summaryrefslogtreecommitdiff
path: root/regress/sbin/pfctl
diff options
context:
space:
mode:
authorPeter Hessler <phessler@cvs.openbsd.org>2010-07-03 02:32:46 +0000
committerPeter Hessler <phessler@cvs.openbsd.org>2010-07-03 02:32:46 +0000
commitbfdc88f43ff5518966f62a1811eb99105ddab82b (patch)
treeb83519cef364c70ec102e9ac95d932ac34451cc2 /regress/sbin/pfctl
parent6c2dd32f93b7a96d6e8d75a400f96f5722409563 (diff)
add several new tests for pfctl, and fix the output of some existing
tests for the updated pfctl. OK henning@, mcbride@
Diffstat (limited to 'regress/sbin/pfctl')
-rw-r--r--regress/sbin/pfctl/Makefile32
-rw-r--r--regress/sbin/pfctl/pf100.in20
-rw-r--r--regress/sbin/pfctl/pf100.include.in1
-rw-r--r--regress/sbin/pfctl/pf100.loaded72
-rw-r--r--regress/sbin/pfctl/pf100.ok18
-rw-r--r--regress/sbin/pfctl/pf100.optimized28
-rw-r--r--regress/sbin/pfctl/pf91.optimized20
-rw-r--r--regress/sbin/pfctl/pf92.optimized7
-rw-r--r--regress/sbin/pfctl/pfcmd1.in1
-rw-r--r--regress/sbin/pfctl/pfcmd1.ok0
-rw-r--r--regress/sbin/pfctl/pfcmd1.opts1
-rw-r--r--regress/sbin/pfctl/pfload100.in3
12 files changed, 174 insertions, 29 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile
index de43ce0d335..c5e1ec9bf63 100644
--- a/regress/sbin/pfctl/Makefile
+++ b/regress/sbin/pfctl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.213 2010/07/01 22:26:26 phessler Exp $
+# $OpenBSD: Makefile,v 1.214 2010/07/03 02:32:45 phessler Exp $
# TARGETS
# pf: feed pfNN.in through pfctl and check whether the output matches pfNN.ok
@@ -10,28 +10,30 @@
# pfload: load ruleset into anchor regress and verify pfctl -vvsr
# pfoptimize: as pfload, with -o flag to pfctl
# pfopt: as target pf, but supply extra command line options
+# pfcmd: test pfctl command line parsing
PFTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
PFTESTS+=28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
PFTESTS+=51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
PFTESTS+=74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
-PFTESTS+=97 98 99
+PFTESTS+=97 98 99 100
PFFAIL=1 2 3 4 5 6 7 8 11 12 13 14 15 16 17 18 19 20 23 25 27
PFFAIL+=29 30 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 52 53
PFSIMPLE=1 2
PFSETUP=1 2 3 4
PFLOAD=1 2 3 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 23 24 25 26 27 28 29
PFLOAD+=30 31 32 34 36 38 39 40 44 46 47 48 49 54 56 60 61 65 66 67 68 69 70 71
-PFLOAD+=72 73 74 75 76 77 78 79 80 81 82 84 87 88 89 90 91 92 99
+PFLOAD+=72 73 74 75 76 77 78 79 80 81 82 84 87 88 89 90 91 92 99 100
PFALTQ=1 2 3 4 5 6 7 8 9 10 11 12 13 14
# disabled; no altq in anchors
# PFLOAD+=33 35 37 42 43 45 51 58 59 62 63 64
# only testing parser, load test would be useless
# PFLOAD+=6 22 41 50 52 53 55 57 83 85 86
-PFTABLE=1 2 3 4 5 6 7 8 9 10 11 12 13
+PFTABLE=1 2 3 4 5 6 7 8 9 10 11 12 13 14
PFOPT=1 2 3 6
PFIF2IP=1 2 3
PFCHKSUM=1 2 3
+PFCMD=1
SHELL=/bin/sh
@@ -229,6 +231,28 @@ pfopt-update: ${PFOPT_UPDATES}
REGRESS_TARGETS+=pfopt
UPDATE_TARGETS+=pfopt-update
+.for n in ${PFCMD}
+PFCMD_TARGETS+=pfcmd${n}
+PFCMD_UPDATES+=pfcmd${n}-update
+
+pfcmd${n}:
+ ${SUDO} pfctl `cat ${.CURDIR}/pfcmd${n}.opts` \
+ -f ${.CURDIR}/pfcmd${n}.in
+
+pfcmd${n}-update:
+ ${SUDO} pfctl -f - `cat ${.CURDIR}/pfcmd${n}.opts` \
+ < ${.CURDIR}/pfcmd${n}.in > ${.CURDIR}/pfcmd${n}.ok
+
+.endfor
+
+pfcmd: ${PFCMD_TARGETS}
+pfcmd-update: ${PFCMD_UPDATES}
+NODEFAULT_TARGETS+=pfcmd
+REGRESS_TARGETS+=pfcmd
+
+REGRESS_ROOT_TARGETS+=pfcmd
+UPDATE_TARGETS+=pfcmd-update
+
.for n in ${PFSETUP}
PFSETUP_TARGETS+=pfsetup${n}
PFSETUP_UPDATES+=pfsetup${n}-update
diff --git a/regress/sbin/pfctl/pf100.in b/regress/sbin/pfctl/pf100.in
new file mode 100644
index 00000000000..287e1c9e4d7
--- /dev/null
+++ b/regress/sbin/pfctl/pf100.in
@@ -0,0 +1,20 @@
+pass
+anchor "a/b"
+anchor "1/2/3" # test anchors with multiple path components
+anchor "relative" {
+ pass in on lo0 label TEST1
+}
+anchor "camield/*" # empty wildcard anchor
+
+anchor "relayd/*"
+
+anchor "foo" in on lo0 {
+ anchor "bar" in { # nested named inlined anchor
+ anchor "/1/2/3" # absolute multicomponent path
+ anchor "/relative" # absolute path
+ pass in on lo0 label FOO
+ }
+ anchor in { # nested unnamed inlined anchor
+ pass in on lo0 label BAR
+ }
+}
diff --git a/regress/sbin/pfctl/pf100.include.in b/regress/sbin/pfctl/pf100.include.in
new file mode 100644
index 00000000000..2ae28399f5f
--- /dev/null
+++ b/regress/sbin/pfctl/pf100.include.in
@@ -0,0 +1 @@
+pass
diff --git a/regress/sbin/pfctl/pf100.loaded b/regress/sbin/pfctl/pf100.loaded
new file mode 100644
index 00000000000..f94ed23aded
--- /dev/null
+++ b/regress/sbin/pfctl/pf100.loaded
@@ -0,0 +1,72 @@
+@0 pass all flags S/SA keep state
+ [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@1 anchor "a/b" all {
+ [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+}
+@2 anchor "1/2/3" all {
+ [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+}
+@3 anchor "relative" all {
+ [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@0 pass in on lo0 all flags S/SA keep state label "TEST1"
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+}
+@4 anchor "camield/*" all {
+ [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+ [ Skip steps: i=0 d=0 f=0 p=0 sa=0 sp=0 da=0 dp=0 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+}
+@5 anchor "relayd/*" all {
+ [ Skip steps: f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+ [ Skip steps: i=0 d=0 f=0 p=0 sa=0 sp=0 da=0 dp=0 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+}
+@6 anchor "foo" in on lo0 all {
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@0 anchor "bar" in all {
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@0 anchor "/1/2/3" all {
+ [ Skip steps: i=2 d=2 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+}
+@1 anchor "/relative" all {
+ [ Skip steps: f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+}
+@2 pass in on lo0 all flags S/SA keep state label "FOO"
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+}
+@1 anchor in all {
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@0 pass in on lo0 all flags S/SA keep state label "BAR"
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+}
+}
diff --git a/regress/sbin/pfctl/pf100.ok b/regress/sbin/pfctl/pf100.ok
new file mode 100644
index 00000000000..9f4427379bc
--- /dev/null
+++ b/regress/sbin/pfctl/pf100.ok
@@ -0,0 +1,18 @@
+pass all flags S/SA keep state
+anchor "a/b" all
+anchor "1/2/3" all
+anchor "relative" all {
+ pass in on lo0 all flags S/SA keep state label "TEST1"
+}
+anchor "camield/*" all
+anchor "relayd/*" all
+anchor "foo" in on lo0 all {
+ anchor "bar" in all {
+ anchor "/1/2/3" all
+ anchor "/relative" all
+ pass in on lo0 all flags S/SA keep state label "FOO"
+ }
+ anchor in all {
+ pass in on lo0 all flags S/SA keep state label "BAR"
+ }
+}
diff --git a/regress/sbin/pfctl/pf100.optimized b/regress/sbin/pfctl/pf100.optimized
new file mode 100644
index 00000000000..65b0a2fea17
--- /dev/null
+++ b/regress/sbin/pfctl/pf100.optimized
@@ -0,0 +1,28 @@
+@0 pass all flags S/SA keep state
+ [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@1 anchor "a/b" all
+ [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@2 anchor "1/2/3" all
+ [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@3 anchor "relative" all
+ [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@4 anchor "camield/*" all
+ [ Skip steps: i=6 d=6 f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@5 anchor "relayd/*" all
+ [ Skip steps: f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@6 anchor "foo" in on lo0 all
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
diff --git a/regress/sbin/pfctl/pf91.optimized b/regress/sbin/pfctl/pf91.optimized
index b1a0b910dfa..83e3c63212f 100644
--- a/regress/sbin/pfctl/pf91.optimized
+++ b/regress/sbin/pfctl/pf91.optimized
@@ -2,28 +2,10 @@
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 anchor "foo" out all {
+@0 anchor "foo" out all
[ Skip steps: i=end f=end sa=end sp=end da=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 pass proto tcp from any to any port = 1234 flags S/SA keep state
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
- [ queue: qname= qid=0 pqname= pqid=0 ]
- [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 anchor proto tcp from any to any port = 2413 user = 0 label "foo" {
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
- [ queue: qname= qid=0 pqname= pqid=0 ]
- [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 block drop all
- [ Skip steps: i=end d=end p=end sp=end da=end dp=end ]
- [ queue: qname= qid=0 pqname= pqid=0 ]
- [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@1 pass inet from 127.0.0.1 to any flags S/SA keep state
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
- [ queue: qname= qid=0 pqname= pqid=0 ]
- [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-}
-}
@1 pass in proto tcp from any to any port = 1234 flags S/SA keep state
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
diff --git a/regress/sbin/pfctl/pf92.optimized b/regress/sbin/pfctl/pf92.optimized
index 6a4e1a462f3..206f1c52ab6 100644
--- a/regress/sbin/pfctl/pf92.optimized
+++ b/regress/sbin/pfctl/pf92.optimized
@@ -59,13 +59,8 @@
[ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@3 anchor "foo" on tun1000000 all {
+@3 anchor "foo" on tun1000000 all
[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-@0 pass all flags S/SA keep state
- [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
- [ queue: qname= qid=0 pqname= pqid=0 ]
- [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
-}
}
diff --git a/regress/sbin/pfctl/pfcmd1.in b/regress/sbin/pfctl/pfcmd1.in
new file mode 100644
index 00000000000..2ae28399f5f
--- /dev/null
+++ b/regress/sbin/pfctl/pfcmd1.in
@@ -0,0 +1 @@
+pass
diff --git a/regress/sbin/pfctl/pfcmd1.ok b/regress/sbin/pfctl/pfcmd1.ok
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/regress/sbin/pfctl/pfcmd1.ok
diff --git a/regress/sbin/pfctl/pfcmd1.opts b/regress/sbin/pfctl/pfcmd1.opts
new file mode 100644
index 00000000000..133502ee109
--- /dev/null
+++ b/regress/sbin/pfctl/pfcmd1.opts
@@ -0,0 +1 @@
+-a regress/does_not_exist -Fa
diff --git a/regress/sbin/pfctl/pfload100.in b/regress/sbin/pfctl/pfload100.in
new file mode 100644
index 00000000000..22f78299df0
--- /dev/null
+++ b/regress/sbin/pfctl/pfload100.in
@@ -0,0 +1,3 @@
+# load tables from file
+load anchor relayd/r1 from "DIR/pfr14.include" # just 'pass'
+load anchor relayd/r2 from "DIR/pfr14.include"