diff options
author | Peter Hessler <phessler@cvs.openbsd.org> | 2010-07-03 02:32:46 +0000 |
---|---|---|
committer | Peter Hessler <phessler@cvs.openbsd.org> | 2010-07-03 02:32:46 +0000 |
commit | bfdc88f43ff5518966f62a1811eb99105ddab82b (patch) | |
tree | b83519cef364c70ec102e9ac95d932ac34451cc2 /regress/sbin/pfctl | |
parent | 6c2dd32f93b7a96d6e8d75a400f96f5722409563 (diff) |
add several new tests for pfctl, and fix the output of some existing
tests for the updated pfctl.
OK henning@, mcbride@
Diffstat (limited to 'regress/sbin/pfctl')
-rw-r--r-- | regress/sbin/pfctl/Makefile | 32 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf100.in | 20 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf100.include.in | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf100.loaded | 72 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf100.ok | 18 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf100.optimized | 28 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf91.optimized | 20 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf92.optimized | 7 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfcmd1.in | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfcmd1.ok | 0 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfcmd1.opts | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfload100.in | 3 |
12 files changed, 174 insertions, 29 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile index de43ce0d335..c5e1ec9bf63 100644 --- a/regress/sbin/pfctl/Makefile +++ b/regress/sbin/pfctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.213 2010/07/01 22:26:26 phessler Exp $ +# $OpenBSD: Makefile,v 1.214 2010/07/03 02:32:45 phessler Exp $ # TARGETS # pf: feed pfNN.in through pfctl and check whether the output matches pfNN.ok @@ -10,28 +10,30 @@ # pfload: load ruleset into anchor regress and verify pfctl -vvsr # pfoptimize: as pfload, with -o flag to pfctl # pfopt: as target pf, but supply extra command line options +# pfcmd: test pfctl command line parsing PFTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 PFTESTS+=28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 PFTESTS+=51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 PFTESTS+=74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 -PFTESTS+=97 98 99 +PFTESTS+=97 98 99 100 PFFAIL=1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 19 20 23 25 27 PFFAIL+=29 30 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 52 53 PFSIMPLE=1 2 PFSETUP=1 2 3 4 PFLOAD=1 2 3 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 23 24 25 26 27 28 29 PFLOAD+=30 31 32 34 36 38 39 40 44 46 47 48 49 54 56 60 61 65 66 67 68 69 70 71 -PFLOAD+=72 73 74 75 76 77 78 79 80 81 82 84 87 88 89 90 91 92 99 +PFLOAD+=72 73 74 75 76 77 78 79 80 81 82 84 87 88 89 90 91 92 99 100 PFALTQ=1 2 3 4 5 6 7 8 9 10 11 12 13 14 # disabled; no altq in anchors # PFLOAD+=33 35 37 42 43 45 51 58 59 62 63 64 # only testing parser, load test would be useless # PFLOAD+=6 22 41 50 52 53 55 57 83 85 86 -PFTABLE=1 2 3 4 5 6 7 8 9 10 11 12 13 +PFTABLE=1 2 3 4 5 6 7 8 9 10 11 12 13 14 PFOPT=1 2 3 6 PFIF2IP=1 2 3 PFCHKSUM=1 2 3 +PFCMD=1 SHELL=/bin/sh @@ -229,6 +231,28 @@ pfopt-update: ${PFOPT_UPDATES} REGRESS_TARGETS+=pfopt UPDATE_TARGETS+=pfopt-update +.for n in ${PFCMD} +PFCMD_TARGETS+=pfcmd${n} +PFCMD_UPDATES+=pfcmd${n}-update + +pfcmd${n}: + ${SUDO} pfctl `cat ${.CURDIR}/pfcmd${n}.opts` \ + -f ${.CURDIR}/pfcmd${n}.in + +pfcmd${n}-update: + ${SUDO} pfctl -f - `cat ${.CURDIR}/pfcmd${n}.opts` \ + < ${.CURDIR}/pfcmd${n}.in > ${.CURDIR}/pfcmd${n}.ok + +.endfor + +pfcmd: ${PFCMD_TARGETS} +pfcmd-update: ${PFCMD_UPDATES} +NODEFAULT_TARGETS+=pfcmd +REGRESS_TARGETS+=pfcmd + +REGRESS_ROOT_TARGETS+=pfcmd +UPDATE_TARGETS+=pfcmd-update + .for n in ${PFSETUP} PFSETUP_TARGETS+=pfsetup${n} PFSETUP_UPDATES+=pfsetup${n}-update diff --git a/regress/sbin/pfctl/pf100.in b/regress/sbin/pfctl/pf100.in new file mode 100644 index 00000000000..287e1c9e4d7 --- /dev/null +++ b/regress/sbin/pfctl/pf100.in @@ -0,0 +1,20 @@ +pass +anchor "a/b" +anchor "1/2/3" # test anchors with multiple path components +anchor "relative" { + pass in on lo0 label TEST1 +} +anchor "camield/*" # empty wildcard anchor + +anchor "relayd/*" + +anchor "foo" in on lo0 { + anchor "bar" in { # nested named inlined anchor + anchor "/1/2/3" # absolute multicomponent path + anchor "/relative" # absolute path + pass in on lo0 label FOO + } + anchor in { # nested unnamed inlined anchor + pass in on lo0 label BAR + } +} diff --git a/regress/sbin/pfctl/pf100.include.in b/regress/sbin/pfctl/pf100.include.in new file mode 100644 index 00000000000..2ae28399f5f --- /dev/null +++ b/regress/sbin/pfctl/pf100.include.in @@ -0,0 +1 @@ +pass diff --git a/regress/sbin/pfctl/pf100.loaded b/regress/sbin/pfctl/pf100.loaded new file mode 100644 index 00000000000..f94ed23aded --- /dev/null +++ b/regress/sbin/pfctl/pf100.loaded @@ -0,0 +1,72 @@ +@0 pass all flags S/SA keep state + [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@1 anchor "a/b" all { + [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +@2 anchor "1/2/3" all { + [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +@3 anchor "relative" all { + [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 pass in on lo0 all flags S/SA keep state label "TEST1" + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +@4 anchor "camield/*" all { + [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + [ Skip steps: i=0 d=0 f=0 p=0 sa=0 sp=0 da=0 dp=0 ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +@5 anchor "relayd/*" all { + [ Skip steps: f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + [ Skip steps: i=0 d=0 f=0 p=0 sa=0 sp=0 da=0 dp=0 ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +@6 anchor "foo" in on lo0 all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor "bar" in all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor "/1/2/3" all { + [ Skip steps: i=2 d=2 f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +@1 anchor "/relative" all { + [ Skip steps: f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +@2 pass in on lo0 all flags S/SA keep state label "FOO" + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +@1 anchor in all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 pass in on lo0 all flags S/SA keep state label "BAR" + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +} diff --git a/regress/sbin/pfctl/pf100.ok b/regress/sbin/pfctl/pf100.ok new file mode 100644 index 00000000000..9f4427379bc --- /dev/null +++ b/regress/sbin/pfctl/pf100.ok @@ -0,0 +1,18 @@ +pass all flags S/SA keep state +anchor "a/b" all +anchor "1/2/3" all +anchor "relative" all { + pass in on lo0 all flags S/SA keep state label "TEST1" +} +anchor "camield/*" all +anchor "relayd/*" all +anchor "foo" in on lo0 all { + anchor "bar" in all { + anchor "/1/2/3" all + anchor "/relative" all + pass in on lo0 all flags S/SA keep state label "FOO" + } + anchor in all { + pass in on lo0 all flags S/SA keep state label "BAR" + } +} diff --git a/regress/sbin/pfctl/pf100.optimized b/regress/sbin/pfctl/pf100.optimized new file mode 100644 index 00000000000..65b0a2fea17 --- /dev/null +++ b/regress/sbin/pfctl/pf100.optimized @@ -0,0 +1,28 @@ +@0 pass all flags S/SA keep state + [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@1 anchor "a/b" all + [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@2 anchor "1/2/3" all + [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@3 anchor "relative" all + [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@4 anchor "camield/*" all + [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@5 anchor "relayd/*" all + [ Skip steps: f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@6 anchor "foo" in on lo0 all + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf91.optimized b/regress/sbin/pfctl/pf91.optimized index b1a0b910dfa..83e3c63212f 100644 --- a/regress/sbin/pfctl/pf91.optimized +++ b/regress/sbin/pfctl/pf91.optimized @@ -2,28 +2,10 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 anchor "foo" out all { +@0 anchor "foo" out all [ Skip steps: i=end f=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass proto tcp from any to any port = 1234 flags S/SA keep state - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] - [ queue: qname= qid=0 pqname= pqid=0 ] - [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 anchor proto tcp from any to any port = 2413 user = 0 label "foo" { - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] - [ queue: qname= qid=0 pqname= pqid=0 ] - [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 block drop all - [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] - [ queue: qname= qid=0 pqname= pqid=0 ] - [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass inet from 127.0.0.1 to any flags S/SA keep state - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] - [ queue: qname= qid=0 pqname= pqid=0 ] - [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -} -} @1 pass in proto tcp from any to any port = 1234 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] diff --git a/regress/sbin/pfctl/pf92.optimized b/regress/sbin/pfctl/pf92.optimized index 6a4e1a462f3..206f1c52ab6 100644 --- a/regress/sbin/pfctl/pf92.optimized +++ b/regress/sbin/pfctl/pf92.optimized @@ -59,13 +59,8 @@ [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 anchor "foo" on tun1000000 all { +@3 anchor "foo" on tun1000000 all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass all flags S/SA keep state - [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] - [ queue: qname= qid=0 pqname= pqid=0 ] - [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -} } diff --git a/regress/sbin/pfctl/pfcmd1.in b/regress/sbin/pfctl/pfcmd1.in new file mode 100644 index 00000000000..2ae28399f5f --- /dev/null +++ b/regress/sbin/pfctl/pfcmd1.in @@ -0,0 +1 @@ +pass diff --git a/regress/sbin/pfctl/pfcmd1.ok b/regress/sbin/pfctl/pfcmd1.ok new file mode 100644 index 00000000000..e69de29bb2d --- /dev/null +++ b/regress/sbin/pfctl/pfcmd1.ok diff --git a/regress/sbin/pfctl/pfcmd1.opts b/regress/sbin/pfctl/pfcmd1.opts new file mode 100644 index 00000000000..133502ee109 --- /dev/null +++ b/regress/sbin/pfctl/pfcmd1.opts @@ -0,0 +1 @@ +-a regress/does_not_exist -Fa diff --git a/regress/sbin/pfctl/pfload100.in b/regress/sbin/pfctl/pfload100.in new file mode 100644 index 00000000000..22f78299df0 --- /dev/null +++ b/regress/sbin/pfctl/pfload100.in @@ -0,0 +1,3 @@ +# load tables from file +load anchor relayd/r1 from "DIR/pfr14.include" # just 'pass' +load anchor relayd/r2 from "DIR/pfr14.include" |