summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRyan Thomas McBride <mcbride@cvs.openbsd.org>2008-02-01 07:21:15 +0000
committerRyan Thomas McBride <mcbride@cvs.openbsd.org>2008-02-01 07:21:15 +0000
commit551c92dcacf14971fd40e5727286916ef3e335d6 (patch)
treef73e192bbcf56d92d4ef2e7cc40faeea7ee96292
parentd045830773997018efc469453897a2be54754acb (diff)
Add regress test for anchors matching on filter_opts.
-rw-r--r--regress/sbin/pfctl/pf41.in3
-rw-r--r--regress/sbin/pfctl/pf41.ok3
-rw-r--r--regress/sbin/pfctl/pf91.in6
-rw-r--r--regress/sbin/pfctl/pf91.loaded2
-rw-r--r--regress/sbin/pfctl/pf91.ok2
-rw-r--r--regress/sbin/pfctl/pf91.optimized2
-rw-r--r--regress/sbin/pfctl/pfail27.in1
-rw-r--r--regress/sbin/pfctl/pfail27.ok1
8 files changed, 14 insertions, 6 deletions
diff --git a/regress/sbin/pfctl/pf41.in b/regress/sbin/pfctl/pf41.in
index e7e9140a62d..6aa47e56ef1 100644
--- a/regress/sbin/pfctl/pf41.in
+++ b/regress/sbin/pfctl/pf41.in
@@ -21,3 +21,6 @@ anchor foo inet all
anchor foo proto tcp
anchor foo inet proto tcp from 10.1.2.3 port smtp to 10.2.3.4 port ssh
anchor foobar inet6 proto udp from ::1 port 1 to ::1 port 2
+anchor filteropt out proto tcp to any port 22 user root
+anchor filteropt in proto tcp to (self) port 22 group sshd
+anchor filteropt out inet proto icmp all icmp-type echoreq
diff --git a/regress/sbin/pfctl/pf41.ok b/regress/sbin/pfctl/pf41.ok
index 7f214cbd0d5..ec3a3784974 100644
--- a/regress/sbin/pfctl/pf41.ok
+++ b/regress/sbin/pfctl/pf41.ok
@@ -53,3 +53,6 @@ anchor "foo" inet all
anchor "foo" proto tcp all
anchor "foo" inet proto tcp from 10.1.2.3 port = smtp to 10.2.3.4 port = ssh
anchor "foobar" inet6 proto udp from ::1 port = 1 to ::1 port = 2
+anchor "filteropt" out proto tcp from any to any port = ssh user = 0
+anchor "filteropt" in proto tcp from any to (self) port = ssh group = 27
+anchor "filteropt" out inet proto icmp all icmp-type echoreq
diff --git a/regress/sbin/pfctl/pf91.in b/regress/sbin/pfctl/pf91.in
index 34f9bc7449a..b4fc631423e 100644
--- a/regress/sbin/pfctl/pf91.in
+++ b/regress/sbin/pfctl/pf91.in
@@ -1,11 +1,11 @@
# basic anchor test
anchor on tun1000000 {
anchor foo out {
- pass proto tcp to port 1234
- anchor proto tcp to port 2413 {
+ pass proto tcp to port 1234
+ anchor proto tcp to port 2413 user root label "foo" {
block
pass from 127.0.0.1
}
}
- pass in proto tcp to port 1234
+ pass in proto tcp to port 1234
}
diff --git a/regress/sbin/pfctl/pf91.loaded b/regress/sbin/pfctl/pf91.loaded
index a5c2ea74345..b1a0b910dfa 100644
--- a/regress/sbin/pfctl/pf91.loaded
+++ b/regress/sbin/pfctl/pf91.loaded
@@ -10,7 +10,7 @@
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 anchor proto tcp from any to any port = 2413 {
+@1 anchor proto tcp from any to any port = 2413 user = 0 label "foo" {
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf91.ok b/regress/sbin/pfctl/pf91.ok
index 00e81175617..9f69e272d7f 100644
--- a/regress/sbin/pfctl/pf91.ok
+++ b/regress/sbin/pfctl/pf91.ok
@@ -1,7 +1,7 @@
anchor on tun1000000 all {
anchor "foo" out all {
pass proto tcp from any to any port = 1234 flags S/SA keep state
- anchor proto tcp from any to any port = 2413 {
+ anchor proto tcp from any to any port = 2413 user = 0 label "foo" {
block drop all
pass inet from 127.0.0.1 to any flags S/SA keep state
}
diff --git a/regress/sbin/pfctl/pf91.optimized b/regress/sbin/pfctl/pf91.optimized
index a5c2ea74345..b1a0b910dfa 100644
--- a/regress/sbin/pfctl/pf91.optimized
+++ b/regress/sbin/pfctl/pf91.optimized
@@ -10,7 +10,7 @@
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 anchor proto tcp from any to any port = 2413 {
+@1 anchor proto tcp from any to any port = 2413 user = 0 label "foo" {
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pfail27.in b/regress/sbin/pfctl/pfail27.in
index 01e82d1ec60..d57e7829319 100644
--- a/regress/sbin/pfctl/pfail27.in
+++ b/regress/sbin/pfctl/pfail27.in
@@ -3,3 +3,4 @@
rdr-anchor foo from 10/8 port 1024 to any
rdr-anchor foo to 10/8 port { 80, 443 }
rdr-anchor foo to 10/8 port 6000:7000
+anchor foo keep state
diff --git a/regress/sbin/pfctl/pfail27.ok b/regress/sbin/pfctl/pfail27.ok
index 36316fec7e7..20d88abe520 100644
--- a/regress/sbin/pfctl/pfail27.ok
+++ b/regress/sbin/pfctl/pfail27.ok
@@ -1,3 +1,4 @@
stdin:3: source port parameter not supported in rdr-anchor
stdin:4: destination port list expansion not supported in rdr-anchor
stdin:5: destination port operators not supported in rdr-anchor
+stdin:6: cannot specify state handling on anchors