IPv6 packets with routing header 0 are dropped by pf, but answered

with ICMP6 parameter problem by the network stack.  This test expects
the ICMP6 packets, so disable pf on the remote machine temporarily.

10 files changed, 68 insertions, 62 deletions

diff --git a/regress/sys/netinet6/rh0/LICENSE b/regress/sys/netinet6/rh0/LICENSE
new file mode 100644
index 00000000000..8132b495a44
--- /dev/null
+++ b/regress/sys/netinet6/rh0/LICENSE
@@ -0,0 +1,13 @@
+# Copyright (c) 2012-2017 Alexander Bluhm <bluhm@openbsd.org>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/regress/sys/netinet6/rh0/Makefile b/regress/sys/netinet6/rh0/Makefile
index 473af6b5055..86181628e07 100644
--- a/regress/sys/netinet6/rh0/Makefile
+++ b/regress/sys/netinet6/rh0/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.7 2016/10/19 14:31:19 tb Exp $
+#	$OpenBSD: Makefile,v 1.8 2017/02/28 16:14:35 bluhm Exp $
 
 # The following ports must be installed:
 #
@@ -9,12 +9,13 @@
 .if ! (make(clean) || make(cleandir) || make(obj))
 # Check wether all required python packages are installed.  If some
 # are missing print a warning and skip the tests, but do not fail.
-PYTHON_IMPORT != python2.7 -c 'from scapy.all import *' 2>&1 || true
+PYTHON_IMPORT !!= python2.7 -c 'from scapy.all import *' 2>&1 || true
 .endif
+
 .if ! empty(PYTHON_IMPORT)
 regress:
 	@echo '${PYTHON_IMPORT}'
-	@echo install python and the scapy module for additional tests
+	@echo Install python and the scapy module for additional tests.
 	@echo SKIPPED
 .endif
 
@@ -45,15 +46,24 @@ SRT_OUT6 ?=
 
 .if empty (SRC_IF) || empty (SRC_MAC) || empty (DST_MAC) || \
     empty (SRC_OUT6) || empty (DST_IN6) || empty (DST_OUT6) || \
-    empty (SRT_IN6) || empty (SRT_OUT6)
+    empty (SRT_IN6) || empty (SRT_OUT6) || empty (REMOTE_SSH)
 regress:
-	@echo this tests needs a remote machine to operate on
+	@echo This tests needs a remote machine to operate on.
 	@echo SRC_IF SRC_MAC DST_MAC SRC_OUT6 DST_IN6 DST_OUT6
-	@echo SRT_IN6 SRT_OUT6 are empty
-	@echo fill out these variables for additional tests
+	@echo SRT_IN6 SRT_OUT6 REMOTE_SSH are empty.
+	@echo Fill out these variables for additional tests.
 	@echo SKIPPED
 .endif
 
+.MAIN: all
+
+.if make (regress) || make (all)
+.BEGIN: addr.py
+	@echo
+	${SUDO} true
+	rm -f stamp-stack stamp-pf
+.endif
+
 depend: addr.py
 
 # Create python include file containing the addresses.
@@ -75,65 +85,35 @@ PYTHON =	python2.7 ./
 PYTHON =	PYTHONPATH=${.OBJDIR} python2.7 ${.CURDIR}/
 .endif
 
-# Send ping6 packet without routing header type 0
-TARGETS +=	rh0-none
-run-regress-rh0-none: addr.py
-	@echo '\n======== $@ ========'
-	@echo Check without routing header type 0
-	${SUDO} ${PYTHON}rh0_none.py
-
-# Send ping6 packet with routing header type 0 but empty address list
-TARGETS +=	rh0-empty
-run-regress-rh0-empty: addr.py
-	@echo '\n======== $@ ========'
-	@echo Check routing header type 0 with empty address list
-	${SUDO} ${PYTHON}rh0_empty.py
-
-TARGETS +=	rh0-final
-# Send ping6 packet with routing header type 0 to the final destination
-run-regress-rh0-final: addr.py
-	@echo '\n======== $@ ========'
-	@echo Check routing header type 0 to the final destination
-	${SUDO} ${PYTHON}rh0_final.py
-
-TARGETS +=	rh0-route
-# Send ping6 packet with routing header type 0 to be source routed
-run-regress-rh0-route: addr.py
-	@echo '\n======== $@ ========'
-	@echo Check routing header type 0 to be source routed
-	${SUDO} ${PYTHON}rh0_route.py
+stamp-stack:
+	rm -f stamp-stack stamp-pf
+	-ssh -t ${REMOTE_SSH} ${SUDO} pfctl -d
+	ssh -t ${REMOTE_SSH} ${SUDO} pfctl -a regress -Fr
+	date >$@
 
-# Send with fragment and routing header type 0 but empty address list
-TARGETS +=	rh0-frag-empty
-run-regress-rh0-frag-empty: addr.py
-	@echo '\n======== $@ ========'
-	@echo Check fragment and routing header type 0 with empty address list
-	${SUDO} ${PYTHON}rh0_frag_empty.py
+stamp-pf:
+	rm -f stamp-stack stamp-pf
+	echo 'pass proto tcp from port ssh no state\n'\
+	    'pass proto tcp to port ssh no state'|\
+	    ssh -t ${REMOTE_SSH} ${SUDO} pfctl -a regress -f -
+	-ssh -t ${REMOTE_SSH} ${SUDO} pfctl -e
+	date >$@
 
-TARGETS +=	rh0-frag-final
-# Send with fragment and routing header type 0 to the final destination
-run-regress-rh0-frag-final: addr.py
-	@echo '\n======== $@ ========'
-	@echo Check fragment and routing header type 0 to the final destination
-	${SUDO} ${PYTHON}rh0_frag_final.py
+RH0_SCRIPTS !!=		cd ${.CURDIR} && ls -1 rh0*.py
 
-TARGETS +=	rh0-frag-route
-# Send with fragment and routing header type 0 to be source routed
-run-regress-rh0-frag-route: addr.py
+.for s in ${RH0_SCRIPTS}
+run-regress-${s}: addr.py stamp-stack
 	@echo '\n======== $@ ========'
-	@echo Check fragment and routing header type 0 to be source routed
-	${SUDO} ${PYTHON}rh0_frag_route.py
+	${SUDO} ${PYTHON}${s}
+.endfor
 
-TARGETS +=	rh0-frag2
-# Send with fragment and routing header type 0 to be source routed
-run-regress-rh0-frag2: addr.py
-	@echo '\n======== $@ ========'
-	@echo Check routing header type 0 in the second fragment
-	${SUDO} ${PYTHON}rh0_frag2.py
+REGRESS_TARGETS =	${RH0_SCRIPTS:S/^/run-regress-/}
 
-REGRESS_TARGETS =	${TARGETS:S/^/run-regress-/}
+# After running the tests, turn on pf on remote machine.
+# This is the expected default configuration.
+REGRESS_TARGETS +=      stamp-pf
 
-CLEANFILES +=		addr.py *.pyc *.log
+CLEANFILES +=		addr.py *.pyc *.log stamp-*
 
 .PHONY: check-setup
 
@@ -148,8 +128,5 @@ check-setup:
 	ping6 -n -c 1 ${DST_OUT6}
 	route -n get -inet6 ${SRT_IN6} | grep -q 'gateway: ${DST_IN6}$$'
 	ndp -n ${DST_IN6} | grep -q ' ${DST_MAC} '
-.if defined(REMOTE_SSH)
-	ssh ${REMOTE_SSH} ${SUDO} pfctl -si | grep '^Status: Disabled '
-.endif
 
 .include <bsd.regress.mk>
diff --git a/regress/sys/netinet6/rh0/rh0_empty.py b/regress/sys/netinet6/rh0/rh0_empty.py
index 954d1e15553..e087131a717 100644
--- a/regress/sys/netinet6/rh0/rh0_empty.py
+++ b/regress/sys/netinet6/rh0/rh0_empty.py
@@ -3,6 +3,8 @@
 # the address list is empty
 # we expect a parameter problem from header scanning
 
+print "send ping6 packet with routing header type 0 but empty address list"
+
 import os
 from addr import *
 from scapy.all import *
diff --git a/regress/sys/netinet6/rh0/rh0_final.py b/regress/sys/netinet6/rh0/rh0_final.py
index 881c8910099..7bb179f8ff3 100644
--- a/regress/sys/netinet6/rh0/rh0_final.py
+++ b/regress/sys/netinet6/rh0/rh0_final.py
@@ -3,6 +3,8 @@
 # the address pointer is at the final destination
 # we expect a parameter problem from header scanning
 
+print "send ping6 packet with routing header type 0 to the final destination"
+
 import os
 from addr import *
 from scapy.all import *
diff --git a/regress/sys/netinet6/rh0/rh0_frag2.py b/regress/sys/netinet6/rh0/rh0_frag2.py
index 04c6773284b..7054c3fe4a3 100644
--- a/regress/sys/netinet6/rh0/rh0_frag2.py
+++ b/regress/sys/netinet6/rh0/rh0_frag2.py
@@ -4,6 +4,8 @@
 # hide the routing header in a second fragment to preclude header scan
 # we expect an echo reply, as there are no more hops
 
+print "send with fragment and routing header type 0 to be source routed"
+
 import os
 from addr import *
 from scapy.all import *
diff --git a/regress/sys/netinet6/rh0/rh0_frag_empty.py b/regress/sys/netinet6/rh0/rh0_frag_empty.py
index a9f3636ba5e..03eb969ee21 100644
--- a/regress/sys/netinet6/rh0/rh0_frag_empty.py
+++ b/regress/sys/netinet6/rh0/rh0_frag_empty.py
@@ -4,6 +4,8 @@
 # hide the routing header behind a fragment header to avoid header scan
 # we expect an echo reply, as there are no more hops
 
+print "send with fragment and routing header type 0 but empty address list"
+
 import os
 from addr import *
 from scapy.all import *
diff --git a/regress/sys/netinet6/rh0/rh0_frag_final.py b/regress/sys/netinet6/rh0/rh0_frag_final.py
index 63d5f40a68e..62ae301f3b8 100644
--- a/regress/sys/netinet6/rh0/rh0_frag_final.py
+++ b/regress/sys/netinet6/rh0/rh0_frag_final.py
@@ -4,6 +4,8 @@
 # hide the routing header behind a fragment header to avoid header scan
 # we expect an echo reply, as there are no more hops
 
+print "send with fragment and routing header type 0 to the final destination"
+
 import os
 from addr import *
 from scapy.all import *
diff --git a/regress/sys/netinet6/rh0/rh0_frag_route.py b/regress/sys/netinet6/rh0/rh0_frag_route.py
index 8632c4f4fe5..3b55ae49fd9 100644
--- a/regress/sys/netinet6/rh0/rh0_frag_route.py
+++ b/regress/sys/netinet6/rh0/rh0_frag_route.py
@@ -4,6 +4,8 @@
 # hide the routing header behind a fragment header to avoid header scan
 # we expect an ICMP6 error, as we do not support source routing
 
+print "send with fragment and routing header type 0 to be source routed"
+
 import os
 from addr import *
 from scapy.all import *
diff --git a/regress/sys/netinet6/rh0/rh0_none.py b/regress/sys/netinet6/rh0/rh0_none.py
index 328fa296436..694a9277fa4 100644
--- a/regress/sys/netinet6/rh0/rh0_none.py
+++ b/regress/sys/netinet6/rh0/rh0_none.py
@@ -2,6 +2,8 @@
 # send a ping6 packet without routing header type 0
 # we expect an echo reply, as there is no routing header
 
+print "send ping6 packet without routing header type 0"
+
 import os
 from addr import *
 from scapy.all import *
diff --git a/regress/sys/netinet6/rh0/rh0_route.py b/regress/sys/netinet6/rh0/rh0_route.py
index 0a248af90b6..71d4144063a 100644
--- a/regress/sys/netinet6/rh0/rh0_route.py
+++ b/regress/sys/netinet6/rh0/rh0_route.py
@@ -3,6 +3,8 @@
 # try to source route
 # we expect an ICMP6 error, as we do not support source routing
 
+print "send ping6 packet with routing header type 0 to be source routed"
+
 import os
 from addr import *
 from scapy.all import *