D21276.id60885.diff
No OneTemporary
Actions

Size

6 KB

Referenced Files

None

Subscribers

None

D21276.id60885.diff
View Options

	Index: ObsoleteFiles.inc
	===================================================================
	--- ObsoleteFiles.inc
	+++ ObsoleteFiles.inc
	@@ -38,6 +38,9 @@
	# xargs -n1 \| sort \| uniq -d;
	# done

	+# 20190816: pft_ping.py and sniffer.py moved to /usr/tests/sys/netpfil/common
	+OLD_FILES+=usr/tests/sys/netpfil/pf/sniffer.py
	+OLD_FILES+=usr/tests/sys/netpfil/pf/pft_ping.py
	# 20190729: gzip'ed a.out support removed
	OLD_FILES+=usr/include/sys/inflate.h
	# 20190722: cap_random(3) removed
	Index: tests/sys/netpfil/common/Makefile
	===================================================================
	--- tests/sys/netpfil/common/Makefile
	+++ tests/sys/netpfil/common/Makefile
	@@ -5,9 +5,15 @@
	TESTSDIR= ${TESTSBASE}/sys/netpfil/common


	-ATF_TESTS_SH+= pass_block \
	+ATF_TESTS_SH+= \
	+ pass_block

	-${PACKAGE}FILES+= utils.subr \
	- runner.subr
	+${PACKAGE}FILES+= \
	+ utils.subr \
	+ runner.subr \
	+ pft_ping.py \
	+ sniffer.py
	+
	+${PACKAGE}FILESMODE_pft_ping.py= 0555

	.include <bsd.test.mk>
	Index: tests/sys/netpfil/pf/Makefile
	===================================================================
	--- tests/sys/netpfil/pf/Makefile
	+++ tests/sys/netpfil/pf/Makefile
	@@ -21,12 +21,9 @@

	${PACKAGE}FILES+= utils.subr \
	echo_inetd.conf \
	- sniffer.py \
	- pft_ping.py \
	CVE-2019-5597.py \
	CVE-2019-5598.py

	-${PACKAGE}FILESMODE_pft_ping.py= 0555
	${PACKAGE}FILESMODE_CVE-2019-5597.py= 0555
	${PACKAGE}FILESMODE_CVE-2019-5598.py= 0555

	Index: tests/sys/netpfil/pf/forward.sh
	===================================================================
	--- tests/sys/netpfil/pf/forward.sh
	+++ tests/sys/netpfil/pf/forward.sh
	@@ -2,6 +2,8 @@

	. $(atf_get_srcdir)/utils.subr

	+common_dir=$(atf_get_srcdir)/../common
	+
	atf_test_case "v4" "cleanup"
	v4_head()
	{
	@@ -43,20 +45,20 @@

	# Forward with pf enabled
	pft_set_rules alcatraz "block in"
	- atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \
	+ atf_check -s exit:1 ${common_dir}/pft_ping.py \
	--sendif ${epair_send}a \
	--to 198.51.100.3 \
	--recvif ${epair_recv}a

	pft_set_rules alcatraz "block out"
	- atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \
	+ atf_check -s exit:1 ${common_dir}/pft_ping.py \
	--sendif ${epair_send}a \
	--to 198.51.100.3 \
	--recv ${epair_recv}a

	# Allow ICMP
	pft_set_rules alcatraz "block in" "pass in proto icmp"
	- atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
	+ atf_check -s exit:0 ${common_dir}/pft_ping.py \
	--sendif ${epair_send}a \
	--to 198.51.100.3 \
	--recvif ${epair_recv}a
	@@ -98,7 +100,7 @@
	route add -6 2001:db8:43::/64 2001:db8:42::2

	# Sanity check, can we forward ICMP echo requests without pf?
	- atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
	+ atf_check -s exit:0 ${common_dir}/pft_ping.py \
	--ip6 \
	--sendif ${epair_send}a \
	--to 2001:db8:43::3 \
	@@ -109,7 +111,7 @@
	# Block incoming echo request packets
	pft_set_rules alcatraz \
	"block in inet6 proto icmp6 icmp6-type echoreq"
	- atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \
	+ atf_check -s exit:1 ${common_dir}/pft_ping.py \
	--ip6 \
	--sendif ${epair_send}a \
	--to 2001:db8:43::3 \
	@@ -118,7 +120,7 @@
	# Block outgoing echo request packets
	pft_set_rules alcatraz \
	"block out inet6 proto icmp6 icmp6-type echoreq"
	- atf_check -s exit:1 -e ignore $(atf_get_srcdir)/pft_ping.py \
	+ atf_check -s exit:1 -e ignore ${common_dir}/pft_ping.py \
	--ip6 \
	--sendif ${epair_send}a \
	--to 2001:db8:43::3 \
	@@ -128,7 +130,7 @@
	pft_set_rules alcatraz \
	"block out" \
	"pass out inet6 proto icmp6"
	- atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
	+ atf_check -s exit:0 ${common_dir}/pft_ping.py \
	--ip6 \
	--sendif ${epair_send}a \
	--to 2001:db8:43::3 \
	@@ -138,7 +140,7 @@
	pft_set_rules alcatraz \
	"block out inet6 proto icmp6 icmp6-type echoreq" \
	"pass in proto icmp"
	- atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \
	+ atf_check -s exit:1 ${common_dir}/pft_ping.py \
	--ip6 \
	--sendif ${epair_send}a \
	--to 2001:db8:43::3 \
	Index: tests/sys/netpfil/pf/set_tos.sh
	===================================================================
	--- tests/sys/netpfil/pf/set_tos.sh
	+++ tests/sys/netpfil/pf/set_tos.sh
	@@ -2,6 +2,8 @@

	. $(atf_get_srcdir)/utils.subr

	+common_dir=$(atf_get_srcdir)/../common
	+
	atf_test_case "v4" "cleanup"
	v4_head()
	{
	@@ -37,7 +39,7 @@

	# No change is done if not requested
	pft_set_rules alcatraz "scrub out proto icmp"
	- atf_check -s exit:1 -o ignore $(atf_get_srcdir)/pft_ping.py \
	+ atf_check -s exit:1 -o ignore ${common_dir}/pft_ping.py \
	--sendif ${epair_send}a \
	--to 198.51.100.3 \
	--recvif ${epair_recv}a \
	@@ -45,7 +47,7 @@

	# The requested ToS is set
	pft_set_rules alcatraz "scrub out proto icmp set-tos 42"
	- atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
	+ atf_check -s exit:0 ${common_dir}/pft_ping.py \
	--sendif ${epair_send}a \
	--to 198.51.100.3 \
	--recvif ${epair_recv}a \
	@@ -53,7 +55,7 @@

	# ToS is not changed if the scrub rule does not match
	pft_set_rules alcatraz "scrub out proto tcp set-tos 42"
	- atf_check -s exit:1 -o ignore $(atf_get_srcdir)/pft_ping.py \
	+ atf_check -s exit:1 -o ignore ${common_dir}/pft_ping.py \
	--sendif ${epair_send}a \
	--to 198.51.100.3 \
	--recvif ${epair_recv}a \
	@@ -62,14 +64,14 @@
	# Multiple scrub rules match as expected
	pft_set_rules alcatraz "scrub out proto tcp set-tos 13" \
	"scrub out proto icmp set-tos 14"
	- atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
	+ atf_check -s exit:0 ${common_dir}/pft_ping.py \
	--sendif ${epair_send}a \
	--to 198.51.100.3 \
	--recvif ${epair_recv}a \
	--expect-tos 14

	# And this works even if the packet already has ToS values set
	- atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
	+ atf_check -s exit:0 ${common_dir}/pft_ping.py \
	--sendif ${epair_send}a \
	--to 198.51.100.3 \
	--recvif ${epair_recv}a \
	@@ -78,7 +80,7 @@

	# ToS values are unmolested if the packets do not match a scrub rule
	pft_set_rules alcatraz "scrub out proto tcp set-tos 13"
	- atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
	+ atf_check -s exit:0 ${common_dir}/pft_ping.py \
	--sendif ${epair_send}a \
	--to 198.51.100.3 \
	--recvif ${epair_recv}a \

File Metadata

Mime Type: text/plain
Expires: Wed, Apr 8, 2:34 PM (16 h, 46 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 31089117
Default Alt Text: D21276.id60885.diff (6 KB)

D21276.id60885.diffNo OneTemporaryActions

D21276.id60885.diffView Options

File Metadata

Event Timeline

D21276.id60885.diff
No OneTemporary
Actions

D21276.id60885.diff
View Options