netpfil tests: Move pft_ping.py and sniffer.py to the common test directory

The pft_ping.py and sniffer.py tool is moved from tests/sys/netpfil/pf to
tests/sys/netpfil/common directory because these tools are to be used in
common for all the firewalls.

Submitted by:	Ahsan Barkati
Reviewed by:	kp, thj
Sponsored by:	Google, Inc. (GSoC 2019)
Differential Revision:	https://reviews.freebsd.org/D21276

ObsoleteFiles.inc

@@ -38,6 +38,9 @@
 #   xargs -n1 | sort | uniq -d;
 # done
 
+# 20190817: pft_ping.py and sniffer.py moved to /usr/tests/sys/netpfil/common
+OLD_FILES+=usr/tests/sys/netpfil/pf/sniffer.py
+OLD_FILES+=usr/tests/sys/netpfil/pf/pft_ping.py
 # 20190816: dir.h removed from POSIX
 OLD_FILES+=usr/include/sys/dir.h
 # 20190729: gzip'ed a.out support removed

tests/sys/netpfil/common/Makefile

@@ -11,6 +11,10 @@ ATF_TESTS_SH+=	\
 
 ${PACKAGE}FILES+=	\
 		utils.subr \
-		runner.subr
+		runner.subr \
+		pft_ping.py \
+		sniffer.py
+
+${PACKAGE}FILESMODE_pft_ping.py=	0555
 
 .include <bsd.test.mk>

tests/sys/netpfil/pf/Makefile

@@ -21,12 +21,9 @@ ATF_TESTS_SH+=	anchor \
 
 ${PACKAGE}FILES+=	utils.subr \
 			echo_inetd.conf \
-			sniffer.py \
-			pft_ping.py \
 			CVE-2019-5597.py \
 			CVE-2019-5598.py
 
-${PACKAGE}FILESMODE_pft_ping.py=	0555
 ${PACKAGE}FILESMODE_CVE-2019-5597.py=	0555
 ${PACKAGE}FILESMODE_CVE-2019-5598.py=	0555
 

tests/sys/netpfil/pf/forward.sh

@@ -2,6 +2,8 @@
 
 . $(atf_get_srcdir)/utils.subr
 
+common_dir=$(atf_get_srcdir)/../common
+
 atf_test_case "v4" "cleanup"
 v4_head()
 {
@@ -43,20 +45,20 @@ v4_body()
 
 	# Forward with pf enabled
 	pft_set_rules alcatraz "block in"
-	atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \
+	atf_check -s exit:1 ${common_dir}/pft_ping.py \
 		--sendif ${epair_send}a \
 		--to 198.51.100.3 \
 		--recvif ${epair_recv}a
 
 	pft_set_rules alcatraz "block out"
-	atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \
+	atf_check -s exit:1 ${common_dir}/pft_ping.py \
 		--sendif ${epair_send}a \
 		--to 198.51.100.3 \
 		--recv ${epair_recv}a
 
 	# Allow ICMP
 	pft_set_rules alcatraz "block in" "pass in proto icmp"
-	atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
+	atf_check -s exit:0 ${common_dir}/pft_ping.py \
 		--sendif ${epair_send}a \
 		--to 198.51.100.3 \
 		--recvif ${epair_recv}a
@@ -98,7 +100,7 @@ v6_body()
 	route add -6 2001:db8:43::/64 2001:db8:42::2
 
 	# Sanity check, can we forward ICMP echo requests without pf?
-	atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
+	atf_check -s exit:0 ${common_dir}/pft_ping.py \
 		--ip6 \
 		--sendif ${epair_send}a \
 		--to 2001:db8:43::3 \
@@ -109,7 +111,7 @@ v6_body()
 	# Block incoming echo request packets
 	pft_set_rules alcatraz \
 		"block in inet6 proto icmp6 icmp6-type echoreq"
-	atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \
+	atf_check -s exit:1 ${common_dir}/pft_ping.py \
 		--ip6 \
 		--sendif ${epair_send}a \
 		--to 2001:db8:43::3 \
@@ -118,7 +120,7 @@ v6_body()
 	# Block outgoing echo request packets
 	pft_set_rules alcatraz \
 		"block out inet6 proto icmp6 icmp6-type echoreq"
-	atf_check -s exit:1 -e ignore $(atf_get_srcdir)/pft_ping.py \
+	atf_check -s exit:1 -e ignore ${common_dir}/pft_ping.py \
 		--ip6 \
 		--sendif ${epair_send}a \
 		--to 2001:db8:43::3 \
@@ -128,7 +130,7 @@ v6_body()
 	pft_set_rules alcatraz \
 		"block out" \
 		"pass out inet6 proto icmp6"
-	atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
+	atf_check -s exit:0 ${common_dir}/pft_ping.py \
 		--ip6 \
 		--sendif ${epair_send}a \
 		--to 2001:db8:43::3 \
@@ -138,7 +140,7 @@ v6_body()
 	pft_set_rules alcatraz \
 		"block out inet6 proto icmp6 icmp6-type echoreq" \
 		"pass in proto icmp"
-	atf_check -s exit:1 $(atf_get_srcdir)/pft_ping.py \
+	atf_check -s exit:1 ${common_dir}/pft_ping.py \
 		--ip6 \
 		--sendif ${epair_send}a \
 		--to 2001:db8:43::3 \

tests/sys/netpfil/pf/set_tos.sh

@@ -2,6 +2,8 @@
 
 . $(atf_get_srcdir)/utils.subr
 
+common_dir=$(atf_get_srcdir)/../common
+
 atf_test_case "v4" "cleanup"
 v4_head()
 {
@@ -37,7 +39,7 @@ v4_body()
 
 	# No change is done if not requested
 	pft_set_rules alcatraz "scrub out proto icmp"
-	atf_check -s exit:1 -o ignore $(atf_get_srcdir)/pft_ping.py \
+	atf_check -s exit:1 -o ignore ${common_dir}/pft_ping.py \
 		--sendif ${epair_send}a \
 		--to 198.51.100.3 \
 		--recvif ${epair_recv}a \
@@ -45,7 +47,7 @@ v4_body()
 
 	# The requested ToS is set
 	pft_set_rules alcatraz "scrub out proto icmp set-tos 42"
-	atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
+	atf_check -s exit:0 ${common_dir}/pft_ping.py \
 		--sendif ${epair_send}a \
 		--to 198.51.100.3 \
 		--recvif ${epair_recv}a \
@@ -53,7 +55,7 @@ v4_body()
 
 	# ToS is not changed if the scrub rule does not match
 	pft_set_rules alcatraz "scrub out proto tcp set-tos 42"
-	atf_check -s exit:1 -o ignore $(atf_get_srcdir)/pft_ping.py \
+	atf_check -s exit:1 -o ignore ${common_dir}/pft_ping.py \
 		--sendif ${epair_send}a \
 		--to 198.51.100.3 \
 		--recvif ${epair_recv}a \
@@ -62,14 +64,14 @@ v4_body()
 	# Multiple scrub rules match as expected
 	pft_set_rules alcatraz "scrub out proto tcp set-tos 13" \
 		"scrub out proto icmp set-tos 14"
-	atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
+	atf_check -s exit:0 ${common_dir}/pft_ping.py \
 		--sendif ${epair_send}a \
 		--to 198.51.100.3 \
 		--recvif ${epair_recv}a \
 		--expect-tos 14
 
 	# And this works even if the packet already has ToS values set
-	atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
+	atf_check -s exit:0 ${common_dir}/pft_ping.py \
 		--sendif ${epair_send}a \
 		--to 198.51.100.3 \
 		--recvif ${epair_recv}a \
@@ -78,7 +80,7 @@ v4_body()
 
 	# ToS values are unmolested if the packets do not match a scrub rule
 	pft_set_rules alcatraz "scrub out proto tcp set-tos 13"
-	atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
+	atf_check -s exit:0 ${common_dir}/pft_ping.py \
 		--sendif ${epair_send}a \
 		--to 198.51.100.3 \
 		--recvif ${epair_recv}a \