summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRyan Thomas McBride <mcbride@cvs.openbsd.org>2004-10-05 18:33:45 +0000
committerRyan Thomas McBride <mcbride@cvs.openbsd.org>2004-10-05 18:33:45 +0000
commit2b251cde1b3a7f569a51b7d4c320041ab826a600 (patch)
treeb2be5dd3490a7e81f99fe4ffcb3b2094bdf956bf
parent1df6369c95b1125ca56d02e07cf19bc329471fee (diff)
Regress tests for pfctl -o rule reordering and duplicate rule removal.
-rw-r--r--regress/sbin/pfctl/Makefile9
-rw-r--r--regress/sbin/pfctl/pf87.in24
-rw-r--r--regress/sbin/pfctl/pf87.loaded88
-rw-r--r--regress/sbin/pfctl/pf87.ok22
-rw-r--r--regress/sbin/pfctl/pf87.optimized88
-rw-r--r--regress/sbin/pfctl/pf88.in32
-rw-r--r--regress/sbin/pfctl/pf88.loaded88
-rw-r--r--regress/sbin/pfctl/pf88.ok22
-rw-r--r--regress/sbin/pfctl/pf88.optimized64
9 files changed, 433 insertions, 4 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile
index 8c100e8f8aa..73b8c9a41e5 100644
--- a/regress/sbin/pfctl/Makefile
+++ b/regress/sbin/pfctl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.181 2004/10/01 23:19:17 mcbride Exp $
+# $OpenBSD: Makefile,v 1.182 2004/10/05 18:33:44 mcbride Exp $
# TARGETS
# pf: feed pfNN.in through pfctl and check wether the output matches pfNN.ok
@@ -14,19 +14,19 @@
PFTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
PFTESTS+=28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
PFTESTS+=51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
-PFTESTS+=74 75 76 77 78 79 80 81 82 83 84 85 86
+PFTESTS+=74 75 76 77 78 79 80 81 82 83 84 85 86 87 88
PFFAIL=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 23 24 25 27
PFFAIL+=28 29 30 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
PFSIMPLE=1 2
PFSETUP=1 2 3 4
PFLOAD=1 2 3 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 23 24 25 26 27 28 29
PFLOAD+=30 31 32 34 36 38 39 40 44 46 47 48 49 54 56 60 61 65 66 67 68 69 70 71
-PFLOAD+=72 73 74 75 76 77 78 79 80 81 82 84
+PFLOAD+=72 73 74 75 76 77 78 79 80 81 82 84 87 88
PFALTQ=1 2 3 4 5 6 7 8 9 10 11 12 13 14
# disabled; no altq in anchors
# PFLOAD+=33 35 37 42 43 45 51 58 59 62 63 64
# only testing parser, load test would be useless
-# PFLOAD+=6 22 41 50 52 53 55 57 83 85
+# PFLOAD+=6 22 41 50 52 53 55 57 83 85 86
PFTABLE=1 2 3 4 5 6 7 8 9 10 11 12 13
PFOPT=1 2 3 4 5
PFIF2IP=1 2 3
@@ -159,6 +159,7 @@ pfoptimize${n}-update:
pfoptimize: ${PFOPTIMIZE_TARGETS}
pfoptimize-update: ${PFOPTIMIZE_UPDATES}
REGRESS_TARGETS+=pfoptimize
+UPDATE_TARGETS+=pfoptimize-update
.for n in ${PFTABLE}
PFR_TARGETS+=pfr${n}
diff --git a/regress/sbin/pfctl/pf87.in b/regress/sbin/pfctl/pf87.in
new file mode 100644
index 00000000000..cd19262b83e
--- /dev/null
+++ b/regress/sbin/pfctl/pf87.in
@@ -0,0 +1,24 @@
+# pfctl -o rule reordering
+
+pass in on lo1000000 proto tcp from any to 10.0.0.2 port 22 keep state
+pass in on lo1000001 proto tcp from 10.0.0.1 port 22 to 10.0.0.2 keep state
+pass in on lo1000001 proto udp from 10.0.0.5 to 10.0.0.4 port 53 keep state
+pass in on lo1000000 proto udp from any to 10.0.0.2 port 53 keep state
+pass in proto tcp to 10.0.0.1 port 80 keep state
+pass out on lo1000001 proto udp from any to 10.0.0.2 port 53 keep state
+pass in proto tcp to 10.0.0.3 port 80 keep state
+pass out proto tcp to 10.0.0.1 port 81 keep state
+pass in proto udp to 10.0.0.3 port 53 keep state
+pass in on lo1000001 proto udp from 10.0.0.2 port 53 to 10.0.0.2 keep state
+pass out proto udp to 10.0.0.1 port 53 keep state
+pass out on lo1000000 proto udp from any to 10.0.0.2 port 53 keep state
+pass out proto udp to 10.0.0.3 port 53 keep state
+pass out on lo1000000 proto tcp from any to 10.0.0.2 port 22 keep state
+pass in on lo1000001 proto tcp from any to 10.0.0.2 port 22 keep state
+pass in on lo1000001 proto udp from any to 10.0.0.2 port 53 keep state
+pass in on lo1000001 proto tcp from 10.0.0.1 to 10.0.0.4 keep state
+pass out on lo1000001 proto tcp from any to 10.0.0.2 port 22 keep state
+pass out proto tcp to 10.0.0.1 port 80 keep state
+pass in proto udp to 10.0.0.1 port 53 keep state
+pass in on lo1000001 proto tcp from 10.0.0.1 to 10.0.0.6 port 22 keep state
+pass in on lo1000001 proto udp from 10.0.0.5 to 10.0.0.2 keep state
diff --git a/regress/sbin/pfctl/pf87.loaded b/regress/sbin/pfctl/pf87.loaded
new file mode 100644
index 00000000000..a3c36b9c4aa
--- /dev/null
+++ b/regress/sbin/pfctl/pf87.loaded
@@ -0,0 +1,88 @@
+@0 pass in on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh keep state
+ [ Skip steps: d=5 f=end p=2 da=2 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@1 pass in on lo1000001 inet proto tcp from 10.0.0.1 port = ssh to 10.0.0.2 keep state
+ [ Skip steps: i=3 d=5 f=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@2 pass in on lo1000001 inet proto udp from 10.0.0.5 to 10.0.0.4 port = domain keep state
+ [ Skip steps: d=5 f=end p=4 sp=9 dp=4 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@3 pass in on lo1000000 inet proto udp from any to 10.0.0.2 port = domain keep state
+ [ Skip steps: d=5 f=end sa=9 sp=9 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@4 pass in inet proto tcp from any to 10.0.0.1 port = www keep state
+ [ Skip steps: f=end sa=9 sp=9 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@5 pass out on lo1000001 inet proto udp from any to 10.0.0.2 port = domain keep state
+ [ Skip steps: f=end sa=9 sp=9 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@6 pass in inet proto tcp from any to 10.0.0.3 port = www keep state
+ [ Skip steps: i=9 f=end p=8 sa=9 sp=9 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@7 pass out inet proto tcp from any to 10.0.0.1 port = 81 keep state
+ [ Skip steps: i=9 f=end sa=9 sp=9 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@8 pass in inet proto udp from any to 10.0.0.3 port = domain keep state
+ [ Skip steps: d=10 f=end p=13 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@9 pass in on lo1000001 inet proto udp from 10.0.0.2 port = domain to 10.0.0.2 keep state
+ [ Skip steps: f=end p=13 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@10 pass out inet proto udp from any to 10.0.0.1 port = domain keep state
+ [ Skip steps: d=14 f=end p=13 sa=16 sp=end dp=13 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@11 pass out on lo1000000 inet proto udp from any to 10.0.0.2 port = domain keep state
+ [ Skip steps: d=14 f=end p=13 sa=16 sp=end dp=13 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@12 pass out inet proto udp from any to 10.0.0.3 port = domain keep state
+ [ Skip steps: d=14 f=end sa=16 sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@13 pass out on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh keep state
+ [ Skip steps: f=end p=15 sa=16 sp=end da=16 dp=15 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@14 pass in on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh keep state
+ [ Skip steps: i=18 d=17 f=end sa=16 sp=end da=16 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@15 pass in on lo1000001 inet proto udp from any to 10.0.0.2 port = domain keep state
+ [ Skip steps: i=18 d=17 f=end sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@16 pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.4 keep state
+ [ Skip steps: i=18 f=end p=19 sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@17 pass out on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh keep state
+ [ Skip steps: d=19 f=end p=19 sa=20 sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@18 pass out inet proto tcp from any to 10.0.0.1 port = www keep state
+ [ Skip steps: i=20 f=end sa=20 sp=end da=20 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@19 pass in inet proto udp from any to 10.0.0.1 port = domain keep state
+ [ Skip steps: d=end f=end sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@20 pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.6 port = ssh keep state
+ [ Skip steps: i=end d=end f=end sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@21 pass in on lo1000001 inet proto udp from 10.0.0.5 to 10.0.0.2 keep state
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf87.ok b/regress/sbin/pfctl/pf87.ok
new file mode 100644
index 00000000000..cdc783c8d8a
--- /dev/null
+++ b/regress/sbin/pfctl/pf87.ok
@@ -0,0 +1,22 @@
+pass in on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh keep state
+pass in on lo1000001 inet proto tcp from 10.0.0.1 port = ssh to 10.0.0.2 keep state
+pass in on lo1000001 inet proto udp from 10.0.0.5 to 10.0.0.4 port = domain keep state
+pass in on lo1000000 inet proto udp from any to 10.0.0.2 port = domain keep state
+pass in inet proto tcp from any to 10.0.0.1 port = www keep state
+pass out on lo1000001 inet proto udp from any to 10.0.0.2 port = domain keep state
+pass in inet proto tcp from any to 10.0.0.3 port = www keep state
+pass out inet proto tcp from any to 10.0.0.1 port = 81 keep state
+pass in inet proto udp from any to 10.0.0.3 port = domain keep state
+pass in on lo1000001 inet proto udp from 10.0.0.2 port = domain to 10.0.0.2 keep state
+pass out inet proto udp from any to 10.0.0.1 port = domain keep state
+pass out on lo1000000 inet proto udp from any to 10.0.0.2 port = domain keep state
+pass out inet proto udp from any to 10.0.0.3 port = domain keep state
+pass out on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh keep state
+pass in on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh keep state
+pass in on lo1000001 inet proto udp from any to 10.0.0.2 port = domain keep state
+pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.4 keep state
+pass out on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh keep state
+pass out inet proto tcp from any to 10.0.0.1 port = www keep state
+pass in inet proto udp from any to 10.0.0.1 port = domain keep state
+pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.6 port = ssh keep state
+pass in on lo1000001 inet proto udp from 10.0.0.5 to 10.0.0.2 keep state
diff --git a/regress/sbin/pfctl/pf87.optimized b/regress/sbin/pfctl/pf87.optimized
new file mode 100644
index 00000000000..4285cdd1b47
--- /dev/null
+++ b/regress/sbin/pfctl/pf87.optimized
@@ -0,0 +1,88 @@
+@0 pass in on lo1000001 inet proto udp from 10.0.0.2 port = domain to 10.0.0.2 keep state
+ [ Skip steps: i=8 d=14 f=end p=3 da=5 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@1 pass in on lo1000001 inet proto udp from any to 10.0.0.2 port = domain keep state
+ [ Skip steps: i=8 d=14 f=end p=3 sp=3 da=5 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@2 pass in on lo1000001 inet proto udp from 10.0.0.5 to 10.0.0.2 keep state
+ [ Skip steps: i=8 d=14 f=end da=5 dp=4 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@3 pass in on lo1000001 inet proto tcp from 10.0.0.1 port = ssh to 10.0.0.2 keep state
+ [ Skip steps: i=8 d=14 f=end p=7 da=5 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@4 pass in on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh keep state
+ [ Skip steps: i=8 d=14 f=end p=7 sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@5 pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.4 keep state
+ [ Skip steps: i=8 d=14 f=end p=7 sa=7 sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@6 pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.6 port = ssh keep state
+ [ Skip steps: i=8 d=14 f=end sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@7 pass in on lo1000001 inet proto udp from 10.0.0.5 to 10.0.0.4 port = domain keep state
+ [ Skip steps: d=14 f=end p=11 sp=end dp=11 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@8 pass in on lo1000000 inet proto udp from any to 10.0.0.2 port = domain keep state
+ [ Skip steps: d=14 f=end p=11 sa=end sp=end dp=11 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@9 pass in inet proto udp from any to 10.0.0.3 port = domain keep state
+ [ Skip steps: i=13 d=14 f=end p=11 sa=end sp=end dp=11 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@10 pass in inet proto udp from any to 10.0.0.1 port = domain keep state
+ [ Skip steps: i=13 d=14 f=end sa=end sp=end da=12 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@11 pass in inet proto tcp from any to 10.0.0.1 port = www keep state
+ [ Skip steps: i=13 d=14 f=end p=14 sa=end sp=end dp=13 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@12 pass in inet proto tcp from any to 10.0.0.3 port = www keep state
+ [ Skip steps: d=14 f=end p=14 sa=end sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@13 pass in on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh keep state
+ [ Skip steps: f=end sa=end sp=end da=16 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@14 pass out on lo1000001 inet proto udp from any to 10.0.0.2 port = domain keep state
+ [ Skip steps: d=end f=end p=18 sa=end sp=end da=16 dp=18 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@15 pass out on lo1000000 inet proto udp from any to 10.0.0.2 port = domain keep state
+ [ Skip steps: d=end f=end p=18 sa=end sp=end dp=18 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@16 pass out inet proto udp from any to 10.0.0.1 port = domain keep state
+ [ Skip steps: i=18 d=end f=end p=18 sa=end sp=end dp=18 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@17 pass out inet proto udp from any to 10.0.0.3 port = domain keep state
+ [ Skip steps: d=end f=end sa=end sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@18 pass out on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh keep state
+ [ Skip steps: d=end f=end p=end sa=end sp=end da=20 dp=20 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@19 pass out on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh keep state
+ [ Skip steps: d=end f=end p=end sa=end sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@20 pass out inet proto tcp from any to 10.0.0.1 port = 81 keep state
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@21 pass out inet proto tcp from any to 10.0.0.1 port = www keep state
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf88.in b/regress/sbin/pfctl/pf88.in
new file mode 100644
index 00000000000..4700b6916b7
--- /dev/null
+++ b/regress/sbin/pfctl/pf88.in
@@ -0,0 +1,32 @@
+# pfctl -o duplicate rules
+
+pass in on lo1000000 from any to 10.0.0.1
+pass in on lo1000000 inet from any to 10.0.0.1
+
+pass
+pass out
+pass out
+pass out quick
+
+pass on lo1000001 to 10.0.0.1
+pass on lo1000000 from any to 10.0.0.1
+
+pass to 10.0.0.2 modulate state
+pass to 10.0.0.2 keep state
+block from 10.0.0.3 to 10.0.0.2
+pass to 10.0.0.2 modulate state
+block from 10.0.0.3 to 10.0.0.2
+pass to 10.0.0.2 synproxy state
+
+
+pass out proto tcp from 10.0.0.4 to 10.0.0.5 keep state
+pass out proto tcp from 10.0.0.4 to 10.0.0.5 port 80 keep state
+
+pass out
+pass in
+
+pass in on lo1000001 from any to any
+pass in on lo1000001 from any to any keep state
+pass in on lo1000001 from any to any
+
+block
diff --git a/regress/sbin/pfctl/pf88.loaded b/regress/sbin/pfctl/pf88.loaded
new file mode 100644
index 00000000000..dadee1a65cd
--- /dev/null
+++ b/regress/sbin/pfctl/pf88.loaded
@@ -0,0 +1,88 @@
+@0 pass in on lo1000000 inet from any to 10.0.0.1
+ [ Skip steps: i=2 d=2 f=2 p=14 sa=10 sp=end da=2 dp=15 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@1 pass in on lo1000000 inet from any to 10.0.0.1
+ [ Skip steps: p=14 sa=10 sp=end dp=15 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@2 pass all
+ [ Skip steps: i=6 f=6 p=14 sa=10 sp=end da=6 dp=15 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@3 pass out all
+ [ Skip steps: i=6 d=6 f=6 p=14 sa=10 sp=end da=6 dp=15 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@4 pass out all
+ [ Skip steps: i=6 d=6 f=6 p=14 sa=10 sp=end da=6 dp=15 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@5 pass out quick all
+ [ Skip steps: p=14 sa=10 sp=end dp=15 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@6 pass on lo1000001 inet from any to 10.0.0.1
+ [ Skip steps: d=14 f=16 p=14 sa=10 sp=end da=8 dp=15 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@7 pass on lo1000000 inet from any to 10.0.0.1
+ [ Skip steps: d=14 f=16 p=14 sa=10 sp=end dp=15 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@8 pass inet from any to 10.0.0.2 modulate state
+ [ Skip steps: i=18 d=14 f=16 p=14 sa=10 sp=end da=14 dp=15 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@9 pass inet from any to 10.0.0.2 keep state
+ [ Skip steps: i=18 d=14 f=16 p=14 sp=end da=14 dp=15 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@10 block drop inet from 10.0.0.3 to 10.0.0.2
+ [ Skip steps: i=18 d=14 f=16 p=14 sp=end da=14 dp=15 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@11 pass inet from any to 10.0.0.2 modulate state
+ [ Skip steps: i=18 d=14 f=16 p=14 sp=end da=14 dp=15 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@12 block drop inet from 10.0.0.3 to 10.0.0.2
+ [ Skip steps: i=18 d=14 f=16 p=14 sp=end da=14 dp=15 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@13 pass inet from any to 10.0.0.2 synproxy state
+ [ Skip steps: i=18 f=16 sp=end dp=15 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@14 pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 keep state
+ [ Skip steps: i=18 d=17 f=16 p=16 sa=16 sp=end da=16 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@15 pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 port = www keep state
+ [ Skip steps: i=18 d=17 sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@16 pass out all
+ [ Skip steps: i=18 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@17 pass in all
+ [ Skip steps: d=21 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@18 pass in on lo1000001 all
+ [ Skip steps: i=21 d=21 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@19 pass in on lo1000001 all keep state
+ [ Skip steps: i=21 d=21 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@20 pass in on lo1000001 all
+ [ Skip steps: f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@21 block drop all
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf88.ok b/regress/sbin/pfctl/pf88.ok
new file mode 100644
index 00000000000..e54fe473491
--- /dev/null
+++ b/regress/sbin/pfctl/pf88.ok
@@ -0,0 +1,22 @@
+pass in on lo1000000 inet from any to 10.0.0.1
+pass in on lo1000000 inet from any to 10.0.0.1
+pass all
+pass out all
+pass out all
+pass out quick all
+pass on lo1000001 inet from any to 10.0.0.1
+pass on lo1000000 inet from any to 10.0.0.1
+pass inet from any to 10.0.0.2 modulate state
+pass inet from any to 10.0.0.2 keep state
+block drop inet from 10.0.0.3 to 10.0.0.2
+pass inet from any to 10.0.0.2 modulate state
+block drop inet from 10.0.0.3 to 10.0.0.2
+pass inet from any to 10.0.0.2 synproxy state
+pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 keep state
+pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 port = www keep state
+pass out all
+pass in all
+pass in on lo1000001 all
+pass in on lo1000001 all keep state
+pass in on lo1000001 all
+block drop all
diff --git a/regress/sbin/pfctl/pf88.optimized b/regress/sbin/pfctl/pf88.optimized
new file mode 100644
index 00000000000..d937634d7b7
--- /dev/null
+++ b/regress/sbin/pfctl/pf88.optimized
@@ -0,0 +1,64 @@
+@0 pass all
+ [ Skip steps: i=2 f=2 p=10 sa=6 sp=end da=2 dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@1 pass out quick all
+ [ Skip steps: p=10 sa=6 sp=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@2 pass on lo1000001 inet from any to 10.0.0.1
+ [ Skip steps: d=10 f=11 p=10 sa=6 sp=end da=4 dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@3 pass on lo1000000 inet from any to 10.0.0.1
+ [ Skip steps: d=10 f=11 p=10 sa=6 sp=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@4 pass inet from any to 10.0.0.2 modulate state
+ [ Skip steps: i=13 d=10 f=11 p=10 sa=6 sp=end da=10 dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@5 pass inet from any to 10.0.0.2 keep state
+ [ Skip steps: i=13 d=10 f=11 p=10 sp=end da=10 dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@6 block drop inet from 10.0.0.3 to 10.0.0.2
+ [ Skip steps: i=13 d=10 f=11 p=10 sp=end da=10 dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@7 pass inet from any to 10.0.0.2 modulate state
+ [ Skip steps: i=13 d=10 f=11 p=10 sp=end da=10 dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@8 block drop inet from 10.0.0.3 to 10.0.0.2
+ [ Skip steps: i=13 d=10 f=11 p=10 sp=end da=10 dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@9 pass inet from any to 10.0.0.2 synproxy state
+ [ Skip steps: i=13 f=11 sp=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@10 pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 keep state
+ [ Skip steps: i=13 d=12 sp=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@11 pass out all
+ [ Skip steps: i=13 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@12 pass in all
+ [ Skip steps: d=15 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@13 pass in on lo1000001 all keep state
+ [ Skip steps: i=15 d=15 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@14 pass in on lo1000001 all
+ [ Skip steps: f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@15 block drop all
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]