summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRyan Thomas McBride <mcbride@cvs.openbsd.org>2003-12-16 05:02:47 +0000
committerRyan Thomas McBride <mcbride@cvs.openbsd.org>2003-12-16 05:02:47 +0000
commit4b5458a8e906982b70968bd31cbdb85ee4c5f81e (patch)
tree7b5579b29feada66ebf9974b9287c8d4c81816ef
parentb0c87f9660a746ab8cb1be047264430c1ddf6552 (diff)
Test source-tracking syntax.
-rw-r--r--regress/sbin/pfctl/Makefile6
-rw-r--r--regress/sbin/pfctl/pf84.in17
-rw-r--r--regress/sbin/pfctl/pf84.loaded32
-rw-r--r--regress/sbin/pfctl/pf84.ok8
4 files changed, 60 insertions, 3 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile
index e1e70ac8e0c..1051645d808 100644
--- a/regress/sbin/pfctl/Makefile
+++ b/regress/sbin/pfctl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.167 2003/12/16 00:30:16 mcbride Exp $
+# $OpenBSD: Makefile,v 1.168 2003/12/16 05:02:46 mcbride Exp $
# TARGETS
# pf: feed pfNN.in through pfctl and check wether the output matches pfNN.ok
@@ -13,14 +13,14 @@
PFTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
PFTESTS+=28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
PFTESTS+=51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
-PFTESTS+=74 75 76 77 78 79 80 81 82 83
+PFTESTS+=74 75 76 77 78 79 80 81 82 83 84
PFFAIL=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
PFFAIL+=28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
PFSIMPLE=1 2
PFSETUP=1 2 3 4
PFLOAD=1 2 3 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 23 24 25 26 27 28 29
PFLOAD+=30 31 32 34 36 38 39 40 44 46 47 48 49 54 56 60 61 65 66 67 68 69 70 71
-PFLOAD+=72 73 74 75 76 77 78 79 80 81 82
+PFLOAD+=72 73 74 75 76 77 78 79 80 81 82 84
PFALTQ=1 2 3 4 5 6 7 8 9 10 11 12 13 14
# disabled; no altq in anchors
# PFLOAD+=33 35 37 42 43 45 51 58 59 62 63 64
diff --git a/regress/sbin/pfctl/pf84.in b/regress/sbin/pfctl/pf84.in
new file mode 100644
index 00000000000..52f62f3d541
--- /dev/null
+++ b/regress/sbin/pfctl/pf84.in
@@ -0,0 +1,17 @@
+nat on tun1000000 from 10.0.0.0/24 to any \
+ -> { 10.0.1.1, 10.0.1.2 } round-robin sticky-address
+rdr on tun1000000 from any to 10.0.1.1 \
+ -> { 10.0.0.0/24 } sticky-address random
+rdr on tun1000000 from any to 10.0.1.2 \
+ -> { 10.0.0.1, 10.0.0.2 } sticky-address
+
+pass in proto tcp from any to any port 22 \
+ keep state (source-track)
+pass in proto tcp from any to any port 25 \
+ keep state (source-track global)
+pass in proto tcp from any to any port 80 \
+ keep state (source-track rule, max-src-nodes 1000, max-src-states 3)
+pass in proto tcp from any to any port 123 \
+ keep state (source-track global, max-src-nodes 1000)
+pass in proto tcp from any to any port 321 \
+ keep state (source-track, max-src-states 3)
diff --git a/regress/sbin/pfctl/pf84.loaded b/regress/sbin/pfctl/pf84.loaded
new file mode 100644
index 00000000000..b9546febb6f
--- /dev/null
+++ b/regress/sbin/pfctl/pf84.loaded
@@ -0,0 +1,32 @@
+@0 nat on tun1000000 inet from 10.0.0.0/24 to any -> { 10.0.1.1, 10.0.1.2 } round-robin sticky-address
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@0 rdr on tun1000000 inet from any to 10.0.1.1 -> 10.0.0.0/24 random sticky-address
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@1 rdr on tun1000000 inet from any to 10.0.1.2 -> { 10.0.0.1, 10.0.0.2 } round-robin sticky-address
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@0 pass in proto tcp from any to any port = ssh keep state (source-track global)
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@1 pass in proto tcp from any to any port = smtp keep state (source-track global)
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@2 pass in proto tcp from any to any port = www keep state (source-track rule, max-src-states 3, max-src-nodes 1000)
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@3 pass in proto tcp from any to any port = ntp keep state (source-track global, max-src-nodes 1000)
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@4 pass in proto tcp from any to any port = 321 keep state (source-track global, max-src-states 3)
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf84.ok b/regress/sbin/pfctl/pf84.ok
new file mode 100644
index 00000000000..e031da0e292
--- /dev/null
+++ b/regress/sbin/pfctl/pf84.ok
@@ -0,0 +1,8 @@
+nat on tun1000000 inet from 10.0.0.0/24 to any -> { 10.0.1.1, 10.0.1.2 } round-robin sticky-address
+rdr on tun1000000 inet from any to 10.0.1.1 -> 10.0.0.0/24 random sticky-address
+rdr on tun1000000 inet from any to 10.0.1.2 -> { 10.0.0.1, 10.0.0.2 } round-robin sticky-address
+pass in proto tcp from any to any port = ssh keep state (source-track global)
+pass in proto tcp from any to any port = smtp keep state (source-track global)
+pass in proto tcp from any to any port = www keep state (source-track rule, max-src-states 3, max-src-nodes 1000)
+pass in proto tcp from any to any port = ntp keep state (source-track global, max-src-nodes 1000)
+pass in proto tcp from any to any port = 321 keep state (source-track global, max-src-states 3)