 127.6.6.6 127.0.0.1
+ ${SUDO} /sbin/route -n -T ${n} add -inet -host 10.6.6.6 127.0.0.1
+ ${SUDO} /sbin/route -n -T ${n} add -inet -host 10.7.7.7 127.0.0.1
.endfor
${SUDO} /sbin/route -n -T ${N1} add -inet -host 127.0.0.${N2} 127.0.0.1
${SUDO} /sbin/route -n -T ${N2} add -inet -host 127.0.0.${N1} 127.0.0.1
@@ -71,6 +73,7 @@ addr.py: Makefile
rm -f $@ $@.tmp
.for var in N1 N2
echo '${var}="${${var}}"' >>$@.tmp
+ echo 'IF_${var}="lo${${var}}"' >>$@.tmp
echo 'ADDR_${var}="127.0.0.${${var}}"' >>$@.tmp
.endfor
mv $@.tmp $@
@@ -82,22 +85,48 @@ stamp-pfctl: addr.py pf.conf stamp-setup
cat addr.py ${.CURDIR}/pf.conf | ${SUDO} pfctl -a regress -f -
@date >$@
+# run tcpdump on lo devices
+DUMPCMD = tcpdump -l -e -vvv -s 2048 -ni
+
+stamp-bpf: stamp-bpf-${N1} stamp-bpf-${N2}
+ sleep 2 # XXX
+ @date >$@
+
+.for n in ${N1} ${N2}
+
+stamp-bpf-${n}: stamp-setup
+ @echo '\n======== $@ ========'
+ rm -f lo${n}.tcpdump
+ pkill -f '^${DUMPCMD} lo${n}' || true
+ ${SUDO} ${DUMPCMD} lo${n} >lo${n}.tcpdump &
+ rm -f stamp-stop
+ @date >$@
+
+.endfor
+
+stamp-stop:
+ @echo '\n======== $@ ========'
+ sleep 2 # XXX
+ -${SUDO} pkill -f '^${DUMPCMD}'
+ rm -f stamp-bpf*
+ @date >$@
+
.for n in ${N1} ${N2}
REGRESS_TARGETS += run-regress-ping-local-${n}
-run-regress-ping-local-${n}: stamp-setup
+run-regress-ping-local-${n}: stamp-setup stamp-bpf
@echo '\n======== $@ ========'
# Ping localhost in routing domain ${n}.
/sbin/ping -n -w 1 -c 1 -V ${n} 127.0.0.1
REGRESS_TARGETS += run-regress-ping-loop-${n}
-run-regress-ping-loop-${n}: stamp-setup
+run-regress-ping-loop-${n}: stamp-setup stamp-bpf
@echo '\n======== $@ ========'
# Ping non existing address with loopback route in routing domain ${n}.
- ! /sbin/ping -n -w 1 -c 1 -V ${n} 127.6.6.6
+ ! /sbin/ping -n -w 1 -c 1 -V ${n} 10.6.6.6
REGRESS_TARGETS += run-regress-ping-address-${n}
-run-regress-ping-address-${n}: stamp-pfctl
+run-regress-ping-address-${n}: stamp-setup stamp-pfctl
@echo '\n======== $@ ========'
# Ping local address in routing domain ${n}.
/sbin/ping -n -w 1 -c 1 -V ${n} 127.0.0.${n}
@@ -105,22 +134,69 @@ run-regress-ping-address-${n}: stamp-pfctl
.endfor
REGRESS_TARGETS += run-regress-ping-rdomain-pass
-run-regress-ping-rdomain-pass: stamp-pfctl
+run-regress-ping-rdomain-pass: stamp-setup stamp-pfctl
@echo '\n======== $@ ========'
# Pass ping packets between routing domains with pf rule.
/sbin/ping -n -w 1 -c 1 -V ${N1} 127.0.0.${N2}
REGRESS_TARGETS += run-regress-ping-rdomain-block
-run-regress-ping-rdomain-block: stamp-pfctl
+run-regress-ping-rdomain-block: stamp-setup stamp-pfctl
@echo '\n======== $@ ========'
# Check that reverse direction without pf rule is not allowed.
! /sbin/ping -n -w 1 -c 1 -V ${N2} 127.0.0.${N1}
+REGRESS_TARGETS += run-regress-ping-rdomain-loop
+run-regress-ping-rdomain-loop: stamp-setup stamp-pfctl stamp-bpf
+ @echo '\n======== $@ ========'
+ # Ping non existing address and loop between routing domains.
+ ! /sbin/ping -n -w 1 -c 1 -V ${N1} 10.7.7.7
+
+.for n in ${N1} ${N2}
+
+REGRESS_TARGETS += run-regress-bpf-local-${n}
+run-regress-bpf-local-${n}: stamp-stop
+ @echo '\n======== $@ ========'
+ # Check that the ping packet went through loopback.
+ grep '127.0.0.1 > 127.0.0.1: icmp: echo request' lo${n}.tcpdump
+
+REGRESS_TARGETS += run-regress-bpf-loop-${n}
+run-regress-bpf-loop-${n}: stamp-stop
+ @echo '\n======== $@ ========'
+ # Check that the ping packet went multiple times through loopback.
+ grep '[0-9] 127.0.0.1 > 10.6.6.6: icmp: echo request .*ttl 255,' \
+ lo${n}.tcpdump
+ grep '[0-9] 127.0.0.1 > 10.6.6.6: icmp: echo request .* \[ttl 1\]' \
+ lo${n}.tcpdump
+
+.endfor
+
+REGRESS_TARGETS += run-regress-bpf-rdomain-loop-${N1}
+run-regress-bpf-rdomain-loop-${N1}: stamp-stop
+ @echo '\n======== $@ ========'
+ # Check the ping packet went multiple times in routing domains.
+ grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 255,' \
+ lo${N1}.tcpdump
+ ! grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 254,' \
+ lo${N1}.tcpdump
+ grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .* \[ttl 1\]' \
+ lo${N1}.tcpdump
+
+REGRESS_TARGETS += run-regress-bpf-rdomain-loop-${N2}
+run-regress-bpf-rdomain-loop-${N2}: stamp-stop
+ @echo '\n======== $@ ========'
+ # Check the ping packet went multiple times in routing domains.
+ grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 254,' \
+ lo${N2}.tcpdump
+ grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .*ttl 2,' \
+ lo${N2}.tcpdump
+ ! grep '[0-9] 127.0.0.1 > 10.7.7.7: icmp: echo request .* \[ttl 1\]' \
+ lo${N2}.tcpdump
+
REGRESS_TARGETS += run-regress-cleanup
-run-regress-cleanup: stamp-setup
+run-regress-cleanup: stamp-stop
@echo '\n======== $@ ========'
${.MAKE} -C ${.CURDIR} unconfig
-CLEANFILES += addr.py *.pyc *.log stamp-*
+CLEANFILES += addr.py *.pyc *.tcpdump *.log stamp-*
.include <bsd.regress.mk>
diff --git a/regress/sys/net/loop/pf.conf b/regress/sys/net/loop/pf.conf
index 1587f5233e3..66ecf188933 100644
--- a/regress/sys/net/loop/pf.conf
+++ b/regress/sys/net/loop/pf.conf
@@ -1,3 +1,6 @@
# pf must have these rules in the regress anchor
pass in on rdomain $N1 to $ADDR_N2 rtable $N2
+
+pass in on rdomain $N1 to 10.7.7.7 rtable $N2 no state
+pass in on rdomain $N2 to 10.7.7.7 rtable $N1 no state