diff options
author | Peter Stromberg <wilfried@cvs.openbsd.org> | 2001-09-15 23:25:24 +0000 |
---|---|---|
committer | Peter Stromberg <wilfried@cvs.openbsd.org> | 2001-09-15 23:25:24 +0000 |
commit | 910f13c1f05a0aeb0379ffb2084988c536394e35 (patch) | |
tree | 72e6a75aa73b362ebc18f963aeb970eeea34887d | |
parent | 0ea556316015d5c7204d780512ea86ee7a003549 (diff) |
return-icmp / icmp-type tests, ok dhartmei@
-rw-r--r-- | regress/sbin/pfctl/Makefile | 21 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf10.in | 27 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf10.ok | 26 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf11.in | 16 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf11.ok | 16 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf2.ok | 4 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf7.ok | 4 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail2.in | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail3.in | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail4.in | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail5.in | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail6.in | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail7.in | 1 |
13 files changed, 109 insertions, 11 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile index d756fd597fe..0c7e7430051 100644 --- a/regress/sbin/pfctl/Makefile +++ b/regress/sbin/pfctl/Makefile @@ -1,12 +1,19 @@ -# $OpenBSD: Makefile,v 1.8 2001/09/06 18:45:13 jasoni Exp $ +# $OpenBSD: Makefile,v 1.9 2001/09/15 23:25:23 wilfried Exp $ NOMAN= NOPROG= -PFTESTS=1 2 3 4 5 6 7 8 9 +PFTESTS=1 2 3 4 5 6 7 8 9 10 11 +PFFAIL=1 2 3 4 5 6 7 -pfail1: - @pfctl -nv -R - < ${.CURDIR}/pfail1.in > /dev/null 2>&1 || \ - echo 'test pfail1 fails as expected' +.for n in ${PFFAIL} +regress: pfail${n} + +pfail${n}: + @pfctl -nv -R - < ${.CURDIR}/pfail${n}.in > /dev/null 2>&1 && \ + echo 'test pfail${n} does not fail as expected' || true + +.PHONY: pfail${n} regress +.endfor .for n in ${PFTESTS} regress: pf${n} @@ -30,7 +37,7 @@ binat1.out: CLEANFILES+=binat1.out -regress: pfail1 binat1 +regress: binat1 -.PHONY: regress pfail1 +.PHONY: regress .include <bsd.prog.mk> diff --git a/regress/sbin/pfctl/pf10.in b/regress/sbin/pfctl/pf10.in new file mode 100644 index 00000000000..0154afd764d --- /dev/null +++ b/regress/sbin/pfctl/pf10.in @@ -0,0 +1,27 @@ +# return variants +pass in inet proto icmp all +pass in inet6 proto ipv6-icmp all +block in inet proto icmp all +block in inet6 proto ipv6-icmp all +block return-rst in inet proto icmp all +block return-rst in inet6 proto ipv6-icmp all +block return-icmp in inet proto icmp all +block return-icmp(0) in inet proto icmp all +block return-icmp(net-unr) in inet proto icmp all +block return-icmp(5) in inet proto icmp all +block return-icmp(srcfail) in inet proto icmp all +block return-icmp(10) in inet proto icmp all +block return-icmp(host-prohib) in inet proto icmp all +block return-icmp(15) in inet proto icmp all +block return-icmp(cutoff-preced) in inet proto icmp all +block return-icmp6 in inet6 proto ipv6-icmp all +block return-icmp6(0) in inet6 proto ipv6-icmp all +block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all +block return-icmp6(1) in inet6 proto ipv6-icmp all +block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all +block return-icmp6(2) in inet6 proto ipv6-icmp all +block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all +block return-icmp6(3) in inet6 proto ipv6-icmp all +block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all +block return-icmp6(4) in inet6 proto ipv6-icmp all +block return-icmp6(port-unr) in inet6 proto ipv6-icmp all diff --git a/regress/sbin/pfctl/pf10.ok b/regress/sbin/pfctl/pf10.ok new file mode 100644 index 00000000000..41ec7b7798c --- /dev/null +++ b/regress/sbin/pfctl/pf10.ok @@ -0,0 +1,26 @@ +@0 pass in inet proto icmp all +@0 pass in inet6 proto ipv6-icmp all +@0 block in inet proto icmp all +@0 block in inet6 proto ipv6-icmp all +@0 block return-rst in inet proto icmp all +@0 block return-rst in inet6 proto ipv6-icmp all +@0 block return-icmp in inet proto icmp all +@0 block return-icmp(net-unr) in inet proto icmp all +@0 block return-icmp(net-unr) in inet proto icmp all +@0 block return-icmp(srcfail) in inet proto icmp all +@0 block return-icmp(srcfail) in inet proto icmp all +@0 block return-icmp(host-prohib) in inet proto icmp all +@0 block return-icmp(host-prohib) in inet proto icmp all +@0 block return-icmp(cutoff-preced) in inet proto icmp all +@0 block return-icmp(cutoff-preced) in inet proto icmp all +@0 block return-icmp6 in inet6 proto ipv6-icmp all +@0 block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all +@0 block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all +@0 block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all +@0 block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all +@0 block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all +@0 block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all +@0 block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all +@0 block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all +@0 block return-icmp6 in inet6 proto ipv6-icmp all +@0 block return-icmp6 in inet6 proto ipv6-icmp all diff --git a/regress/sbin/pfctl/pf11.in b/regress/sbin/pfctl/pf11.in new file mode 100644 index 00000000000..53f87e1b565 --- /dev/null +++ b/regress/sbin/pfctl/pf11.in @@ -0,0 +1,16 @@ +pass in inet proto icmp all icmp-type 0 +pass in inet proto icmp all icmp-type 0 code 0 +pass in inet proto icmp all icmp-type 1 +pass in inet proto icmp all icmp-type 1 code 1 +pass in inet6 proto ipv6-icmp all ipv6-icmp-type 0 +pass in inet6 proto ipv6-icmp all ipv6-icmp-type 0 code 0 +pass in inet6 proto ipv6-icmp all ipv6-icmp-type 1 +pass in inet6 proto ipv6-icmp all ipv6-icmp-type 1 code 1 +block in inet proto icmp all icmp-type 0 +block in inet proto icmp all icmp-type 0 code 0 +block in inet proto icmp all icmp-type 1 +block in inet proto icmp all icmp-type 1 code 1 +block in inet6 proto ipv6-icmp all ipv6-icmp-type 0 +block in inet6 proto ipv6-icmp all ipv6-icmp-type 0 code 0 +block in inet6 proto ipv6-icmp all ipv6-icmp-type 1 +block in inet6 proto ipv6-icmp all ipv6-icmp-type 1 code 1 diff --git a/regress/sbin/pfctl/pf11.ok b/regress/sbin/pfctl/pf11.ok new file mode 100644 index 00000000000..ead3bf0cb87 --- /dev/null +++ b/regress/sbin/pfctl/pf11.ok @@ -0,0 +1,16 @@ +@0 pass in inet proto icmp all icmp-type echorep +@0 pass in inet proto icmp all icmp-type echorep code 0 +@0 pass in inet proto icmp all icmp-type 1 +@0 pass in inet proto icmp all icmp-type 1 code 1 +@0 pass in inet6 proto ipv6-icmp all ipv6-icmp-type 0 +@0 pass in inet6 proto ipv6-icmp all ipv6-icmp-type 0 code 0 +@0 pass in inet6 proto ipv6-icmp all ipv6-icmp-type unreach +@0 pass in inet6 proto ipv6-icmp all ipv6-icmp-type unreach code noroute-unr +@0 block in inet proto icmp all icmp-type echorep +@0 block in inet proto icmp all icmp-type echorep code 0 +@0 block in inet proto icmp all icmp-type 1 +@0 block in inet proto icmp all icmp-type 1 code 1 +@0 block in inet6 proto ipv6-icmp all ipv6-icmp-type 0 +@0 block in inet6 proto ipv6-icmp all ipv6-icmp-type 0 code 0 +@0 block in inet6 proto ipv6-icmp all ipv6-icmp-type unreach +@0 block in inet6 proto ipv6-icmp all ipv6-icmp-type unreach code noroute-unr diff --git a/regress/sbin/pfctl/pf2.ok b/regress/sbin/pfctl/pf2.ok index 3e601bb7e4a..c3454b6b928 100644 --- a/regress/sbin/pfctl/pf2.ok +++ b/regress/sbin/pfctl/pf2.ok @@ -2,8 +2,8 @@ @0 block in log on kue0 all @0 block return-rst out log on kue0 proto tcp all @0 block return-rst in log on kue0 proto tcp all -@0 block return-icmp(3,3) out log on kue0 proto udp all -@0 block return-icmp(3,3) in log on kue0 proto udp all +@0 block return-icmp out log on kue0 proto udp all +@0 block return-icmp in log on kue0 proto udp all @0 block out log quick on kue0 inet from ! 157.161.48.183/32 to any @0 block in quick on kue0 inet from any to 255.255.255.255/32 @0 block in log quick on kue0 inet from 10.0.0.0/8 to any diff --git a/regress/sbin/pfctl/pf7.ok b/regress/sbin/pfctl/pf7.ok index 5221ef4f9b5..ea338df7636 100644 --- a/regress/sbin/pfctl/pf7.ok +++ b/regress/sbin/pfctl/pf7.ok @@ -2,8 +2,8 @@ @0 block in log on kue0 all @0 block return-rst out log on kue0 proto tcp all @0 block return-rst in log on kue0 proto tcp all -@0 block return-icmp(3,3) out log on kue0 proto udp all -@0 block return-icmp(3,3) in log on kue0 proto udp all +@0 block return-icmp out log on kue0 proto udp all +@0 block return-icmp in log on kue0 proto udp all @0 block out log quick on kue0 inet from ! 157.161.48.183/32 to any @0 block in quick on kue0 inet from any to 255.255.255.255/32 @0 block in log quick on kue0 inet from 10.0.0.0/8 to any diff --git a/regress/sbin/pfctl/pfail2.in b/regress/sbin/pfctl/pfail2.in new file mode 100644 index 00000000000..c380e7b711b --- /dev/null +++ b/regress/sbin/pfctl/pfail2.in @@ -0,0 +1 @@ +pass in inet6 proto icmp all diff --git a/regress/sbin/pfctl/pfail3.in b/regress/sbin/pfctl/pfail3.in new file mode 100644 index 00000000000..d5f8c7d791f --- /dev/null +++ b/regress/sbin/pfctl/pfail3.in @@ -0,0 +1 @@ +pass in inet proto ipv6-icmp all diff --git a/regress/sbin/pfctl/pfail4.in b/regress/sbin/pfctl/pfail4.in new file mode 100644 index 00000000000..5facdc0feab --- /dev/null +++ b/regress/sbin/pfctl/pfail4.in @@ -0,0 +1 @@ +block return-icmp6 in inet proto icmp all diff --git a/regress/sbin/pfctl/pfail5.in b/regress/sbin/pfctl/pfail5.in new file mode 100644 index 00000000000..110d189c0d6 --- /dev/null +++ b/regress/sbin/pfctl/pfail5.in @@ -0,0 +1 @@ +block return-icmp in inet proto ipv6-icmp all diff --git a/regress/sbin/pfctl/pfail6.in b/regress/sbin/pfctl/pfail6.in new file mode 100644 index 00000000000..8e36dc270aa --- /dev/null +++ b/regress/sbin/pfctl/pfail6.in @@ -0,0 +1 @@ +pass in inet proto icmp all ipv6-icmp-type 0 diff --git a/regress/sbin/pfctl/pfail7.in b/regress/sbin/pfctl/pfail7.in new file mode 100644 index 00000000000..ee6124985a8 --- /dev/null +++ b/regress/sbin/pfctl/pfail7.in @@ -0,0 +1 @@ +pass in inet6 proto ipv6-icmp all icmp-type 0 |