diff options
author | Stuart Henderson <sthen@cvs.openbsd.org> | 2009-05-14 22:57:19 +0000 |
---|---|---|
committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2009-05-14 22:57:19 +0000 |
commit | 2c8497742abfe3de559386fe5e2aad0857f4265a (patch) | |
tree | 93055db90252a8d56ba6e75b38d23293e174d0ab /regress/sbin/pfctl | |
parent | 34b94739978bbcbf7aa42f38b9f338252a97a904 (diff) |
handle the new require-order default of "no" in existing tests, and add
a new test to check it's working correctly. ok deraadt@
Diffstat (limited to 'regress/sbin/pfctl')
-rw-r--r-- | regress/sbin/pfctl/Makefile | 4 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf98.in | 4 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf98.ok | 2 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail10.in | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail10.ok | 3 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail11.in | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail11.ok | 5 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail9.in | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail9.ok | 3 |
9 files changed, 18 insertions, 6 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile index a1ffbc74deb..19cf1f67959 100644 --- a/regress/sbin/pfctl/Makefile +++ b/regress/sbin/pfctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.204 2009/04/06 12:41:47 henning Exp $ +# $OpenBSD: Makefile,v 1.205 2009/05/14 22:57:18 sthen Exp $ # TARGETS # pf: feed pfNN.in through pfctl and check wether the output matches pfNN.ok @@ -15,7 +15,7 @@ PFTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 PFTESTS+=28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 PFTESTS+=51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 PFTESTS+=74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 -PFTESTS+=97 +PFTESTS+=97 98 PFFAIL=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 23 24 25 27 PFFAIL+=28 29 30 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 PFSIMPLE=1 2 diff --git a/regress/sbin/pfctl/pf98.in b/regress/sbin/pfctl/pf98.in new file mode 100644 index 00000000000..a8aa8d97cdb --- /dev/null +++ b/regress/sbin/pfctl/pf98.in @@ -0,0 +1,4 @@ +# Test rule order processing: should pass with require-order defaulting to no. +pass in on lo1000000 all +nat on lo0 all -> lo0 + diff --git a/regress/sbin/pfctl/pf98.ok b/regress/sbin/pfctl/pf98.ok new file mode 100644 index 00000000000..13937aab2c3 --- /dev/null +++ b/regress/sbin/pfctl/pf98.ok @@ -0,0 +1,2 @@ +nat on lo0 inet all -> 127.0.0.1 +pass in on lo1000000 all flags S/SA keep state diff --git a/regress/sbin/pfctl/pfail10.in b/regress/sbin/pfctl/pfail10.in index f869e0558bc..b73049ef418 100644 --- a/regress/sbin/pfctl/pfail10.in +++ b/regress/sbin/pfctl/pfail10.in @@ -1,4 +1,5 @@ # Test rule order processing: should fail unless nat -> filter +set require-order yes pass in on lo1000000 all nat on lo0 all -> lo0 diff --git a/regress/sbin/pfctl/pfail10.ok b/regress/sbin/pfctl/pfail10.ok index 6316dd6ae4a..03238df42d2 100644 --- a/regress/sbin/pfctl/pfail10.ok +++ b/regress/sbin/pfctl/pfail10.ok @@ -1 +1,2 @@ -stdin:3: Rules must be in order: options, normalization, queueing, translation, filtering +stdin:4: Rules must be in order: options, normalization, queueing, translation, filtering +set require-order yes diff --git a/regress/sbin/pfctl/pfail11.in b/regress/sbin/pfctl/pfail11.in index 94ae234e976..2f001e390ee 100644 --- a/regress/sbin/pfctl/pfail11.in +++ b/regress/sbin/pfctl/pfail11.in @@ -1,3 +1,4 @@ +set require-order yes set optimization aggressive set timeout tcp.closing 6, tcp.opening 6 pass in all diff --git a/regress/sbin/pfctl/pfail11.ok b/regress/sbin/pfctl/pfail11.ok index 12ebb3e0da6..366a70049d2 100644 --- a/regress/sbin/pfctl/pfail11.ok +++ b/regress/sbin/pfctl/pfail11.ok @@ -1,5 +1,6 @@ -stdin:2: syntax error -stdin:4: Rules must be in order: options, normalization, queueing, translation, filtering +stdin:3: syntax error stdin:5: Rules must be in order: options, normalization, queueing, translation, filtering +stdin:6: Rules must be in order: options, normalization, queueing, translation, filtering +set require-order yes set optimization aggressive set timeout tcp.closing 6 diff --git a/regress/sbin/pfctl/pfail9.in b/regress/sbin/pfctl/pfail9.in index d414ae687c1..88109f8e4c5 100644 --- a/regress/sbin/pfctl/pfail9.in +++ b/regress/sbin/pfctl/pfail9.in @@ -1,4 +1,5 @@ # Test rule order processing: should fail unless nat -> filter +set require-order yes match in on lo0 all pass in on lo1000000 all # bork diff --git a/regress/sbin/pfctl/pfail9.ok b/regress/sbin/pfctl/pfail9.ok index d9cb15cc062..5a120dcf388 100644 --- a/regress/sbin/pfctl/pfail9.ok +++ b/regress/sbin/pfctl/pfail9.ok @@ -1 +1,2 @@ -stdin:5: Rules must be in order: options, normalization, queueing, translation, filtering +stdin:6: Rules must be in order: options, normalization, queueing, translation, filtering +set require-order yes |