diff options
Diffstat (limited to 'regress')
-rw-r--r-- | regress/sbin/pfctl/Makefile | 83 | ||||
-rw-r--r-- | regress/sbin/pfctl/if2ip | 12 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfr.exec | 44 |
3 files changed, 73 insertions, 66 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile index d42bb446e68..adc236cc8b7 100644 --- a/regress/sbin/pfctl/Makefile +++ b/regress/sbin/pfctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.227 2017/08/11 22:30:38 benno Exp $ +# $OpenBSD: Makefile,v 1.228 2017/11/24 22:53:55 bluhm Exp $ # TARGETS # pf: feed pfNN.in through pfctl and check whether the output matches pfNN.ok @@ -6,7 +6,7 @@ # pfail: invalid rulesets pfctl must reject; pfailNN.in and pfailNN.ok # pfsetup: set up lo1 and perform more tests # pfr: table tests -# pfsimple: just check whether pfctl accepts a given ruleset, not checking output +# pfsimple: check whether pfctl accepts a given ruleset, not checking output # pfload: load ruleset into anchor regress and verify pfctl -vvsr # pfoptimize: as pfload, with -o flag to pfctl # pfopt: as target pf, but supply extra command line options @@ -31,6 +31,8 @@ PFCHKSUM=1 2 3 PFCMD=1 PFCMDFAIL=1 +PFCTL ?= /sbin/pfctl + MAKEOBJDIRPREFIX= SHELL=/bin/sh @@ -62,15 +64,15 @@ PFAIL_TARGETS+=pfail${n} PFAIL_UPDATES+=pfail${n}-update pfail${n}: - pfctl -o none -nv -f - < ${.CURDIR}/pfail${n}.in 2>&1 | \ + ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfail${n}.in 2>&1 | \ diff -u ${.CURDIR}/pfail${n}.ok /dev/stdin pfail${n}-update: - if pfctl -o none -nv -f - < ${.CURDIR}/pfail${n}.in > \ + if ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfail${n}.in > \ ${.CURDIR}/pfail${n}.ok 2>&1; then \ true; \ fi; - + .endfor pfail: ${PFAIL_TARGETS} @@ -83,15 +85,15 @@ PF_TARGETS+=pf${n} PF_UPDATES+=pf${n}-update pf${n}: - pfctl -o none -nv -f - < ${.CURDIR}/pf${n}.in | \ + ${PFCTL} -o none -nv -f - < ${.CURDIR}/pf${n}.in | \ diff -u ${.CURDIR}/pf${n}.ok /dev/stdin pf${n}-update: - pfctl -o none -nv -f - < ${.CURDIR}/pf${n}.in > ${.CURDIR}/pf${n}.ok + ${PFCTL} -o none -nv -f - < ${.CURDIR}/pf${n}.in > ${.CURDIR}/pf${n}.ok SELFPF_TARGETS+=selfpf${n} selfpf${n}: - pfctl -o none -nv -f - < ${.CURDIR}/pf${n}.ok | \ + ${PFCTL} -o none -nv -f - < ${.CURDIR}/pf${n}.ok | \ diff -u ${.CURDIR}/pf${n}.ok /dev/stdin .endfor @@ -113,7 +115,7 @@ pf-include-setup: PFSIMPLE_TARGETS+=pfsimple${n} pfsimple${n}: - pfctl -o none -nf - < ${.CURDIR}/pfsimple${n}.in + ${PFCTL} -o none -nf - < ${.CURDIR}/pfsimple${n}.in .endfor @@ -125,18 +127,18 @@ PFLOAD_TARGETS+=pfload${n} PFLOAD_UPDATES+=pfload${n}-update pfload${n}: - ${SUDO} pfctl -o none -a regress -f - < ${.CURDIR}/pf${n}.in - (${SUDO} pfctl -o none -a 'regress/*' -gvvsr | \ + ${SUDO} ${PFCTL} -o none -a regress -f - < ${.CURDIR}/pf${n}.in + (${SUDO} ${PFCTL} -o none -a 'regress/*' -gvvsr | \ sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g' ) | \ diff -u ${.CURDIR}/pf${n}.loaded /dev/stdin - ${SUDO} pfctl -o none -a regress -Fr >/dev/null 2>&1 + ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 pfload${n}-update: - ${SUDO} pfctl -o none -a regress -f - < ${.CURDIR}/pf${n}.in - (${SUDO} pfctl -o none -a 'regress/*' -gvvsr | \ + ${SUDO} ${PFCTL} -o none -a regress -f - < ${.CURDIR}/pf${n}.in + (${SUDO} ${PFCTL} -o none -a 'regress/*' -gvvsr | \ sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g' ) \ > ${.CURDIR}/pf${n}.loaded - ${SUDO} pfctl -o none -a regress -Fr >/dev/null 2>&1 + ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 .endfor @@ -151,18 +153,18 @@ PFOPTIMIZE_TARGETS+=pfoptimize${n} PFOPTIMIZE_UPDATES+=pfoptimize${n}-update pfoptimize${n}: - ${SUDO} pfctl -obasic -a regress -f - < ${.CURDIR}/pf${n}.in - (${SUDO} pfctl -o none -a regress -gvvsr | \ + ${SUDO} ${PFCTL} -obasic -a regress -f - < ${.CURDIR}/pf${n}.in + (${SUDO} ${PFCTL} -o none -a regress -gvvsr | \ sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g') | \ diff -u ${.CURDIR}/pf${n}.optimized /dev/stdin - ${SUDO} pfctl -o none -a regress -Fr >/dev/null 2>&1 + ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 pfoptimize${n}-update: - ${SUDO} pfctl -obasic -a regress -f - < ${.CURDIR}/pf${n}.in - (${SUDO} pfctl -o none -a regress -gvvsr | \ + ${SUDO} ${PFCTL} -obasic -a regress -f - < ${.CURDIR}/pf${n}.in + (${SUDO} ${PFCTL} -o none -a regress -gvvsr | \ sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g' ) \ > ${.CURDIR}/pf${n}.optimized - ${SUDO} pfctl -o none -a regress -Fr >/dev/null 2>&1 + ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 .endfor @@ -197,7 +199,7 @@ PFI_UPDATES+=pfi${n}-update pfi${n}: xargs ${SUDO} /bin/ksh ${.CURDIR}/if2ip <${.CURDIR}/pfi${n}.in | \ - diff -u ${.CURDIR}/pfi${n}.ok /dev/stdin + diff -u ${.CURDIR}/pfi${n}.ok /dev/stdin pfi${n}-update: xargs ${SUDO} /bin/ksh ${.CURDIR}/if2ip <${.CURDIR}/pfi${n}.in \ @@ -216,12 +218,12 @@ PFOPT_TARGETS+=pfopt${n} PFOPT_UPDATES+=pfopt${n}-update pfopt${n}: - pfctl -o none -nv -f - `cat ${.CURDIR}/pfopt${n}.opts` \ + ${PFCTL} -o none -nv -f - `cat ${.CURDIR}/pfopt${n}.opts` \ < ${.CURDIR}/pfopt${n}.in | \ diff -u ${.CURDIR}/pfopt${n}.ok /dev/stdin pfopt${n}-update: - pfctl -o none -nv -f - `cat ${.CURDIR}/pfopt${n}.opts` \ + ${PFCTL} -o none -nv -f - `cat ${.CURDIR}/pfopt${n}.opts` \ < ${.CURDIR}/pfopt${n}.in > ${.CURDIR}/pfopt${n}.ok .endfor @@ -236,11 +238,11 @@ PFCMD_TARGETS+=pfcmd${n} PFCMD_UPDATES+=pfcmd${n}-update pfcmd${n}: - ${SUDO} pfctl `cat ${.CURDIR}/pfcmd${n}.opts` \ + ${SUDO} ${PFCTL} `cat ${.CURDIR}/pfcmd${n}.opts` \ -f ${.CURDIR}/pfcmd${n}.in pfcmd${n}-update: - ${SUDO} pfctl -f - `cat ${.CURDIR}/pfcmd${n}.opts` \ + ${SUDO} ${PFCTL} -f - `cat ${.CURDIR}/pfcmd${n}.opts` \ < ${.CURDIR}/pfcmd${n}.in > ${.CURDIR}/pfcmd${n}.ok .endfor @@ -258,12 +260,12 @@ PFCMDFAIL_TARGETS+=pfcmdfail${n} PFCMDFAIL_UPDATES+=pfcmdfail${n}-update pfcmdfail${n}: - ${SUDO} pfctl `cat ${.CURDIR}/pfcmdfail${n}.opts` \ + ${SUDO} ${PFCTL} `cat ${.CURDIR}/pfcmdfail${n}.opts` \ -f - < ${.CURDIR}/pfcmdfail${n}.in 2>&1 | \ - diff -u ${.CURDIR}/pfcmdfail${n}.ok /dev/stdin + diff -u ${.CURDIR}/pfcmdfail${n}.ok /dev/stdin pfcmdfail${n}-update: - if ${SUDO} pfctl `cat ${.CURDIR}/pfcmdfail${n}.opts` \ + if ${SUDO} ${PFCTL} `cat ${.CURDIR}/pfcmdfail${n}.opts` \ -f - < ${.CURDIR}/pfcmdfail${n}.in > \ ${.CURDIR}/pfcmdfail${n}.ok 2>&1; then \ true; \ @@ -285,13 +287,13 @@ PFSETUP_UPDATES+=pfsetup${n}-update pfsetup${n}: ${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.setup - pfctl -o none -nv -f - < ${.CURDIR}/pfsetup${n}.in | \ + ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfsetup${n}.in | \ diff -u ${.CURDIR}/pfsetup${n}.ok /dev/stdin ${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.clean pfsetup${n}-update: ${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.setup - pfctl -o none -nv -f - < ${.CURDIR}/pfsetup${n}.in \ + ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfsetup${n}.in \ > ${.CURDIR}/pfsetup${n}.ok ${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.clean @@ -308,17 +310,18 @@ PFCHKSUM_TARGETS+=pfchksum${n} PFCHKSUM_UPDATES+=pfchksum${n}-update pfchksum${n}: - ${SUDO} pfctl -o none -Fa >/dev/null 2>&1 - ${SUDO} pfctl -o none -f - < ${.CURDIR}/pfchksum${n}.in - ${SUDO} pfctl -o none -vsi | grep '^Checksum:' | \ - diff -u ${.CURDIR}/pfchksum${n}.ok /dev/stdin - ${SUDO} pfctl -o none -Fa >/dev/null 2>&1 + ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1 + ${SUDO} ${PFCTL} -o none -f - < ${.CURDIR}/pfchksum${n}.in + ${SUDO} ${PFCTL} -o none -vsi | grep '^Checksum:' | \ + diff -u ${.CURDIR}/pfchksum${n}.ok /dev/stdin + ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1 pfchksum${n}-update: - ${SUDO} pfctl -o none -Fa >/dev/null 2>&1 - ${SUDO} pfctl -o none -f - < ${.CURDIR}/pfchksum${n}.in - ${SUDO} pfctl -o none -vsi | grep '^Checksum:' > ${.CURDIR}/pfchksum${n}.ok - ${SUDO} pfctl -o none -Fa >/dev/null 2>&1 + ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1 + ${SUDO} ${PFCTL} -o none -f - < ${.CURDIR}/pfchksum${n}.in + ${SUDO} ${PFCTL} -o none -vsi | grep '^Checksum:' \ + > ${.CURDIR}/pfchksum${n}.ok + ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1 .endfor diff --git a/regress/sbin/pfctl/if2ip b/regress/sbin/pfctl/if2ip index a1424366244..9cdca64836b 100644 --- a/regress/sbin/pfctl/if2ip +++ b/regress/sbin/pfctl/if2ip @@ -2,8 +2,10 @@ # simple script that compare and display interface to address translation # done by the userland pfctl tool and by the kernel PF dynamic code. +PFCTL="${PFCTL:=/sbin/pfctl}" + if2ip_user() { - echo "pass in from $1" | pfctl -o none -nvf- 2>/dev/null \ + echo "pass in from $1" | $PFCTL -o none -nvf- 2>/dev/null \ | awk '{print " "(($3=="on")?$7:$5)}' | sort -u } @@ -17,10 +19,10 @@ kernel_spec() { } if2ip_kernel() { - T=`echo "pass in on tun100 from $1" | pfctl -a regress/if2ip -f- \ - -vf- | awk '{ print $6}' | tr -d "()"` - pfctl -a _pf -t "$T" -Ts | sort - pfctl -a regress/if2ip -qFr + T=`echo "pass in on tun100 from $1" | $PFCTL -a regress/if2ip -f- \ + -vf- | awk '{ print $6}' | tr -d "()"` + $PFCTL -a _pf -t "$T" -Ts | sort + $PFCTL -a regress/if2ip -qFr } while [ "X$1" != "X" ]; do diff --git a/regress/sbin/pfctl/pfr.exec b/regress/sbin/pfctl/pfr.exec index 701eebf8416..677bcf6bd96 100644 --- a/regress/sbin/pfctl/pfr.exec +++ b/regress/sbin/pfctl/pfr.exec @@ -1,8 +1,9 @@ #!/bin/ksh +PFCTL="${PFCTL:=/sbin/pfctl}" D=`dirname $1` A='regress' -pfctl -a $A -FT 2>/dev/null -pfctl -a $A -Fr 2>/dev/null +$PFCTL -a $A -FT 2>/dev/null +$PFCTL -a $A -Fr 2>/dev/null KT_R=`vmstat -mv | awk '/pfrktable/{print $3}'` KT_I=`vmstat -mv | awk '/pfrktable/{print $5}'` KEP_R=`vmstat -mv | awk '/pfrke_plain /{print $3}'` @@ -12,14 +13,14 @@ KER_I=`vmstat -mv | awk '/pfrke_route /{print $5}'` KEC_R=`vmstat -mv | awk '/pfrke_cost /{print $3}'` KEC_I=`vmstat -mv | awk '/pfrke_cost /{print $5}'` echo "# create" -echo "table <regress> persist" | pfctl -a $A -f - 2>&1 || exit 1 -for LINE in `sed -e "s/ /_/g" $1`; do +echo "table <regress> persist" | $PFCTL -a $A -f - 2>&1 || exit 1 +for LINE in `sed -e "s/ /_/g" $1`; do RESULT=`echo $LINE | awk '{split($1,a,"_");print a[1]}'` case $RESULT in pass|fail) ;; *) continue ;; esac - CMD=`echo $LINE | awk '{split($1,a,"_");print a[2]}'` + CMD=`echo $LINE | awk '{split($1,a,"_");print a[2]}'` ARGSX=`echo $LINE | awk '{split($1,a,"_");for(i=3;a[i];i++)print a[i]}'` ARGS="" for ARG in $ARGSX; do @@ -32,58 +33,58 @@ for LINE in `sed -e "s/ /_/g" $1`; do if [ "$RESULT" = "pass" ]; then case $CMD in add|delete|replace) echo "# pass $CMD -n $ARGS" - pfctl -a $A -t regress -nT $CMD $ARGS 2>&1 | sort || exit 1 + $PFCTL -a $A -t regress -nT $CMD $ARGS 2>&1 | sort || exit 1 echo "# pass $CMD -nf-" - echo "# test\n" $ARGSX | pfctl -a $A -t regress -nT $CMD -f- \ + echo "# test\n" $ARGSX | $PFCTL -a $A -t regress -nT $CMD -f- \ 2>&1 | sort || exit 1 echo "# pass $CMD -nqv $ARGS" - pfctl -a $A -t regress -nqvT $CMD $ARGS 2>&1 | sort || exit 1 + $PFCTL -a $A -t regress -nqvT $CMD $ARGS 2>&1 | sort || exit 1 echo "# pass $CMD -nqvv $ARGS" - pfctl -a $A -t regress -nqvvT $CMD $ARGS 2>&1 | sort || exit 1 + $PFCTL -a $A -t regress -nqvvT $CMD $ARGS 2>&1 | sort || exit 1 ;; esac fi echo "# $RESULT $CMD $ARGS" if [ "$RESULT" = "pass" ]; then case $CMD in list) - pfctl -a $A -sT 2>&1 + $PFCTL -a $A -sT 2>&1 echo "# pass $CMD -v" - pfctl -a $A -gvsT 2>&1 + $PFCTL -a $A -gvsT 2>&1 ;; load) - echo $ARGS | sed "s,DIR,$D,g" | pfctl -a $A -f- \ + echo $ARGS | sed "s,DIR,$D,g" | $PFCTL -a $A -f- \ || exit 1 ;; rule) - echo $ARGS | pfctl -a $A -f- 2>&1 || exit 1 + echo $ARGS | $PFCTL -a $A -f- 2>&1 || exit 1 ;; show) - pfctl -qvv -a $A -t regress -T $CMD $ARGS 2>&1 | \ + $PFCTL -qvv -a $A -t regress -T $CMD $ARGS 2>&1 | \ grep -v "Cleared:" ;; *) - pfctl -a $A -t regress -T $CMD $ARGS 2>&1 | sort \ + $PFCTL -a $A -t regress -T $CMD $ARGS 2>&1 | sort \ || exit 1 ;; esac else case $CMD in load) - echo ARGS | sed "s,DIR,$D,g" | pfctl -a $A -Tl -f- \ + echo ARGS | sed "s,DIR,$D,g" | $PFCTL -a $A -Tl -f- \ && exit 1 ;; rule) - echo $ARGS | pfctl -a $A -f- 2>&1 && exit 1 + echo $ARGS | $PFCTL -a $A -f- 2>&1 && exit 1 ;; *) - pfctl -a $A -t regress -T $CMD $ARGS 2>&1 && exit 1 + $PFCTL -a $A -t regress -T $CMD $ARGS 2>&1 && exit 1 ;; esac fi done echo "# kill" -pfctl -a $A -FT 2>&1 -pfctl -a $A -Fr 2>&1 +$PFCTL -a $A -FT 2>&1 +$PFCTL -a $A -Fr 2>&1 let KT_R=`vmstat -mv | awk '/pfrktable/{print $3}'`-$KT_R let KT_I=`vmstat -mv | awk '/pfrktable/{print $5}'`-$KT_I let KT_RL=$KT_R-$KT_I @@ -100,4 +101,5 @@ echo "ktable: $KT_R allocated, $KT_RL released, $KT_I leaked." echo "pfrke_plain: $KEP_R allocated, $KEP_RL released, $KEP_I leaked." echo "pfrke_route: $KER_R allocated, $KER_RL released, $KER_I leaked." echo "pfrke_cost: $KEC_R allocated, $KEC_RL released, $KEC_I leaked." -[ "$KT_I" = "0" -a "$KEP_I" = "0" -a "$KER_I" = "0" -a "$KEC_I" = "0" ] || exit 1 +[ "$KT_I" = "0" -a "$KEP_I" = "0" -a "$KER_I" = "0" -a "$KEC_I" = "0" ] || \ + exit 1 |