# $OpenBSD: Makefile,v 1.236 2022/03/23 22:07:10 bluhm Exp $ # TARGETS # pf: feed pfNN.in through pfctl and check whether the output matches pfNN.ok # selfpf: feed pfctl output through pfctl again and verify it stays the same # pfail: invalid rulesets pfctl must reject; pfailNN.in and pfailNN.ok # pfsetup: set up lo1 and perform more tests # pfr: table tests # pfsimple: check whether pfctl accepts a given ruleset, not checking output # pfload: load ruleset into anchor regress and verify pfctl -vvsr # pfoptimize: as pfload, with -o flag to pfctl # pfopt: as target pf, but supply extra command line options # pfcmd: test pfctl command line parsing # pfloadanchors: load anchor from nested files # pf-changerule: covers DIOCCHANGERULE ioctl(2) PFTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 PFTESTS+=28 29 30 31 32 34 35 36 38 39 40 41 44 46 47 48 49 50 PFTESTS+=52 53 54 55 56 57 60 61 65 66 67 68 69 70 71 72 73 PFTESTS+=74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 PFTESTS+=97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 114 PFFAIL=1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 19 20 23 25 27 PFFAIL+=30 37 38 39 40 41 42 43 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 PFFAIL+=63 64 65 66 67 PFSIMPLE=1 2 PFSETUP=1 4 PFLOAD=1 2 3 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 23 24 25 26 27 28 29 PFLOAD+=30 31 32 34 36 38 39 40 44 46 47 48 49 54 56 60 61 65 66 67 68 69 70 71 PFLOAD+=72 73 74 75 76 77 78 79 80 81 82 84 87 88 89 90 91 92 99 100 101 114 PFTABLE=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 PFOPT=1 2 6 PFIF2IP=1 2 3 PFCHKSUM=1 2 3 PFCMD=1 PFCMDFAIL=1 PFLOADANCHORS=112 113 PFCTL ?= /sbin/pfctl .PATH: ${.CURDIR}/../../../sbin/pfctl ${.CURDIR}/../../../sys/net PROG= changerule SRCS= changerule.c parse.y pfctl_parser.c pf_print_state.c SRCS+= pfctl.c pfctl_osfp.c pfctl_radix.c pfctl_table.c SRCS+= pfctl_optimize.c pf_ruleset.c pfctl_queue.c CFLAGS= -Wall -Wmissing-prototypes -Wno-uninitialized -Wstrict-prototypes CFLAGS+= -Wno-unused-variable CFLAGS+= -I${.CURDIR}/../../../sbin/pfctl -DREGRESS_NOMAIN YFLAGS= LDADD+= -lm DPADD+= ${LIBM} MAKEOBJDIRPREFIX= SHELL=/bin/sh .MAIN: all .ifmake !obj && !clean && !cleandir && !regress .if (${.TARGET} != all && ! make(all)) || (${.TARGET} == all) .BEGIN: -${SUDO} ifconfig lo1000000 create -${SUDO} ifconfig tun1000000 create -${SUDO} ifconfig tun1000001 create .END: -${SUDO} ifconfig lo1000000 destroy -${SUDO} ifconfig tun1000000 destroy -${SUDO} ifconfig tun1000001 destroy .INTERRUPT: -${SUDO} ifconfig lo1000000 destroy -${SUDO} ifconfig lo1000010 destroy -${SUDO} ifconfig tun1000000 destroy -${SUDO} ifconfig tun1000001 destroy .endif .endif .for n in ${PFFAIL} PFAIL_TARGETS+=pfail${n} PFAIL_UPDATES+=pfail${n}-update pfail${n}: ${SUDO} ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfail${n}.in 2>&1 | \ diff -u ${.CURDIR}/pfail${n}.ok /dev/stdin pfail${n}-update: if ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfail${n}.in > \ ${.CURDIR}/pfail${n}.ok 2>&1; then \ true; \ fi; .endfor pfail: ${PFAIL_TARGETS} pfail-update: ${PFAIL_UPDATES} REGRESS_TARGETS+=pfail UPDATE_TARGETS+=pfail-update .for n in ${PFTESTS} PF_TARGETS+=pf${n} PF_UPDATES+=pf${n}-update pf${n}: ${PFCTL} -o none -nv -f - < ${.CURDIR}/pf${n}.in | \ diff -u ${.CURDIR}/pf${n}.ok /dev/stdin pf${n}-update: ${PFCTL} -o none -nv -f - < ${.CURDIR}/pf${n}.in > ${.CURDIR}/pf${n}.ok SELFPF_TARGETS+=selfpf${n} selfpf${n}: ${PFCTL} -o none -nv -f - < ${.CURDIR}/pf${n}.ok | \ diff -u ${.CURDIR}/pf${n}.ok /dev/stdin .endfor pf: ${PF_TARGETS} selfpf: ${SELFPF_TARGETS} pf-update: ${PF_UPDATES} REGRESS_TARGETS+=pf-include-setup pf REGRESS_TARGETS+=selfpf REGRESS_TARGETS+=pf-changerule UPDATE_TARGETS+=pf-update pf-include-setup: .for f in pf95.include pf103.include [ -f ${.OBJDIR}/$f ] || ln -s ${.CURDIR}/$f ${.OBJDIR} .endfor .for n in ${PFSIMPLE} PFSIMPLE_TARGETS+=pfsimple${n} pfsimple${n}: ${PFCTL} -o none -nf - < ${.CURDIR}/pfsimple${n}.in .endfor pfsimple: ${PFSIMPLE_TARGETS} REGRESS_TARGETS+=pfsimple .for n in ${PFLOAD} PFLOAD_TARGETS+=pfload${n} PFLOAD_UPDATES+=pfload${n}-update pfload${n}: ${SUDO} ${PFCTL} -o none -a regress -f - < ${.CURDIR}/pf${n}.in ${SUDO} ${PFCTL} -o none -a 'regress/*' -gvvsr | \ sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g' | \ diff -u ${.CURDIR}/pf${n}.loaded /dev/stdin ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 pfload${n}-update: ${SUDO} ${PFCTL} -o none -a regress -f - < ${.CURDIR}/pf${n}.in ${SUDO} ${PFCTL} -o none -a 'regress/*' -gvvsr | \ sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g' \ > ${.CURDIR}/pf${n}.loaded ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 .endfor pfload: ${PFLOAD_TARGETS} pfload-update: ${PFLOAD_UPDATES} REGRESS_TARGETS+=pfload REGRESS_ROOT_TARGETS+=pfload UPDATE_TARGETS+=pfload-update .for n in ${PFLOAD} PFOPTIMIZE_TARGETS+=pfoptimize${n} PFOPTIMIZE_UPDATES+=pfoptimize${n}-update pfoptimize${n}: ${SUDO} ${PFCTL} -obasic -a regress -f - < ${.CURDIR}/pf${n}.in ${SUDO} ${PFCTL} -o none -a regress -gvvsr | \ sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g' | \ diff -u ${.CURDIR}/pf${n}.optimized /dev/stdin ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 pfoptimize${n}-update: ${SUDO} ${PFCTL} -obasic -a regress -f - < ${.CURDIR}/pf${n}.in ${SUDO} ${PFCTL} -o none -a regress -gvvsr | \ sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g' \ > ${.CURDIR}/pf${n}.optimized ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 .endfor pfoptimize: ${PFOPTIMIZE_TARGETS} pfoptimize-update: ${PFOPTIMIZE_UPDATES} REGRESS_TARGETS+=pfoptimize REGRESS_ROOT_TARGETS+=pfoptimize UPDATE_TARGETS+=pfoptimize-update .for n in ${PFTABLE} PFR_TARGETS+=pfr${n} PFR_UPDATES+=pfr${n}-update pfr${n}: ${SUDO} /bin/ksh ${.CURDIR}/pfr.exec ${.CURDIR}/pfr${n}.in | \ diff -u ${.CURDIR}/pfr${n}.ok /dev/stdin pfr${n}-update: ${SUDO} /bin/ksh ${.CURDIR}/pfr.exec ${.CURDIR}/pfr${n}.in > \ ${.CURDIR}/pfr${n}.ok .endfor pfr: ${PFR_TARGETS} pfr-update: ${PFR_UPDATES} NODEFAULT_TARGETS+=pfr REGRESS_ROOT_TARGETS+=pfr .for n in ${PFIF2IP} PFI_TARGETS+=pfi${n} PFI_UPDATES+=pfi${n}-update pfi${n}: xargs ${SUDO} /bin/ksh ${.CURDIR}/if2ip <${.CURDIR}/pfi${n}.in | \ diff -u ${.CURDIR}/pfi${n}.ok /dev/stdin pfi${n}-update: xargs ${SUDO} /bin/ksh ${.CURDIR}/if2ip <${.CURDIR}/pfi${n}.in \ > ${.CURDIR}/pfi${n}.ok .endfor pfi: ${PFI_TARGETS} pfi-update: ${PFI_UPDATES} REGRESS_TARGETS+=pfi REGRESS_ROOT_TARGETS+=pfi UPDATE_TARGETS+=pfi-update .for n in ${PFOPT} PFOPT_TARGETS+=pfopt${n} PFOPT_UPDATES+=pfopt${n}-update pfopt${n}: ${PFCTL} -o none -nv -f - `cat ${.CURDIR}/pfopt${n}.opts` \ < ${.CURDIR}/pfopt${n}.in | \ diff -u ${.CURDIR}/pfopt${n}.ok /dev/stdin pfopt${n}-update: ${PFCTL} -o none -nv -f - `cat ${.CURDIR}/pfopt${n}.opts` \ < ${.CURDIR}/pfopt${n}.in > ${.CURDIR}/pfopt${n}.ok .endfor pfopt: ${PFOPT_TARGETS} pfopt-update: ${PFOPT_UPDATES} REGRESS_TARGETS+=pfopt UPDATE_TARGETS+=pfopt-update .for n in ${PFCMD} PFCMD_TARGETS+=pfcmd${n} PFCMD_UPDATES+=pfcmd${n}-update pfcmd${n}: ${SUDO} ${PFCTL} `cat ${.CURDIR}/pfcmd${n}.opts` \ -f ${.CURDIR}/pfcmd${n}.in pfcmd${n}-update: ${SUDO} ${PFCTL} -f - `cat ${.CURDIR}/pfcmd${n}.opts` \ < ${.CURDIR}/pfcmd${n}.in > ${.CURDIR}/pfcmd${n}.ok .endfor pfcmd: ${PFCMD_TARGETS} pfcmd-update: ${PFCMD_UPDATES} NODEFAULT_TARGETS+=pfcmd REGRESS_TARGETS+=pfcmd REGRESS_ROOT_TARGETS+=pfcmd UPDATE_TARGETS+=pfcmd-update .for n in ${PFCMDFAIL} PFCMDFAIL_TARGETS+=pfcmdfail${n} PFCMDFAIL_UPDATES+=pfcmdfail${n}-update pfcmdfail${n}: ${SUDO} ${PFCTL} `cat ${.CURDIR}/pfcmdfail${n}.opts` \ -f - < ${.CURDIR}/pfcmdfail${n}.in 2>&1 | \ diff -u ${.CURDIR}/pfcmdfail${n}.ok /dev/stdin pfcmdfail${n}-update: if ${SUDO} ${PFCTL} `cat ${.CURDIR}/pfcmdfail${n}.opts` \ -f - < ${.CURDIR}/pfcmdfail${n}.in > \ ${.CURDIR}/pfcmdfail${n}.ok 2>&1; then \ true; \ fi; .endfor pfcmdfail: ${PFCMDFAIL_TARGETS} pfcmdfail-update: ${PFCMDFAIL_UPDATES} NODEFAULT_TARGETS+=pfcmdfail REGRESS_TARGETS+=pfcmdfail REGRESS_ROOT_TARGETS+=pfcmd UPDATE_TARGETS+=pfcmd-update .for n in ${PFSETUP} PFSETUP_TARGETS+=pfsetup${n} PFSETUP_UPDATES+=pfsetup${n}-update pfsetup${n}: ${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.setup ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfsetup${n}.in | \ diff -u ${.CURDIR}/pfsetup${n}.ok /dev/stdin ${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.clean pfsetup${n}-update: ${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.setup ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfsetup${n}.in \ > ${.CURDIR}/pfsetup${n}.ok ${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.clean .endfor pfsetup: ${PFSETUP_TARGETS} pfsetup-update: ${PFSETUP_UPDATES} NODEFAULT_TARGETS+=pfsetup REGRESS_ROOT_TARGETS+=pfsetup .for n in ${PFCHKSUM} PFCHKSUM_TARGETS+=pfchksum${n} PFCHKSUM_UPDATES+=pfchksum${n}-update pfchksum${n}: ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1 ${SUDO} ${PFCTL} -o none -f - < ${.CURDIR}/pfchksum${n}.in ${SUDO} ${PFCTL} -o none -vsi | grep '^Checksum:' | \ diff -u ${.CURDIR}/pfchksum${n}.ok /dev/stdin ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1 pfchksum${n}-update: ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1 ${SUDO} ${PFCTL} -o none -f - < ${.CURDIR}/pfchksum${n}.in ${SUDO} ${PFCTL} -o none -vsi | grep '^Checksum:' \ > ${.CURDIR}/pfchksum${n}.ok ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1 .endfor pfchksum: ${PFCHKSUM_TARGETS} pfchksum-update: ${PFCHKSUM_UPDATES} NODEFAULT_TARGETS+=pfchksum REGRESS_ROOT_TARGETS+=pfchksum .for n in ${PFLOADANCHORS} PFLOADANCHORS_TARGETS+=pfloadanchors${n} PFLOADANCHORS_UPDATES+=pfloadanchors${n}-update pfloadanchors${n}: ${SUDO} ${PFCTL} -a regress -v -f - < ${.CURDIR}/pf${n}.in ${SUDO} ${PFCTL} -a 'regress/*' -sr | \ sed -e 's/__automatic_[0-9a-f]*_.*>/__automatic_>/' | \ diff -u ${.CURDIR}/pf${n}.ok /dev/stdin ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 pfloadanchors${n}-update: ${SUDO} ${PFCTL} -a regress -v -f - < ${.CURDIR}/pf${n}.in ${SUDO} ${PFCTL} -a 'regress/*' -sr | \ sed -e 's/__automatic_[0-9a-f]*_.*>/__automatic_>/' \ > ${.CURDIR}/pf${n}.ok ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 .endfor pfloadanchors: ${PFLOADANCHORS_TARGETS} pfloadanchors-update: ${PFLOADANCHORS_UPDATES} REGRESS_TARGETS+=pf-loadanchors-setup pfloadanchors pf-loadanchors-setup: .for f in pf112.one pf112.two pf113.one pf113.two [ -f ${.OBJDIR}/$f ] || ln -s ${.CURDIR}/$f ${.OBJDIR} .endfor pf-changerule: changerule changerule-tail.ok changerule-head.ok \ changerule-before.ok changerule-after.ok echo 'pass all' | ${SUDO} ${PFCTL} -a regress -f - ${SUDO} ${PFCTL} -a 'regress/*' -Fr echo 'pass all' | ${SUDO} ${PFCTL} -a regress -f - .for i in 10 20 30 40 50 echo "pass in proto tcp from any to any port $i" | \ ${SUDO} ./changerule -a regress -i 0 .endfor ${SUDO} ${PFCTL} -a regress -sr | \ diff -u ${.CURDIR}/changerule-head.ok /dev/stdin ${SUDO} ${PFCTL} -a 'regress/*' -Fr echo 'pass all' | ${SUDO} ${PFCTL} -a regress -f - .for i in 10 20 30 40 50 echo "pass in proto tcp from any to any port $i" | \ ${SUDO} ./changerule -a regress -i -1 .endfor ${SUDO} ${PFCTL} -a regress -sr | \ diff -u ${.CURDIR}/changerule-tail.ok /dev/stdin echo 'pass in proto tcp from any to any port 15' | \ ${SUDO} ./changerule -a regress -i 2 ${SUDO} ${PFCTL} -a regress -sr | \ diff -u ${.CURDIR}/changerule-before.ok /dev/stdin echo 'pass in proto tcp from any to any port 25' | \ ${SUDO} ./changerule -a regress -I 3 ${SUDO} ${PFCTL} -a regress -sr | \ diff -u ${.CURDIR}/changerule-after.ok /dev/stdin ${SUDO} ${PFCTL} -a 'regress/*' -Fr update: ${UPDATE_TARGETS} alltests: ${REGRESS_TARGETS} ${NODEFAULT_TARGETS} .PHONY: ${REGRESS_TARGETS} .include