summaryrefslogtreecommitdiff
path: root/regress/sys
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2017-09-15 14:03:15 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2017-09-15 14:03:15 +0000
commitc51ed7f19409131488d976227f646a6d4ef5c70c (patch)
treec971b559dcf0a62b3d313598d15c18f97dbeafaf /regress/sys
parentc28a413f72844dde1e92e25dfff63bd9ba4376e0 (diff)
Clean up pf rules and states on remote machine so that they do not
interfere with later tests.
Diffstat (limited to 'regress/sys')
-rw-r--r--regress/sys/netinet/frag/Makefile13
-rw-r--r--regress/sys/netinet/frag/pf.conf4
-rw-r--r--regress/sys/netinet6/frag6/Makefile10
-rw-r--r--regress/sys/netinet6/frag6/pf.conf4
4 files changed, 23 insertions, 8 deletions
diff --git a/regress/sys/netinet/frag/Makefile b/regress/sys/netinet/frag/Makefile
index faf87a2ddcf..195634b5d07 100644
--- a/regress/sys/netinet/frag/Makefile
+++ b/regress/sys/netinet/frag/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.1 2017/09/07 15:09:00 bluhm Exp $
+# $OpenBSD: Makefile,v 1.2 2017/09/15 14:03:14 bluhm Exp $
# The following ports must be installed:
#
@@ -98,14 +98,17 @@ REGRESS_TARGETS =
FRAG_SCRIPTS !!= cd ${.CURDIR} && ls -1 frag*.py
run-regress-stack-frag_mf0long.py:
+ @echo '\n======== $@ ========'
# the stack allows fragments with data behind a fragment without MF
@echo DISABLED
run-regress-stack-frag_mf0short.py:
+ @echo '\n======== $@ ========'
# the stack allows fragments without MF ending before other fragments
@echo DISABLED
run-regress-stack-frag_mf1end.py:
+ @echo '\n======== $@ ========'
# the stack allows fragments with MF together with fragments without MF
@echo DISABLED
@@ -145,7 +148,13 @@ REGRESS_TARGETS += run-regress-${sp}-ping run-regress-${sp}-fragping \
# After running the tests, turn on pf on remote machine.
# This is the expected default configuration.
-REGRESS_TARGETS += stamp-pf
+
+cleanup-pf:
+ rm -f stamp-stack stamp-pf
+ ssh ${IPS_SSH} ${SUDO} pfctl -a regress -Fa
+ -ssh ${REMOTE_SSH} ${SUDO} pfctl -e || true
+
+REGRESS_TARGETS += cleanup-pf
CLEANFILES += addr.py *.pyc *.log stamp-*
diff --git a/regress/sys/netinet/frag/pf.conf b/regress/sys/netinet/frag/pf.conf
index 7d101bc927b..d6cc42228b3 100644
--- a/regress/sys/netinet/frag/pf.conf
+++ b/regress/sys/netinet/frag/pf.conf
@@ -2,5 +2,5 @@
pass inet allow-opts
# turning on and off pf via ssh connection does not work with states
-pass proto tcp from port ssh no state
-pass proto tcp to port ssh no state
+pass proto tcp from port ssh flags A/SA no state
+pass proto tcp to port ssh flags A/SA no state
diff --git a/regress/sys/netinet6/frag6/Makefile b/regress/sys/netinet6/frag6/Makefile
index f382e4a9d41..48dbd06d20e 100644
--- a/regress/sys/netinet6/frag6/Makefile
+++ b/regress/sys/netinet6/frag6/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.21 2017/09/07 19:04:23 bluhm Exp $
+# $OpenBSD: Makefile,v 1.22 2017/09/15 14:03:14 bluhm Exp $
# The following ports must be installed:
#
@@ -133,7 +133,13 @@ REGRESS_TARGETS += run-regress-${sp}-ping6 run-regress-${sp}-fragping6 \
# After running the tests, turn on pf on remote machine.
# This is the expected default configuration.
-REGRESS_TARGETS += stamp-pf
+
+cleanup-pf:
+ rm -f stamp-stack stamp-pf
+ ssh ${IPS_SSH} ${SUDO} pfctl -a regress -Fa
+ -ssh ${REMOTE_SSH} ${SUDO} pfctl -e || true
+
+REGRESS_TARGETS += cleanup-pf
CLEANFILES += addr.py *.pyc *.log stamp-*
diff --git a/regress/sys/netinet6/frag6/pf.conf b/regress/sys/netinet6/frag6/pf.conf
index fc5dbec04f1..b74406f274a 100644
--- a/regress/sys/netinet6/frag6/pf.conf
+++ b/regress/sys/netinet6/frag6/pf.conf
@@ -2,5 +2,5 @@
pass inet6 allow-opts
# turning on and off pf via ssh connection does not work with states
-pass proto tcp from port ssh no state
-pass proto tcp to port ssh no state
+pass proto tcp from port ssh flags A/SA no state
+pass proto tcp to port ssh flags A/SA no state