src - OpenBSD base system

Age	Commit message (Collapse)	Author
2016-05-22	Fix tests: Restrict getpid() to lower 16 bit so that it can still	Alexander Bluhm
	be used as packet id. Now scapy calls nexthopmtu with this name explicitly in icmp structure.
2016-05-03	Fix some Perl statements perlcritic was bitching about: Variable	Alexander Bluhm
	declared in conditional statement.
2016-03-24	Remove #ifdef from code shared with the kernel, IPv6 is always enabled	Martin Pieuchot
	in the tests.
2016-03-23	Assert that the mask to prefix length conversion is correct when	Martin Pieuchot
	removing an entry. While here print the corresponding error string when available if rtable_* function fail.
2015-12-04	Sync after rt_mask() removal.	Martin Pieuchot

2015-12-03	Sync to recent changes including SRP protection of rtable_get(), use	Martin Pieuchot
	of a SRPL for the multipath list and rtable_delete() API change.
2015-11-12	ART-specific bits to make sure root tables are properly freed.	Martin Pieuchot
	While here make sure we test the special "default route" case.
2015-11-04	Basic framework to test the rtable_* API directly from userland.	Martin Pieuchot
	You can replace inet{,6}-fullfeed.txt with a dump of your fullfeed table to really stress this test framework. I did not commit them because CVS certainly doesn't like ~7M file.
2015-11-01	Route output to local addresses has changed, ping6 command line	Alexander Bluhm
	options have changed, tun has been renamed to tap. Adapt tests.
2015-10-26	Add regress test on local route insertions	Vincent Gross

2015-09-11	fter fixing poll(2) semantics in dynamic TCP buffer size update,	Alexander Bluhm
	making netcat non-blocking and fixing ip6_forward() ICMP6 checksum, this test can be made more aggressive. Delete the path MTU route before sending TCP streams through the pf firewall. This checks that PMTU discovery works with outgoing interface MTU and router MTU. Test IPv4 and IPv6 protocols ICMP echo, UDP, TCP with pf nat-to, rdr-to, af-to, route-to, reply-to. Some af-to cases seem to be broken.
2015-08-24	Extend the pf forward and fragment tests with a second challenge	Alexander Bluhm
	for path MTU discovery. The router behind the pf machine has MTU 1300. The ICMP packet generated by the router matches the pf state and is NATed correctly. Additionally the pf machine itself has an interface MTU 1400. So when pf is sending a packet is has to generate a correct "fragmentation needed" or "packet too big" ICMP response. This is done with pf route-to and reply-to.
2015-08-24	Enable path MTU test with ping for IPv6. Scapy srp1() does not	Alexander Bluhm
	accept inner IPv6 packets in ICMP6 with bad checksum created by pf. Use same workaround as in pf_forward tests and fork a process for sniffing.
2015-08-17	Add forwarding tests for pf route-to and reply-to. Keep pf forward	Alexander Bluhm
	and pf fragment tests in sync.
2015-08-13	Add IPv6 fragment tests for pf route-to. A big ping packet is sent	Alexander Bluhm
	in fragments to a machine running pf. From there it is forwarded with route-to to a router with a smaller MTU. Path MTU discovery has to make successive fragments shorter and pf route-to has to preserve the fragment size.
2015-07-28	Add more and deeper tests for pf divert-reply rules. Especially	Alexander Bluhm
	the combination of sending and receiving multiple packets over one socket is tested for UDP, raw IP and ICMP.
2015-07-21	Extend the setup with another address for testing pf route-to.	Alexander Bluhm

2015-07-20	When test pf.conf changes, check its syntax and use the new one.	Alexander Bluhm

2015-06-25	Align the three variants of Remote.pm.	Alexander Bluhm

2015-02-09	sort includes correctly	Theo de Raadt

2014-12-19	Use a simpler expression to check the ether type in scapy. This	Alexander Bluhm
	makes the fragment tests work on FreeBSD. From Ilya Bakulin.
2014-08-18	Make the perl modules consistent for the multiple regression tests.	Alexander Bluhm
	This includes coding style, better error messages and variable naming.
2014-07-18	The pf forward tests were running rdr-to and nat-to simultaneously	Alexander Bluhm
	only. Change address layout and add individual tests for each feature rdr-to and nat-to and rdr-to together with nat-to.
2014-07-13	Make the pf_fragment test pass again. pf does not adjust the	Alexander Bluhm
	checksum of a NATed UDP or TCP packet in the payload of an ICMP packet anymore. Disable all test that rely on this feature. Check that the router's interface mtu has been set to 1300.
2014-07-13	Make the pf_forward test pass again. Check that the router's	Alexander Bluhm
	interface mtu has been set to 1300. New netcat needs -N for shutdown. The IPv4 and IPv6 addresses for the af-to tests must have corresponding host numbers.
2014-07-12	Automatically load the required pf rules into the kernel of the	Alexander Bluhm
	remote test machine.
2014-07-12	Teach these pf regress tests to run with obj directory and to fail	Alexander Bluhm
	softly if the setup is incomplete. Link them to the build.
2014-07-12	Use a saner and consistent address layout for my network tests that	Alexander Bluhm
	run over 4 machines. Add a check-setup target to verify that interface addresses and routes are properly set up.
2014-07-11	Put a license file into the test directories with multiple argument	Alexander Bluhm
	files. We do not want to put a license header into each subtest. suggested by reyk@
2014-07-11	Make the test output easier to read by splitting the test cases	Alexander Bluhm
	with an empty line and a header line.
2014-03-29	pflowproto 9 is no more.	Florian Obser
	While there fix regression for inaddr_any flowsrc.
2014-01-08	Fix the tests for the pf divert state and socket reuse.	Alexander Bluhm

2013-11-03	Grep pf state table on remote machine to find state reuse problems.	Alexander Bluhm

2013-06-03	Add a regression test suite for the pf divert-to and divert-reply	Alexander Bluhm
	feature. It requires two machines, the local host is running the regression test, the remote host gets pf divert rules installed. The diverted TCP connections are running between these hosts in both directions. The remote host is controlled via ssh.
2013-11-03	Add divert tests that reuse protocol and port. They show what	Alexander Bluhm
	happens when we close the socket but the divert state remains. If a new socket uses the same protocol and port, it will use the old dangling state. Without searching for the correct rule, the divert-to will fail. There are real life corner cases where this occurred.
2013-11-01	Link the pf_divert regression test to the build again as it does	Alexander Bluhm
	not fail anymore if propper setup is missing.
2013-11-01	Add a check-setup target. This allows to find setup errors more	Alexander Bluhm
	easily. A remote machine with correct addresses, routes and pf rules is needed for the test.
2013-10-17	Fix run-regress-fragping to use ping(8) instead of ping6(8) to send the	Lawrence Teo
	initial Path-MTU discovery packet. OK bluhm@
2013-09-13	Test various combinations of flowdst, flowsrc and proto.	Florian Obser

2013-09-11	Enable pf if it's not already running.	Florian Obser

2013-08-23	flow regression tests.	Florian Obser

2013-08-13	Sync with pflow changes.	Florian Obser

2013-08-11	Check wether the required perl packages are installed and that the	Alexander Bluhm
	environment for the remote testing machine is set up. If not, print a message and skip the regression tests.
2013-08-11	typo	Florian Obser

2013-08-11	pflow(4) template regression tests	Florian Obser

2013-08-09	Add RCS id and ISC license.	Alexander Bluhm

2013-08-01	Some tests are currently failing. Only run those if the REGRESS_FULL	Mark Kettenis
	variable is set.
2013-06-17	Do not write my IP addresses into the pf_divert Makefile, the tester	Alexander Bluhm
	has to fill in his own addresses. Link the pf_divert regression tests to the build.
2013-06-05	Add tests for ICMP and ICMP6 divert-to.	Alexander Bluhm

2013-06-04	Add tests for raw IP divert. Set effective user ID to 0 only during	Alexander Bluhm
	privileged operations for raw sockets and bind any.