README
1Regression tests for pf tcp state.
2
3The test suite runs on the machine LOCAL, the kernel under test is
4running on REMOTE. On LOCAL a Scapy program is simulating a
5connection to REMOTE TCP echo service. The source address is a non
6existing address on FAKE_NET. The LOCAL machine acts as a router
7between REMOTE and virtual FAKE_NET_ADDR and can create ICMP packets.
8
9The run-regress-challenge-ack subtest checks that the pf firewall
10sends TCP a challenge Ack if the sequence number is out of range.
11
12EXAMPLE
13
14To run this test I use the following configuration files.
15You should choose a different set of MAC and IP addresses.
16
17- My local machine where I run the regression test:
18
19/etc/hosts
20# to login to qemu with SSH via IPv6 link-local
21fe80::725f:caff:fe21:8d70%tap0 q70
22
23cat /etc/hostname.tap4
24lladdr fe:e1:ba:d0:d5:6d up
25inet 10.188.211.17 255.255.255.0
26inet6 fdd7:e83e:66bc:211::17
27!route add -inet 10.188.219.0/24 127.0.0.1 -blackhole
28!route add -inet6 fdd7:e83e:66bc:219::/64 ::1 -blackhole
29
30- My qemu where the kernel under test is running
31
32/etc/hostname.vio1
33lladdr 70:5f:ca:21:8d:80
34inet 10.188.211.70 255.255.255.0
35inet6 fdd7:e83e:66bc:211::70
36!route add -inet 10.188.219.0/24 10.188.211.17
37!route add -inet6 fdd7:e83e:66bc:219::/64 fdd7:e83e:66bc:211::17
38
39/etc/inetd.conf
40chargen stream tcp nowait root internal
41chargen stream tcp6 nowait root internal
42echo dgram udp6 wait root internal
43
44/etc/rc.conf.local
45inetd_flags=
46sshd_flags=
47
48LOCAL_IF=tap4
49LOCAL_MAC=fe:e1:ba:d0:d5:6d
50REMOTE_MAC=70:5f:ca:21:8d:80
51REMOTE_SSH=q70
52
53LOCAL_ADDR=10.188.211.17
54REMOTE_ADDR=10.188.211.70
55FAKE_NET=10.188.219.0/24
56FAKE_NET_ADDR=10.188.219.188
57
58LOCAL_ADDR6=fdd7:e83e:66bc:211::17
59REMOTE_ADDR6=fdd7:e83e:66bc:211::70
60FAKE_NET6=fdd7:e83e:66bc:219::/64
61FAKE_NET_ADDR6=fdd7:e83e:66bc:219::188
62
63- Fix your configuration until make check-setup passes
64