summaryrefslogtreecommitdiff
path: root/regress/sbin/pfctl
diff options
context:
space:
mode:
authorMarco Pfatschbacher <mpf@cvs.openbsd.org>2005-05-28 00:52:42 +0000
committerMarco Pfatschbacher <mpf@cvs.openbsd.org>2005-05-28 00:52:42 +0000
commit303c13de1017e23f84c1d2cb60f3166c76d314d1 (patch)
tree00867c6d348683c25847cb50b5d7564685c04f7c /regress/sbin/pfctl
parent72f7a1cee07251e9d0505bd26f6366336761cda9 (diff)
regression tests for pf checksum.
ok mcbride@
Diffstat (limited to 'regress/sbin/pfctl')
-rw-r--r--regress/sbin/pfctl/Makefile28
-rw-r--r--regress/sbin/pfctl/pfchksum1.in34
-rw-r--r--regress/sbin/pfctl/pfchksum1.ok1
-rw-r--r--regress/sbin/pfctl/pfchksum2.in34
-rw-r--r--regress/sbin/pfctl/pfchksum2.ok1
-rw-r--r--regress/sbin/pfctl/pfchksum3.in8
-rw-r--r--regress/sbin/pfctl/pfchksum3.ok1
7 files changed, 106 insertions, 1 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile
index 477d4107530..38cf8b7d578 100644
--- a/regress/sbin/pfctl/Makefile
+++ b/regress/sbin/pfctl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.187 2005/05/26 20:22:29 camield Exp $
+# $OpenBSD: Makefile,v 1.188 2005/05/28 00:52:41 mpf Exp $
# TARGETS
# pf: feed pfNN.in through pfctl and check wether the output matches pfNN.ok
@@ -30,6 +30,7 @@ PFALTQ=1 2 3 4 5 6 7 8 9 10 11 12 13 14
PFTABLE=1 2 3 4 5 6 7 8 9 10 11 12 13
PFOPT=1 2 3 4 5
PFIF2IP=1 2 3
+PFCHKSUM=1 2 3
.MAIN: all
@@ -273,6 +274,31 @@ pfaltq-update: ${PFALTQ_UPDATES}
NODEFAULT_TARGETS+=pfaltq
REGRESS_ROOT_TARGETS+=pfaltq
+.for n in ${PFCHKSUM}
+PFCHKSUM_TARGETS+=pfchksum${n}
+PFCHKSUM_UPDATES+=pfchksum${n}-update
+
+pfchksum${n}:
+ ${SUDO} pfctl -Fa >/dev/null 2>&1
+ ${SUDO} pfctl -f - < ${.CURDIR}/pfchksum${n}.in
+ ${SUDO} pfctl -vsi | grep '^Checksum:' | \
+ diff -u ${.CURDIR}/pfchksum${n}.ok /dev/stdin
+ ${SUDO} pfctl -Fa >/dev/null 2>&1
+
+pfchksum${n}-update:
+ ${SUDO} pfctl -Fa >/dev/null 2>&1
+ ${SUDO} pfctl -f - < ${.CURDIR}/pfchksum${n}.in
+ ${SUDO} pfctl -vsi | grep '^Checksum:' > ${.CURDIR}/pfchksum${n}.ok
+ ${SUDO} pfctl -Fa >/dev/null 2>&1
+
+.endfor
+
+pfchksum: ${PFCHKSUM_TARGETS}
+pfchksum-update: ${PFCHKSUM_UPDATES}
+
+NODEFAULT_TARGETS+=pfchksum
+REGRESS_ROOT_TARGETS+=pfchksum
+
update: ${UPDATE_TARGETS}
alltests: ${REGRESS_TARGETS} ${NODEFAULT_TARGETS}
diff --git a/regress/sbin/pfctl/pfchksum1.in b/regress/sbin/pfctl/pfchksum1.in
new file mode 100644
index 00000000000..a2f621bb692
--- /dev/null
+++ b/regress/sbin/pfctl/pfchksum1.in
@@ -0,0 +1,34 @@
+# test
+
+block out log on tun1000000 all
+block in log on tun1000000 all
+
+block return-rst out log on tun1000000 proto tcp all
+block return-rst in log on tun1000000 proto tcp all
+block return-icmp out log on tun1000000 proto udp all
+block return-icmp in log on tun1000000 proto udp all
+
+block out log quick on tun1000000 from ! 157.161.48.183 to any
+
+block in quick on tun1000000 from any to 255.255.255.255
+
+block in log quick on tun1000000 from 10.0.0.0/8 to any
+block in log quick on tun1000000 from 172.16.0.0/12 to any
+block in quick log on tun1000000 from 192.168.0.0/16 to any
+block in quick log on tun1000000 from 255.255.255.255/32 to any
+
+block in log quick from no-route to any
+
+pass out on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+pass in on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+
+pass out on tun1000000 proto udp all keep state
+
+pass in on tun1000000 proto udp from any to any port = domain keep state
+
+pass out on tun1000000 proto tcp all keep state
+
+pass in on tun1000000 proto tcp from any to any port = ssh keep state
+pass in on tun1000000 proto tcp from any to any port = smtp keep state
+pass in on tun1000000 proto tcp from any to any port = domain keep state
+pass in on tun1000000 proto tcp from any to any port = auth keep state
diff --git a/regress/sbin/pfctl/pfchksum1.ok b/regress/sbin/pfctl/pfchksum1.ok
new file mode 100644
index 00000000000..17a71d550f6
--- /dev/null
+++ b/regress/sbin/pfctl/pfchksum1.ok
@@ -0,0 +1 @@
+Checksum: 0xc52f181a29e81c7d83300aac4e4003ce
diff --git a/regress/sbin/pfctl/pfchksum2.in b/regress/sbin/pfctl/pfchksum2.in
new file mode 100644
index 00000000000..1ecb10ee539
--- /dev/null
+++ b/regress/sbin/pfctl/pfchksum2.in
@@ -0,0 +1,34 @@
+# test
+
+block out log on tun1000000 all
+block in log on tun1000000 all
+
+block return-rst out log on tun1000000 proto tcp all
+block return-rst in log on tun1000000 proto tcp all
+block return-icmp out log on tun1000000 proto udp all
+block return-icmp in log on tun1000000 proto udp all
+
+block out log quick on tun1000000 from ! 157.161.48.183 to any
+
+block in quick on tun1000000 from any to 255.255.255.255
+
+block in log quick on tun1000000 from 10.0.0.0/8 to any
+block in log quick on tun1000000 from 172.16.0.0/16 to any
+block in quick log on tun1000000 from 192.168.0.0/24 to any
+block in quick log on tun1000000 from 255.255.255.255/32 to any
+
+block in log quick from no-route to any
+
+pass out on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+pass in on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+
+pass out on tun1000000 proto udp all keep state
+
+pass in on tun1000000 proto udp from any to any port = domain keep state
+
+pass out on tun1000000 proto tcp all keep state
+
+pass in on tun1000000 proto tcp from any to any port = ssh keep state
+pass in on tun1000000 proto tcp from any to any port = smtp keep state
+pass in on tun1000000 proto tcp from any to any port = domain keep state
+pass in on tun1000000 proto tcp from any to any port = auth keep state
diff --git a/regress/sbin/pfctl/pfchksum2.ok b/regress/sbin/pfctl/pfchksum2.ok
new file mode 100644
index 00000000000..498ff823c2d
--- /dev/null
+++ b/regress/sbin/pfctl/pfchksum2.ok
@@ -0,0 +1 @@
+Checksum: 0x15b59cf3b13fd42b8049553b80c0eb4e
diff --git a/regress/sbin/pfctl/pfchksum3.in b/regress/sbin/pfctl/pfchksum3.in
new file mode 100644
index 00000000000..626bd582f3d
--- /dev/null
+++ b/regress/sbin/pfctl/pfchksum3.in
@@ -0,0 +1,8 @@
+pass in all
+pass in from any to any
+pass in proto tcp from any port <= 1024 to any label foo_bar
+pass in proto tcp from any to any port = 25
+pass in proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != 22
+pass in proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts
+pass in proto tcp from { 1.2.3.4, 1.2.3.5 } to any label \
+"$nr:$proto:$srcaddr:$srcport:$dstaddr:$dstport"
diff --git a/regress/sbin/pfctl/pfchksum3.ok b/regress/sbin/pfctl/pfchksum3.ok
new file mode 100644
index 00000000000..0c3595ec9ae
--- /dev/null
+++ b/regress/sbin/pfctl/pfchksum3.ok
@@ -0,0 +1 @@
+Checksum: 0xd0ceaeecfbeb20f17a8eefbcb7260654