diff options
author | Jonathan Gray <jsg@cvs.openbsd.org> | 2009-10-06 14:11:08 +0000 |
---|---|---|
committer | Jonathan Gray <jsg@cvs.openbsd.org> | 2009-10-06 14:11:08 +0000 |
commit | 9b5999d0ab218c14cad682141e87004210c5292f (patch) | |
tree | ba0c463968210fc47c47cd9a6e1bc6db03929b12 | |
parent | 14a682bc20346d7ea2cf97d0cd85ab2529bc6678 (diff) |
more updates for new pf with source-hash manually added to
loaded output as it doesn't currently appear as it should.
ok henning@
27 files changed, 348 insertions, 334 deletions
diff --git a/regress/sbin/pfctl/pf13.loaded b/regress/sbin/pfctl/pf13.loaded index b8e29204835..e0eed5268ff 100644 --- a/regress/sbin/pfctl/pf13.loaded +++ b/regress/sbin/pfctl/pf13.loaded @@ -1,64 +1,64 @@ -@0 pass in quick on enc0 fastroute all flags S/SA keep state +@0 pass in quick on enc0 all flags S/SA keep state fastroute [ Skip steps: i=3 d=3 p=6 sa=8 sp=end da=4 dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in quick on enc0 fastroute inet all flags S/SA keep state +@1 pass in quick on enc0 inet all flags S/SA keep state fastroute [ Skip steps: i=3 d=3 p=6 sa=8 sp=end da=4 dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in quick on enc0 fastroute inet6 all flags S/SA keep state +@2 pass in quick on enc0 inet6 all flags S/SA keep state fastroute [ Skip steps: p=6 sa=8 sp=end da=4 dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass out quick on tun1000000 route-to tun1000001 inet all flags S/SA keep state +@3 pass out quick on tun1000000 inet all flags S/SA keep state route-to tun1000001 [ Skip steps: i=end d=6 f=5 p=6 sa=8 sp=end dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass out quick on tun1000000 route-to tun1000001 inet from any to 192.168.1.1 flags S/SA keep state +@4 pass out quick on tun1000000 inet from any to 192.168.1.1 flags S/SA keep state route-to tun1000001 [ Skip steps: i=end d=6 p=6 sa=8 sp=end dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass out quick on tun1000000 route-to tun1000001 inet6 from any to fec0::1 flags S/SA keep state +@5 pass out quick on tun1000000 inet6 from any to fec0::1 flags S/SA keep state route-to tun1000001 [ Skip steps: i=end sa=8 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 block drop in on tun1000000 dup-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp +@6 block drop in on tun1000000 inet proto tcp from any to any port = ftp dup-to (tun1000001 192.168.1.1) [ Skip steps: i=end d=end p=8 sa=8 sp=end da=8 dp=8 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 block drop in on tun1000000 dup-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp +@7 block drop in on tun1000000 inet6 proto tcp from any to any port = ftp dup-to (tun1000001 fec0::1) [ Skip steps: i=end d=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass in quick on tun1000000 route-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state +@8 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state route-to tun1000001 [ Skip steps: i=end d=end p=10 sp=end dp=10 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 pass in quick on tun1000000 route-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state +@9 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state route-to tun1000001 [ Skip steps: i=end d=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 block drop in on tun1000000 reply-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp +@10 block drop in on tun1000000 inet proto tcp from any to any port = ftp reply-to (tun1000001 192.168.1.1) [ Skip steps: i=end d=end p=12 sa=12 sp=end da=12 dp=12 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 block drop in on tun1000000 reply-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp +@11 block drop in on tun1000000 inet6 proto tcp from any to any port = ftp reply-to (tun1000001 fec0::1) [ Skip steps: i=end d=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass in quick on tun1000000 reply-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state +@12 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state reply-to tun1000001 [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass in quick on tun1000000 reply-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state +@13 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state reply-to tun1000001 [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 pass in quick on tun1000000 dup-to (tun1000001 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state +@14 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state dup-to (tun1000001 192.168.1.100) [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 pass in quick on tun1000000 dup-to (tun1000001 fec1::2) inet6 from fec0::/64 to fec1::2 flags S/SA keep state +@15 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state dup-to (tun1000001 fec1::2) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf13.ok b/regress/sbin/pfctl/pf13.ok index 8062d2765bc..a141383e283 100644 --- a/regress/sbin/pfctl/pf13.ok +++ b/regress/sbin/pfctl/pf13.ok @@ -1,16 +1,16 @@ -pass in quick on enc0 fastroute all flags S/SA keep state -pass in quick on enc0 fastroute inet all flags S/SA keep state -pass in quick on enc0 fastroute inet6 all flags S/SA keep state -pass out quick on tun1000000 route-to tun1000001 inet all flags S/SA keep state -pass out quick on tun1000000 route-to tun1000001 inet from any to 192.168.1.1 flags S/SA keep state -pass out quick on tun1000000 route-to tun1000001 inet6 from any to fec0::1 flags S/SA keep state -block drop in on tun1000000 dup-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp -block drop in on tun1000000 dup-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp -pass in quick on tun1000000 route-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state -pass in quick on tun1000000 route-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state -block drop in on tun1000000 reply-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp -block drop in on tun1000000 reply-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp -pass in quick on tun1000000 reply-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state -pass in quick on tun1000000 reply-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state -pass in quick on tun1000000 dup-to (tun1000001 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state -pass in quick on tun1000000 dup-to (tun1000001 fec1::2) inet6 from fec0::/64 to fec1::2 flags S/SA keep state +pass in quick on enc0 all flags S/SA keep state fastroute +pass in quick on enc0 inet all flags S/SA keep state fastroute +pass in quick on enc0 inet6 all flags S/SA keep state fastroute +pass out quick on tun1000000 inet all flags S/SA keep state route-to tun1000001 +pass out quick on tun1000000 inet from any to 192.168.1.1 flags S/SA keep state route-to tun1000001 +pass out quick on tun1000000 inet6 from any to fec0::1 flags S/SA keep state route-to tun1000001 +block drop in on tun1000000 inet proto tcp from any to any port = ftp dup-to (tun1000001 192.168.1.1) +block drop in on tun1000000 inet6 proto tcp from any to any port = ftp dup-to (tun1000001 fec0::1) +pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state route-to tun1000001 +pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state route-to tun1000001 +block drop in on tun1000000 inet proto tcp from any to any port = ftp reply-to (tun1000001 192.168.1.1) +block drop in on tun1000000 inet6 proto tcp from any to any port = ftp reply-to (tun1000001 fec0::1) +pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state reply-to tun1000001 +pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state reply-to tun1000001 +pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state dup-to (tun1000001 192.168.1.100) +pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state dup-to (tun1000001 fec1::2) diff --git a/regress/sbin/pfctl/pf13.optimized b/regress/sbin/pfctl/pf13.optimized index c93ee922e24..cd245b57023 100644 --- a/regress/sbin/pfctl/pf13.optimized +++ b/regress/sbin/pfctl/pf13.optimized @@ -1,56 +1,56 @@ -@0 pass in quick on enc0 fastroute all flags S/SA keep state +@0 pass in quick on enc0 all flags S/SA keep state fastroute [ Skip steps: p=4 sa=6 sp=end da=2 dp=4 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass out quick on tun1000000 route-to tun1000001 inet all flags S/SA keep state +@1 pass out quick on tun1000000 inet all flags S/SA keep state route-to tun1000001 [ Skip steps: i=end d=4 f=3 p=4 sa=6 sp=end dp=4 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass out quick on tun1000000 route-to tun1000001 inet from any to 192.168.1.1 flags S/SA keep state +@2 pass out quick on tun1000000 inet from any to 192.168.1.1 flags S/SA keep state route-to tun1000001 [ Skip steps: i=end d=4 p=4 sa=6 sp=end dp=4 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass out quick on tun1000000 route-to tun1000001 inet6 from any to fec0::1 flags S/SA keep state +@3 pass out quick on tun1000000 inet6 from any to fec0::1 flags S/SA keep state route-to tun1000001 [ Skip steps: i=end sa=6 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 block drop in on tun1000000 dup-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp +@4 block drop in on tun1000000 inet proto tcp from any to any port = ftp dup-to (tun1000001 192.168.1.1) [ Skip steps: i=end d=end p=6 sa=6 sp=end da=6 dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 block drop in on tun1000000 dup-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp +@5 block drop in on tun1000000 inet6 proto tcp from any to any port = ftp dup-to (tun1000001 fec0::1) [ Skip steps: i=end d=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in quick on tun1000000 route-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state +@6 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state route-to tun1000001 [ Skip steps: i=end d=end p=8 sp=end dp=8 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in quick on tun1000000 route-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state +@7 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state route-to tun1000001 [ Skip steps: i=end d=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 block drop in on tun1000000 reply-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp +@8 block drop in on tun1000000 inet proto tcp from any to any port = ftp reply-to (tun1000001 192.168.1.1) [ Skip steps: i=end d=end p=10 sa=10 sp=end da=10 dp=10 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 block drop in on tun1000000 reply-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp +@9 block drop in on tun1000000 inet6 proto tcp from any to any port = ftp reply-to (tun1000001 fec0::1) [ Skip steps: i=end d=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 pass in quick on tun1000000 reply-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state +@10 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state reply-to tun1000001 [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass in quick on tun1000000 reply-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state +@11 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state reply-to tun1000001 [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass in quick on tun1000000 dup-to (tun1000001 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state +@12 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state dup-to (tun1000001 192.168.1.100) [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass in quick on tun1000000 dup-to (tun1000001 fec1::2) inet6 from fec0::/64 to fec1::2 flags S/SA keep state +@13 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state dup-to (tun1000001 fec1::2) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf16.loaded b/regress/sbin/pfctl/pf16.loaded index 0f086b7c954..3f8f6e88ab8 100644 --- a/regress/sbin/pfctl/pf16.loaded +++ b/regress/sbin/pfctl/pf16.loaded @@ -1,16 +1,20 @@ -@0 nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@0 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1 + [ Skip steps: i=4 f=4 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 rdr on lo0 inet proto tcp from any to 1.2.3.4 port = 2222 -> 10.0.0.10 port 22 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@1 match in on lo0 inet proto tcp from any to 1.2.3.4 port = 2222 rdr-to 10.0.0.10 port 22 + [ Skip steps: i=4 f=4 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 binat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@2 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1 static-port + [ Skip steps: i=4 f=4 p=end sp=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@3 match in on lo0 inet from any to 10.0.0.1 rdr-to 192.168.1.1 + [ Skip steps: d=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass in on lo1000000 all no state +@4 pass in on lo1000000 all no state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf16.optimized b/regress/sbin/pfctl/pf16.optimized index 0f086b7c954..3f8f6e88ab8 100644 --- a/regress/sbin/pfctl/pf16.optimized +++ b/regress/sbin/pfctl/pf16.optimized @@ -1,16 +1,20 @@ -@0 nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@0 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1 + [ Skip steps: i=4 f=4 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 rdr on lo0 inet proto tcp from any to 1.2.3.4 port = 2222 -> 10.0.0.10 port 22 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@1 match in on lo0 inet proto tcp from any to 1.2.3.4 port = 2222 rdr-to 10.0.0.10 port 22 + [ Skip steps: i=4 f=4 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 binat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@2 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1 static-port + [ Skip steps: i=4 f=4 p=end sp=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@3 match in on lo0 inet from any to 10.0.0.1 rdr-to 192.168.1.1 + [ Skip steps: d=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass in on lo1000000 all no state +@4 pass in on lo1000000 all no state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf18.loaded b/regress/sbin/pfctl/pf18.loaded index 97ab8105b6a..500fd46e527 100644 --- a/regress/sbin/pfctl/pf18.loaded +++ b/regress/sbin/pfctl/pf18.loaded @@ -1,80 +1,76 @@ -@0 no nat on lo0 inet from 192.168.1.1 to 10.1.2.3 - [ Skip steps: i=16 d=end f=end p=2 sa=2 sp=end dp=end ] +@0 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1 + [ Skip steps: i=15 d=end f=end sp=end da=4 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 - [ Skip steps: i=16 d=end f=end sp=end da=5 dp=end ] +@1 match out on lo0 inet proto tcp from 192.168.1.2 to any nat-to 10.0.0.2 + [ Skip steps: i=15 d=end f=end sp=end da=4 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 nat on lo0 inet proto tcp from 192.168.1.2 to any -> 10.0.0.2 - [ Skip steps: i=16 d=end f=end sp=end da=5 dp=end ] +@2 match out on lo0 inet proto udp from 192.168.1.3 to any nat-to 10.0.0.3 + [ Skip steps: i=15 d=end f=end sp=end da=4 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 nat on lo0 inet proto udp from 192.168.1.3 to any -> 10.0.0.3 - [ Skip steps: i=16 d=end f=end sp=end da=5 dp=end ] +@3 match out on lo0 inet proto icmp from 192.168.1.4 to any nat-to 10.0.0.4 + [ Skip steps: i=15 d=end f=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 nat on lo0 inet proto icmp from 192.168.1.4 to any -> 10.0.0.4 - [ Skip steps: i=16 d=end f=end sp=end dp=end ] +@4 match out on lo0 inet from 192.168.1.5 to 172.6.1.1 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sa=7 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 nat on lo0 inet from 192.168.1.5 to 172.6.1.1 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sa=8 sp=end dp=end ] +@5 match out on lo0 inet from 192.168.1.5 to 172.14.1.2 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sa=7 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 nat on lo0 inet from 192.168.1.5 to 172.14.1.2 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sa=8 sp=end dp=end ] +@6 match out on lo0 inet from 192.168.1.5 to 172.16.2.0/24 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 nat on lo0 inet from 192.168.1.5 to 172.16.2.0/24 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ] +@7 match out on lo0 inet from 192.168.1.6 to 172.6.1.1 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sa=10 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 nat on lo0 inet from 192.168.1.6 to 172.6.1.1 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sa=11 sp=end dp=end ] +@8 match out on lo0 inet from 192.168.1.6 to 172.14.1.2 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sa=10 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 nat on lo0 inet from 192.168.1.6 to 172.14.1.2 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sa=11 sp=end dp=end ] +@9 match out on lo0 inet from 192.168.1.6 to 172.16.2.0/24 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 nat on lo0 inet from 192.168.1.6 to 172.16.2.0/24 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ] +@10 match out on lo0 inet from 192.168.1.7 to 172.6.1.1 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sa=13 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 nat on lo0 inet from 192.168.1.7 to 172.6.1.1 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sa=14 sp=end dp=end ] +@11 match out on lo0 inet from 192.168.1.7 to 172.14.1.2 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sa=13 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 nat on lo0 inet from 192.168.1.7 to 172.14.1.2 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sa=14 sp=end dp=end ] +@12 match out on lo0 inet from 192.168.1.7 to 172.16.2.0/24 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 nat on lo0 inet from 192.168.1.7 to 172.16.2.0/24 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ] +@13 match out on lo0 inet from 192.168.0.0/24 to any nat-to (lo0) round-robin + [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 nat on lo0 inet from 192.168.0.0/24 to any -> (lo0) round-robin - [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ] - [ queue: qname= qid=0 pqname= pqid=0 ] - [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 nat on lo0 inet from 192.168.1.8 to ! 172.17.0.0/16 -> 10.0.0.8 +@14 match out on lo0 inet from 192.168.1.8 to ! 172.17.0.0/16 nat-to 10.0.0.8 [ Skip steps: d=end f=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 nat on ! lo0 inet proto udp all -> 10.0.0.8 static-port - [ Skip steps: i=18 d=end f=end sa=end sp=end da=end dp=end ] +@15 match out on ! lo0 inet proto udp all nat-to 10.0.0.8 static-port + [ Skip steps: i=17 d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 nat on ! lo0 inet proto tcp all -> 10.0.0.8 static-port +@16 match out on ! lo0 inet proto tcp all nat-to 10.0.0.8 static-port [ Skip steps: d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 nat on lo0 inet all -> 10.0.0.8 +@17 match out on lo0 inet all nat-to 10.0.0.8 [ Skip steps: d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 nat on tun1000000 inet all -> 10.0.0.8 +@18 match out on tun1000000 inet all nat-to 10.0.0.8 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf18.optimized b/regress/sbin/pfctl/pf18.optimized index 97ab8105b6a..500fd46e527 100644 --- a/regress/sbin/pfctl/pf18.optimized +++ b/regress/sbin/pfctl/pf18.optimized @@ -1,80 +1,76 @@ -@0 no nat on lo0 inet from 192.168.1.1 to 10.1.2.3 - [ Skip steps: i=16 d=end f=end p=2 sa=2 sp=end dp=end ] +@0 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1 + [ Skip steps: i=15 d=end f=end sp=end da=4 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 - [ Skip steps: i=16 d=end f=end sp=end da=5 dp=end ] +@1 match out on lo0 inet proto tcp from 192.168.1.2 to any nat-to 10.0.0.2 + [ Skip steps: i=15 d=end f=end sp=end da=4 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 nat on lo0 inet proto tcp from 192.168.1.2 to any -> 10.0.0.2 - [ Skip steps: i=16 d=end f=end sp=end da=5 dp=end ] +@2 match out on lo0 inet proto udp from 192.168.1.3 to any nat-to 10.0.0.3 + [ Skip steps: i=15 d=end f=end sp=end da=4 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 nat on lo0 inet proto udp from 192.168.1.3 to any -> 10.0.0.3 - [ Skip steps: i=16 d=end f=end sp=end da=5 dp=end ] +@3 match out on lo0 inet proto icmp from 192.168.1.4 to any nat-to 10.0.0.4 + [ Skip steps: i=15 d=end f=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 nat on lo0 inet proto icmp from 192.168.1.4 to any -> 10.0.0.4 - [ Skip steps: i=16 d=end f=end sp=end dp=end ] +@4 match out on lo0 inet from 192.168.1.5 to 172.6.1.1 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sa=7 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 nat on lo0 inet from 192.168.1.5 to 172.6.1.1 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sa=8 sp=end dp=end ] +@5 match out on lo0 inet from 192.168.1.5 to 172.14.1.2 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sa=7 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 nat on lo0 inet from 192.168.1.5 to 172.14.1.2 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sa=8 sp=end dp=end ] +@6 match out on lo0 inet from 192.168.1.5 to 172.16.2.0/24 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 nat on lo0 inet from 192.168.1.5 to 172.16.2.0/24 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ] +@7 match out on lo0 inet from 192.168.1.6 to 172.6.1.1 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sa=10 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 nat on lo0 inet from 192.168.1.6 to 172.6.1.1 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sa=11 sp=end dp=end ] +@8 match out on lo0 inet from 192.168.1.6 to 172.14.1.2 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sa=10 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 nat on lo0 inet from 192.168.1.6 to 172.14.1.2 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sa=11 sp=end dp=end ] +@9 match out on lo0 inet from 192.168.1.6 to 172.16.2.0/24 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 nat on lo0 inet from 192.168.1.6 to 172.16.2.0/24 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ] +@10 match out on lo0 inet from 192.168.1.7 to 172.6.1.1 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sa=13 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 nat on lo0 inet from 192.168.1.7 to 172.6.1.1 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sa=14 sp=end dp=end ] +@11 match out on lo0 inet from 192.168.1.7 to 172.14.1.2 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sa=13 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 nat on lo0 inet from 192.168.1.7 to 172.14.1.2 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sa=14 sp=end dp=end ] +@12 match out on lo0 inet from 192.168.1.7 to 172.16.2.0/24 nat-to 127.0.0.1 + [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 nat on lo0 inet from 192.168.1.7 to 172.16.2.0/24 -> 127.0.0.1 - [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ] +@13 match out on lo0 inet from 192.168.0.0/24 to any nat-to (lo0) round-robin + [ Skip steps: i=15 d=end f=end p=15 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 nat on lo0 inet from 192.168.0.0/24 to any -> (lo0) round-robin - [ Skip steps: i=16 d=end f=end p=16 sp=end dp=end ] - [ queue: qname= qid=0 pqname= pqid=0 ] - [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 nat on lo0 inet from 192.168.1.8 to ! 172.17.0.0/16 -> 10.0.0.8 +@14 match out on lo0 inet from 192.168.1.8 to ! 172.17.0.0/16 nat-to 10.0.0.8 [ Skip steps: d=end f=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 nat on ! lo0 inet proto udp all -> 10.0.0.8 static-port - [ Skip steps: i=18 d=end f=end sa=end sp=end da=end dp=end ] +@15 match out on ! lo0 inet proto udp all nat-to 10.0.0.8 static-port + [ Skip steps: i=17 d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 nat on ! lo0 inet proto tcp all -> 10.0.0.8 static-port +@16 match out on ! lo0 inet proto tcp all nat-to 10.0.0.8 static-port [ Skip steps: d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 nat on lo0 inet all -> 10.0.0.8 +@17 match out on lo0 inet all nat-to 10.0.0.8 [ Skip steps: d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 nat on tun1000000 inet all -> 10.0.0.8 +@18 match out on tun1000000 inet all nat-to 10.0.0.8 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf29.loaded b/regress/sbin/pfctl/pf29.loaded index 6f4615d697f..6c4baf48f1a 100644 --- a/regress/sbin/pfctl/pf29.loaded +++ b/regress/sbin/pfctl/pf29.loaded @@ -1,12 +1,12 @@ -@0 rdr on lo0 inet proto tcp from any to 192.168.0.0/24 port 8000:8010 -> 127.0.0.1 port 8000:8010 +@0 match in on lo0 inet proto tcp from any to 192.168.0.0/24 port 8000:8010 rdr-to 127.0.0.1 port 8000:8010 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 rdr on lo0 inet proto tcp from any to 192.168.0.0/24 port 21:22 -> 127.0.0.1 port 179:180 +@1 match in on lo0 inet proto tcp from any to 192.168.0.0/24 port 21:22 rdr-to 127.0.0.1 port 179:180 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 rdr on lo0 inet proto tcp from any to 192.168.0.0/24 port 1000:3000 -> 127.0.0.1 port 22 +@2 match in on lo0 inet proto tcp from any to 192.168.0.0/24 port 1000:3000 rdr-to 127.0.0.1 port 22 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf29.optimized b/regress/sbin/pfctl/pf29.optimized index 6f4615d697f..6c4baf48f1a 100644 --- a/regress/sbin/pfctl/pf29.optimized +++ b/regress/sbin/pfctl/pf29.optimized @@ -1,12 +1,12 @@ -@0 rdr on lo0 inet proto tcp from any to 192.168.0.0/24 port 8000:8010 -> 127.0.0.1 port 8000:8010 +@0 match in on lo0 inet proto tcp from any to 192.168.0.0/24 port 8000:8010 rdr-to 127.0.0.1 port 8000:8010 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 rdr on lo0 inet proto tcp from any to 192.168.0.0/24 port 21:22 -> 127.0.0.1 port 179:180 +@1 match in on lo0 inet proto tcp from any to 192.168.0.0/24 port 21:22 rdr-to 127.0.0.1 port 179:180 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 rdr on lo0 inet proto tcp from any to 192.168.0.0/24 port 1000:3000 -> 127.0.0.1 port 22 +@2 match in on lo0 inet proto tcp from any to 192.168.0.0/24 port 1000:3000 rdr-to 127.0.0.1 port 22 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf46.loaded b/regress/sbin/pfctl/pf46.loaded index efdb5212ded..ed94058204b 100644 --- a/regress/sbin/pfctl/pf46.loaded +++ b/regress/sbin/pfctl/pf46.loaded @@ -1,32 +1,32 @@ -@0 pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all flags S/SA keep state +@0 pass in on lo0 inet all flags S/SA keep state route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin [ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all flags S/SA keep state +@1 pass out on lo0 inet all flags S/SA keep state route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin [ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in on lo0 route-to (pflog0 127.0.0.0/24) bitmask inet all flags S/SA keep state +@2 pass in on lo0 inet all flags S/SA keep state route-to (pflog0 127.0.0.0/24) [ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass out on lo0 dup-to (pflog0 127.0.0.0/24) random inet all flags S/SA keep state +@3 pass out on lo0 inet all flags S/SA keep state dup-to (pflog0 127.0.0.0/24) [ Skip steps: i=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all flags S/SA keep state +@4 pass in on lo0 inet6 all flags S/SA keep state reply-to { pflog0, pflog0 } round-robin [ Skip steps: i=end d=6 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all flags S/SA keep state +@5 pass in on lo0 inet all flags S/SA keep state reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass out on lo0 route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all flags S/SA keep state +@6 pass out on lo0 inet all flags S/SA keep state route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in on lo0 dup-to (pflog0 127.0.0.0/24) round-robin inet all flags S/SA keep state +@7 pass in on lo0 inet all flags S/SA keep state dup-to (pflog0 127.0.0.0/24) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf46.optimized b/regress/sbin/pfctl/pf46.optimized index efdb5212ded..ed94058204b 100644 --- a/regress/sbin/pfctl/pf46.optimized +++ b/regress/sbin/pfctl/pf46.optimized @@ -1,32 +1,32 @@ -@0 pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all flags S/SA keep state +@0 pass in on lo0 inet all flags S/SA keep state route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin [ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all flags S/SA keep state +@1 pass out on lo0 inet all flags S/SA keep state route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin [ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in on lo0 route-to (pflog0 127.0.0.0/24) bitmask inet all flags S/SA keep state +@2 pass in on lo0 inet all flags S/SA keep state route-to (pflog0 127.0.0.0/24) [ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass out on lo0 dup-to (pflog0 127.0.0.0/24) random inet all flags S/SA keep state +@3 pass out on lo0 inet all flags S/SA keep state dup-to (pflog0 127.0.0.0/24) [ Skip steps: i=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all flags S/SA keep state +@4 pass in on lo0 inet6 all flags S/SA keep state reply-to { pflog0, pflog0 } round-robin [ Skip steps: i=end d=6 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all flags S/SA keep state +@5 pass in on lo0 inet all flags S/SA keep state reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass out on lo0 route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all flags S/SA keep state +@6 pass out on lo0 inet all flags S/SA keep state route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in on lo0 dup-to (pflog0 127.0.0.0/24) round-robin inet all flags S/SA keep state +@7 pass in on lo0 inet all flags S/SA keep state dup-to (pflog0 127.0.0.0/24) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf48.loaded b/regress/sbin/pfctl/pf48.loaded index 1f39a36750e..a3ce438ba56 100644 --- a/regress/sbin/pfctl/pf48.loaded +++ b/regress/sbin/pfctl/pf48.loaded @@ -1,56 +1,56 @@ -@0 nat on lo0 inet from <regress.1:2> to <regress.2:*> -> 127.0.0.1 - [ Skip steps: d=end f=end p=end sp=end da=end dp=end ] +@0 match out on lo0 inet from <regress.1:2> to <regress.2:*> nat-to 127.0.0.1 + [ Skip steps: d=2 f=4 p=end sp=end da=4 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 nat on ! lo0 inet from ! <regress.1:2> to <regress.2:*> -> 127.0.0.1 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@1 match out on ! lo0 inet from ! <regress.1:2> to <regress.2:*> nat-to 127.0.0.1 + [ Skip steps: f=4 p=end sp=end da=4 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 rdr on lo0 inet from <regress.1:2> to <regress.2:*> -> 127.0.0.1 - [ Skip steps: d=end f=end p=end sp=end da=end dp=end ] +@2 match in on lo0 inet from <regress.1:2> to <regress.2:*> rdr-to 127.0.0.1 + [ Skip steps: d=6 f=4 p=end sp=end da=4 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 rdr on ! lo0 inet from ! <regress.1:2> to <regress.2:*> -> 127.0.0.1 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@3 match in on ! lo0 inet from ! <regress.1:2> to <regress.2:*> rdr-to 127.0.0.1 + [ Skip steps: d=6 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 match in from <regress.1:2> to any - [ Skip steps: i=end d=2 f=end p=end sp=end da=2 dp=end ] +@4 match in from <regress.1:2> to any + [ Skip steps: i=end d=6 f=end p=end sp=end da=6 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 match in from ! <regress.2:*> to any +@5 match in from ! <regress.2:*> to any [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 match out from any to ! <regress.1:2> - [ Skip steps: i=end d=4 f=end p=end sa=4 sp=end dp=end ] +@6 match out from any to ! <regress.1:2> + [ Skip steps: i=end d=8 f=end p=end sa=8 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 match out from any to <regress.2:*> +@7 match out from any to <regress.2:*> [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in from <regress:6> to any flags S/SA keep state +@8 pass in from <regress:6> to any flags S/SA keep state [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass out from any to <regress:6> flags S/SA keep state +@9 pass out from any to <regress:6> flags S/SA keep state [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in from <regress.1:2> to any flags S/SA keep state - [ Skip steps: i=end d=8 f=end p=end sp=end da=8 dp=end ] +@10 pass in from <regress.1:2> to any flags S/SA keep state + [ Skip steps: i=end d=12 f=end p=end sp=end da=12 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in from <regress.2:*> to any flags S/SA keep state +@11 pass in from <regress.2:*> to any flags S/SA keep state [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass out from any to ! <regress.1:2> flags S/SA keep state +@12 pass out from any to ! <regress.1:2> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 pass out from any to ! <regress.2:*> flags S/SA keep state +@13 pass out from any to ! <regress.2:*> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf48.optimized b/regress/sbin/pfctl/pf48.optimized index b7832dac8cd..dbc84cefd5f 100644 --- a/regress/sbin/pfctl/pf48.optimized +++ b/regress/sbin/pfctl/pf48.optimized @@ -1,56 +1,56 @@ -@0 nat on lo0 inet from <regress.1:2> to <regress.2:*> -> 127.0.0.1 - [ Skip steps: d=end f=end p=end sp=end da=end dp=end ] +@0 match out on lo0 inet from <regress.1:2> to <regress.2:*> nat-to 127.0.0.1 + [ Skip steps: d=2 f=4 p=end sp=end da=4 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 nat on ! lo0 inet from ! <regress.1:2> to <regress.2:*> -> 127.0.0.1 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@1 match out on ! lo0 inet from ! <regress.1:2> to <regress.2:*> nat-to 127.0.0.1 + [ Skip steps: f=4 p=end sp=end da=4 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 rdr on lo0 inet from <regress.1:2> to <regress.2:*> -> 127.0.0.1 - [ Skip steps: d=end f=end p=end sp=end da=end dp=end ] +@2 match in on lo0 inet from <regress.1:2> to <regress.2:*> rdr-to 127.0.0.1 + [ Skip steps: d=6 f=4 p=end sp=end da=4 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 rdr on ! lo0 inet from ! <regress.1:2> to <regress.2:*> -> 127.0.0.1 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@3 match in on ! lo0 inet from ! <regress.1:2> to <regress.2:*> rdr-to 127.0.0.1 + [ Skip steps: d=6 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 match in from <regress.1:2> to any - [ Skip steps: i=end d=2 f=end p=end sp=end da=2 dp=end ] +@4 match in from <regress.1:2> to any + [ Skip steps: i=end d=6 f=end p=end sp=end da=6 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 match in from ! <regress.2:*> to any +@5 match in from ! <regress.2:*> to any [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 match out from any to ! <regress.1:2> - [ Skip steps: i=end d=4 f=end p=end sa=4 sp=end dp=end ] +@6 match out from any to ! <regress.1:2> + [ Skip steps: i=end d=8 f=end p=end sa=8 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 match out from any to <regress.2:*> +@7 match out from any to <regress.2:*> [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in from <regress:6> to any flags S/SA keep state - [ Skip steps: i=end d=7 f=end p=end sp=end da=7 dp=end ] +@8 pass in from <regress:6> to any flags S/SA keep state + [ Skip steps: i=end d=11 f=end p=end sp=end da=11 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in from <regress.1:2> to any flags S/SA keep state - [ Skip steps: i=end d=7 f=end p=end sp=end da=7 dp=end ] +@9 pass in from <regress.1:2> to any flags S/SA keep state + [ Skip steps: i=end d=11 f=end p=end sp=end da=11 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in from <regress.2:*> to any flags S/SA keep state +@10 pass in from <regress.2:*> to any flags S/SA keep state [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass out from any to <regress:6> flags S/SA keep state +@11 pass out from any to <regress:6> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass out from any to ! <regress.1:2> flags S/SA keep state +@12 pass out from any to ! <regress.1:2> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 pass out from any to ! <regress.2:*> flags S/SA keep state +@13 pass out from any to ! <regress.2:*> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf66.loaded b/regress/sbin/pfctl/pf66.loaded index 82332522aa6..6bd8c3c3119 100644 --- a/regress/sbin/pfctl/pf66.loaded +++ b/regress/sbin/pfctl/pf66.loaded @@ -1,24 +1,24 @@ -@0 nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 port 500 +@0 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1 port 500 [ Skip steps: i=end d=end f=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 nat on lo0 inet proto tcp from 192.168.1.2 to any -> 10.0.0.2 port 1000:5000 +@1 match out on lo0 inet proto tcp from 192.168.1.2 to any nat-to 10.0.0.2 port 1000:5000 [ Skip steps: i=end d=end f=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 nat on lo0 inet proto udp from 192.168.1.3 to any -> 10.0.0.3 port 5000:1000 +@2 match out on lo0 inet proto udp from 192.168.1.3 to any nat-to 10.0.0.3 port 5000:1000 [ Skip steps: i=end d=end f=end p=4 sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 nat on lo0 inet proto udp from 192.168.1.4 to any -> 10.0.0.4 port 50000 +@3 match out on lo0 inet proto udp from 192.168.1.4 to any nat-to 10.0.0.4 port 50000 [ Skip steps: i=end d=end f=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 nat on lo0 inet proto tcp from 192.168.1.2 to any -> 10.0.0.2 port 80:5000 +@4 match out on lo0 inet proto tcp from 192.168.1.2 to any nat-to 10.0.0.2 port 80:5000 [ Skip steps: i=end d=end f=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 nat on lo0 inet proto udp from 192.168.1.3 to any -> 10.0.0.3 port 5000:80 +@5 match out on lo0 inet proto udp from 192.168.1.3 to any nat-to 10.0.0.3 port 5000:80 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf66.optimized b/regress/sbin/pfctl/pf66.optimized index 82332522aa6..6bd8c3c3119 100644 --- a/regress/sbin/pfctl/pf66.optimized +++ b/regress/sbin/pfctl/pf66.optimized @@ -1,24 +1,24 @@ -@0 nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 port 500 +@0 match out on lo0 inet from 192.168.1.1 to any nat-to 10.0.0.1 port 500 [ Skip steps: i=end d=end f=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 nat on lo0 inet proto tcp from 192.168.1.2 to any -> 10.0.0.2 port 1000:5000 +@1 match out on lo0 inet proto tcp from 192.168.1.2 to any nat-to 10.0.0.2 port 1000:5000 [ Skip steps: i=end d=end f=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 nat on lo0 inet proto udp from 192.168.1.3 to any -> 10.0.0.3 port 5000:1000 +@2 match out on lo0 inet proto udp from 192.168.1.3 to any nat-to 10.0.0.3 port 5000:1000 [ Skip steps: i=end d=end f=end p=4 sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 nat on lo0 inet proto udp from 192.168.1.4 to any -> 10.0.0.4 port 50000 +@3 match out on lo0 inet proto udp from 192.168.1.4 to any nat-to 10.0.0.4 port 50000 [ Skip steps: i=end d=end f=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 nat on lo0 inet proto tcp from 192.168.1.2 to any -> 10.0.0.2 port 80:5000 +@4 match out on lo0 inet proto tcp from 192.168.1.2 to any nat-to 10.0.0.2 port 80:5000 [ Skip steps: i=end d=end f=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 nat on lo0 inet proto udp from 192.168.1.3 to any -> 10.0.0.3 port 5000:80 +@5 match out on lo0 inet proto udp from 192.168.1.3 to any nat-to 10.0.0.3 port 5000:80 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf69.loaded b/regress/sbin/pfctl/pf69.loaded index b6ada19d8c5..5917920d1e8 100644 --- a/regress/sbin/pfctl/pf69.loaded +++ b/regress/sbin/pfctl/pf69.loaded @@ -1,8 +1,8 @@ -@0 nat on lo0 inet all tag regress -> 127.0.0.1 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@0 match out on lo0 inet all tag regress nat-to 127.0.0.1 + [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass out quick on lo0 all flags S/SA keep state tagged regress +@1 pass out quick on lo0 all flags S/SA keep state tagged regress [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf69.optimized b/regress/sbin/pfctl/pf69.optimized index b6ada19d8c5..5917920d1e8 100644 --- a/regress/sbin/pfctl/pf69.optimized +++ b/regress/sbin/pfctl/pf69.optimized @@ -1,8 +1,8 @@ -@0 nat on lo0 inet all tag regress -> 127.0.0.1 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@0 match out on lo0 inet all tag regress nat-to 127.0.0.1 + [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass out quick on lo0 all flags S/SA keep state tagged regress +@1 pass out quick on lo0 all flags S/SA keep state tagged regress [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf76.in b/regress/sbin/pfctl/pf76.in index 0e32442dd80..c487a548188 100644 --- a/regress/sbin/pfctl/pf76.in +++ b/regress/sbin/pfctl/pf76.in @@ -1,2 +1,2 @@ # check_netmask _after_ remove_dead_hosts -binat on lo0 inet from 1.2.3.4 to 5.6.7.8 -> lo0 +match on lo0 inet from 1.2.3.4 to 5.6.7.8 binat-to lo0 diff --git a/regress/sbin/pfctl/pf76.loaded b/regress/sbin/pfctl/pf76.loaded index 54231329bbe..344809da591 100644 --- a/regress/sbin/pfctl/pf76.loaded +++ b/regress/sbin/pfctl/pf76.loaded @@ -1,4 +1,8 @@ -@0 binat on lo0 inet from 1.2.3.4 to 5.6.7.8 -> 127.0.0.1 +@0 match out on lo0 inet from 1.2.3.4 to 5.6.7.8 nat-to 127.0.0.1 static-port + [ Skip steps: i=end f=end p=end sp=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@1 match in on lo0 inet from 5.6.7.8 to 127.0.0.1 rdr-to 1.2.3.4 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf76.ok b/regress/sbin/pfctl/pf76.ok index 7b3ba90f1b3..6de2441cbe6 100644 --- a/regress/sbin/pfctl/pf76.ok +++ b/regress/sbin/pfctl/pf76.ok @@ -1 +1,2 @@ -binat on lo0 inet from 1.2.3.4 to 5.6.7.8 -> 127.0.0.1 +match out on lo0 inet from 1.2.3.4 to 5.6.7.8 nat-to 127.0.0.1 static-port +match in on lo0 inet from 5.6.7.8 to 127.0.0.1 rdr-to 1.2.3.4 diff --git a/regress/sbin/pfctl/pf76.optimized b/regress/sbin/pfctl/pf76.optimized index 54231329bbe..344809da591 100644 --- a/regress/sbin/pfctl/pf76.optimized +++ b/regress/sbin/pfctl/pf76.optimized @@ -1,4 +1,8 @@ -@0 binat on lo0 inet from 1.2.3.4 to 5.6.7.8 -> 127.0.0.1 +@0 match out on lo0 inet from 1.2.3.4 to 5.6.7.8 nat-to 127.0.0.1 static-port + [ Skip steps: i=end f=end p=end sp=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@1 match in on lo0 inet from 5.6.7.8 to 127.0.0.1 rdr-to 1.2.3.4 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf80.in b/regress/sbin/pfctl/pf80.in index 01913620b22..445c333668f 100644 --- a/regress/sbin/pfctl/pf80.in +++ b/regress/sbin/pfctl/pf80.in @@ -1,19 +1,15 @@ -nat pass on lo0 from 10/8 to 172.16/16 -> 172.16.0.1 -rdr pass on lo0 proto tcp from any to 1.2.3.4 port 80 -> 127.0.0.1 port 8080 -binat pass on lo0 from 10/8 to 11/8 -> 12/8 +pass out on lo0 from 10/8 to 172.16/16 nat-to 172.16.0.1 +pass in on lo0 proto tcp from any to 1.2.3.4 port 80 rdr-to 127.0.0.1 port 8080 +pass on lo0 from 10/8 to 11/8 binat-to 12/8 -nat pass log on lo0 from 10/8 to 172.16/16 -> 172.16.0.1 -rdr pass log on lo0 proto tcp from any to 1.2.3.4 port 80 -> 127.0.0.1 port 8080 -binat pass log on lo0 from 10/8 to 11/8 -> 12/8 +pass out log on lo0 from 10/8 to 172.16/16 nat-to 172.16.0.1 +pass in log on lo0 proto tcp from any to 1.2.3.4 port 80 rdr-to 127.0.0.1 port 8080 +pass log on lo0 from 10/8 to 11/8 binat-to 12/8 -nat pass log (all) on lo0 from 10/8 to 172.16/16 -> 172.16.0.1 -rdr pass log (all) on lo0 proto tcp from any to 1.2.3.4 port 80 -> 127.0.0.1 port 8080 -binat pass log (all) on lo0 from 10/8 to 11/8 -> 12/8 +pass out log (all) on lo0 from 10/8 to 172.16/16 nat-to 172.16.0.1 +pass in log (all) on lo0 proto tcp from any to 1.2.3.4 port 80 rdr-to 127.0.0.1 port 8080 +pass log (all) on lo0 from 10/8 to 11/8 binat-to 12/8 -nat log on lo0 from 10/8 to 172.16/16 -> 172.16.0.1 -rdr log on lo0 proto tcp from any to 1.2.3.4 port 80 -> 127.0.0.1 port 8080 -binat log on lo0 from 10/8 to 11/8 -> 12/8 - -no nat log on lo0 from 20/8 to 192.168.0/24 -no rdr log on lo0 proto tcp from any to 3.4.5.6 port 443 -no binat log on lo0 from 20/8 to 13/8 +match out log on lo0 from 10/8 to 172.16/16 nat-to 172.16.0.1 +match in log on lo0 proto tcp from any to 1.2.3.4 port 80 rdr-to 127.0.0.1 port 8080 +match log on lo0 from 10/8 to 11/8 binat-to 12/8 diff --git a/regress/sbin/pfctl/pf80.loaded b/regress/sbin/pfctl/pf80.loaded index 0eb3ad14a67..3c3e7f6cfa1 100644 --- a/regress/sbin/pfctl/pf80.loaded +++ b/regress/sbin/pfctl/pf80.loaded @@ -1,60 +1,64 @@ -@0 nat pass on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1 - [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ] +@0 pass out on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1 + [ Skip steps: i=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 nat pass log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1 - [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ] +@1 pass in on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080 + [ Skip steps: i=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 nat pass log (all) on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1 - [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ] +@2 pass out on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port + [ Skip steps: i=end f=end p=5 sp=end dp=5 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 nat log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1 - [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] +@3 pass in on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8 + [ Skip steps: i=end f=end p=5 sp=end dp=5 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 no nat log on lo0 inet from 20.0.0.0/8 to 192.168.0.0/24 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@4 pass out log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1 + [ Skip steps: i=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 rdr pass on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=4 dp=4 ] +@5 pass in log on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080 + [ Skip steps: i=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 rdr pass log on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=4 dp=4 ] +@6 pass out log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port + [ Skip steps: i=end f=end p=9 sp=end dp=9 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 rdr pass log (all) on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=4 dp=4 ] +@7 pass in log on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8 + [ Skip steps: i=end f=end p=9 sp=end dp=9 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 rdr log on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end ] +@8 pass out log (all) on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1 + [ Skip steps: i=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 no rdr log on lo0 inet proto tcp from any to 3.4.5.6 port = https - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@9 pass in log (all) on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080 + [ Skip steps: i=end f=end sp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@10 pass out log (all) on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port + [ Skip steps: i=end f=end p=13 sp=end dp=13 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 binat pass on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 - [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ] +@11 pass in log (all) on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8 + [ Skip steps: i=end f=end p=13 sp=end dp=13 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 binat pass log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 - [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ] +@12 match out log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 nat-to 172.16.0.1 + [ Skip steps: i=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 binat pass log (all) on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 - [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ] +@13 match in log on lo0 inet proto tcp from any to 1.2.3.4 port = www rdr-to 127.0.0.1 port 8080 + [ Skip steps: i=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 binat log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 - [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] +@14 match out log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 nat-to 12.0.0.0/8 static-port + [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 no binat log on lo0 inet from 20.0.0.0/8 to 13.0.0.0/8 +@15 match in log on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 rdr-to 10.0.0.0/8 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf80.ok b/regress/sbin/pfctl/pf80.ok index 71d12e60034..40f2d0541d7 100644 --- a/regress/sbin/pfctl/pf80.ok +++ b/regress/sbin/pfctl/pf80.ok @@ -1,15 +1,16 @@ -nat pass on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1 -nat pass log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1 -nat pass log (all) on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1 -nat log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1 -no nat log on lo0 inet from 20.0.0.0/8 to 192.168.0.0/24 -rdr pass on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 -rdr pass log on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 -rdr pass log (all) on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 -rdr log on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 -no rdr log on lo0 inet proto tcp from any to 3.4.5.6 port = https -binat pass on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 -binat pass log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 -binat pass log (all) on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 -binat log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 -no binat log on lo0 inet from 20.0.0.0/8 to 13.0.0.0/8 +pass out on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1 +pass in on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080 +pass out on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port +pass in on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8 +pass out log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1 +pass in log on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080 +pass out log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port +pass in log on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8 +pass out log (all) on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1 +pass in log (all) on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080 +pass out log (all) on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port +pass in log (all) on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8 +match out log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 nat-to 172.16.0.1 +match in log on lo0 inet proto tcp from any to 1.2.3.4 port = www rdr-to 127.0.0.1 port 8080 +match out log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 nat-to 12.0.0.0/8 static-port +match in log on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 rdr-to 10.0.0.0/8 diff --git a/regress/sbin/pfctl/pf80.optimized b/regress/sbin/pfctl/pf80.optimized index 0eb3ad14a67..3c3e7f6cfa1 100644 --- a/regress/sbin/pfctl/pf80.optimized +++ b/regress/sbin/pfctl/pf80.optimized @@ -1,60 +1,64 @@ -@0 nat pass on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1 - [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ] +@0 pass out on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1 + [ Skip steps: i=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 nat pass log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1 - [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ] +@1 pass in on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080 + [ Skip steps: i=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 nat pass log (all) on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1 - [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ] +@2 pass out on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port + [ Skip steps: i=end f=end p=5 sp=end dp=5 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 nat log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1 - [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] +@3 pass in on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8 + [ Skip steps: i=end f=end p=5 sp=end dp=5 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 no nat log on lo0 inet from 20.0.0.0/8 to 192.168.0.0/24 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@4 pass out log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1 + [ Skip steps: i=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 rdr pass on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=4 dp=4 ] +@5 pass in log on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080 + [ Skip steps: i=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 rdr pass log on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=4 dp=4 ] +@6 pass out log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port + [ Skip steps: i=end f=end p=9 sp=end dp=9 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 rdr pass log (all) on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=4 dp=4 ] +@7 pass in log on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8 + [ Skip steps: i=end f=end p=9 sp=end dp=9 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 rdr log on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 - [ Skip steps: i=end d=end f=end p=end sa=end sp=end ] +@8 pass out log (all) on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 flags S/SA keep state nat-to 172.16.0.1 + [ Skip steps: i=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 no rdr log on lo0 inet proto tcp from any to 3.4.5.6 port = https - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@9 pass in log (all) on lo0 inet proto tcp from any to 1.2.3.4 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080 + [ Skip steps: i=end f=end sp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@10 pass out log (all) on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 flags S/SA keep state nat-to 12.0.0.0/8 static-port + [ Skip steps: i=end f=end p=13 sp=end dp=13 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 binat pass on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 - [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ] +@11 pass in log (all) on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 flags S/SA keep state rdr-to 10.0.0.0/8 + [ Skip steps: i=end f=end p=13 sp=end dp=13 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 binat pass log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 - [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ] +@12 match out log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 nat-to 172.16.0.1 + [ Skip steps: i=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 binat pass log (all) on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 - [ Skip steps: i=end d=end f=end p=end sa=4 sp=end da=4 dp=end ] +@13 match in log on lo0 inet proto tcp from any to 1.2.3.4 port = www rdr-to 127.0.0.1 port 8080 + [ Skip steps: i=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 binat log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 - [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] +@14 match out log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 nat-to 12.0.0.0/8 static-port + [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 no binat log on lo0 inet from 20.0.0.0/8 to 13.0.0.0/8 +@15 match in log on lo0 inet from 11.0.0.0/8 to 12.0.0.0/8 rdr-to 10.0.0.0/8 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf84.loaded b/regress/sbin/pfctl/pf84.loaded index e9de6569a83..c1118731eef 100644 --- a/regress/sbin/pfctl/pf84.loaded +++ b/regress/sbin/pfctl/pf84.loaded @@ -1,32 +1,32 @@ -@0 nat on tun1000000 inet from 10.0.0.0/24 to any -> { 10.0.1.1, 10.0.1.2 } round-robin sticky-address - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@0 match out on tun1000000 inet from 10.0.0.0/24 to any nat-to { 10.0.1.1, 10.0.1.2 } round-robin sticky-address + [ Skip steps: i=3 f=3 p=3 sp=end dp=3 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 rdr on tun1000000 inet from any to 10.0.1.1 -> 10.0.0.0/24 random sticky-address - [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] +@1 match in on tun1000000 inet from any to 10.0.1.1 rdr-to 10.0.0.0/24 random sticky-address + [ Skip steps: i=3 d=end f=3 p=3 sa=end sp=end dp=3 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 rdr on tun1000000 inet from any to 10.0.1.2 -> { 10.0.0.1, 10.0.0.2 } round-robin sticky-address - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@2 match in on tun1000000 inet from any to 10.0.1.2 rdr-to { 10.0.0.1, 10.0.0.2 } round-robin sticky-address + [ Skip steps: d=end sa=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass in proto tcp from any to any port = ssh flags S/SA keep state (source-track global) +@3 pass in proto tcp from any to any port = ssh flags S/SA keep state (source-track global) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in proto tcp from any to any port = smtp flags S/SA keep state (source-track global) +@4 pass in proto tcp from any to any port = smtp flags S/SA keep state (source-track global) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in proto tcp from any to any port = www flags S/SA keep state (source-track rule, max-src-states 3, max-src-nodes 1000) +@5 pass in proto tcp from any to any port = www flags S/SA keep state (source-track rule, max-src-states 3, max-src-nodes 1000) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in proto tcp from any to any port = ntp flags S/SA keep state (source-track rule, max-src-nodes 1000) +@6 pass in proto tcp from any to any port = ntp flags S/SA keep state (source-track rule, max-src-nodes 1000) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in proto tcp from any to any port = 321 flags S/SA keep state (source-track global, max-src-states 3) +@7 pass in proto tcp from any to any port = 321 flags S/SA keep state (source-track global, max-src-states 3) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf84.optimized b/regress/sbin/pfctl/pf84.optimized index e9de6569a83..c1118731eef 100644 --- a/regress/sbin/pfctl/pf84.optimized +++ b/regress/sbin/pfctl/pf84.optimized @@ -1,32 +1,32 @@ -@0 nat on tun1000000 inet from 10.0.0.0/24 to any -> { 10.0.1.1, 10.0.1.2 } round-robin sticky-address - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@0 match out on tun1000000 inet from 10.0.0.0/24 to any nat-to { 10.0.1.1, 10.0.1.2 } round-robin sticky-address + [ Skip steps: i=3 f=3 p=3 sp=end dp=3 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 rdr on tun1000000 inet from any to 10.0.1.1 -> 10.0.0.0/24 random sticky-address - [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] +@1 match in on tun1000000 inet from any to 10.0.1.1 rdr-to 10.0.0.0/24 random sticky-address + [ Skip steps: i=3 d=end f=3 p=3 sa=end sp=end dp=3 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 rdr on tun1000000 inet from any to 10.0.1.2 -> { 10.0.0.1, 10.0.0.2 } round-robin sticky-address - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +@2 match in on tun1000000 inet from any to 10.0.1.2 rdr-to { 10.0.0.1, 10.0.0.2 } round-robin sticky-address + [ Skip steps: d=end sa=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass in proto tcp from any to any port = ssh flags S/SA keep state (source-track global) +@3 pass in proto tcp from any to any port = ssh flags S/SA keep state (source-track global) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in proto tcp from any to any port = smtp flags S/SA keep state (source-track global) +@4 pass in proto tcp from any to any port = smtp flags S/SA keep state (source-track global) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in proto tcp from any to any port = www flags S/SA keep state (source-track rule, max-src-states 3, max-src-nodes 1000) +@5 pass in proto tcp from any to any port = www flags S/SA keep state (source-track rule, max-src-states 3, max-src-nodes 1000) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in proto tcp from any to any port = ntp flags S/SA keep state (source-track rule, max-src-nodes 1000) +@6 pass in proto tcp from any to any port = ntp flags S/SA keep state (source-track rule, max-src-nodes 1000) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in proto tcp from any to any port = 321 flags S/SA keep state (source-track global, max-src-states 3) +@7 pass in proto tcp from any to any port = 321 flags S/SA keep state (source-track global, max-src-states 3) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] |