1# $OpenBSD: Makefile,v 1.236 2022/03/23 22:07:10 bluhm Exp $ 2 3# TARGETS 4# pf: feed pfNN.in through pfctl and check whether the output matches pfNN.ok 5# selfpf: feed pfctl output through pfctl again and verify it stays the same 6# pfail: invalid rulesets pfctl must reject; pfailNN.in and pfailNN.ok 7# pfsetup: set up lo1 and perform more tests 8# pfr: table tests 9# pfsimple: check whether pfctl accepts a given ruleset, not checking output 10# pfload: load ruleset into anchor regress and verify pfctl -vvsr 11# pfoptimize: as pfload, with -o flag to pfctl 12# pfopt: as target pf, but supply extra command line options 13# pfcmd: test pfctl command line parsing 14# pfloadanchors: load anchor from nested files 15# pf-changerule: covers DIOCCHANGERULE ioctl(2) 16 17PFTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 18PFTESTS+=28 29 30 31 32 34 35 36 38 39 40 41 44 46 47 48 49 50 19PFTESTS+=52 53 54 55 56 57 60 61 65 66 67 68 69 70 71 72 73 20PFTESTS+=74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 21PFTESTS+=97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 114 22PFFAIL=1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 19 20 23 25 27 23PFFAIL+=30 37 38 39 40 41 42 43 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 24PFFAIL+=63 64 65 66 67 25PFSIMPLE=1 2 26PFSETUP=1 4 27PFLOAD=1 2 3 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 23 24 25 26 27 28 29 28PFLOAD+=30 31 32 34 36 38 39 40 44 46 47 48 49 54 56 60 61 65 66 67 68 69 70 71 29PFLOAD+=72 73 74 75 76 77 78 79 80 81 82 84 87 88 89 90 91 92 99 100 101 114 30PFTABLE=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 31PFOPT=1 2 6 32PFIF2IP=1 2 3 33PFCHKSUM=1 2 3 34PFCMD=1 35PFCMDFAIL=1 36PFLOADANCHORS=112 113 37 38PFCTL ?= /sbin/pfctl 39 40.PATH: ${.CURDIR}/../../../sbin/pfctl ${.CURDIR}/../../../sys/net 41 42PROG= changerule 43SRCS= changerule.c parse.y pfctl_parser.c pf_print_state.c 44SRCS+= pfctl.c pfctl_osfp.c pfctl_radix.c pfctl_table.c 45SRCS+= pfctl_optimize.c pf_ruleset.c pfctl_queue.c 46CFLAGS= -Wall -Wmissing-prototypes -Wno-uninitialized -Wstrict-prototypes 47CFLAGS+= -Wno-unused-variable 48CFLAGS+= -I${.CURDIR}/../../../sbin/pfctl -DREGRESS_NOMAIN 49YFLAGS= 50 51LDADD+= -lm 52DPADD+= ${LIBM} 53 54MAKEOBJDIRPREFIX= 55 56SHELL=/bin/sh 57 58.MAIN: all 59 60.ifmake !obj && !clean && !cleandir && !regress 61.if (${.TARGET} != all && ! make(all)) || (${.TARGET} == all) 62.BEGIN: 63 -${SUDO} ifconfig lo1000000 create 64 -${SUDO} ifconfig tun1000000 create 65 -${SUDO} ifconfig tun1000001 create 66 67.END: 68 -${SUDO} ifconfig lo1000000 destroy 69 -${SUDO} ifconfig tun1000000 destroy 70 -${SUDO} ifconfig tun1000001 destroy 71 72.INTERRUPT: 73 -${SUDO} ifconfig lo1000000 destroy 74 -${SUDO} ifconfig lo1000010 destroy 75 -${SUDO} ifconfig tun1000000 destroy 76 -${SUDO} ifconfig tun1000001 destroy 77.endif 78.endif 79 80.for n in ${PFFAIL} 81PFAIL_TARGETS+=pfail${n} 82PFAIL_UPDATES+=pfail${n}-update 83 84pfail${n}: 85 ${SUDO} ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfail${n}.in 2>&1 | \ 86 diff -u ${.CURDIR}/pfail${n}.ok /dev/stdin 87 88pfail${n}-update: 89 if ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfail${n}.in > \ 90 ${.CURDIR}/pfail${n}.ok 2>&1; then \ 91 true; \ 92 fi; 93 94.endfor 95 96pfail: ${PFAIL_TARGETS} 97pfail-update: ${PFAIL_UPDATES} 98REGRESS_TARGETS+=pfail 99UPDATE_TARGETS+=pfail-update 100 101.for n in ${PFTESTS} 102PF_TARGETS+=pf${n} 103PF_UPDATES+=pf${n}-update 104 105pf${n}: 106 ${PFCTL} -o none -nv -f - < ${.CURDIR}/pf${n}.in | \ 107 diff -u ${.CURDIR}/pf${n}.ok /dev/stdin 108 109pf${n}-update: 110 ${PFCTL} -o none -nv -f - < ${.CURDIR}/pf${n}.in > ${.CURDIR}/pf${n}.ok 111 112SELFPF_TARGETS+=selfpf${n} 113selfpf${n}: 114 ${PFCTL} -o none -nv -f - < ${.CURDIR}/pf${n}.ok | \ 115 diff -u ${.CURDIR}/pf${n}.ok /dev/stdin 116 117.endfor 118 119pf: ${PF_TARGETS} 120selfpf: ${SELFPF_TARGETS} 121pf-update: ${PF_UPDATES} 122REGRESS_TARGETS+=pf-include-setup pf 123REGRESS_TARGETS+=selfpf 124REGRESS_TARGETS+=pf-changerule 125UPDATE_TARGETS+=pf-update 126 127pf-include-setup: 128.for f in pf95.include pf103.include 129 [ -f ${.OBJDIR}/$f ] || ln -s ${.CURDIR}/$f ${.OBJDIR} 130.endfor 131 132.for n in ${PFSIMPLE} 133PFSIMPLE_TARGETS+=pfsimple${n} 134 135pfsimple${n}: 136 ${PFCTL} -o none -nf - < ${.CURDIR}/pfsimple${n}.in 137 138.endfor 139 140pfsimple: ${PFSIMPLE_TARGETS} 141REGRESS_TARGETS+=pfsimple 142 143.for n in ${PFLOAD} 144PFLOAD_TARGETS+=pfload${n} 145PFLOAD_UPDATES+=pfload${n}-update 146 147pfload${n}: 148 ${SUDO} ${PFCTL} -o none -a regress -f - < ${.CURDIR}/pf${n}.in 149 ${SUDO} ${PFCTL} -o none -a 'regress/*' -gvvsr | \ 150 sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g' | \ 151 diff -u ${.CURDIR}/pf${n}.loaded /dev/stdin 152 ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 153 154pfload${n}-update: 155 ${SUDO} ${PFCTL} -o none -a regress -f - < ${.CURDIR}/pf${n}.in 156 ${SUDO} ${PFCTL} -o none -a 'regress/*' -gvvsr | \ 157 sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g' \ 158 > ${.CURDIR}/pf${n}.loaded 159 ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 160 161.endfor 162 163pfload: ${PFLOAD_TARGETS} 164pfload-update: ${PFLOAD_UPDATES} 165REGRESS_TARGETS+=pfload 166REGRESS_ROOT_TARGETS+=pfload 167UPDATE_TARGETS+=pfload-update 168 169.for n in ${PFLOAD} 170PFOPTIMIZE_TARGETS+=pfoptimize${n} 171PFOPTIMIZE_UPDATES+=pfoptimize${n}-update 172 173pfoptimize${n}: 174 ${SUDO} ${PFCTL} -obasic -a regress -f - < ${.CURDIR}/pf${n}.in 175 ${SUDO} ${PFCTL} -o none -a regress -gvvsr | \ 176 sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g' | \ 177 diff -u ${.CURDIR}/pf${n}.optimized /dev/stdin 178 ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 179 180pfoptimize${n}-update: 181 ${SUDO} ${PFCTL} -obasic -a regress -f - < ${.CURDIR}/pf${n}.in 182 ${SUDO} ${PFCTL} -o none -a regress -gvvsr | \ 183 sed -e 's/__automatic_[0-9a-f]*_/__automatic_/g' \ 184 > ${.CURDIR}/pf${n}.optimized 185 ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 186 187.endfor 188 189pfoptimize: ${PFOPTIMIZE_TARGETS} 190pfoptimize-update: ${PFOPTIMIZE_UPDATES} 191REGRESS_TARGETS+=pfoptimize 192REGRESS_ROOT_TARGETS+=pfoptimize 193UPDATE_TARGETS+=pfoptimize-update 194 195.for n in ${PFTABLE} 196PFR_TARGETS+=pfr${n} 197PFR_UPDATES+=pfr${n}-update 198 199pfr${n}: 200 ${SUDO} /bin/ksh ${.CURDIR}/pfr.exec ${.CURDIR}/pfr${n}.in | \ 201 diff -u ${.CURDIR}/pfr${n}.ok /dev/stdin 202 203pfr${n}-update: 204 ${SUDO} /bin/ksh ${.CURDIR}/pfr.exec ${.CURDIR}/pfr${n}.in > \ 205 ${.CURDIR}/pfr${n}.ok 206 207.endfor 208 209pfr: ${PFR_TARGETS} 210pfr-update: ${PFR_UPDATES} 211NODEFAULT_TARGETS+=pfr 212REGRESS_ROOT_TARGETS+=pfr 213 214.for n in ${PFIF2IP} 215PFI_TARGETS+=pfi${n} 216PFI_UPDATES+=pfi${n}-update 217 218pfi${n}: 219 xargs ${SUDO} /bin/ksh ${.CURDIR}/if2ip <${.CURDIR}/pfi${n}.in | \ 220 diff -u ${.CURDIR}/pfi${n}.ok /dev/stdin 221 222pfi${n}-update: 223 xargs ${SUDO} /bin/ksh ${.CURDIR}/if2ip <${.CURDIR}/pfi${n}.in \ 224 > ${.CURDIR}/pfi${n}.ok 225 226.endfor 227 228pfi: ${PFI_TARGETS} 229pfi-update: ${PFI_UPDATES} 230REGRESS_TARGETS+=pfi 231REGRESS_ROOT_TARGETS+=pfi 232UPDATE_TARGETS+=pfi-update 233 234.for n in ${PFOPT} 235PFOPT_TARGETS+=pfopt${n} 236PFOPT_UPDATES+=pfopt${n}-update 237 238pfopt${n}: 239 ${PFCTL} -o none -nv -f - `cat ${.CURDIR}/pfopt${n}.opts` \ 240 < ${.CURDIR}/pfopt${n}.in | \ 241 diff -u ${.CURDIR}/pfopt${n}.ok /dev/stdin 242 243pfopt${n}-update: 244 ${PFCTL} -o none -nv -f - `cat ${.CURDIR}/pfopt${n}.opts` \ 245 < ${.CURDIR}/pfopt${n}.in > ${.CURDIR}/pfopt${n}.ok 246 247.endfor 248 249pfopt: ${PFOPT_TARGETS} 250pfopt-update: ${PFOPT_UPDATES} 251REGRESS_TARGETS+=pfopt 252UPDATE_TARGETS+=pfopt-update 253 254.for n in ${PFCMD} 255PFCMD_TARGETS+=pfcmd${n} 256PFCMD_UPDATES+=pfcmd${n}-update 257 258pfcmd${n}: 259 ${SUDO} ${PFCTL} `cat ${.CURDIR}/pfcmd${n}.opts` \ 260 -f ${.CURDIR}/pfcmd${n}.in 261 262pfcmd${n}-update: 263 ${SUDO} ${PFCTL} -f - `cat ${.CURDIR}/pfcmd${n}.opts` \ 264 < ${.CURDIR}/pfcmd${n}.in > ${.CURDIR}/pfcmd${n}.ok 265 266.endfor 267 268pfcmd: ${PFCMD_TARGETS} 269pfcmd-update: ${PFCMD_UPDATES} 270NODEFAULT_TARGETS+=pfcmd 271REGRESS_TARGETS+=pfcmd 272 273REGRESS_ROOT_TARGETS+=pfcmd 274UPDATE_TARGETS+=pfcmd-update 275 276.for n in ${PFCMDFAIL} 277PFCMDFAIL_TARGETS+=pfcmdfail${n} 278PFCMDFAIL_UPDATES+=pfcmdfail${n}-update 279 280pfcmdfail${n}: 281 ${SUDO} ${PFCTL} `cat ${.CURDIR}/pfcmdfail${n}.opts` \ 282 -f - < ${.CURDIR}/pfcmdfail${n}.in 2>&1 | \ 283 diff -u ${.CURDIR}/pfcmdfail${n}.ok /dev/stdin 284 285pfcmdfail${n}-update: 286 if ${SUDO} ${PFCTL} `cat ${.CURDIR}/pfcmdfail${n}.opts` \ 287 -f - < ${.CURDIR}/pfcmdfail${n}.in > \ 288 ${.CURDIR}/pfcmdfail${n}.ok 2>&1; then \ 289 true; \ 290 fi; 291 292.endfor 293 294pfcmdfail: ${PFCMDFAIL_TARGETS} 295pfcmdfail-update: ${PFCMDFAIL_UPDATES} 296NODEFAULT_TARGETS+=pfcmdfail 297REGRESS_TARGETS+=pfcmdfail 298 299REGRESS_ROOT_TARGETS+=pfcmd 300UPDATE_TARGETS+=pfcmd-update 301 302.for n in ${PFSETUP} 303PFSETUP_TARGETS+=pfsetup${n} 304PFSETUP_UPDATES+=pfsetup${n}-update 305 306pfsetup${n}: 307 ${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.setup 308 ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfsetup${n}.in | \ 309 diff -u ${.CURDIR}/pfsetup${n}.ok /dev/stdin 310 ${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.clean 311 312pfsetup${n}-update: 313 ${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.setup 314 ${PFCTL} -o none -nv -f - < ${.CURDIR}/pfsetup${n}.in \ 315 > ${.CURDIR}/pfsetup${n}.ok 316 ${SUDO} ${SHELL} ${.CURDIR}/pfsetup${n}.clean 317 318.endfor 319 320pfsetup: ${PFSETUP_TARGETS} 321pfsetup-update: ${PFSETUP_UPDATES} 322 323NODEFAULT_TARGETS+=pfsetup 324REGRESS_ROOT_TARGETS+=pfsetup 325 326.for n in ${PFCHKSUM} 327PFCHKSUM_TARGETS+=pfchksum${n} 328PFCHKSUM_UPDATES+=pfchksum${n}-update 329 330pfchksum${n}: 331 ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1 332 ${SUDO} ${PFCTL} -o none -f - < ${.CURDIR}/pfchksum${n}.in 333 ${SUDO} ${PFCTL} -o none -vsi | grep '^Checksum:' | \ 334 diff -u ${.CURDIR}/pfchksum${n}.ok /dev/stdin 335 ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1 336 337pfchksum${n}-update: 338 ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1 339 ${SUDO} ${PFCTL} -o none -f - < ${.CURDIR}/pfchksum${n}.in 340 ${SUDO} ${PFCTL} -o none -vsi | grep '^Checksum:' \ 341 > ${.CURDIR}/pfchksum${n}.ok 342 ${SUDO} ${PFCTL} -o none -Fa >/dev/null 2>&1 343 344.endfor 345 346pfchksum: ${PFCHKSUM_TARGETS} 347pfchksum-update: ${PFCHKSUM_UPDATES} 348 349NODEFAULT_TARGETS+=pfchksum 350REGRESS_ROOT_TARGETS+=pfchksum 351 352.for n in ${PFLOADANCHORS} 353PFLOADANCHORS_TARGETS+=pfloadanchors${n} 354PFLOADANCHORS_UPDATES+=pfloadanchors${n}-update 355 356pfloadanchors${n}: 357 ${SUDO} ${PFCTL} -a regress -v -f - < ${.CURDIR}/pf${n}.in 358 ${SUDO} ${PFCTL} -a 'regress/*' -sr | \ 359 sed -e 's/__automatic_[0-9a-f]*_.*>/__automatic_>/' | \ 360 diff -u ${.CURDIR}/pf${n}.ok /dev/stdin 361 ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 362 363pfloadanchors${n}-update: 364 ${SUDO} ${PFCTL} -a regress -v -f - < ${.CURDIR}/pf${n}.in 365 ${SUDO} ${PFCTL} -a 'regress/*' -sr | \ 366 sed -e 's/__automatic_[0-9a-f]*_.*>/__automatic_>/' \ 367 > ${.CURDIR}/pf${n}.ok 368 ${SUDO} ${PFCTL} -o none -a regress -Fr >/dev/null 2>&1 369 370.endfor 371 372pfloadanchors: ${PFLOADANCHORS_TARGETS} 373pfloadanchors-update: ${PFLOADANCHORS_UPDATES} 374REGRESS_TARGETS+=pf-loadanchors-setup pfloadanchors 375 376pf-loadanchors-setup: 377.for f in pf112.one pf112.two pf113.one pf113.two 378 [ -f ${.OBJDIR}/$f ] || ln -s ${.CURDIR}/$f ${.OBJDIR} 379.endfor 380 381pf-changerule: changerule changerule-tail.ok changerule-head.ok \ 382 changerule-before.ok changerule-after.ok 383 echo 'pass all' | ${SUDO} ${PFCTL} -a regress -f - 384 ${SUDO} ${PFCTL} -a 'regress/*' -Fr 385 echo 'pass all' | ${SUDO} ${PFCTL} -a regress -f - 386.for i in 10 20 30 40 50 387 echo "pass in proto tcp from any to any port $i" | \ 388 ${SUDO} ./changerule -a regress -i 0 389.endfor 390 ${SUDO} ${PFCTL} -a regress -sr | \ 391 diff -u ${.CURDIR}/changerule-head.ok /dev/stdin 392 ${SUDO} ${PFCTL} -a 'regress/*' -Fr 393 echo 'pass all' | ${SUDO} ${PFCTL} -a regress -f - 394.for i in 10 20 30 40 50 395 echo "pass in proto tcp from any to any port $i" | \ 396 ${SUDO} ./changerule -a regress -i -1 397.endfor 398 ${SUDO} ${PFCTL} -a regress -sr | \ 399 diff -u ${.CURDIR}/changerule-tail.ok /dev/stdin 400 echo 'pass in proto tcp from any to any port 15' | \ 401 ${SUDO} ./changerule -a regress -i 2 402 ${SUDO} ${PFCTL} -a regress -sr | \ 403 diff -u ${.CURDIR}/changerule-before.ok /dev/stdin 404 echo 'pass in proto tcp from any to any port 25' | \ 405 ${SUDO} ./changerule -a regress -I 3 406 ${SUDO} ${PFCTL} -a regress -sr | \ 407 diff -u ${.CURDIR}/changerule-after.ok /dev/stdin 408 ${SUDO} ${PFCTL} -a 'regress/*' -Fr 409 410update: ${UPDATE_TARGETS} 411 412alltests: ${REGRESS_TARGETS} ${NODEFAULT_TARGETS} 413 414.PHONY: ${REGRESS_TARGETS} 415 416.include <bsd.regress.mk> 417