check port modifiers in flow rules; ok hshoexer@

7 files changed, 16 insertions, 4 deletions

diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile
index 71c3913f79a..22c9ad6a5c1 100644
--- a/regress/sbin/ipsecctl/Makefile
+++ b/regress/sbin/ipsecctl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.25 2006/06/02 00:25:52 hshoexer Exp $
+# $OpenBSD: Makefile,v 1.26 2006/06/02 04:12:52 naddy Exp $
 
 # TARGETS
 # ipsec: feed ipsecNN.in through ipsecctl and check wether the output matches
@@ -8,12 +8,12 @@
 # ike:	 same as above, but for ike rules.
 
 IPSECTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
-IPSECTESTS+=25 26 27 28 29 30 31 32 33 34 35 36 37 38 40 41 42 43 44
-IPSECTESTS+=39
+IPSECTESTS+=25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
+IPSECTESTS+=51 52
 TCPMD5TESTS=1 2 3
 SATESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
 SAFAIL=1
-IPSECFAIL=1
+IPSECFAIL=1 2
 IKEFAIL=1
 IKETESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 
 #IKETESTS+=16 17 18 19 20 21 22 23 24
diff --git a/regress/sbin/ipsecctl/ipsec51.in b/regress/sbin/ipsecctl/ipsec51.in
new file mode 100644
index 00000000000..cc2a55e649f
--- /dev/null
+++ b/regress/sbin/ipsecctl/ipsec51.in
@@ -0,0 +1,2 @@
+flow ah proto udp from 1.1.1.1 port ntp to 2.2.2.2
+flow ah proto udp from 1.1.1.1 port 123 to 2.2.2.2
diff --git a/regress/sbin/ipsecctl/ipsec51.ok b/regress/sbin/ipsecctl/ipsec51.ok
new file mode 100644
index 00000000000..c3141dfa0fe
--- /dev/null
+++ b/regress/sbin/ipsecctl/ipsec51.ok
@@ -0,0 +1,4 @@
+flow ah out proto udp from 1.1.1.1 port ntp to 2.2.2.2 peer 2.2.2.2 type require
+flow ah in proto udp from 2.2.2.2 to 1.1.1.1 port ntp peer 2.2.2.2 type require
+flow ah out proto udp from 1.1.1.1 port ntp to 2.2.2.2 peer 2.2.2.2 type require
+flow ah in proto udp from 2.2.2.2 to 1.1.1.1 port ntp peer 2.2.2.2 type require
diff --git a/regress/sbin/ipsecctl/ipsec52.in b/regress/sbin/ipsecctl/ipsec52.in
new file mode 100644
index 00000000000..ec546805010
--- /dev/null
+++ b/regress/sbin/ipsecctl/ipsec52.in
@@ -0,0 +1 @@
+flow esp proto tcp from 3ffe::1 port 2022 to 3ffe::2 port ssh
diff --git a/regress/sbin/ipsecctl/ipsec52.ok b/regress/sbin/ipsecctl/ipsec52.ok
new file mode 100644
index 00000000000..76cb0088339
--- /dev/null
+++ b/regress/sbin/ipsecctl/ipsec52.ok
@@ -0,0 +1,2 @@
+flow esp out proto tcp from 3ffe::1 port 2022 to 3ffe::2 port ssh peer 3ffe::2 type require
+flow esp in proto tcp from 3ffe::2 port ssh to 3ffe::1 port 2022 peer 3ffe::2 type require
diff --git a/regress/sbin/ipsecctl/ipsecfail2.in b/regress/sbin/ipsecctl/ipsecfail2.in
new file mode 100644
index 00000000000..a49509a3654
--- /dev/null
+++ b/regress/sbin/ipsecctl/ipsecfail2.in
@@ -0,0 +1 @@
+flow from 1.1.1.1 to 2.2.2.2 port ssh
diff --git a/regress/sbin/ipsecctl/ipsecfail2.ok b/regress/sbin/ipsecctl/ipsecfail2.ok
new file mode 100644
index 00000000000..113b15b60b3
--- /dev/null
+++ b/regress/sbin/ipsecctl/ipsecfail2.ok
@@ -0,0 +1,2 @@
+stdin: 1: no protocol supplied with source/destination ports
+ipsecctl: Syntax error in config file: ipsec rules not loaded