START sys/net/pf_opts 2024-08-15T08:30:29Z ==== busy-rdomains ==== # Check if rdomains are busy. ==== ifconfig ==== sleep 2 # XXX pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni' *** Error 1 in target 'stamp-stop' (ignored) rm -f stamp-bpf* # Destroy interfaces. /sbin/ifconfig lo11 rdomain 11 /sbin/ifconfig lo11 inet 127.0.0.1 delete ifconfig: SIOCDIFADDR: Can't assign requested address *** Error 1 in target 'unconfig' (ignored) /sbin/ifconfig lo11 inet 127.0.0.11 delete ifconfig: SIOCDIFADDR: Can't assign requested address *** Error 1 in target 'unconfig' (ignored) /sbin/ifconfig lo11 inet6 ::1 delete /sbin/ifconfig lo11 inet6 fe80::11/64 delete ifconfig: SIOCDIFADDR: Can't assign requested address *** Error 1 in target 'unconfig' (ignored) /sbin/ifconfig lo12 rdomain 12 /sbin/ifconfig lo12 inet 127.0.0.1 delete ifconfig: SIOCDIFADDR: Can't assign requested address *** Error 1 in target 'unconfig' (ignored) /sbin/ifconfig lo12 inet 127.0.0.12 delete ifconfig: SIOCDIFADDR: Can't assign requested address *** Error 1 in target 'unconfig' (ignored) /sbin/ifconfig lo12 inet6 ::1 delete /sbin/ifconfig lo12 inet6 fe80::12/64 delete ifconfig: SIOCDIFADDR: Can't assign requested address *** Error 1 in target 'unconfig' (ignored) rm -f stamp-ifconfig # Create and configure loopback interfaces. /sbin/ifconfig lo11 rdomain 11 /sbin/ifconfig lo11 inet 127.0.0.1/8 /sbin/ifconfig lo11 inet 127.0.0.11 alias /sbin/ifconfig lo11 inet6 ::1/128 /sbin/ifconfig lo11 inet6 fe80::11/64 /sbin/route -n -T 11 add -inet 224.0.0.0/4 127.0.0.1 add net 224.0.0.0/4: gateway 127.0.0.1 /sbin/ifconfig lo12 rdomain 12 /sbin/ifconfig lo12 inet 127.0.0.1/8 /sbin/ifconfig lo12 inet 127.0.0.12 alias /sbin/ifconfig lo12 inet6 ::1/128 /sbin/ifconfig lo12 inet6 fe80::12/64 /sbin/route -n -T 12 add -inet 224.0.0.0/4 127.0.0.1 add net 224.0.0.0/4: gateway 127.0.0.1 # Wait until IPv6 addresses are no longer tentative. for i in `jot 50`; do if ! { /sbin/ifconfig lo11; /sbin/ifconfig lo12; } | fgrep -q tentative; then break; fi; sleep .1; done ! { /sbin/ifconfig lo11; /sbin/ifconfig lo12; } | fgrep tentative ==== pfctl ==== # Create python include file containing the addresses. rm -f addr.py addr.py.tmp echo 'N1="11"' >>addr.py.tmp echo 'IF_N1="lo11"' >>addr.py.tmp echo 'ADDR_N1="127.0.0.11"' >>addr.py.tmp echo 'ADDR6_N1="fe80::11"' >>addr.py.tmp echo 'N2="12"' >>addr.py.tmp echo 'IF_N2="lo12"' >>addr.py.tmp echo 'ADDR_N2="127.0.0.12"' >>addr.py.tmp echo 'ADDR6_N2="fe80::12"' >>addr.py.tmp mv addr.py.tmp addr.py # Load the pf rules into the kernel. cat addr.py /usr/src/regress/sys/net/pf_opts/pf.conf | /sbin/pfctl -n -f - cat addr.py /usr/src/regress/sys/net/pf_opts/pf.conf | /sbin/pfctl -a regress -f - ==== run-ping ==== rm -f lo11.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo11' || true /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo11 >lo11.tcpdump & rm -f stamp-stop rm -f lo12.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo12' || true tcpdump: listening on lo11, link-type LOOP /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo12 >lo12.tcpdump & rm -f stamp-stop rm -f pflog0.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni pflog0' || true tcpdump: listening on lo12, link-type LOOP /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni pflog0 >pflog0.tcpdump & rm -f stamp-stop sleep 2 # XXX tcpdump: listening on pflog0, link-type PFLOG # Ping localhost on loopback /sbin/ping -n -w 1 -c 1 -V 11 127.0.0.11 PING 127.0.0.11 (127.0.0.11): 56 data bytes 64 bytes from 127.0.0.11: icmp_seq=0 ttl=255 time=0.193 ms --- 127.0.0.11 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.193/0.193/0.193/0.000 ms /sbin/ping -n -w 1 -c 1 -V 12 127.0.0.12 PING 127.0.0.12 (127.0.0.12): 56 data bytes 64 bytes from 127.0.0.12: icmp_seq=0 ttl=255 time=0.178 ms --- 127.0.0.12 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.178/0.178/0.178/0.000 ms ==== run-ping6 ==== # Ping localhost on loopback /sbin/ping6 -n -w 1 -c 1 -V 11 fe80::11%lo11 PING fe80::11%lo11 (fe80::11%lo11): 56 data bytes 64 bytes from fe80::11%lo11: icmp_seq=0 hlim=64 time=0.247 ms --- fe80::11%lo11 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.247/0.247/0.247/0.000 ms /sbin/ping6 -n -w 1 -c 1 -V 12 fe80::12%lo12 PING fe80::12%lo12 (fe80::12%lo12): 56 data bytes 64 bytes from fe80::12%lo12: icmp_seq=0 hlim=64 time=0.248 ms --- fe80::12%lo12 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.248/0.248/0.248/0.000 ms ==== run-bpf-ping ==== sleep 2 # XXX pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni' 0 packets received by filter 0 packets dropped by kernel 4 packets received by filter 0 packets dropped by kernel 4 packets received by filter 0 packets dropped by kernel rm -f stamp-bpf* # Check that ping packet went through loopback. grep ' 127.0.0.11: icmp: echo request' lo11.tcpdump 10:30:35.458267 127.0.0.11 > 127.0.0.11: icmp: echo request (id:8e47 seq:0) [icmp cksum ok] (ttl 255, id 27265, len 84, bad ip cksum 0! -> 5311) grep ' 127.0.0.12: icmp: echo request' lo12.tcpdump 10:30:35.465978 127.0.0.12 > 127.0.0.12: icmp: echo request (id:570f seq:0) [icmp cksum ok] (ttl 255, id 24210, len 84, bad ip cksum 0! -> 5efe) grep ' fe80:.*::11: icmp6: echo request' lo11.tcpdump 10:30:35.631224 fe80:163::1 > fe80:163::11: icmp6: echo request (id:1188 seq:0) [bad icmp6 cksum cde8! -> cb22] (len 64, hlim 64) grep ' fe80:.*::12: icmp6: echo request' lo12.tcpdump 10:30:35.647654 fe80:164::1 > fe80:164::12: icmp6: echo request (id:c4fa seq:0) [bad icmp6 cksum 6afc! -> 6834] (len 64, hlim 64) ! grep ': icmp: echo request' pflog0.tcpdump ! grep ': icmp6: echo request' pflog0.tcpdump ==== run-ping-record ==== rm -f lo11.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo11' || true /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo11 >lo11.tcpdump & rm -f stamp-stop rm -f lo12.tcpdump tcpdump: listening on lo11, link-type LOOP pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo12' || true /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo12 >lo12.tcpdump & rm -f stamp-stop rm -f pflog0.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni pflog0' || true tcpdump: listening on lo12, link-type LOOP /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni pflog0 >pflog0.tcpdump & rm -f stamp-stop sleep 2 # XXX tcpdump: listening on pflog0, link-type PFLOG # Ping localhost with record route option /sbin/ping -n -w 1 -c 1 -V 11 -R 127.0.0.11 PING 127.0.0.11 (127.0.0.11): 56 data bytes 64 bytes from 127.0.0.11: icmp_seq=0 ttl=255 time=0.185 ms RR: 127.0.0.11 127.0.0.11 --- 127.0.0.11 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.185/0.185/0.185/0.000 ms ! /sbin/ping -n -w 1 -c 1 -V 12 -R 127.0.0.12 ping: sendmsg: Permission denied PING 127.0.0.12 (127.0.0.12): 56 data bytes ping: wrote 127.0.0.12 64 chars, ret=-1 --- 127.0.0.12 ping statistics --- 1 packets transmitted, 0 packets received, 100.0% packet loss ==== run-bpf-ping-record ==== sleep 2 # XXX pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni' 1 packets received by filter 0 packets received by filter 0 packets dropped by kernel 0 packets dropped by kernel 2 packets received by filter 0 packets dropped by kernel rm -f stamp-bpf* # Check that ping packet with options is in pflog0. grep ' 127.0.0.11: icmp: echo request .* optlen=40 RR' lo11.tcpdump 10:30:40.418174 127.0.0.11 > 127.0.0.11: icmp: echo request (id:f613 seq:0) [icmp cksum ok] (ttl 255, id 14712, len 124, bad ip cksum 0! -> 6ecb, optlen=40 RR{39}= RR{#0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0} EOL) grep ' 127.0.0.12: icmp: echo request .* optlen=40 RR' pflog0.tcpdump 10:30:40.453487 rule 4.regress.1/(match) [uid 0, pid 31232] pass out on lo12: 127.0.0.12 > 127.0.0.12: icmp: echo request (id:bb89 seq:0) [icmp cksum ok] (ttl 255, id 28785, len 124, bad ip cksum c265! -> 37d0, optlen=40 RR{39}= RR{#0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0} EOL) ==== run-icmp ==== rm -f lo11.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo11' || true /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo11 >lo11.tcpdump & rm -f stamp-stop rm -f lo12.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo12' || true tcpdump: listening on lo11, link-type LOOP /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo12 >lo12.tcpdump & rm -f stamp-stop rm -f pflog0.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni pflog0' || true tcpdump: listening on lo12, link-type LOOP /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni pflog0 >pflog0.tcpdump & rm -f stamp-stop sleep 2 # XXX tcpdump: listening on pflog0, link-type PFLOG /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp.py N1 send icmp without options /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp.py N2 send icmp without options /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-icmp6 ==== /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6.py N1 send icmp6 without options /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6.py N2 send icmp6 without options /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-bpf-icmp ==== sleep 2 # XXX pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni' 0 packets received by filter 0 packets dropped by kernel 2 packets received by filter 0 packets dropped by kernel 2 packets received by filter 0 packets dropped by kernel rm -f stamp-bpf* # Check that icmp packet went through loopback. grep ' 127.0.0.11: icmp: type-#6' lo11.tcpdump 10:30:49.998536 127.0.0.11 > 127.0.0.11: icmp: type-#6 [icmp cksum ok] (ttl 64, id 1, len 44) grep ' 127.0.0.12: icmp: type-#6' lo12.tcpdump 10:30:53.344911 127.0.0.12 > 127.0.0.12: icmp: type-#6 [icmp cksum ok] (ttl 64, id 1, len 44) grep ' fe80::11: icmp6: type-#6' lo11.tcpdump 10:30:56.835915 fe80::11 > fe80::11: icmp6: type-#6 [icmp6 cksum ok] (len 20, hlim 64) grep ' fe80::12: icmp6: type-#6' lo12.tcpdump 10:31:00.155500 fe80::12 > fe80::12: icmp6: type-#6 [icmp6 cksum ok] (len 20, hlim 64) ! grep ': icmp: type-#6' pflog0.tcpdump ! grep ': icmp6: type-#6' pflog0.tcpdump ==== run-icmp6-hop ==== rm -f lo11.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo11' || true /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo11 >lo11.tcpdump & rm -f stamp-stop rm -f lo12.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo12' || true tcpdump: listening on lo11, link-type LOOP /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo12 >lo12.tcpdump & rm -f stamp-stop rm -f pflog0.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni pflog0' || true tcpdump: listening on lo12, link-type LOOP /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni pflog0 >pflog0.tcpdump & rm -f stamp-stop sleep 2 # XXX tcpdump: listening on pflog0, link-type PFLOG /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_hop.py N1 send icmp6 with hop by hop header /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_hop.py N2 send icmp6 with hop by hop header /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-icmp6-dst ==== /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_dst.py N1 send icmp6 with destination options header /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_dst.py N2 send icmp6 with destination options header /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-bpf-ext ==== sleep 2 # XXX pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni' 2 packets received by filter 0 packets dropped by kernel 2 packets received by filter 0 packets dropped by kernel 2 packets received by filter 0 packets dropped by kernel rm -f stamp-bpf* # Check that icmp6 packet with extension headers were blocked fgrep ' fe80::12: HBH icmp6:' pflog0.tcpdump 10:31:11.567851 rule 4/(ip-option) [uid 0, pid 31232] pass in on lo12: fe80::12 > fe80::12: HBH icmp6: type-#6 [icmp6 cksum ok] (len 28, hlim 64) fgrep ' fe80::12: DSTOPT icmp6:' pflog0.tcpdump 10:31:18.427842 rule 4/(ip-option) [uid 0, pid 31232] pass in on lo12: fe80::12 > fe80::12: DSTOPT icmp6: type-#6 [icmp6 cksum ok] (len 28, hlim 64) ! grep fe80::11 pflog0.tcpdump ==== run-icmp-pad ==== rm -f lo11.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo11' || true /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo11 >lo11.tcpdump & rm -f stamp-stop rm -f lo12.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo12' || true tcpdump: listening on lo11, link-type LOOP /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo12 >lo12.tcpdump & rm -f stamp-stop rm -f pflog0.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni pflog0' || true tcpdump: listening on lo12, link-type LOOP /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni pflog0 >pflog0.tcpdump & rm -f stamp-stop sleep 2 # XXX tcpdump: listening on pflog0, link-type PFLOG /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp_pad.py N1 send icmp with options padding /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp_pad.py N2 send icmp with options padding /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-icmp-eol ==== /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp_eol.py N1 send icmp with option end of list /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp_eol.py N2 send icmp with option end of list /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-icmp6-pad ==== /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_hop_pad.py N1 send icmp6 with hop by hop header with padding /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_hop_pad.py N2 send icmp6 with hop by hop header with padding /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-icmp-max ==== /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp_max.py N1 send icmp with maximum length option /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp_max.py N2 send icmp with maximum length option /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-icmp6-max ==== /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_hop_max.py N1 send icmp6 with hop by hop header with maxium padding /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_hop_max.py N2 send icmp6 with hop by hop header with maxium padding /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-icmp-ra ==== /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp_ra.py N1 send icmp with router alert /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp_ra.py N2 send icmp with router alert /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-icmp6-ra ==== /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_hop_ra.py N1 send icmp6 with hop by hop header with router alert /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_hop_ra.py N2 send icmp6 with hop by hop header with router alert /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-icmp-bad ==== /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp_bad.py N1 send icmp with unknown option /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp_bad.py N2 send icmp with unknown option /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-icmp6-bad ==== /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_hop_bad.py N1 send icmp6 with hop by hop header with unknown option /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_hop_bad.py N2 send icmp6 with hop by hop header with unknown option /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-bpf-opts ==== sleep 2 # XXX pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni' 9 packets received by filter 0 packets dropped by kernel 9 packets received by filter 0 packets dropped by kernel 9 packets received by filter 0 packets dropped by kernel rm -f stamp-bpf* # Check that icmp packet with options were blocked grep ' 127.0.0.12:.* optlen=4 NOP NOP NOP NOP)' pflog0.tcpdump 10:31:29.797644 rule 4.regress.1/(match) [uid 0, pid 31232] pass in on lo12: 127.0.0.12 > 127.0.0.12: icmp: type-#6 [icmp cksum ok] (ttl 64, id 1, len 48, optlen=4 NOP NOP NOP NOP) grep ' 127.0.0.12:.* optlen=4 NOP EOL-2)' pflog0.tcpdump 10:31:36.661235 rule 4.regress.1/(match) [uid 0, pid 31232] pass in on lo12: 127.0.0.12 > 127.0.0.12: icmp: type-#6 [icmp cksum ok] (ttl 64, id 1, len 48, optlen=4 NOP EOL-2) grep ' 127.0.0.12:.* optlen=40 NOP ' pflog0.tcpdump 10:31:50.322099 rule 4.regress.1/(match) [uid 0, pid 31232] pass in on lo12: 127.0.0.12 > 127.0.0.12: icmp: type-#6 [icmp cksum ok] (ttl 64, id 1, len 84, optlen=40 NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP NOP) grep ' 127.0.0.12:.* optlen=8 NOP IPOPT-148{4} NOP ' pflog0.tcpdump 10:32:04.010653 rule 4.regress.1/(match) [uid 0, pid 31232] pass in on lo12: 127.0.0.12 > 127.0.0.12: icmp: type-#6 [icmp cksum ok] (ttl 64, id 1, len 52, optlen=8 NOP IPOPT-148{4} NOP EOL-1) grep ' 127.0.0.12:.* optlen=4 IPOPT-3{4})' pflog0.tcpdump 10:32:17.687426 rule 4.regress.1/(match) [uid 0, pid 31232] pass in on lo12: 127.0.0.12 > 127.0.0.12: icmp: type-#6 [icmp cksum ok] (ttl 64, id 1, len 48, optlen=4 IPOPT-3{4}) grep ' fe80::12: HBH icmp6:.* (len 28,' pflog0.tcpdump 10:31:43.500088 rule 4.regress.1/(match) [uid 0, pid 31232] pass in on lo12: fe80::12 > fe80::12: HBH icmp6: type-#6 [icmp6 cksum ok] (len 28, hlim 64) grep ' fe80::12: HBH icmp6:.* (len 284,' pflog0.tcpdump 10:31:57.182107 rule 4.regress.1/(match) [uid 0, pid 31232] pass in on lo12: fe80::12 > fe80::12: HBH icmp6: type-#6 [icmp6 cksum ok] (len 284, hlim 64) grep ' fe80::12: HBH (rtalert: 0x0000) icmp6:' pflog0.tcpdump 10:32:10.856967 rule 4.regress.1/(match) [uid 0, pid 31232] pass in on lo12: fe80::12 > fe80::12: HBH (rtalert: 0x0000) icmp6: type-#6 [icmp6 cksum ok] (len 36, hlim 64) grep ' fe80::12: HBH (type 0x03: len=0) icmp6:' pflog0.tcpdump 10:32:24.527316 rule 4.regress.1/(match) [uid 0, pid 31232] pass in on lo12: fe80::12 > fe80::12: HBH (type 0x03: len=0) icmp6: type-#6 [icmp6 cksum ok] (len 28, hlim 64) ! grep '127.0.0.11' pflog0.tcpdump ! grep 'fe80::11' pflog0.tcpdump ==== run-igmp ==== rm -f lo11.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo11' || true /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo11 >lo11.tcpdump & rm -f stamp-stop rm -f lo12.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo12' || true tcpdump: listening on lo11, link-type LOOP /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo12 >lo12.tcpdump & rm -f stamp-stop rm -f pflog0.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni pflog0' || true tcpdump: listening on lo12, link-type LOOP /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni pflog0 >pflog0.tcpdump & rm -f stamp-stop sleep 2 # XXX tcpdump: listening on pflog0, link-type PFLOG /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/igmp_ra.py N1 send internet group management protocol with router alert /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/igmp_ra.py N2 send internet group management protocol with router alert /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-icmp6-mld ==== /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_mld_ra.py N1 send icmp6 multicast listener discovery with router alert /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_mld_ra.py N2 send icmp6 multicast listener discovery with router alert /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-bpf-mcast ==== sleep 2 # XXX pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni' 2 packets received by filter 0 packets dropped by kernel 2 packets received by filter 0 packets received by filter 0 packets dropped by kernel 0 packets dropped by kernel rm -f stamp-bpf* # Check that multicast protocol packet with router alert passed grep '127.0.0.12 > 224.0.0.1: igmp query .* IPOPT-148{4}' lo12.tcpdump 10:32:36.103662 127.0.0.12 > 224.0.0.1: igmp query [ttl 1] (id 1, len 32, optlen=4 IPOPT-148{4}) grep 'fe80::12 > ff02::1: HBH (rtalert:.* icmp6: multicast ' lo12.tcpdump 10:32:42.964399 fe80::12 > ff02::1: HBH (rtalert: 0x0000) icmp6: multicast listener query max resp delay: 10000 addr: :: [icmp6 cksum ok] [hlim 1] (len 32) ! grep '127.0.0.11' pflog0.tcpdump ! grep 'fe80::11' pflog0.tcpdump ! grep '127.0.0.12' pflog0.tcpdump ! grep 'fe80::12' pflog0.tcpdump ! grep '224.0.0.1' pflog0.tcpdump ! grep 'ff02::1' pflog0.tcpdump ==== run-igmp-bad ==== rm -f lo11.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo11' || true /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo11 >lo11.tcpdump & rm -f stamp-stop rm -f lo12.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo12' || true tcpdump: listening on lo11, link-type LOOP /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni lo12 >lo12.tcpdump & rm -f stamp-stop rm -f pflog0.tcpdump pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni pflog0' || true tcpdump: listening on lo12, link-type LOOP /usr/sbin/tcpdump -l -e -vvv -s 2048 -ni pflog0 >pflog0.tcpdump & rm -f stamp-stop sleep 2 # XXX tcpdump: listening on pflog0, link-type PFLOG /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/igmp_bad.py N1 send internet group management protocol with unknown option /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/igmp_bad.py N2 send internet group management protocol with unknown option /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-icmp6-mld-bad ==== /sbin/route -T 11 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_mld_bad.py N1 send icmp6 multicast listener discovery with unknown option /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. /sbin/route -T 12 exec env PYTHONPATH=/usr/src/regress/sys/net/pf_opts/obj python3 -u /usr/src/regress/sys/net/pf_opts/icmp6_mld_bad.py N2 send icmp6 multicast listener discovery with unknown option /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:471: CryptographyDeprecationWarning: Blowfish has been deprecated and will be removed in a future release cipher=algorithms.Blowfish, /usr/local/lib/python3.11/site-packages/scapy/layers/ipsec.py:485: CryptographyDeprecationWarning: CAST5 has been deprecated and will be removed in a future release cipher=algorithms.CAST5, . Sent 1 packets. ==== run-bpf-mcast-bad ==== sleep 2 # XXX pkill -f '^/usr/sbin/tcpdump -l -e -vvv -s 2048 -ni' 2 packets received by filter 2 packets received by filter 0 packets dropped by kernel 2 packets received by filter 0 packets dropped by kernel 0 packets dropped by kernel rm -f stamp-bpf* # Check that multicast protocol packet with options were blocked grep '127.0.0.12 > 224.0.0.1: igmp query .* IPOPT-3{4}' pflog0.tcpdump 10:32:54.490692 rule 4/(ip-option) [uid 0, pid 31232] pass in on lo12: 127.0.0.12 > 224.0.0.1: igmp query [ttl 1] (id 1, len 32, optlen=4 IPOPT-3{4}) grep 'fe80::12 > ff02::1: HBH (type 0x03:.* icmp6: multicast ' pflog0.tcpdump 10:33:01.343812 rule 4/(ip-option) [uid 0, pid 31232] pass in on lo12: fe80::12 > ff02::1: HBH (type 0x03: len=0) icmp6: multicast listener query max resp delay: 10000 addr: :: [icmp6 cksum ok] [hlim 1] (len 32) ! grep '127.0.0.11' pflog0.tcpdump ! grep 'fe80::11' pflog0.tcpdump ==== unconfig ==== # Destroy interfaces. /sbin/ifconfig lo11 rdomain 11 /sbin/ifconfig lo11 inet 127.0.0.1 delete /sbin/ifconfig lo11 inet 127.0.0.11 delete /sbin/ifconfig lo11 inet6 ::1 delete /sbin/ifconfig lo11 inet6 fe80::11/64 delete /sbin/ifconfig lo12 rdomain 12 /sbin/ifconfig lo12 inet 127.0.0.1 delete /sbin/ifconfig lo12 inet 127.0.0.12 delete /sbin/ifconfig lo12 inet6 ::1 delete /sbin/ifconfig lo12 inet6 fe80::12/64 delete rm -f stamp-ifconfig PASS sys/net/pf_opts Duration 2m34.56s