diff options
author | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2005-05-28 00:52:42 +0000 |
---|---|---|
committer | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2005-05-28 00:52:42 +0000 |
commit | 303c13de1017e23f84c1d2cb60f3166c76d314d1 (patch) | |
tree | 00867c6d348683c25847cb50b5d7564685c04f7c /regress/sbin/pfctl | |
parent | 72f7a1cee07251e9d0505bd26f6366336761cda9 (diff) |
regression tests for pf checksum.
ok mcbride@
Diffstat (limited to 'regress/sbin/pfctl')
-rw-r--r-- | regress/sbin/pfctl/Makefile | 28 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfchksum1.in | 34 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfchksum1.ok | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfchksum2.in | 34 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfchksum2.ok | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfchksum3.in | 8 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfchksum3.ok | 1 |
7 files changed, 106 insertions, 1 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile index 477d4107530..38cf8b7d578 100644 --- a/regress/sbin/pfctl/Makefile +++ b/regress/sbin/pfctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.187 2005/05/26 20:22:29 camield Exp $ +# $OpenBSD: Makefile,v 1.188 2005/05/28 00:52:41 mpf Exp $ # TARGETS # pf: feed pfNN.in through pfctl and check wether the output matches pfNN.ok @@ -30,6 +30,7 @@ PFALTQ=1 2 3 4 5 6 7 8 9 10 11 12 13 14 PFTABLE=1 2 3 4 5 6 7 8 9 10 11 12 13 PFOPT=1 2 3 4 5 PFIF2IP=1 2 3 +PFCHKSUM=1 2 3 .MAIN: all @@ -273,6 +274,31 @@ pfaltq-update: ${PFALTQ_UPDATES} NODEFAULT_TARGETS+=pfaltq REGRESS_ROOT_TARGETS+=pfaltq +.for n in ${PFCHKSUM} +PFCHKSUM_TARGETS+=pfchksum${n} +PFCHKSUM_UPDATES+=pfchksum${n}-update + +pfchksum${n}: + ${SUDO} pfctl -Fa >/dev/null 2>&1 + ${SUDO} pfctl -f - < ${.CURDIR}/pfchksum${n}.in + ${SUDO} pfctl -vsi | grep '^Checksum:' | \ + diff -u ${.CURDIR}/pfchksum${n}.ok /dev/stdin + ${SUDO} pfctl -Fa >/dev/null 2>&1 + +pfchksum${n}-update: + ${SUDO} pfctl -Fa >/dev/null 2>&1 + ${SUDO} pfctl -f - < ${.CURDIR}/pfchksum${n}.in + ${SUDO} pfctl -vsi | grep '^Checksum:' > ${.CURDIR}/pfchksum${n}.ok + ${SUDO} pfctl -Fa >/dev/null 2>&1 + +.endfor + +pfchksum: ${PFCHKSUM_TARGETS} +pfchksum-update: ${PFCHKSUM_UPDATES} + +NODEFAULT_TARGETS+=pfchksum +REGRESS_ROOT_TARGETS+=pfchksum + update: ${UPDATE_TARGETS} alltests: ${REGRESS_TARGETS} ${NODEFAULT_TARGETS} diff --git a/regress/sbin/pfctl/pfchksum1.in b/regress/sbin/pfctl/pfchksum1.in new file mode 100644 index 00000000000..a2f621bb692 --- /dev/null +++ b/regress/sbin/pfctl/pfchksum1.in @@ -0,0 +1,34 @@ +# test + +block out log on tun1000000 all +block in log on tun1000000 all + +block return-rst out log on tun1000000 proto tcp all +block return-rst in log on tun1000000 proto tcp all +block return-icmp out log on tun1000000 proto udp all +block return-icmp in log on tun1000000 proto udp all + +block out log quick on tun1000000 from ! 157.161.48.183 to any + +block in quick on tun1000000 from any to 255.255.255.255 + +block in log quick on tun1000000 from 10.0.0.0/8 to any +block in log quick on tun1000000 from 172.16.0.0/12 to any +block in quick log on tun1000000 from 192.168.0.0/16 to any +block in quick log on tun1000000 from 255.255.255.255/32 to any + +block in log quick from no-route to any + +pass out on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state +pass in on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state + +pass out on tun1000000 proto udp all keep state + +pass in on tun1000000 proto udp from any to any port = domain keep state + +pass out on tun1000000 proto tcp all keep state + +pass in on tun1000000 proto tcp from any to any port = ssh keep state +pass in on tun1000000 proto tcp from any to any port = smtp keep state +pass in on tun1000000 proto tcp from any to any port = domain keep state +pass in on tun1000000 proto tcp from any to any port = auth keep state diff --git a/regress/sbin/pfctl/pfchksum1.ok b/regress/sbin/pfctl/pfchksum1.ok new file mode 100644 index 00000000000..17a71d550f6 --- /dev/null +++ b/regress/sbin/pfctl/pfchksum1.ok @@ -0,0 +1 @@ +Checksum: 0xc52f181a29e81c7d83300aac4e4003ce diff --git a/regress/sbin/pfctl/pfchksum2.in b/regress/sbin/pfctl/pfchksum2.in new file mode 100644 index 00000000000..1ecb10ee539 --- /dev/null +++ b/regress/sbin/pfctl/pfchksum2.in @@ -0,0 +1,34 @@ +# test + +block out log on tun1000000 all +block in log on tun1000000 all + +block return-rst out log on tun1000000 proto tcp all +block return-rst in log on tun1000000 proto tcp all +block return-icmp out log on tun1000000 proto udp all +block return-icmp in log on tun1000000 proto udp all + +block out log quick on tun1000000 from ! 157.161.48.183 to any + +block in quick on tun1000000 from any to 255.255.255.255 + +block in log quick on tun1000000 from 10.0.0.0/8 to any +block in log quick on tun1000000 from 172.16.0.0/16 to any +block in quick log on tun1000000 from 192.168.0.0/24 to any +block in quick log on tun1000000 from 255.255.255.255/32 to any + +block in log quick from no-route to any + +pass out on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state +pass in on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state + +pass out on tun1000000 proto udp all keep state + +pass in on tun1000000 proto udp from any to any port = domain keep state + +pass out on tun1000000 proto tcp all keep state + +pass in on tun1000000 proto tcp from any to any port = ssh keep state +pass in on tun1000000 proto tcp from any to any port = smtp keep state +pass in on tun1000000 proto tcp from any to any port = domain keep state +pass in on tun1000000 proto tcp from any to any port = auth keep state diff --git a/regress/sbin/pfctl/pfchksum2.ok b/regress/sbin/pfctl/pfchksum2.ok new file mode 100644 index 00000000000..498ff823c2d --- /dev/null +++ b/regress/sbin/pfctl/pfchksum2.ok @@ -0,0 +1 @@ +Checksum: 0x15b59cf3b13fd42b8049553b80c0eb4e diff --git a/regress/sbin/pfctl/pfchksum3.in b/regress/sbin/pfctl/pfchksum3.in new file mode 100644 index 00000000000..626bd582f3d --- /dev/null +++ b/regress/sbin/pfctl/pfchksum3.in @@ -0,0 +1,8 @@ +pass in all +pass in from any to any +pass in proto tcp from any port <= 1024 to any label foo_bar +pass in proto tcp from any to any port = 25 +pass in proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != 22 +pass in proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts +pass in proto tcp from { 1.2.3.4, 1.2.3.5 } to any label \ +"$nr:$proto:$srcaddr:$srcport:$dstaddr:$dstport" diff --git a/regress/sbin/pfctl/pfchksum3.ok b/regress/sbin/pfctl/pfchksum3.ok new file mode 100644 index 00000000000..0c3595ec9ae --- /dev/null +++ b/regress/sbin/pfctl/pfchksum3.ok @@ -0,0 +1 @@ +Checksum: 0xd0ceaeecfbeb20f17a8eefbcb7260654 |