Makefile revision 1.13
1# $OpenBSD: Makefile,v 1.13 2020/12/17 00:51:13 bluhm Exp $ 2 3# The following ports must be installed: 4# 5# python-2.7 interpreted object-oriented programming language 6# scapy powerful interactive packet manipulation in python 7 8.if ! exists(/usr/local/bin/python2.7) || ! exists(/usr/local/bin/scapy) 9regress: 10 @echo install python and the scapy module for additional tests 11 @echo SKIPPED 12.endif 13 14# This test needs a manual setup of two machines 15# Set up machines: LOCAL REMOTE 16# LOCAL is the machine where this makefile is running. 17# REMOTE is running OpenBSD with ARP to test the Address Resolution Protocol. 18# FAKE is an non existing machine, its IP is used in the tests. 19# OTHER is an IP on REMOTE, but configured on another interface. 20# OTHER_FAKE is an non existing IP on another interface. 21# REMOTE_SSH is the hostname to log in on the REMOTE machine. 22 23# Configure Addresses on the machines. 24# Adapt interface and addresse variables to your local setup. 25# 26LOCAL_IF ?= 27LOCAL_MAC ?= 28REMOTE_MAC ?= 29FAKE_MAC ?= 12:34:56:78:9a:bc 30PROXY_MAC ?= 00:90:27:bb:cc:dd 31REMOTE_SSH ?= 32 33LOCAL_ADDR ?= 10.188.70.17 34REMOTE_ADDR ?= 10.188.70.70 35FAKE_ADDR ?= 10.188.70.188 36OTHER_ADDR ?= 10.188.211.70 37OTHER_FAKE_ADDR ?= 10.188.211.188 38 39.if empty (LOCAL_IF) || empty (LOCAL_MAC) || empty (REMOTE_MAC) || \ 40 empty (FAKE_MAC) || empty (REMOTE_SSH) || empty (LOCAL_ADDR) || \ 41 empty (REMOTE_ADDR) || empty (FAKE_ADDR) || empty (OTHER_ADDR) || \ 42 empty (OTHER_FAKE_ADDR) 43regress: 44 @echo this tests needs a remote machine to operate on 45 @echo LOCAL_IF LOCAL_MAC REMOTE_MAC FAKE_MAC REMOTE_SSH LOCAL_ADDR 46 @echo REMOTE_ADDR FAKE_ADDR OTHER_ADDR OTHER_FAKE_ADDR are empty 47 @echo fill out these variables for additional tests 48 @echo SKIPPED 49.endif 50 51.if ! empty (REMOTE_SSH) 52.if make (regress) || make (all) 53.BEGIN: 54 @echo 55 ${SUDO} true 56 ssh -t ${REMOTE_SSH} ${SUDO} true 57.endif 58.endif 59 60# Create python include file containing the addresses. 61addr.py: Makefile 62 rm -f $@ $@.tmp 63 echo 'LOCAL_IF = "${LOCAL_IF}"' >>$@.tmp 64.for var in LOCAL REMOTE FAKE 65 echo '${var}_MAC = "${${var}_MAC}"' >>$@.tmp 66.endfor 67.for var in LOCAL REMOTE FAKE OTHER OTHER_FAKE 68 echo '${var}_ADDR = "${${var}_ADDR}"' >>$@.tmp 69.endfor 70 mv $@.tmp $@ 71 72# Set variables so that make runs with and without obj directory. 73# Only do that if necessary to keep visible output short. 74.if ${.CURDIR} == ${.OBJDIR} 75PYTHON = python2.7 -u ./ 76.else 77PYTHON = PYTHONPATH=${.OBJDIR} python2.7 -u ${.CURDIR}/ 78.endif 79 80# Clear local and remote ARP cache. 81REGRESS_SETUP += clean-arp 82REGRESS_CLEANUP += clean-arp 83clean-arp: 84 ${SUDO} arp -da 85 ssh ${REMOTE_SSH} ${SUDO} arp -da 86 87# Clear ARP cache and ping all addresses. This ensures that 88# the IP addresses are configured and all routing table are set up 89# to allow bidirectional packet flow. 90REGRESS_TARGETS += run-ping 91run-ping: 92.for ip in LOCAL_ADDR REMOTE_ADDR 93 @echo Check ping ${ip} 94 ping -n -c 1 ${${ip}} 95.endfor 96 97# Send an ARP request from the local machine, asking for the remote 98# machine's MAC. Target MAC is broadcast, Target IP is remote address. 99# Check that all fields of the answer are filled out correctly. 100# Check that the remote machine has the local IP and MAC in its ARP table. 101REGRESS_TARGETS += run-arp-request 102run-arp-request: addr.py 103 @echo Send ARP Request for remote address and insert local address 104 ${SUDO} ${PYTHON}arp_request.py 105 ssh ${REMOTE_SSH} ${SUDO} arp -an >arp.log 106 grep '^${LOCAL_ADDR} .* ${LOCAL_MAC} ' arp.log 107 108# Send an ARP request from the local machine, but use a multicast MAC 109# as sender. Although there is a special check in in_arpinput(), 110# this must be answered. The ARP entry on the remote machine for the 111# local address is changed to the multicast MAC. 112# Check that all fields of the answer are filled out correctly. 113# Check that the remote machine overwrites the local address. 114REGRESS_TARGETS += run-arp-multicast 115run-arp-multicast: addr.py 116 @echo Send ARP Request and overwrite entry with multicast ethernet 117 ssh ${REMOTE_SSH} logger -t "arp-regress[$$$$]" $@ 118 ssh ${REMOTE_SSH} ${SUDO} arp -s ${LOCAL_ADDR} ${LOCAL_MAC} temp 119 scp ${REMOTE_SSH}:/var/log/messages old.log 120 ${SUDO} ${PYTHON}arp_multicast.py 121 scp ${REMOTE_SSH}:/var/log/messages new.log 122 ssh ${REMOTE_SSH} ${SUDO} arp -an >arp.log 123 ssh ${REMOTE_SSH} ${SUDO} arp -d ${LOCAL_ADDR} 124 diff old.log new.log | grep '^> ' >diff.log 125 grep 'bsd: arp info overwritten for ${LOCAL_ADDR} by 33:33:33:33:33:33' diff.log 126 grep '^${LOCAL_ADDR} .* 33:33:33:33:33:33 ' arp.log 127 128# Send an ARP probe from the local machine with the remote IP as 129# target. Sender MAC is local and IP is 0. The remote machine must 130# defend its IP address with an ARP reply. 131# Check that all fields of the answer are filled out correctly. 132REGRESS_TARGETS += run-arp-probe 133run-arp-probe: addr.py 134 @echo Send ARP Probe for existing address and expect correct reply 135 ${SUDO} ${PYTHON}arp_probe.py 136 137# Send ARP request with broadcast MAC as sender. 138# Check that no answer is received. 139# Check that the remote machine rejects the broadcast sender. 140REGRESS_TARGETS += run-arp-broadcast 141run-arp-broadcast: addr.py 142 @echo Send ARP Request with broadcast as sender hardware address 143 ssh ${REMOTE_SSH} logger -t "arp-regress[$$$$]" $@ 144 scp ${REMOTE_SSH}:/var/log/messages old.log 145 ${SUDO} ${PYTHON}arp_broadcast.py 146 scp ${REMOTE_SSH}:/var/log/messages new.log 147 diff old.log new.log | grep '^> ' >diff.log 148 grep 'bsd: arp: ether address is broadcast for IP address ${LOCAL_ADDR}' diff.log 149 150# The local machine announces that it has taken the remote machine's 151# IP. The sender is the local machines MAC and the remote IP. The 152# remote machine must defend its IP address with an ARP reply. 153# Check that all fields of the answer are filled out correctly. 154# Check that the remote machine reports an duplicate address. 155# Check that the remote machine keeps its local ARP entry. 156REGRESS_TARGETS += run-arp-announcement 157run-arp-announcement: addr.py 158 @echo Send ARP Announcement for existing address 159 ssh ${REMOTE_SSH} logger -t "arp-regress[$$$$]" $@ 160 scp ${REMOTE_SSH}:/var/log/messages old.log 161 ${SUDO} ${PYTHON}arp_announcement.py 162 scp ${REMOTE_SSH}:/var/log/messages new.log 163 ssh ${REMOTE_SSH} ${SUDO} arp -an >arp.log 164 diff old.log new.log | grep '^> ' >diff.log 165 grep 'bsd: duplicate IP address ${REMOTE_ADDR} sent from ethernet address ${LOCAL_MAC}' diff.log 166 grep '^${REMOTE_ADDR} .* ${REMOTE_MAC} .* permanent * l$$' arp.log 167 168# The local machine sends an gratuitous ARP reply for the remote IP 169# with its local MAC. 170# Check that no answer is received. 171# Check that the remote machine reports an duplicate address. 172# Check that the remote machine keeps its local ARP entry. 173REGRESS_TARGETS += run-arp-gratuitous 174run-arp-gratuitous: addr.py 175 @echo Send Gratuitous ARP for existing address 176 ssh ${REMOTE_SSH} logger -t "arp-regress[$$$$]" $@ 177 scp ${REMOTE_SSH}:/var/log/messages old.log 178 ${SUDO} ${PYTHON}arp_gratuitous.py 179 scp ${REMOTE_SSH}:/var/log/messages new.log 180 ssh ${REMOTE_SSH} ${SUDO} arp -an >arp.log 181 diff old.log new.log | grep '^> ' >diff.log 182 grep 'bsd: duplicate IP address ${REMOTE_ADDR} sent from ethernet address ${LOCAL_MAC}' diff.log 183 grep '^${REMOTE_ADDR} .* ${REMOTE_MAC} .* permanent * l$$' arp.log 184 185# Add a permanent entry on the remote machine for a fake MAC and IP. 186# Send a request form the local machine, indicating with the local 187# MAC and the fake IP as sender that it claims the fake address. 188# Check that no answer is received. 189# Check that the attempt to overwrite the permanent entry is logged. 190# Check that the remote machine keeps its permanent ARP entry. 191REGRESS_TARGETS += run-arp-permanent 192run-arp-permanent: addr.py 193 @echo Send ARP Request to change permanent fake address 194 ssh ${REMOTE_SSH} logger -t "arp-regress[$$$$]" $@ 195 ssh ${REMOTE_SSH} ${SUDO} arp -s ${FAKE_ADDR} ${FAKE_MAC} permanent 196 scp ${REMOTE_SSH}:/var/log/messages old.log 197 ${SUDO} ${PYTHON}arp_fake.py 198 scp ${REMOTE_SSH}:/var/log/messages new.log 199 ssh ${REMOTE_SSH} ${SUDO} arp -an >arp.log 200 ssh ${REMOTE_SSH} ${SUDO} arp -d ${FAKE_ADDR} 201 diff old.log new.log | grep '^> ' >diff.log 202 grep 'bsd: arp: attempt to overwrite permanent entry for ${FAKE_ADDR} by ${LOCAL_MAC}' diff.log 203 grep '^${FAKE_ADDR} .* ${FAKE_MAC} .* permanent * $$' arp.log 204 205# The remote machine has a second address on another interface. 206# The local machine claims this address in its sender IP. 207# Check that no answer is received. 208# Check that the attempt to overwrite the permanent entry is logged. 209# Check that the remote machine keeps its local ARP entry. 210REGRESS_TARGETS += run-arp-address 211run-arp-address: addr.py 212 @echo Send ARP Request to change address on other interface 213 ssh ${REMOTE_SSH} logger -t "arp-regress[$$$$]" $@ 214 scp ${REMOTE_SSH}:/var/log/messages old.log 215 ${SUDO} ${PYTHON}arp_other.py 216 scp ${REMOTE_SSH}:/var/log/messages new.log 217 ssh ${REMOTE_SSH} ${SUDO} arp -an >arp.log 218 diff old.log new.log | grep '^> ' >diff.log 219 grep 'bsd: arp: attempt to overwrite permanent entry for ${OTHER_ADDR} by ${LOCAL_MAC}' diff.log 220 grep '^${OTHER_ADDR} .* permanent * l$$' arp.log 221 222# The remote machine has a second address on another interface. Add 223# a temporary ARP entry for a fake address in this network on the 224# remote machine. The local machine tries to overwrite this address 225# with its own MAC. 226# Check that no answer is received. 227# Check that the attempt to overwrite the permanent entry is logged. 228# Check that the remote machine keeps its ARP entry. 229REGRESS_TARGETS += run-arp-temporary 230run-arp-temporary: addr.py 231 @echo Send ARP Request to change temporary entry on other interface 232 ssh ${REMOTE_SSH} logger -t "arp-regress[$$$$]" $@ 233 ssh ${REMOTE_SSH} ${SUDO} arp -s ${OTHER_FAKE_ADDR} ${FAKE_MAC} temp 234 scp ${REMOTE_SSH}:/var/log/messages old.log 235 ${SUDO} ${PYTHON}arp_otherfake.py 236 scp ${REMOTE_SSH}:/var/log/messages new.log 237 ssh ${REMOTE_SSH} ${SUDO} arp -an >arp.log 238 ssh ${REMOTE_SSH} ${SUDO} arp -d ${OTHER_FAKE_ADDR} 239 diff old.log new.log | grep '^> ' >diff.log 240 grep 'bsd: arp: attempt to overwrite entry for ${OTHER_FAKE_ADDR} on .* by ${LOCAL_MAC} on .*' diff.log 241 grep '^${OTHER_FAKE_ADDR} .* ${FAKE_MAC} ' arp.log 242 243# The remote machine has a second address on another interface. Create 244# an incomplete ARP entry for a fake address in this network on the 245# remote machine with an unsuccessful ping. The local machine tries 246# to overwrite this address with its own MAC. 247# Check that no answer is received. 248# Check that the attempt to add an entry is logged. 249# Check that the remote machine keeps its incomplete ARP entry. 250REGRESS_TARGETS += run-arp-incomplete 251run-arp-incomplete: addr.py 252 @echo Send ARP Request filling an incomplete entry on other interface 253 ssh ${REMOTE_SSH} logger -t "arp-regress[$$$$]" $@ 254 ssh ${REMOTE_SSH} ${SUDO} ping -n -w 1 -c 1 ${OTHER_FAKE_ADDR} || true 255 scp ${REMOTE_SSH}:/var/log/messages old.log 256 ${SUDO} ${PYTHON}arp_otherfake.py 257 scp ${REMOTE_SSH}:/var/log/messages new.log 258 ssh ${REMOTE_SSH} ${SUDO} arp -an >arp.log 259 ssh ${REMOTE_SSH} ${SUDO} arp -d ${OTHER_FAKE_ADDR} 260 diff old.log new.log | grep '^> ' >diff.log 261 grep 'bsd: arp: attempt to add entry for ${OTHER_FAKE_ADDR} on .* by ${LOCAL_MAC} on .*' diff.log 262 grep '^${OTHER_FAKE_ADDR} .* (incomplete) ' arp.log 263 264# Publish a proxy ARP entry on the remote machine for a fake address. 265# The local machine requests this IP as a the target. 266# Check that all fields of the answer are filled out correctly. 267# Check that the remote machine has a public ARP entry. 268REGRESS_TARGETS += run-arp-proxy 269run-arp-proxy: addr.py 270 @echo Send ARP Request for fake address that is proxied 271 ssh ${REMOTE_SSH} ${SUDO} arp -s ${FAKE_ADDR} ${PROXY_MAC} 272 ssh ${REMOTE_SSH} ${SUDO} arp -s ${FAKE_ADDR} ${FAKE_MAC} pub 273 ${SUDO} ${PYTHON}arp_proxy.py 274 ssh ${REMOTE_SSH} ${SUDO} arp -an >arp.log 275 ssh ${REMOTE_SSH} ${SUDO} arp -d ${FAKE_ADDR} 276 ssh ${REMOTE_SSH} ${SUDO} arp -d ${FAKE_ADDR} 277 grep '^${FAKE_ADDR} .* ${FAKE_MAC} .* static * p$$' arp.log 278 279# Enter a static ARP entry on the remote machine for a fake address, 280# but do not publish it. The local machine requests this IP as a the 281# target. 282# Check that no answer is received. 283# Check that the remote machine has a static ARP entry. 284REGRESS_TARGETS += run-arp-nonproxy 285run-arp-nonproxy: addr.py 286 @echo Send ARP Request for fake address that is not published 287 ssh ${REMOTE_SSH} ${SUDO} arp -s ${FAKE_ADDR} ${FAKE_MAC} 288 ${SUDO} ${PYTHON}arp_nonproxy.py 289 ssh ${REMOTE_SSH} ${SUDO} arp -an >arp.log 290 ssh ${REMOTE_SSH} ${SUDO} arp -d ${FAKE_ADDR} 291 grep '^${FAKE_ADDR} .* ${FAKE_MAC} .* static * $$' arp.log 292 293# Publish a proxy ARP entry on the remote machine for a fake address 294# on another interface. The local machine requests this IP. As the 295# proxy entry is for another interface, it must not be answered. 296# Check that no answer is received. 297# Check that the remote machine has a public ARP entry. 298REGRESS_TARGETS += run-arp-otherproxy 299run-arp-otherproxy: addr.py 300 @echo Send ARP Request for address proxied on another interface 301 ssh ${REMOTE_SSH} ${SUDO} arp -s ${OTHER_FAKE_ADDR} ${FAKE_MAC} pub 302 ${SUDO} ${PYTHON}arp_otherproxy.py 303 ssh ${REMOTE_SSH} ${SUDO} arp -an >arp.log 304 ssh ${REMOTE_SSH} ${SUDO} arp -d ${OTHER_FAKE_ADDR} 305 grep '^${OTHER_FAKE_ADDR} .* ${FAKE_MAC} .* static * p$$' arp.log 306 307CLEANFILES += addr.py *.pyc *.log 308 309.include <bsd.regress.mk> 310