From owner-cvs-all@FreeBSD.ORG Fri Sep 5 09:35:33 2003 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AEFFB16A4BF; Fri, 5 Sep 2003 09:35:33 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id D318E43F85; Fri, 5 Sep 2003 09:35:32 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h85GZWkN077980; Fri, 5 Sep 2003 09:35:32 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h85GZW6U077979; Fri, 5 Sep 2003 09:35:32 -0700 (PDT) (envelope-from rizzo) Date: Fri, 5 Sep 2003 09:35:32 -0700 From: Luigi Rizzo To: "Daniel C. Sobral" Message-ID: <20030905093532.A77909@xorpc.icir.org> References: <200309021036.h82AafYG055045@repoman.freebsd.org> <20030902034054.B79700@xorpc.icir.org> <3F58B99B.1060303@tcoip.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3F58B99B.1060303@tcoip.com.br>; from dcs@tcoip.com.br on Fri, Sep 05, 2003 at 01:28:11PM -0300 cc: Maxim Konovalov cc: cvs-src@freebsd.org cc: src-committers@freebsd.org cc: cvs-all@freebsd.org Subject: Re: cvs commit: src/sbin/ipfw ipfw2.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Sep 2003 16:35:33 -0000 On Fri, Sep 05, 2003 at 01:28:11PM -0300, Daniel C. Sobral wrote: > Luigi Rizzo wrote: > > On Tue, Sep 02, 2003 at 03:36:41AM -0700, Maxim Konovalov wrote: > > ... > > > >> # We need a regression test suit for ipfw(2)/ipfw(8) badly. > > > > > > indeed. This is also why i introduced the '-n' flag so one can > > implement it in an easier way. I do have some scripts for that, > > but at the moment they only test the program's output > > with correct arguments :( > > So let me take this opportunity to mention that that thingy I asked > where you would specify protocol/addresses/ports/flags and it would > indicate which rule that would have triggered (or rules, if processing > continues) would make it possible to do all sorts of regression testing > of ipfw features. :-) i think the only reasonable way to implement it is to generate the actual packet and inject it to the kernel where it is filtered thorugh ip_fw_chk(). Now, the kernel part should not be too hard (basically have a new ioctl that calls ip_fw_chk()) but the userland part is somewhat boring to write... i wonder if there is some other tool that can produce custom packets from a spec... also this would only test the kernel part, not the userland part (the parser is historically the part where the most bugs have been found). and finally, packets have side effects (e.g. create stateful entries, increment counters, etc.) so i am bit unsure on how clean is this approach. cheers luigi > -- > Daniel C. Sobral (8-DCS) > Gerencia de Operacoes > Divisao de Comunicacao de Dados > Coordenacao de Seguranca > VIVO Centro Oeste Norte > Fones: 55-61-313-7654/Cel: 55-61-9618-0904 > E-mail: Daniel.Capo@tco.net.br > Daniel.Sobral@tcoip.com.br > dcs@tcoip.com.br > > Outros: > dcs@newsguy.com > dcs@freebsd.org > capo@notorious.bsdconspiracy.net > > I get up each morning, gather my wits. > Pick up the paper, read the obits. > If I'm not there I know I'm not dead. > So I eat a good breakfast and go back to bed. > > Oh, how do I know my youth is all spent? > My get-up-and-go has got-up-and-went. > But in spite of it all, I'm able to grin, > And think of the places my get-up has been. > -- Pete Seeger > > _______________________________________________ > cvs-all@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/cvs-all > To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"