implement binat-to as a macro-like rule: a rule using the new binat-to

syntax will be expanded by the parser to a nat-to+rdr-to combination
to be loaded into the kernel.  this simplifies the migration from old
binat rules and is less error-prone.

feedback from many, manpage bits from jmc@
ok henning@

2 files changed, 6 insertions, 6 deletions

diff --git a/regress/sbin/pfctl/pfail19.in b/regress/sbin/pfctl/pfail19.in
index f9107c9fdf1..5529d4c956f 100644
--- a/regress/sbin/pfctl/pfail19.in
+++ b/regress/sbin/pfctl/pfail19.in
@@ -1,10 +1,8 @@
 # invalid table constructs
 match in on lo0 from any to any rdr-to <sometable>
 match out on lo0 from any to any nat-to <sometable>
-match out on lo0 from 1.1.1.1 to any nat-to <sometable> static-port
-match in on lo0 from any to <sometable> rdr-to 1.1.1.1
-match out on lo0 from <sometable> to any nat-to 1.1.1.1 static-port
-match in on lo0 from any to 1.1.1.1 rdr-to <sometable>
+match on lo0 from 1.1.1.1 to any binat-to <sometable>
+match on lo0 from <sometable> to any binat-to 1.1.1.1
 pass in from any to any dup-to (lo0 <sometable>)
 pass in from any to any  route-to (lo0 <sometable>)
 pass in from any to any reply-to (lo0 <sometable>)
diff --git a/regress/sbin/pfctl/pfail19.ok b/regress/sbin/pfctl/pfail19.ok
index ba4a4e7dcb8..332c0d07c16 100644
--- a/regress/sbin/pfctl/pfail19.ok
+++ b/regress/sbin/pfctl/pfail19.ok
@@ -1,2 +1,4 @@
-stdin:4: invalid use of table <sometable> as the redirect address of a binat rule
-stdin:5: invalid use of table <sometable> as the source address of a binat rule
+stdin:5: invalid use of table <sometable> as the source address of a binat-to rule
+stdin:5: invalid use of table <sometable> as the redirect address of a binat-to rule
+stdin:5: skipping rule due to errors
+stdin:5: rule expands to no valid combination