summaryrefslogtreecommitdiff
path: root/regress/sbin/pfctl
diff options
context:
space:
mode:
authorStuart Henderson <sthen@cvs.openbsd.org>2009-05-14 22:57:19 +0000
committerStuart Henderson <sthen@cvs.openbsd.org>2009-05-14 22:57:19 +0000
commit2c8497742abfe3de559386fe5e2aad0857f4265a (patch)
tree93055db90252a8d56ba6e75b38d23293e174d0ab /regress/sbin/pfctl
parent34b94739978bbcbf7aa42f38b9f338252a97a904 (diff)
handle the new require-order default of "no" in existing tests, and add
a new test to check it's working correctly. ok deraadt@
Diffstat (limited to 'regress/sbin/pfctl')
-rw-r--r--regress/sbin/pfctl/Makefile4
-rw-r--r--regress/sbin/pfctl/pf98.in4
-rw-r--r--regress/sbin/pfctl/pf98.ok2
-rw-r--r--regress/sbin/pfctl/pfail10.in1
-rw-r--r--regress/sbin/pfctl/pfail10.ok3
-rw-r--r--regress/sbin/pfctl/pfail11.in1
-rw-r--r--regress/sbin/pfctl/pfail11.ok5
-rw-r--r--regress/sbin/pfctl/pfail9.in1
-rw-r--r--regress/sbin/pfctl/pfail9.ok3
9 files changed, 18 insertions, 6 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile
index a1ffbc74deb..19cf1f67959 100644
--- a/regress/sbin/pfctl/Makefile
+++ b/regress/sbin/pfctl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.204 2009/04/06 12:41:47 henning Exp $
+# $OpenBSD: Makefile,v 1.205 2009/05/14 22:57:18 sthen Exp $
# TARGETS
# pf: feed pfNN.in through pfctl and check wether the output matches pfNN.ok
@@ -15,7 +15,7 @@ PFTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
PFTESTS+=28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
PFTESTS+=51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
PFTESTS+=74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
-PFTESTS+=97
+PFTESTS+=97 98
PFFAIL=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 23 24 25 27
PFFAIL+=28 29 30 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
PFSIMPLE=1 2
diff --git a/regress/sbin/pfctl/pf98.in b/regress/sbin/pfctl/pf98.in
new file mode 100644
index 00000000000..a8aa8d97cdb
--- /dev/null
+++ b/regress/sbin/pfctl/pf98.in
@@ -0,0 +1,4 @@
+# Test rule order processing: should pass with require-order defaulting to no.
+pass in on lo1000000 all
+nat on lo0 all -> lo0
+
diff --git a/regress/sbin/pfctl/pf98.ok b/regress/sbin/pfctl/pf98.ok
new file mode 100644
index 00000000000..13937aab2c3
--- /dev/null
+++ b/regress/sbin/pfctl/pf98.ok
@@ -0,0 +1,2 @@
+nat on lo0 inet all -> 127.0.0.1
+pass in on lo1000000 all flags S/SA keep state
diff --git a/regress/sbin/pfctl/pfail10.in b/regress/sbin/pfctl/pfail10.in
index f869e0558bc..b73049ef418 100644
--- a/regress/sbin/pfctl/pfail10.in
+++ b/regress/sbin/pfctl/pfail10.in
@@ -1,4 +1,5 @@
# Test rule order processing: should fail unless nat -> filter
+set require-order yes
pass in on lo1000000 all
nat on lo0 all -> lo0
diff --git a/regress/sbin/pfctl/pfail10.ok b/regress/sbin/pfctl/pfail10.ok
index 6316dd6ae4a..03238df42d2 100644
--- a/regress/sbin/pfctl/pfail10.ok
+++ b/regress/sbin/pfctl/pfail10.ok
@@ -1 +1,2 @@
-stdin:3: Rules must be in order: options, normalization, queueing, translation, filtering
+stdin:4: Rules must be in order: options, normalization, queueing, translation, filtering
+set require-order yes
diff --git a/regress/sbin/pfctl/pfail11.in b/regress/sbin/pfctl/pfail11.in
index 94ae234e976..2f001e390ee 100644
--- a/regress/sbin/pfctl/pfail11.in
+++ b/regress/sbin/pfctl/pfail11.in
@@ -1,3 +1,4 @@
+set require-order yes
set optimization aggressive
set timeout tcp.closing 6, tcp.opening 6
pass in all
diff --git a/regress/sbin/pfctl/pfail11.ok b/regress/sbin/pfctl/pfail11.ok
index 12ebb3e0da6..366a70049d2 100644
--- a/regress/sbin/pfctl/pfail11.ok
+++ b/regress/sbin/pfctl/pfail11.ok
@@ -1,5 +1,6 @@
-stdin:2: syntax error
-stdin:4: Rules must be in order: options, normalization, queueing, translation, filtering
+stdin:3: syntax error
stdin:5: Rules must be in order: options, normalization, queueing, translation, filtering
+stdin:6: Rules must be in order: options, normalization, queueing, translation, filtering
+set require-order yes
set optimization aggressive
set timeout tcp.closing 6
diff --git a/regress/sbin/pfctl/pfail9.in b/regress/sbin/pfctl/pfail9.in
index d414ae687c1..88109f8e4c5 100644
--- a/regress/sbin/pfctl/pfail9.in
+++ b/regress/sbin/pfctl/pfail9.in
@@ -1,4 +1,5 @@
# Test rule order processing: should fail unless nat -> filter
+set require-order yes
match in on lo0 all
pass in on lo1000000 all
# bork
diff --git a/regress/sbin/pfctl/pfail9.ok b/regress/sbin/pfctl/pfail9.ok
index d9cb15cc062..5a120dcf388 100644
--- a/regress/sbin/pfctl/pfail9.ok
+++ b/regress/sbin/pfctl/pfail9.ok
@@ -1 +1,2 @@
-stdin:5: Rules must be in order: options, normalization, queueing, translation, filtering
+stdin:6: Rules must be in order: options, normalization, queueing, translation, filtering
+set require-order yes