path: root/regress/sys/net/pf_divert/Makefile

#	$OpenBSD: Makefile,v 1.14 2016/11/15 16:00:50 bluhm Exp $

# The following ports must be installed for the regression tests:
# p5-IO-Socket-INET6	object interface for AF_INET and AF_INET6 domain sockets
# p5-Socket6		Perl defines relating to AF_INET6 sockets
#
# Check wether all required perl packages are installed.  If some
# are missing print a warning and skip the tests, but do not fail.

PERL_REQUIRE !=	perl -Mstrict -Mwarnings -e ' \
    eval { require IO::Socket::INET6 } or print $@; \
    eval { require Socket6 } or print $@; \
'
.if ! empty(PERL_REQUIRE)
regress:
	@echo "${PERL_REQUIRE}"
	@echo install these perl packages for additional tests
	@echo SKIPPED
.endif

# Fill out these variables as you have to test divert with the pf
# kernel running on a remote machine.  You have to specify a local
# and remote ip address for the test connections.  The fake ip address
# will be routed via the remote address to test divert with non-existing
# addresses.  To control the remote machine you need a hostname for
# ssh to log in.  All the test files must be in the same directory
# local and remote.
# You must have an anchor "regress" for the divert rules in the pf.conf
# of the remote machine.  The kernel of the remote machine gets testet.
#
# Run make check-setup to see if you got the setup correct.

LOCAL_ADDR ?=
REMOTE_ADDR ?=
FAKE_ADDR ?=
LOCAL_ADDR6 ?=
REMOTE_ADDR6 ?=
FAKE_ADDR6 ?=
REMOTE_SSH ?=

.if empty (LOCAL_ADDR) || empty (REMOTE_ADDR) || empty (FAKE_ADDR) || \
    empty (LOCAL_ADDR6) || empty (REMOTE_ADDR6) || empty (FAKE_ADDR6) || \
    empty (REMOTE_SSH)
regress:
	@echo This tests needs a remote machine to operate on.
	@echo LOCAL_ADDR REMOTE_ADDR FAKE_ADDR LOCAL_ADDR6
	@echo REMOTE_ADDR6 FAKE_ADDR6 REMOTE_SSH are empty.
	@echo Fill out these variables for additional tests.
	@echo SKIPPED
.endif

# Automatically generate regress targets from test cases in directory.

ARGS !=			cd ${.CURDIR} && ls args-*.pl
TARGETS ?=		inet-args-tcp-to inet6-args-tcp-to \
			inet-args-tcp-reply inet6-args-tcp-reply \
			inet-args-udp-to inet6-args-udp-to \
			inet-args-udp-reply inet6-args-udp-reply \
			inet-args-udp-reply-to inet6-args-udp-reply-to \
			inet-args-rip-to inet6-args-rip-to \
			inet-args-rip-reply inet6-args-rip-reply \
			inet-args-rip-reply-to inet6-args-rip-reply-to \
			inet-args-icmp-to inet6-args-icmp-to \
			inet-args-icmp-reply-to inet6-args-icmp-reply-to \
			inet-args-icmp-reply-reuse inet6-args-icmp-reply-reuse \
			inet-reuse-tcp inet6-reuse-tcp \
			inet-reuse-udp inet6-reuse-udp \
			inet-reuse-rip inet6-reuse-rip
REGRESS_TARGETS =	${TARGETS:S/^/run-regress-/}
CLEANFILES +=		*.log *.port ktrace.out stamp-*

.MAIN: all

.if ! empty (REMOTE_SSH)
.if make (regress) || make (all)
.BEGIN:
	@echo
	${SUDO} true
	ssh -t ${REMOTE_SSH} ${SUDO} true
.if ! empty (FAKE_ADDR) && ! empty (REMOTE_ADDR)
	-${SUDO} route -n delete -inet -host ${FAKE_ADDR} 2>/dev/null
	${SUDO} route -n add -inet -host ${FAKE_ADDR} ${REMOTE_ADDR}
.endif
.if ! empty (FAKE_ADDR6) && ! empty (REMOTE_ADDR6)
	-${SUDO} route -n delete -inet6 -host ${FAKE_ADDR6} 2>/dev/null
	${SUDO} route -n add -inet6 -host ${FAKE_ADDR6} ${REMOTE_ADDR6}
.endif
.endif
.endif

# Set variables so that make runs with and without obj directory.
# Only do that if necessary to keep visible output short.

.if ${.CURDIR} == ${.OBJDIR}
PERLINC =	-I.
PERLPATH =
.else
PERLINC =	-I${.CURDIR}
PERLPATH =	${.CURDIR}/
.endif

# The arg tests take a perl hash with arguments controlling the test
# parameters.  The remote.pl test has local client or server and the
# diverted process is running on the remote machine reachable with
# ssh.

.for inet addr in inet ADDR inet6 ADDR6

.for a in ${ARGS}
run-regress-${inet}-${a:R}: ${a}
	@echo '\n======== $@ ========'
	time ${SUDO} SUDO=${SUDO} perl ${PERLINC} ${PERLPATH}remote.pl -f ${inet} ${LOCAL_${addr}} ${FAKE_${addr}} ${REMOTE_SSH} ${PERLPATH}${a}
.endfor

.for proto in tcp udp rip
run-regress-${inet}-reuse-${proto}:
	@echo '\n======== $@ ========'
	time ${SUDO} SUDO=${SUDO} perl ${PERLINC} ${PERLPATH}remote.pl ${inet} ${LOCAL_${addr}} ${FAKE_${addr}} ${REMOTE_SSH} ${PERLPATH}args-${proto}-reply.pl
	sed -n '/^connect peer:/s/.* //p' client.log >client.port
	sed -n '/^connect sock:/s/.* //p' client.log >server.port
.if "tcp" == ${proto}
	${SUDO} tcpdrop ${LOCAL_${addr}} `cat client.port` ${FAKE_${addr}} `cat server.port`
.endif
	time ${SUDO} SUDO=${SUDO} perl ${PERLINC} ${PERLPATH}remote.pl ${inet} ${LOCAL_${addr}} ${FAKE_${addr}} ${REMOTE_SSH} `cat client.port` `cat server.port` ${PERLPATH}args-${proto}-to.pl
.if "tcp" == ${proto}
	ssh ${REMOTE_SSH} ${SUDO} tcpdrop ${FAKE_${addr}} `cat server.port` ${LOCAL_${addr}} `cat client.port`
.if "inet" == ${inet}
	if ssh ${REMOTE_SSH} ${SUDO} pfctl -ss | \
	    grep 'all ${proto} ${FAKE_${addr}}:'`cat server.port`' .. ${LOCAL_${addr}}:'`cat client.port`' '; \
		then false; \
	fi
.else
	if ssh ${REMOTE_SSH} ${SUDO} pfctl -ss | \
	    grep 'all ${proto} ${FAKE_${addr}}\['`cat server.port`\]' .. ${LOCAL_${addr}}\['`cat client.port`'\] '; \
		then false; \
	fi
.endif
.endif
.endfor

.endfor

.PHONY: syntax check-setup

# make perl syntax check for all args files
syntax: stamp-syntax

stamp-syntax: ${ARGS}
.for a in ${ARGS}
	@perl -c ${PERLPATH}$a
.endfor
	@date >$@

# Check wether the address, route and remote setup is correct
check-setup:
	@echo '\n======== $@ ========'
	ping -n -c 1 ${LOCAL_ADDR}
	ping -n -c 1 ${REMOTE_ADDR}
	ping6 -n -c 1 ${LOCAL_ADDR6}
	ping6 -n -c 1 ${REMOTE_ADDR6}
	route -n get -inet ${FAKE_ADDR} | grep 'if address: ${LOCAL_ADDR}$$'
	route -n get -inet ${FAKE_ADDR} | grep 'gateway: ${REMOTE_ADDR}$$'
	route -n get -inet6 ${FAKE_ADDR6} | grep 'if address: ${LOCAL_ADDR6}$$'
	route -n get -inet6 ${FAKE_ADDR6} | grep 'gateway: ${REMOTE_ADDR6}$$'
	ssh ${REMOTE_SSH} ${SUDO} pfctl -sr | grep '^anchor "regress" all$$'
	ssh ${REMOTE_SSH} ${SUDO} pfctl -si | grep '^Status: Enabled '
	ssh ${REMOTE_SSH} perl -MIO::Socket::INET6 -MSocket6 -e 1

.include <bsd.regress.mk>