diff options
123 files changed, 877 insertions, 854 deletions
diff --git a/regress/sbin/pfctl/pf1.in b/regress/sbin/pfctl/pf1.in index 626bd582f3d..494eee3560f 100644 --- a/regress/sbin/pfctl/pf1.in +++ b/regress/sbin/pfctl/pf1.in @@ -1,5 +1,5 @@ pass in all -pass in from any to any +pass in from any to any no state pass in proto tcp from any port <= 1024 to any label foo_bar pass in proto tcp from any to any port = 25 pass in proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != 22 diff --git a/regress/sbin/pfctl/pf1.loaded b/regress/sbin/pfctl/pf1.loaded index 7bcd2c4f8e2..acd8619ae06 100644 --- a/regress/sbin/pfctl/pf1.loaded +++ b/regress/sbin/pfctl/pf1.loaded @@ -1,32 +1,32 @@ -@0 pass in all +@0 pass in all flags S/SA keep state [ Skip steps: i=end d=end f=4 p=2 sa=4 sp=2 da=4 dp=3 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in all +@1 pass in all flags S/SA no state [ Skip steps: i=end d=end f=4 sa=4 da=4 dp=3 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in proto tcp from any port <= 1024 to any label "foo_bar" +@2 pass in proto tcp from any port <= 1024 to any flags S/SA keep state label "foo_bar" [ Skip steps: i=end d=end f=4 p=5 sa=4 da=4 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in proto tcp from any to any port = smtp +@3 pass in proto tcp from any to any port = smtp flags S/SA keep state [ Skip steps: i=end d=end p=5 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh +@4 pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh flags S/SA keep state [ Skip steps: i=end d=end f=end sa=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts +@5 pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 keep state allow-opts [ Skip steps: i=end d=end f=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in inet proto tcp from 1.2.3.4 to any label "6:tcp:1.2.3.4::any:" +@6 pass in inet proto tcp from 1.2.3.4 to any flags S/SA keep state label "6:tcp:1.2.3.4::any:" [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in inet proto tcp from 1.2.3.5 to any label "7:tcp:1.2.3.5::any:" +@7 pass in inet proto tcp from 1.2.3.5 to any flags S/SA keep state label "7:tcp:1.2.3.5::any:" [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf1.ok b/regress/sbin/pfctl/pf1.ok index 4b2df4433d4..0e9d2b37054 100644 --- a/regress/sbin/pfctl/pf1.ok +++ b/regress/sbin/pfctl/pf1.ok @@ -1,8 +1,8 @@ -pass in all -pass in all -pass in proto tcp from any port <= 1024 to any label "foo_bar" -pass in proto tcp from any to any port = smtp -pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh -pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts -pass in inet proto tcp from 1.2.3.4 to any label "6:tcp:1.2.3.4::any:" -pass in inet proto tcp from 1.2.3.5 to any label "7:tcp:1.2.3.5::any:" +pass in all flags S/SA keep state +pass in all flags S/SA no state +pass in proto tcp from any port <= 1024 to any flags S/SA keep state label "foo_bar" +pass in proto tcp from any to any port = smtp flags S/SA keep state +pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh flags S/SA keep state +pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 keep state allow-opts +pass in inet proto tcp from 1.2.3.4 to any flags S/SA keep state label "6:tcp:1.2.3.4::any:" +pass in inet proto tcp from 1.2.3.5 to any flags S/SA keep state label "7:tcp:1.2.3.5::any:" diff --git a/regress/sbin/pfctl/pf1.optimized b/regress/sbin/pfctl/pf1.optimized index b790542fa9f..acd8619ae06 100644 --- a/regress/sbin/pfctl/pf1.optimized +++ b/regress/sbin/pfctl/pf1.optimized @@ -1,28 +1,32 @@ -@0 pass in all - [ Skip steps: i=end d=end f=3 sa=3 da=3 dp=2 ] +@0 pass in all flags S/SA keep state + [ Skip steps: i=end d=end f=4 p=2 sa=4 sp=2 da=4 dp=3 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in proto tcp from any port <= 1024 to any label "foo_bar" - [ Skip steps: i=end d=end f=3 p=4 sa=3 da=3 ] +@1 pass in all flags S/SA no state + [ Skip steps: i=end d=end f=4 sa=4 da=4 dp=3 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in proto tcp from any to any port = smtp - [ Skip steps: i=end d=end p=4 ] +@2 pass in proto tcp from any port <= 1024 to any flags S/SA keep state label "foo_bar" + [ Skip steps: i=end d=end f=4 p=5 sa=4 da=4 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh - [ Skip steps: i=end d=end f=end sa=5 ] +@3 pass in proto tcp from any to any port = smtp flags S/SA keep state + [ Skip steps: i=end d=end p=5 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts +@4 pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh flags S/SA keep state + [ Skip steps: i=end d=end f=end sa=6 ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@5 pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 keep state allow-opts [ Skip steps: i=end d=end f=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in inet proto tcp from 1.2.3.4 to any label "6:tcp:1.2.3.4::any:" +@6 pass in inet proto tcp from 1.2.3.4 to any flags S/SA keep state label "6:tcp:1.2.3.4::any:" [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in inet proto tcp from 1.2.3.5 to any label "7:tcp:1.2.3.5::any:" +@7 pass in inet proto tcp from 1.2.3.5 to any flags S/SA keep state label "7:tcp:1.2.3.5::any:" [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf10.loaded b/regress/sbin/pfctl/pf10.loaded index 616a3207ffe..04f75737b02 100644 --- a/regress/sbin/pfctl/pf10.loaded +++ b/regress/sbin/pfctl/pf10.loaded @@ -1,8 +1,8 @@ -@0 pass in inet proto icmp all +@0 pass in inet proto icmp all keep state [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in inet6 proto ipv6-icmp all +@1 pass in inet6 proto ipv6-icmp all keep state [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf10.ok b/regress/sbin/pfctl/pf10.ok index 4b331a33da3..4003c2306e9 100644 --- a/regress/sbin/pfctl/pf10.ok +++ b/regress/sbin/pfctl/pf10.ok @@ -1,5 +1,5 @@ -pass in inet proto icmp all -pass in inet6 proto ipv6-icmp all +pass in inet proto icmp all keep state +pass in inet6 proto ipv6-icmp all keep state block drop in inet proto icmp all block drop in inet6 proto ipv6-icmp all block return-rst in inet proto tcp all diff --git a/regress/sbin/pfctl/pf10.optimized b/regress/sbin/pfctl/pf10.optimized index 616d1c5beac..a9b4e8075ab 100644 --- a/regress/sbin/pfctl/pf10.optimized +++ b/regress/sbin/pfctl/pf10.optimized @@ -1,8 +1,8 @@ -@0 pass in inet proto icmp all +@0 pass in inet proto icmp all keep state [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in inet6 proto ipv6-icmp all +@1 pass in inet6 proto ipv6-icmp all keep state [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf11.loaded b/regress/sbin/pfctl/pf11.loaded index a72c3b51d96..8728d761725 100644 --- a/regress/sbin/pfctl/pf11.loaded +++ b/regress/sbin/pfctl/pf11.loaded @@ -1,32 +1,32 @@ -@0 pass in inet proto icmp all icmp-type echorep +@0 pass in inet proto icmp all icmp-type echorep keep state [ Skip steps: i=end d=end f=4 p=4 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in inet proto icmp all icmp-type echorep code 0 +@1 pass in inet proto icmp all icmp-type echorep code 0 keep state [ Skip steps: i=end d=end f=4 p=4 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in inet proto icmp all icmp-type 1 +@2 pass in inet proto icmp all icmp-type 1 keep state [ Skip steps: i=end d=end f=4 p=4 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in inet proto icmp all icmp-type 1 code 1 +@3 pass in inet proto icmp all icmp-type 1 code 1 keep state [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in inet6 proto ipv6-icmp all icmp6-type 0 +@4 pass in inet6 proto ipv6-icmp all icmp6-type 0 keep state [ Skip steps: i=end d=end f=8 p=8 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0 +@5 pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0 keep state [ Skip steps: i=end d=end f=8 p=8 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in inet6 proto ipv6-icmp all icmp6-type unreach +@6 pass in inet6 proto ipv6-icmp all icmp6-type unreach keep state [ Skip steps: i=end d=end f=8 p=8 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr +@7 pass in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr keep state [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -62,11 +62,11 @@ [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass in inet proto icmp all icmp-type unreach code needfrag +@16 pass in inet proto icmp all icmp-type unreach code needfrag keep state [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb +@17 pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf11.ok b/regress/sbin/pfctl/pf11.ok index a7dbcb85fe5..1268e772db2 100644 --- a/regress/sbin/pfctl/pf11.ok +++ b/regress/sbin/pfctl/pf11.ok @@ -1,11 +1,11 @@ -pass in inet proto icmp all icmp-type echorep -pass in inet proto icmp all icmp-type echorep code 0 -pass in inet proto icmp all icmp-type 1 -pass in inet proto icmp all icmp-type 1 code 1 -pass in inet6 proto ipv6-icmp all icmp6-type 0 -pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0 -pass in inet6 proto ipv6-icmp all icmp6-type unreach -pass in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr +pass in inet proto icmp all icmp-type echorep keep state +pass in inet proto icmp all icmp-type echorep code 0 keep state +pass in inet proto icmp all icmp-type 1 keep state +pass in inet proto icmp all icmp-type 1 code 1 keep state +pass in inet6 proto ipv6-icmp all icmp6-type 0 keep state +pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0 keep state +pass in inet6 proto ipv6-icmp all icmp6-type unreach keep state +pass in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr keep state block drop in inet proto icmp all icmp-type echorep block drop in inet proto icmp all icmp-type echorep code 0 block drop in inet proto icmp all icmp-type 1 @@ -14,5 +14,5 @@ block drop in inet6 proto ipv6-icmp all icmp6-type 0 block drop in inet6 proto ipv6-icmp all icmp6-type 0 code 0 block drop in inet6 proto ipv6-icmp all icmp6-type unreach block drop in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr -pass in inet proto icmp all icmp-type unreach code needfrag -pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb +pass in inet proto icmp all icmp-type unreach code needfrag keep state +pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb keep state diff --git a/regress/sbin/pfctl/pf11.optimized b/regress/sbin/pfctl/pf11.optimized index a72c3b51d96..8728d761725 100644 --- a/regress/sbin/pfctl/pf11.optimized +++ b/regress/sbin/pfctl/pf11.optimized @@ -1,32 +1,32 @@ -@0 pass in inet proto icmp all icmp-type echorep +@0 pass in inet proto icmp all icmp-type echorep keep state [ Skip steps: i=end d=end f=4 p=4 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in inet proto icmp all icmp-type echorep code 0 +@1 pass in inet proto icmp all icmp-type echorep code 0 keep state [ Skip steps: i=end d=end f=4 p=4 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in inet proto icmp all icmp-type 1 +@2 pass in inet proto icmp all icmp-type 1 keep state [ Skip steps: i=end d=end f=4 p=4 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in inet proto icmp all icmp-type 1 code 1 +@3 pass in inet proto icmp all icmp-type 1 code 1 keep state [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in inet6 proto ipv6-icmp all icmp6-type 0 +@4 pass in inet6 proto ipv6-icmp all icmp6-type 0 keep state [ Skip steps: i=end d=end f=8 p=8 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0 +@5 pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0 keep state [ Skip steps: i=end d=end f=8 p=8 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in inet6 proto ipv6-icmp all icmp6-type unreach +@6 pass in inet6 proto ipv6-icmp all icmp6-type unreach keep state [ Skip steps: i=end d=end f=8 p=8 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr +@7 pass in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr keep state [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -62,11 +62,11 @@ [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass in inet proto icmp all icmp-type unreach code needfrag +@16 pass in inet proto icmp all icmp-type unreach code needfrag keep state [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb +@17 pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf12.in b/regress/sbin/pfctl/pf12.in index 88088219f3d..15e4eae6af6 100644 --- a/regress/sbin/pfctl/pf12.in +++ b/regress/sbin/pfctl/pf12.in @@ -1,5 +1,5 @@ -pass in from 127.0.0.1 to 127.0.0.1/8 -pass in from 127.0.0.1/16 to 127.0.0.1/24 +pass in from 127.0.0.1 to 127.0.0.1/8 no state +pass in from 127.0.0.1/16 to 127.0.0.1/24 no state pass in from 127.0.0.1/25 to ! 127.0.0.1/26 pass in inet from ! localhost to localhost/16 pass in inet from ! lo0 to ! lo0/8 diff --git a/regress/sbin/pfctl/pf12.loaded b/regress/sbin/pfctl/pf12.loaded index 9c75fa22c71..f2125b2f885 100644 --- a/regress/sbin/pfctl/pf12.loaded +++ b/regress/sbin/pfctl/pf12.loaded @@ -1,20 +1,20 @@ -@0 pass in inet from 127.0.0.1 to 127.0.0.0/8 +@0 pass in inet from 127.0.0.1 to 127.0.0.0/8 flags S/SA no state [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in inet from 127.0.0.0/16 to 127.0.0.0/24 +@1 pass in inet from 127.0.0.0/16 to 127.0.0.0/24 flags S/SA no state [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 +@2 pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in inet from ! 127.0.0.1 to 127.0.0.0/16 +@3 pass in inet from ! 127.0.0.1 to 127.0.0.0/16 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 +@4 pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf12.ok b/regress/sbin/pfctl/pf12.ok index d4314a16c8f..1b7d3a82baf 100644 --- a/regress/sbin/pfctl/pf12.ok +++ b/regress/sbin/pfctl/pf12.ok @@ -1,5 +1,5 @@ -pass in inet from 127.0.0.1 to 127.0.0.0/8 -pass in inet from 127.0.0.0/16 to 127.0.0.0/24 -pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 -pass in inet from ! 127.0.0.1 to 127.0.0.0/16 -pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 +pass in inet from 127.0.0.1 to 127.0.0.0/8 flags S/SA no state +pass in inet from 127.0.0.0/16 to 127.0.0.0/24 flags S/SA no state +pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 flags S/SA keep state +pass in inet from ! 127.0.0.1 to 127.0.0.0/16 flags S/SA keep state +pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 flags S/SA keep state diff --git a/regress/sbin/pfctl/pf12.optimized b/regress/sbin/pfctl/pf12.optimized index c928123b373..bba18e5ef35 100644 --- a/regress/sbin/pfctl/pf12.optimized +++ b/regress/sbin/pfctl/pf12.optimized @@ -1,20 +1,20 @@ -@0 pass in inet from ! 127.0.0.1 to 127.0.0.0/16 - [ Skip steps: i=end d=end f=end p=end sa=2 sp=end dp=end ] +@0 pass in inet from 127.0.0.1 to 127.0.0.0/8 flags S/SA no state + [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 +@1 pass in inet from 127.0.0.0/16 to 127.0.0.0/24 flags S/SA no state [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in inet from 127.0.0.1 to 127.0.0.0/8 - [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] +@2 pass in inet from ! 127.0.0.1 to 127.0.0.0/16 flags S/SA keep state + [ Skip steps: i=end d=end f=end p=end sa=4 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in inet from 127.0.0.0/16 to 127.0.0.0/24 +@3 pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 +@4 pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf13.loaded b/regress/sbin/pfctl/pf13.loaded index 4dc8cd3259a..b8e29204835 100644 --- a/regress/sbin/pfctl/pf13.loaded +++ b/regress/sbin/pfctl/pf13.loaded @@ -1,24 +1,24 @@ -@0 pass in quick on enc0 fastroute all +@0 pass in quick on enc0 fastroute all flags S/SA keep state [ Skip steps: i=3 d=3 p=6 sa=8 sp=end da=4 dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in quick on enc0 fastroute inet all +@1 pass in quick on enc0 fastroute inet all flags S/SA keep state [ Skip steps: i=3 d=3 p=6 sa=8 sp=end da=4 dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in quick on enc0 fastroute inet6 all +@2 pass in quick on enc0 fastroute inet6 all flags S/SA keep state [ Skip steps: p=6 sa=8 sp=end da=4 dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass out quick on tun1000000 route-to tun1000001 inet all +@3 pass out quick on tun1000000 route-to tun1000001 inet all flags S/SA keep state [ Skip steps: i=end d=6 f=5 p=6 sa=8 sp=end dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass out quick on tun1000000 route-to tun1000001 inet from any to 192.168.1.1 +@4 pass out quick on tun1000000 route-to tun1000001 inet from any to 192.168.1.1 flags S/SA keep state [ Skip steps: i=end d=6 p=6 sa=8 sp=end dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass out quick on tun1000000 route-to tun1000001 inet6 from any to fec0::1 +@5 pass out quick on tun1000000 route-to tun1000001 inet6 from any to fec0::1 flags S/SA keep state [ Skip steps: i=end sa=8 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -30,11 +30,11 @@ [ Skip steps: i=end d=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass in quick on tun1000000 route-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 +@8 pass in quick on tun1000000 route-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state [ Skip steps: i=end d=end p=10 sp=end dp=10 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 pass in quick on tun1000000 route-to tun1000001 inet6 from fec0::/64 to fec1::2 +@9 pass in quick on tun1000000 route-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state [ Skip steps: i=end d=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -46,19 +46,19 @@ [ Skip steps: i=end d=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass in quick on tun1000000 reply-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 +@12 pass in quick on tun1000000 reply-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass in quick on tun1000000 reply-to tun1000001 inet6 from fec0::/64 to fec1::2 +@13 pass in quick on tun1000000 reply-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 pass in quick on tun1000000 dup-to (tun1000001 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 +@14 pass in quick on tun1000000 dup-to (tun1000001 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 pass in quick on tun1000000 dup-to (tun1000001 fec1::2) inet6 from fec0::/64 to fec1::2 +@15 pass in quick on tun1000000 dup-to (tun1000001 fec1::2) inet6 from fec0::/64 to fec1::2 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf13.ok b/regress/sbin/pfctl/pf13.ok index 63ff2e1204c..8062d2765bc 100644 --- a/regress/sbin/pfctl/pf13.ok +++ b/regress/sbin/pfctl/pf13.ok @@ -1,16 +1,16 @@ -pass in quick on enc0 fastroute all -pass in quick on enc0 fastroute inet all -pass in quick on enc0 fastroute inet6 all -pass out quick on tun1000000 route-to tun1000001 inet all -pass out quick on tun1000000 route-to tun1000001 inet from any to 192.168.1.1 -pass out quick on tun1000000 route-to tun1000001 inet6 from any to fec0::1 +pass in quick on enc0 fastroute all flags S/SA keep state +pass in quick on enc0 fastroute inet all flags S/SA keep state +pass in quick on enc0 fastroute inet6 all flags S/SA keep state +pass out quick on tun1000000 route-to tun1000001 inet all flags S/SA keep state +pass out quick on tun1000000 route-to tun1000001 inet from any to 192.168.1.1 flags S/SA keep state +pass out quick on tun1000000 route-to tun1000001 inet6 from any to fec0::1 flags S/SA keep state block drop in on tun1000000 dup-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp block drop in on tun1000000 dup-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp -pass in quick on tun1000000 route-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 -pass in quick on tun1000000 route-to tun1000001 inet6 from fec0::/64 to fec1::2 +pass in quick on tun1000000 route-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state +pass in quick on tun1000000 route-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state block drop in on tun1000000 reply-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp block drop in on tun1000000 reply-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp -pass in quick on tun1000000 reply-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 -pass in quick on tun1000000 reply-to tun1000001 inet6 from fec0::/64 to fec1::2 -pass in quick on tun1000000 dup-to (tun1000001 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 -pass in quick on tun1000000 dup-to (tun1000001 fec1::2) inet6 from fec0::/64 to fec1::2 +pass in quick on tun1000000 reply-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state +pass in quick on tun1000000 reply-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state +pass in quick on tun1000000 dup-to (tun1000001 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state +pass in quick on tun1000000 dup-to (tun1000001 fec1::2) inet6 from fec0::/64 to fec1::2 flags S/SA keep state diff --git a/regress/sbin/pfctl/pf13.optimized b/regress/sbin/pfctl/pf13.optimized index 4eb40cccfc8..c93ee922e24 100644 --- a/regress/sbin/pfctl/pf13.optimized +++ b/regress/sbin/pfctl/pf13.optimized @@ -1,16 +1,16 @@ -@0 pass in quick on enc0 fastroute all +@0 pass in quick on enc0 fastroute all flags S/SA keep state [ Skip steps: p=4 sa=6 sp=end da=2 dp=4 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass out quick on tun1000000 route-to tun1000001 inet all +@1 pass out quick on tun1000000 route-to tun1000001 inet all flags S/SA keep state [ Skip steps: i=end d=4 f=3 p=4 sa=6 sp=end dp=4 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass out quick on tun1000000 route-to tun1000001 inet from any to 192.168.1.1 +@2 pass out quick on tun1000000 route-to tun1000001 inet from any to 192.168.1.1 flags S/SA keep state [ Skip steps: i=end d=4 p=4 sa=6 sp=end dp=4 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass out quick on tun1000000 route-to tun1000001 inet6 from any to fec0::1 +@3 pass out quick on tun1000000 route-to tun1000001 inet6 from any to fec0::1 flags S/SA keep state [ Skip steps: i=end sa=6 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -22,11 +22,11 @@ [ Skip steps: i=end d=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in quick on tun1000000 route-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 +@6 pass in quick on tun1000000 route-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state [ Skip steps: i=end d=end p=8 sp=end dp=8 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in quick on tun1000000 route-to tun1000001 inet6 from fec0::/64 to fec1::2 +@7 pass in quick on tun1000000 route-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state [ Skip steps: i=end d=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -38,19 +38,19 @@ [ Skip steps: i=end d=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 pass in quick on tun1000000 reply-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 +@10 pass in quick on tun1000000 reply-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass in quick on tun1000000 reply-to tun1000001 inet6 from fec0::/64 to fec1::2 +@11 pass in quick on tun1000000 reply-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass in quick on tun1000000 dup-to (tun1000001 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 +@12 pass in quick on tun1000000 dup-to (tun1000001 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass in quick on tun1000000 dup-to (tun1000001 fec1::2) inet6 from fec0::/64 to fec1::2 +@13 pass in quick on tun1000000 dup-to (tun1000001 fec1::2) inet6 from fec0::/64 to fec1::2 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf14.loaded b/regress/sbin/pfctl/pf14.loaded index ecc993880bc..43d0448bce9 100644 --- a/regress/sbin/pfctl/pf14.loaded +++ b/regress/sbin/pfctl/pf14.loaded @@ -1,24 +1,24 @@ -@0 pass in quick on lo0 inet6 from fe80::1 to fe80::1 +@0 pass in quick on lo0 inet6 from fe80::1 to fe80::1 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=3 sp=end da=2 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in quick on lo0 inet6 from fe80::1 to fe80::1 +@1 pass in quick on lo0 inet6 from fe80::1 to fe80::1 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=3 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in quick on lo0 inet6 from fe80::1 to any +@2 pass in quick on lo0 inet6 from fe80::1 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in quick on lo0 inet6 from any to fe80::1 +@3 pass in quick on lo0 inet6 from any to fe80::1 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in quick on lo0 inet6 from fe80::1 to any +@4 pass in quick on lo0 inet6 from fe80::1 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in quick on lo0 inet6 from any to fe80::1 +@5 pass in quick on lo0 inet6 from any to fe80::1 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf14.ok b/regress/sbin/pfctl/pf14.ok index 77554a15adb..15cc43ff77c 100644 --- a/regress/sbin/pfctl/pf14.ok +++ b/regress/sbin/pfctl/pf14.ok @@ -1,6 +1,6 @@ -pass in quick on lo0 inet6 from fe80::1 to fe80::1 -pass in quick on lo0 inet6 from fe80::1 to fe80::1 -pass in quick on lo0 inet6 from fe80::1 to any -pass in quick on lo0 inet6 from any to fe80::1 -pass in quick on lo0 inet6 from fe80::1 to any -pass in quick on lo0 inet6 from any to fe80::1 +pass in quick on lo0 inet6 from fe80::1 to fe80::1 flags S/SA keep state +pass in quick on lo0 inet6 from fe80::1 to fe80::1 flags S/SA keep state +pass in quick on lo0 inet6 from fe80::1 to any flags S/SA keep state +pass in quick on lo0 inet6 from any to fe80::1 flags S/SA keep state +pass in quick on lo0 inet6 from fe80::1 to any flags S/SA keep state +pass in quick on lo0 inet6 from any to fe80::1 flags S/SA keep state diff --git a/regress/sbin/pfctl/pf14.optimized b/regress/sbin/pfctl/pf14.optimized index 7c732e166ce..f18879251d3 100644 --- a/regress/sbin/pfctl/pf14.optimized +++ b/regress/sbin/pfctl/pf14.optimized @@ -1,8 +1,8 @@ -@0 pass in quick on lo0 inet6 from fe80::1 to any +@0 pass in quick on lo0 inet6 from fe80::1 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in quick on lo0 inet6 from any to fe80::1 +@1 pass in quick on lo0 inet6 from any to fe80::1 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf16.in b/regress/sbin/pfctl/pf16.in index 1879d01427d..39d516e16e6 100644 --- a/regress/sbin/pfctl/pf16.in +++ b/regress/sbin/pfctl/pf16.in @@ -3,5 +3,4 @@ scrub in on lo0 all nat on lo0 from 192.168.1.1 to any -> 10.0.0.1 rdr on lo0 proto tcp from any to 1.2.3.4/32 port 2222 -> 10.0.0.10 port 22 binat on lo0 from 192.168.1.1 to any -> 10.0.0.1 -pass in on lo1000000 all - +pass in on lo1000000 all no state diff --git a/regress/sbin/pfctl/pf16.loaded b/regress/sbin/pfctl/pf16.loaded index 7cf47b89dd6..915a3ee228a 100644 --- a/regress/sbin/pfctl/pf16.loaded +++ b/regress/sbin/pfctl/pf16.loaded @@ -14,7 +14,7 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass in on lo1000000 all +@0 pass in on lo1000000 all flags S/SA no state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf16.ok b/regress/sbin/pfctl/pf16.ok index 0e81b947e60..972804396c2 100644 --- a/regress/sbin/pfctl/pf16.ok +++ b/regress/sbin/pfctl/pf16.ok @@ -2,4 +2,4 @@ scrub in on lo0 all fragment reassemble nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 rdr on lo0 inet proto tcp from any to 1.2.3.4 port = 2222 -> 10.0.0.10 port 22 binat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 -pass in on lo1000000 all +pass in on lo1000000 all flags S/SA no state diff --git a/regress/sbin/pfctl/pf16.optimized b/regress/sbin/pfctl/pf16.optimized index 7cf47b89dd6..915a3ee228a 100644 --- a/regress/sbin/pfctl/pf16.optimized +++ b/regress/sbin/pfctl/pf16.optimized @@ -14,7 +14,7 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass in on lo1000000 all +@0 pass in on lo1000000 all flags S/SA no state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf2.loaded b/regress/sbin/pfctl/pf2.loaded index 42311e3b24d..967e5d83ab6 100644 --- a/regress/sbin/pfctl/pf2.loaded +++ b/regress/sbin/pfctl/pf2.loaded @@ -66,23 +66,23 @@ [ Skip steps: i=end f=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass out on tun1000000 proto tcp all keep state +@17 pass out on tun1000000 proto tcp all flags S/SA keep state [ Skip steps: i=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 pass in on tun1000000 proto tcp from any to any port = ssh keep state +@18 pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 pass in on tun1000000 proto tcp from any to any port = smtp keep state +@19 pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 pass in on tun1000000 proto tcp from any to any port = domain keep state +@20 pass in on tun1000000 proto tcp from any to any port = domain flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@21 pass in on tun1000000 proto tcp from any to any port = auth keep state +@21 pass in on tun1000000 proto tcp from any to any port = auth flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf2.ok b/regress/sbin/pfctl/pf2.ok index 6d43bf94569..02e3099013e 100644 --- a/regress/sbin/pfctl/pf2.ok +++ b/regress/sbin/pfctl/pf2.ok @@ -15,8 +15,8 @@ pass out on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state pass in on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state pass out on tun1000000 proto udp all keep state pass in on tun1000000 proto udp from any to any port = domain keep state -pass out on tun1000000 proto tcp all keep state -pass in on tun1000000 proto tcp from any to any port = ssh keep state -pass in on tun1000000 proto tcp from any to any port = smtp keep state -pass in on tun1000000 proto tcp from any to any port = domain keep state -pass in on tun1000000 proto tcp from any to any port = auth keep state +pass out on tun1000000 proto tcp all flags S/SA keep state +pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA keep state +pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA keep state +pass in on tun1000000 proto tcp from any to any port = domain flags S/SA keep state +pass in on tun1000000 proto tcp from any to any port = auth flags S/SA keep state diff --git a/regress/sbin/pfctl/pf2.optimized b/regress/sbin/pfctl/pf2.optimized index aa34300d43f..1742eb3715a 100644 --- a/regress/sbin/pfctl/pf2.optimized +++ b/regress/sbin/pfctl/pf2.optimized @@ -50,19 +50,19 @@ [ Skip steps: d=19 f=17 sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass in on tun1000000 proto tcp from any to any port = ssh keep state +@13 pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA keep state [ Skip steps: i=end d=19 f=17 p=17 sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 pass in on tun1000000 proto tcp from any to any port = smtp keep state +@14 pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA keep state [ Skip steps: i=end d=19 f=17 p=17 sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 pass in on tun1000000 proto tcp from any to any port = domain keep state +@15 pass in on tun1000000 proto tcp from any to any port = domain flags S/SA keep state [ Skip steps: i=end d=19 f=17 p=17 sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass in on tun1000000 proto tcp from any to any port = auth keep state +@16 pass in on tun1000000 proto tcp from any to any port = auth flags S/SA keep state [ Skip steps: i=end d=19 sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -82,7 +82,7 @@ [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@21 pass out on tun1000000 proto tcp all keep state +@21 pass out on tun1000000 proto tcp all flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf24.loaded b/regress/sbin/pfctl/pf24.loaded index 229e6c3dd98..d92f7f50198 100644 --- a/regress/sbin/pfctl/pf24.loaded +++ b/regress/sbin/pfctl/pf24.loaded @@ -1,8 +1,8 @@ -@0 pass in proto tcp from any to any port = ssh +@0 pass in proto tcp from any to any port = ssh flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in proto tcp from any to any port = ftp +@1 pass in proto tcp from any to any port = ftp flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf24.ok b/regress/sbin/pfctl/pf24.ok index bf465ee9204..c6ff2f03701 100644 --- a/regress/sbin/pfctl/pf24.ok +++ b/regress/sbin/pfctl/pf24.ok @@ -3,5 +3,5 @@ b = "ftp" c = "ssh ftp" d = "ssh ftp ssh ftp" e = "ssh ftp ftp test ssh ftp" -pass in proto tcp from any to any port = ssh -pass in proto tcp from any to any port = ftp +pass in proto tcp from any to any port = ssh flags S/SA keep state +pass in proto tcp from any to any port = ftp flags S/SA keep state diff --git a/regress/sbin/pfctl/pf24.optimized b/regress/sbin/pfctl/pf24.optimized index 229e6c3dd98..d92f7f50198 100644 --- a/regress/sbin/pfctl/pf24.optimized +++ b/regress/sbin/pfctl/pf24.optimized @@ -1,8 +1,8 @@ -@0 pass in proto tcp from any to any port = ssh +@0 pass in proto tcp from any to any port = ssh flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in proto tcp from any to any port = ftp +@1 pass in proto tcp from any to any port = ftp flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf3.in b/regress/sbin/pfctl/pf3.in index c0c1ad0d30b..fc82383434b 100644 --- a/regress/sbin/pfctl/pf3.in +++ b/regress/sbin/pfctl/pf3.in @@ -6,4 +6,8 @@ block in proto tcp from any to any flags SF/SFRA block in proto tcp from any to any flags /SFRAW pass in proto { udp, icmp, tcp } from any to any flags S/SA -pass in from any to any flags S/SA +pass in from any to any flags S/SA no state +pass in from any to any flags any no state +pass in from any to any flags any +pass in from any to any keep state +pass in from any to any diff --git a/regress/sbin/pfctl/pf3.loaded b/regress/sbin/pfctl/pf3.loaded index 1c061effd91..b6e523fab9f 100644 --- a/regress/sbin/pfctl/pf3.loaded +++ b/regress/sbin/pfctl/pf3.loaded @@ -1,8 +1,8 @@ -@0 pass in all +@0 pass in all flags S/SA keep state [ Skip steps: i=end d=end f=end p=2 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in all +@1 pass in all flags S/SA keep state [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -18,19 +18,35 @@ [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in proto udp all +@5 pass in proto udp all keep state [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in proto icmp all +@6 pass in proto icmp all keep state [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in proto tcp all flags S/SA +@7 pass in proto tcp all flags S/SA keep state [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass in all flags S/SA +@8 pass in all flags S/SA no state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@9 pass in all flags any no state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@10 pass in all flags any keep state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@11 pass in all flags S/SA keep state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@12 pass in all flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf3.ok b/regress/sbin/pfctl/pf3.ok index 7f427387999..0de07584bbb 100644 --- a/regress/sbin/pfctl/pf3.ok +++ b/regress/sbin/pfctl/pf3.ok @@ -1,9 +1,13 @@ -pass in all -pass in all +pass in all flags S/SA keep state +pass in all flags S/SA keep state block drop in proto tcp all flags FPUEW/FSRPAUEW block drop in proto tcp all flags FS/FSRA block drop in proto tcp all flags /FSRAW -pass in proto udp all -pass in proto icmp all -pass in proto tcp all flags S/SA -pass in all flags S/SA +pass in proto udp all keep state +pass in proto icmp all keep state +pass in proto tcp all flags S/SA keep state +pass in all flags S/SA no state +pass in all flags any no state +pass in all flags any keep state +pass in all flags S/SA keep state +pass in all flags S/SA keep state diff --git a/regress/sbin/pfctl/pf3.optimized b/regress/sbin/pfctl/pf3.optimized index bf1eebbb17d..ddaffc46e0a 100644 --- a/regress/sbin/pfctl/pf3.optimized +++ b/regress/sbin/pfctl/pf3.optimized @@ -1,4 +1,4 @@ -@0 pass in all +@0 pass in all flags S/SA keep state [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -14,15 +14,23 @@ [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in proto udp all +@4 pass in proto udp all keep state [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in proto icmp all +@5 pass in proto icmp all keep state [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in all flags S/SA +@6 pass in proto tcp all flags S/SA keep state + [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@7 pass in all flags any no state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@8 pass in all flags any keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf32.loaded b/regress/sbin/pfctl/pf32.loaded index 8f597e5c5c2..ee61b979f94 100644 --- a/regress/sbin/pfctl/pf32.loaded +++ b/regress/sbin/pfctl/pf32.loaded @@ -1,24 +1,24 @@ -@0 pass in inet from 10.0.0.0/8 to any +@0 pass in inet from 10.0.0.0/8 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=2 sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in inet from 10.0.0.0/8 to any +@1 pass in inet from 10.0.0.0/8 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in inet from 192.168.37.0/25 to any +@2 pass in inet from 192.168.37.0/25 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in inet from 192.168.37.0/24 to any +@3 pass in inet from 192.168.37.0/24 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in inet from 192.168.0.0/16 to any +@4 pass in inet from 192.168.0.0/16 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in inet from 192.0.0.0/8 to any +@5 pass in inet from 192.0.0.0/8 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf32.ok b/regress/sbin/pfctl/pf32.ok index 7274de9f47f..826ce61ebcb 100644 --- a/regress/sbin/pfctl/pf32.ok +++ b/regress/sbin/pfctl/pf32.ok @@ -1,6 +1,6 @@ -pass in inet from 10.0.0.0/8 to any -pass in inet from 10.0.0.0/8 to any -pass in inet from 192.168.37.0/25 to any -pass in inet from 192.168.37.0/24 to any -pass in inet from 192.168.0.0/16 to any -pass in inet from 192.0.0.0/8 to any +pass in inet from 10.0.0.0/8 to any flags S/SA keep state +pass in inet from 10.0.0.0/8 to any flags S/SA keep state +pass in inet from 192.168.37.0/25 to any flags S/SA keep state +pass in inet from 192.168.37.0/24 to any flags S/SA keep state +pass in inet from 192.168.0.0/16 to any flags S/SA keep state +pass in inet from 192.0.0.0/8 to any flags S/SA keep state diff --git a/regress/sbin/pfctl/pf32.optimized b/regress/sbin/pfctl/pf32.optimized index 4e65cdd5f1e..0f1fb723ffb 100644 --- a/regress/sbin/pfctl/pf32.optimized +++ b/regress/sbin/pfctl/pf32.optimized @@ -1,8 +1,8 @@ -@0 pass in inet from 10.0.0.0/8 to any +@0 pass in inet from 10.0.0.0/8 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in inet from 192.0.0.0/8 to any +@1 pass in inet from 192.0.0.0/8 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf33.in b/regress/sbin/pfctl/pf33.in index c54583d6d7d..8b7d2a0496a 100644 --- a/regress/sbin/pfctl/pf33.in +++ b/regress/sbin/pfctl/pf33.in @@ -15,4 +15,4 @@ pass in on $ext_if inet proto tcp from any to any port 80 keep state queue http pass out on $ext_if inet proto tcp from any to any port 22 keep state queue ssh pass in on $ext_if inet proto tcp from any to any port 22 keep state queue ssh pass out on $ext_if inet proto tcp from any to any port 25 keep state queue mail -pass out on $ext_if inet all keep state +pass out on $ext_if inet all diff --git a/regress/sbin/pfctl/pf33.ok b/regress/sbin/pfctl/pf33.ok index c82f8c3d02e..a45faf50749 100644 --- a/regress/sbin/pfctl/pf33.ok +++ b/regress/sbin/pfctl/pf33.ok @@ -8,8 +8,8 @@ queue mail bandwidth 10% queue ssh bandwidth 200Kb priority 7 cbq( borrow ) queue rsets bandwidth 150Kb priority 0 cbq( red ) block return in on lo0 inet all queue rsets -pass in on lo0 inet proto tcp from any to any port = www keep state queue http -pass out on lo0 inet proto tcp from any to any port = ssh keep state queue ssh -pass in on lo0 inet proto tcp from any to any port = ssh keep state queue ssh -pass out on lo0 inet proto tcp from any to any port = smtp keep state queue mail -pass out on lo0 inet all keep state +pass in on lo0 inet proto tcp from any to any port = www flags S/SA keep state queue http +pass out on lo0 inet proto tcp from any to any port = ssh flags S/SA keep state queue ssh +pass in on lo0 inet proto tcp from any to any port = ssh flags S/SA keep state queue ssh +pass out on lo0 inet proto tcp from any to any port = smtp flags S/SA keep state queue mail +pass out on lo0 inet all flags S/SA keep state diff --git a/regress/sbin/pfctl/pf34.loaded b/regress/sbin/pfctl/pf34.loaded index a71c50fa61d..c626fc81346 100644 --- a/regress/sbin/pfctl/pf34.loaded +++ b/regress/sbin/pfctl/pf34.loaded @@ -1,20 +1,20 @@ -@0 pass in inet from any to 127.0.0.1 +@0 pass in inet from any to 127.0.0.1 flags S/SA keep state [ Skip steps: i=end d=end p=4 sa=4 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in inet6 from any to 2000::1 +@1 pass in inet6 from any to 2000::1 flags S/SA keep state [ Skip steps: i=end d=end p=4 sa=4 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in all probability 50% +@2 pass in all flags S/SA keep state probability 50% [ Skip steps: i=end d=end f=4 p=4 sa=4 sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in all probability 50% +@3 pass in all flags S/SA keep state probability 50% [ Skip steps: i=end d=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in inet6 proto tcp from ::1 to any probability 0.8% +@4 pass in inet6 proto tcp from ::1 to any flags S/SA keep state probability 0.8% [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf34.ok b/regress/sbin/pfctl/pf34.ok index cdb2b2b379f..a91f1ae50d2 100644 --- a/regress/sbin/pfctl/pf34.ok +++ b/regress/sbin/pfctl/pf34.ok @@ -1,5 +1,5 @@ -pass in inet from any to 127.0.0.1 -pass in inet6 from any to 2000::1 -pass in all probability 50% -pass in all probability 50% -pass in inet6 proto tcp from ::1 to any probability 0.8% +pass in inet from any to 127.0.0.1 flags S/SA keep state +pass in inet6 from any to 2000::1 flags S/SA keep state +pass in all flags S/SA keep state probability 50% +pass in all flags S/SA keep state probability 50% +pass in inet6 proto tcp from ::1 to any flags S/SA keep state probability 0.8% diff --git a/regress/sbin/pfctl/pf34.optimized b/regress/sbin/pfctl/pf34.optimized index a71c50fa61d..c626fc81346 100644 --- a/regress/sbin/pfctl/pf34.optimized +++ b/regress/sbin/pfctl/pf34.optimized @@ -1,20 +1,20 @@ -@0 pass in inet from any to 127.0.0.1 +@0 pass in inet from any to 127.0.0.1 flags S/SA keep state [ Skip steps: i=end d=end p=4 sa=4 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in inet6 from any to 2000::1 +@1 pass in inet6 from any to 2000::1 flags S/SA keep state [ Skip steps: i=end d=end p=4 sa=4 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in all probability 50% +@2 pass in all flags S/SA keep state probability 50% [ Skip steps: i=end d=end f=4 p=4 sa=4 sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in all probability 50% +@3 pass in all flags S/SA keep state probability 50% [ Skip steps: i=end d=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in inet6 proto tcp from ::1 to any probability 0.8% +@4 pass in inet6 proto tcp from ::1 to any flags S/SA keep state probability 0.8% [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf35.ok b/regress/sbin/pfctl/pf35.ok index ea5ca116b52..392f89d29c6 100644 --- a/regress/sbin/pfctl/pf35.ok +++ b/regress/sbin/pfctl/pf35.ok @@ -11,8 +11,8 @@ queue ssh bandwidth 20% cbq( borrow ) { ssh_interactive ssh_bulk } queue ssh_interactive bandwidth 30% priority 7 queue ssh_bulk bandwidth 70% priority 0 qlimit 60 block return out on lo0 inet all queue std -pass out on lo0 inet proto tcp from 10.0.0.0/24 to any port = www keep state queue developers -pass out on lo0 inet proto tcp from 10.0.1.0/24 to any port = www keep state queue employees -pass out on lo0 inet proto tcp from any to any port = ssh tos 0x10 keep state queue ssh_interactive -pass out on lo0 inet proto tcp from any to any port = ssh tos 0x08 keep state queue ssh_bulk -pass out on lo0 inet proto tcp from any to any port = smtp keep state queue mail +pass out on lo0 inet proto tcp from 10.0.0.0/24 to any port = www flags S/SA keep state queue developers +pass out on lo0 inet proto tcp from 10.0.1.0/24 to any port = www flags S/SA keep state queue employees +pass out on lo0 inet proto tcp from any to any port = ssh flags S/SA tos 0x10 keep state queue ssh_interactive +pass out on lo0 inet proto tcp from any to any port = ssh flags S/SA tos 0x08 keep state queue ssh_bulk +pass out on lo0 inet proto tcp from any to any port = smtp flags S/SA keep state queue mail diff --git a/regress/sbin/pfctl/pf38.loaded b/regress/sbin/pfctl/pf38.loaded index 3ca12c9642c..40c5f36a7dd 100644 --- a/regress/sbin/pfctl/pf38.loaded +++ b/regress/sbin/pfctl/pf38.loaded @@ -1,16 +1,16 @@ -@0 pass in on tun1000000 proto tcp all user = 3 +@0 pass in on tun1000000 proto tcp all user = 3 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in on tun1000000 proto tcp all group = 7 +@1 pass in on tun1000000 proto tcp all group = 7 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in on tun1000000 proto tcp all user = 3 group = 0 +@2 pass in on tun1000000 proto tcp all user = 3 group = 0 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in on tun1000000 proto tcp all user = 0 group = 0 +@3 pass in on tun1000000 proto tcp all user = 0 group = 0 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf38.ok b/regress/sbin/pfctl/pf38.ok index e0d567304fb..77e2ee63bf5 100644 --- a/regress/sbin/pfctl/pf38.ok +++ b/regress/sbin/pfctl/pf38.ok @@ -1,4 +1,4 @@ -pass in on tun1000000 proto tcp all user = 3 -pass in on tun1000000 proto tcp all group = 7 -pass in on tun1000000 proto tcp all user = 3 group = 0 -pass in on tun1000000 proto tcp all user = 0 group = 0 +pass in on tun1000000 proto tcp all user = 3 flags S/SA keep state +pass in on tun1000000 proto tcp all group = 7 flags S/SA keep state +pass in on tun1000000 proto tcp all user = 3 group = 0 flags S/SA keep state +pass in on tun1000000 proto tcp all user = 0 group = 0 flags S/SA keep state diff --git a/regress/sbin/pfctl/pf38.optimized b/regress/sbin/pfctl/pf38.optimized index 3ca12c9642c..40c5f36a7dd 100644 --- a/regress/sbin/pfctl/pf38.optimized +++ b/regress/sbin/pfctl/pf38.optimized @@ -1,16 +1,16 @@ -@0 pass in on tun1000000 proto tcp all user = 3 +@0 pass in on tun1000000 proto tcp all user = 3 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in on tun1000000 proto tcp all group = 7 +@1 pass in on tun1000000 proto tcp all group = 7 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in on tun1000000 proto tcp all user = 3 group = 0 +@2 pass in on tun1000000 proto tcp all user = 3 group = 0 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in on tun1000000 proto tcp all user = 0 group = 0 +@3 pass in on tun1000000 proto tcp all user = 0 group = 0 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf39.loaded b/regress/sbin/pfctl/pf39.loaded index 6116b14c57c..7ce257d4abc 100644 --- a/regress/sbin/pfctl/pf39.loaded +++ b/regress/sbin/pfctl/pf39.loaded @@ -18,19 +18,19 @@ [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname=blah qid=1 pqname= pqid=1 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in log quick on lo0 inet proto tcp all keep state +@5 pass in log quick on lo0 inet proto tcp all flags S/SA keep state [ Skip steps: i=end d=end f=end p=7 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in log quick on lo0 inet proto tcp all tos 0x08 keep state label "blah" queue blah +@6 pass in log quick on lo0 inet proto tcp all flags S/SA tos 0x08 keep state label "blah" queue blah [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname=blah qid=1 pqname= pqid=1 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 +@7 pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 keep state [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass in log quick on lo0 inet proto tcp all flags S/SA allow-opts +@8 pass in log quick on lo0 inet proto tcp all flags S/SA keep state allow-opts [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf39.ok b/regress/sbin/pfctl/pf39.ok index b2917b9820a..50e623de779 100644 --- a/regress/sbin/pfctl/pf39.ok +++ b/regress/sbin/pfctl/pf39.ok @@ -17,7 +17,7 @@ pass in log quick on lo0 inet proto icmp all user = 3 group = 32767 icmp-type ec pass in log quick on lo0 inet proto icmp all user = 3 group = 0 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah pass in log quick on lo0 inet proto icmp all user = 0 group = 32767 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah pass in log quick on lo0 inet proto icmp all user = 0 group = 0 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah -pass in log quick on lo0 inet proto tcp all keep state -pass in log quick on lo0 inet proto tcp all tos 0x08 keep state label "blah" queue blah -pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 -pass in log quick on lo0 inet proto tcp all flags S/SA allow-opts +pass in log quick on lo0 inet proto tcp all flags S/SA keep state +pass in log quick on lo0 inet proto tcp all flags S/SA tos 0x08 keep state label "blah" queue blah +pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 keep state +pass in log quick on lo0 inet proto tcp all flags S/SA keep state allow-opts diff --git a/regress/sbin/pfctl/pf39.optimized b/regress/sbin/pfctl/pf39.optimized index 6116b14c57c..7ce257d4abc 100644 --- a/regress/sbin/pfctl/pf39.optimized +++ b/regress/sbin/pfctl/pf39.optimized @@ -18,19 +18,19 @@ [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname=blah qid=1 pqname= pqid=1 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in log quick on lo0 inet proto tcp all keep state +@5 pass in log quick on lo0 inet proto tcp all flags S/SA keep state [ Skip steps: i=end d=end f=end p=7 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in log quick on lo0 inet proto tcp all tos 0x08 keep state label "blah" queue blah +@6 pass in log quick on lo0 inet proto tcp all flags S/SA tos 0x08 keep state label "blah" queue blah [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname=blah qid=1 pqname= pqid=1 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 +@7 pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 keep state [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass in log quick on lo0 inet proto tcp all flags S/SA allow-opts +@8 pass in log quick on lo0 inet proto tcp all flags S/SA keep state allow-opts [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf40.in b/regress/sbin/pfctl/pf40.in index 3a621aee443..0bd6ef907bc 100644 --- a/regress/sbin/pfctl/pf40.in +++ b/regress/sbin/pfctl/pf40.in @@ -8,9 +8,9 @@ block block return block return-rst proto tcp pass -pass in -pass out -pass all +pass in no state +pass out no state +pass all no state block in all block out all block from any to any diff --git a/regress/sbin/pfctl/pf40.loaded b/regress/sbin/pfctl/pf40.loaded index 85f1ad4dff6..9929d68dc69 100644 --- a/regress/sbin/pfctl/pf40.loaded +++ b/regress/sbin/pfctl/pf40.loaded @@ -34,19 +34,19 @@ [ Skip steps: i=12 d=4 f=end sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass all +@3 pass all flags S/SA keep state [ Skip steps: i=12 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in all +@4 pass in all flags S/SA no state [ Skip steps: i=12 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass out all +@5 pass out all flags S/SA no state [ Skip steps: i=12 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass all +@6 pass all flags S/SA no state [ Skip steps: i=12 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -62,11 +62,11 @@ [ Skip steps: i=12 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 pass in all +@10 pass in all flags S/SA keep state [ Skip steps: i=12 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass out all +@11 pass out all flags S/SA keep state [ Skip steps: f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -74,7 +74,7 @@ [ Skip steps: i=15 d=17 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass on lo0 all +@13 pass on lo0 all flags S/SA keep state [ Skip steps: i=15 d=17 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -82,7 +82,7 @@ [ Skip steps: d=17 f=end sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 pass proto tcp all flags S/SA +@15 pass proto tcp all flags S/SA keep state [ Skip steps: i=19 d=17 f=end sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -98,7 +98,7 @@ [ Skip steps: d=end f=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 pass out on lo0 proto tcp from any to any port = smtp keep state +@19 pass out on lo0 proto tcp from any to any port = smtp flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf40.ok b/regress/sbin/pfctl/pf40.ok index efb69064982..114b7c8ee24 100644 --- a/regress/sbin/pfctl/pf40.ok +++ b/regress/sbin/pfctl/pf40.ok @@ -7,20 +7,20 @@ scrub all fragment reassemble block drop all block return all block return-rst proto tcp all -pass all -pass in all -pass out all -pass all +pass all flags S/SA keep state +pass in all flags S/SA no state +pass out all flags S/SA no state +pass all flags S/SA no state block drop in all block drop out all block drop all -pass in all -pass out all +pass in all flags S/SA keep state +pass out all flags S/SA keep state block drop on lo0 all -pass on lo0 all +pass on lo0 all flags S/SA keep state block drop on lo0 all -pass proto tcp all flags S/SA +pass proto tcp all flags S/SA keep state pass proto udp all keep state pass in proto udp all keep state pass out proto udp all keep state -pass out on lo0 proto tcp from any to any port = smtp keep state +pass out on lo0 proto tcp from any to any port = smtp flags S/SA keep state diff --git a/regress/sbin/pfctl/pf40.optimized b/regress/sbin/pfctl/pf40.optimized index da23ce976c3..3c86abfc69b 100644 --- a/regress/sbin/pfctl/pf40.optimized +++ b/regress/sbin/pfctl/pf40.optimized @@ -23,54 +23,54 @@ [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @0 block drop all - [ Skip steps: i=7 d=5 f=end p=2 sa=end sp=end da=end dp=12 ] + [ Skip steps: i=8 d=6 f=end p=2 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @1 block return all - [ Skip steps: i=7 d=5 f=end sa=end sp=end da=end dp=12 ] + [ Skip steps: i=8 d=6 f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @2 block return-rst proto tcp all - [ Skip steps: i=7 d=5 f=end sa=end sp=end da=end dp=12 ] + [ Skip steps: i=8 d=6 f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass all - [ Skip steps: i=7 d=5 f=end p=10 sa=end sp=end da=end dp=12 ] +@3 pass all flags S/SA keep state + [ Skip steps: i=8 d=6 f=end p=11 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 block drop all - [ Skip steps: i=7 f=end p=10 sa=end sp=end da=end dp=12 ] +@4 pass all flags S/SA no state + [ Skip steps: i=8 d=6 f=end p=11 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in all - [ Skip steps: i=7 f=end p=10 sa=end sp=end da=end dp=12 ] +@5 block drop all + [ Skip steps: i=8 f=end p=11 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass out all - [ Skip steps: f=end p=10 sa=end sp=end da=end dp=12 ] +@6 pass in all flags S/SA keep state + [ Skip steps: i=8 f=end p=11 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 block drop on lo0 all - [ Skip steps: i=10 d=12 f=end p=10 sa=end sp=end da=end dp=12 ] +@7 pass out all flags S/SA keep state + [ Skip steps: f=end p=11 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass on lo0 all - [ Skip steps: i=10 d=12 f=end p=10 sa=end sp=end da=end dp=12 ] +@8 block drop on lo0 all + [ Skip steps: i=11 d=end f=end p=11 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 block drop on lo0 all - [ Skip steps: d=12 f=end sa=end sp=end da=end dp=12 ] +@9 pass on lo0 all flags S/SA keep state + [ Skip steps: i=11 d=end f=end p=11 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 pass proto tcp all flags S/SA - [ Skip steps: i=12 d=12 f=end sa=end sp=end da=end dp=12 ] +@10 block drop on lo0 all + [ Skip steps: d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass proto udp all keep state - [ Skip steps: f=end sa=end sp=end da=end ] +@11 pass proto tcp all flags S/SA keep state + [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass out on lo0 proto tcp from any to any port = smtp keep state +@12 pass proto udp all keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf43.ok b/regress/sbin/pfctl/pf43.ok index 67d1c28f4ed..def31b543a2 100644 --- a/regress/sbin/pfctl/pf43.ok +++ b/regress/sbin/pfctl/pf43.ok @@ -1,8 +1,8 @@ altq on lo0 cbq bandwidth 100Mb tbrsize 3648 queue { bulk prio } queue bulk bandwidth 70% cbq( default ) queue prio bandwidth 30% priority 7 -pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh queue(bulk, prio) -pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh queue bulk -pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh queue(bulk, prio) -pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh queue bulk -pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh queue(bulk, prio) +pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh flags S/SA keep state queue(bulk, prio) +pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh flags S/SA keep state queue bulk +pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh flags S/SA keep state queue(bulk, prio) +pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh flags S/SA keep state queue bulk +pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh flags S/SA keep state queue(bulk, prio) diff --git a/regress/sbin/pfctl/pf46.loaded b/regress/sbin/pfctl/pf46.loaded index 225da0038fa..efdb5212ded 100644 --- a/regress/sbin/pfctl/pf46.loaded +++ b/regress/sbin/pfctl/pf46.loaded @@ -1,32 +1,32 @@ -@0 pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all +@0 pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all flags S/SA keep state [ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all +@1 pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all flags S/SA keep state [ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in on lo0 route-to (pflog0 127.0.0.0/24) bitmask inet all +@2 pass in on lo0 route-to (pflog0 127.0.0.0/24) bitmask inet all flags S/SA keep state [ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass out on lo0 dup-to (pflog0 127.0.0.0/24) random inet all +@3 pass out on lo0 dup-to (pflog0 127.0.0.0/24) random inet all flags S/SA keep state [ Skip steps: i=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all +@4 pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all flags S/SA keep state [ Skip steps: i=end d=6 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all +@5 pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all flags S/SA keep state [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass out on lo0 route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all +@6 pass out on lo0 route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all flags S/SA keep state [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in on lo0 dup-to (pflog0 127.0.0.0/24) round-robin inet all +@7 pass in on lo0 dup-to (pflog0 127.0.0.0/24) round-robin inet all flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf46.ok b/regress/sbin/pfctl/pf46.ok index 24e793bbfa8..c45e1d042bf 100644 --- a/regress/sbin/pfctl/pf46.ok +++ b/regress/sbin/pfctl/pf46.ok @@ -1,8 +1,8 @@ -pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all -pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all -pass in on lo0 route-to (pflog0 127.0.0.0/24) bitmask inet all -pass out on lo0 dup-to (pflog0 127.0.0.0/24) random inet all -pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all -pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all -pass out on lo0 route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all -pass in on lo0 dup-to (pflog0 127.0.0.0/24) round-robin inet all +pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all flags S/SA keep state +pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all flags S/SA keep state +pass in on lo0 route-to (pflog0 127.0.0.0/24) bitmask inet all flags S/SA keep state +pass out on lo0 dup-to (pflog0 127.0.0.0/24) random inet all flags S/SA keep state +pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all flags S/SA keep state +pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all flags S/SA keep state +pass out on lo0 route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all flags S/SA keep state +pass in on lo0 dup-to (pflog0 127.0.0.0/24) round-robin inet all flags S/SA keep state diff --git a/regress/sbin/pfctl/pf46.optimized b/regress/sbin/pfctl/pf46.optimized index 225da0038fa..efdb5212ded 100644 --- a/regress/sbin/pfctl/pf46.optimized +++ b/regress/sbin/pfctl/pf46.optimized @@ -1,32 +1,32 @@ -@0 pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all +@0 pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all flags S/SA keep state [ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all +@1 pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all flags S/SA keep state [ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in on lo0 route-to (pflog0 127.0.0.0/24) bitmask inet all +@2 pass in on lo0 route-to (pflog0 127.0.0.0/24) bitmask inet all flags S/SA keep state [ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass out on lo0 dup-to (pflog0 127.0.0.0/24) random inet all +@3 pass out on lo0 dup-to (pflog0 127.0.0.0/24) random inet all flags S/SA keep state [ Skip steps: i=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all +@4 pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all flags S/SA keep state [ Skip steps: i=end d=6 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all +@5 pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all flags S/SA keep state [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass out on lo0 route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all +@6 pass out on lo0 route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all flags S/SA keep state [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in on lo0 dup-to (pflog0 127.0.0.0/24) round-robin inet all +@7 pass in on lo0 dup-to (pflog0 127.0.0.0/24) round-robin inet all flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf47.loaded b/regress/sbin/pfctl/pf47.loaded index f674854fc3b..cdbc89021e9 100644 --- a/regress/sbin/pfctl/pf47.loaded +++ b/regress/sbin/pfctl/pf47.loaded @@ -1,244 +1,244 @@ -@0 pass in on lo0 all +@0 pass in on lo0 all flags S/SA keep state [ Skip steps: d=end f=5 p=35 sa=6 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in all label "any" +@1 pass in all flags S/SA keep state label "any" [ Skip steps: d=end f=5 p=35 sa=6 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in on lo0 all label "lo0" +@2 pass in on lo0 all flags S/SA keep state label "lo0" [ Skip steps: i=end d=end f=5 p=35 sa=6 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in on lo0 all label "lo0lo0" +@3 pass in on lo0 all flags S/SA keep state label "lo0lo0" [ Skip steps: i=end d=end f=5 p=35 sa=6 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in on lo0 all label "any" +@4 pass in on lo0 all flags S/SA keep state label "any" [ Skip steps: i=end d=end p=35 sa=6 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in on lo0 inet all label "any" +@5 pass in on lo0 inet all flags S/SA keep state label "any" [ Skip steps: i=end d=end f=12 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in on lo0 inet from 127.0.0.1 to any label "127.0.0.1" +@6 pass in on lo0 inet from 127.0.0.1 to any flags S/SA keep state label "127.0.0.1" [ Skip steps: i=end d=end f=12 p=35 sa=9 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in on lo0 inet from 127.0.0.1 to any label "127.0.0.1127.0.0.1" +@7 pass in on lo0 inet from 127.0.0.1 to any flags S/SA keep state label "127.0.0.1127.0.0.1" [ Skip steps: i=end d=end f=12 p=35 sa=9 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass in on lo0 inet from 127.0.0.1 to any label ":127.0.0.1:127.0.0.1:" +@8 pass in on lo0 inet from 127.0.0.1 to any flags S/SA keep state label ":127.0.0.1:127.0.0.1:" [ Skip steps: i=end d=end f=12 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 pass in on lo0 inet from 127.0.0.0/8 to any label "127.0.0.0/8" +@9 pass in on lo0 inet from 127.0.0.0/8 to any flags S/SA keep state label "127.0.0.0/8" [ Skip steps: i=end d=end f=12 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 pass in on lo0 inet from 127.0.0.0/16 to any label "127.0.0.0/16127.0.0.0/16" +@10 pass in on lo0 inet from 127.0.0.0/16 to any flags S/SA keep state label "127.0.0.0/16127.0.0.0/16" [ Skip steps: i=end d=end f=12 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass in on lo0 inet from 127.0.0.0/31 to any label ":127.0.0.0/31:127.0.0.0/31:" +@11 pass in on lo0 inet from 127.0.0.0/31 to any flags S/SA keep state label ":127.0.0.0/31:127.0.0.0/31:" [ Skip steps: i=end d=end p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass in on lo0 inet6 from fe80::1 to any label "fe80::1" +@12 pass in on lo0 inet6 from fe80::1 to any flags S/SA keep state label "fe80::1" [ Skip steps: i=end d=end f=21 p=35 sa=15 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass in on lo0 inet6 from fe80::1 to any label "fe80::1fe80::1" +@13 pass in on lo0 inet6 from fe80::1 to any flags S/SA keep state label "fe80::1fe80::1" [ Skip steps: i=end d=end f=21 p=35 sa=15 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 pass in on lo0 inet6 from fe80::1 to any label ":fe80::1:fe80::1:" +@14 pass in on lo0 inet6 from fe80::1 to any flags S/SA keep state label ":fe80::1:fe80::1:" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 pass in on lo0 inet6 from ::/8 to any label "::/8" +@15 pass in on lo0 inet6 from ::/8 to any flags S/SA keep state label "::/8" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass in on lo0 inet6 from fe00::/8 to any label "fe00::/8" +@16 pass in on lo0 inet6 from fe00::/8 to any flags S/SA keep state label "fe00::/8" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass in on lo0 inet6 from ::/64 to any label "::/64::/64" +@17 pass in on lo0 inet6 from ::/64 to any flags S/SA keep state label "::/64::/64" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 pass in on lo0 inet6 from fe80::/64 to any label "fe80::/64fe80::/64" +@18 pass in on lo0 inet6 from fe80::/64 to any flags S/SA keep state label "fe80::/64fe80::/64" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 pass in on lo0 inet6 from ::/127 to any label ":::/127:::/127:" +@19 pass in on lo0 inet6 from ::/127 to any flags S/SA keep state label ":::/127:::/127:" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 pass in on lo0 inet6 from fe80::/127 to any label ":fe80::/127:fe80::/127:" +@20 pass in on lo0 inet6 from fe80::/127 to any flags S/SA keep state label ":fe80::/127:fe80::/127:" [ Skip steps: i=end d=end p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@21 pass in on lo0 all label "!any!" +@21 pass in on lo0 all flags S/SA keep state label "!any!" [ Skip steps: i=end d=end p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@22 pass in on lo0 inet from any to (lo0:1) label "(lo0)" +@22 pass in on lo0 inet from any to (lo0:1) flags S/SA keep state label "(lo0)" [ Skip steps: i=end d=end f=28 p=35 sa=60 sp=35 da=25 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@23 pass in on lo0 inet from any to (lo0:1) label "(lo0)(lo0)" +@23 pass in on lo0 inet from any to (lo0:1) flags S/SA keep state label "(lo0)(lo0)" [ Skip steps: i=end d=end f=28 p=35 sa=60 sp=35 da=25 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@24 pass in on lo0 inet from any to (lo0:1) label " (lo0) (lo0) " +@24 pass in on lo0 inet from any to (lo0:1) flags S/SA keep state label " (lo0) (lo0) " [ Skip steps: i=end d=end f=28 p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@25 pass in on lo0 inet from any to ! 127.0.0.0/8 label "! 127.0.0.0/8" +@25 pass in on lo0 inet from any to ! 127.0.0.0/8 flags S/SA keep state label "! 127.0.0.0/8" [ Skip steps: i=end d=end f=28 p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@26 pass in on lo0 inet from any to ! 127.0.0.0/16 label "! 127.0.0.0/16! 127.0.0.0/16" +@26 pass in on lo0 inet from any to ! 127.0.0.0/16 flags S/SA keep state label "! 127.0.0.0/16! 127.0.0.0/16" [ Skip steps: i=end d=end f=28 p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@27 pass in on lo0 inet from any to ! 127.0.0.0/31 label " ! 127.0.0.0/31 ! 127.0.0.0/31 " +@27 pass in on lo0 inet from any to ! 127.0.0.0/31 flags S/SA keep state label " ! 127.0.0.0/31 ! 127.0.0.0/31 " [ Skip steps: i=end d=end p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@28 pass in on lo0 inet6 from any to ! (lo0:2) label "! (lo0)" +@28 pass in on lo0 inet6 from any to ! (lo0:2) flags S/SA keep state label "! (lo0)" [ Skip steps: i=end d=end f=34 p=35 sa=60 sp=35 da=31 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@29 pass in on lo0 inet6 from any to ! (lo0:2) label "! (lo0)! (lo0)" +@29 pass in on lo0 inet6 from any to ! (lo0:2) flags S/SA keep state label "! (lo0)! (lo0)" [ Skip steps: i=end d=end f=34 p=35 sa=60 sp=35 da=31 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@30 pass in on lo0 inet6 from any to ! (lo0:2) label " ! (lo0) ! (lo0) " +@30 pass in on lo0 inet6 from any to ! (lo0:2) flags S/SA keep state label " ! (lo0) ! (lo0) " [ Skip steps: i=end d=end f=34 p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@31 pass in on lo0 inet6 from any to ! ::/8 label "! ::/8" +@31 pass in on lo0 inet6 from any to ! ::/8 flags S/SA keep state label "! ::/8" [ Skip steps: i=end d=end f=34 p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@32 pass in on lo0 inet6 from any to ! ::/64 label "! ::/64! ::/64" +@32 pass in on lo0 inet6 from any to ! ::/64 flags S/SA keep state label "! ::/64! ::/64" [ Skip steps: i=end d=end f=34 p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@33 pass in on lo0 inet6 from any to ! ::/127 label " ! ::/127 ! ::/127 " +@33 pass in on lo0 inet6 from any to ! ::/127 flags S/SA keep state label " ! ::/127 ! ::/127 " [ Skip steps: i=end d=end p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@34 pass in on lo0 all label "xx" +@34 pass in on lo0 all flags S/SA keep state label "xx" [ Skip steps: i=end d=end f=60 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@35 pass in on lo0 proto tcp from any port = 28 to any label "28" +@35 pass in on lo0 proto tcp from any port = 28 to any flags S/SA keep state label "28" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@36 pass in on lo0 proto tcp from any port 28 >< 29 to any label "28><29" +@36 pass in on lo0 proto tcp from any port 28 >< 29 to any flags S/SA keep state label "28><29" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@37 pass in on lo0 proto tcp from any port 28 <> 29 to any label "28<>29" +@37 pass in on lo0 proto tcp from any port 28 <> 29 to any flags S/SA keep state label "28<>29" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@38 pass in on lo0 proto tcp from any port 28:29 to any +@38 pass in on lo0 proto tcp from any port 28:29 to any flags S/SA keep state [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@39 pass in on lo0 proto tcp from any port != 28 to any label "!=28" +@39 pass in on lo0 proto tcp from any port != 28 to any flags S/SA keep state label "!=28" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@40 pass in on lo0 proto tcp from any port < 28 to any label "<28" +@40 pass in on lo0 proto tcp from any port < 28 to any flags S/SA keep state label "<28" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@41 pass in on lo0 proto tcp from any port <= 28 to any label "<=28" +@41 pass in on lo0 proto tcp from any port <= 28 to any flags S/SA keep state label "<=28" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@42 pass in on lo0 proto tcp from any port > 28 to any label ">28" +@42 pass in on lo0 proto tcp from any port > 28 to any flags S/SA keep state label ">28" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@43 pass in on lo0 proto tcp from any port >= 28 to any label ">=28" +@43 pass in on lo0 proto tcp from any port >= 28 to any flags S/SA keep state label ">=28" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@44 pass in on lo0 proto tcp from any port = 28 to any label "2828" +@44 pass in on lo0 proto tcp from any port = 28 to any flags S/SA keep state label "2828" [ Skip steps: i=end d=end f=60 p=46 sa=60 sp=46 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@45 pass in on lo0 proto tcp from any port = 28 to any label "$28$28$" +@45 pass in on lo0 proto tcp from any port = 28 to any flags S/SA keep state label "$28$28$" [ Skip steps: i=end d=end f=60 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@46 pass in on lo0 all +@46 pass in on lo0 all flags S/SA keep state [ Skip steps: i=end d=end f=60 sa=60 sp=60 da=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@47 pass in on lo0 proto udp from any to any port = 29 label "29" +@47 pass in on lo0 proto udp from any to any port = 29 keep state label "29" [ Skip steps: i=end d=end f=60 p=50 sa=60 sp=60 da=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@48 pass in on lo0 proto udp from any to any port != 29 label "!=29!=29" +@48 pass in on lo0 proto udp from any to any port != 29 keep state label "!=29!=29" [ Skip steps: i=end d=end f=60 p=50 sa=60 sp=60 da=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@49 pass in on lo0 proto udp from any to any port > 29 label "x>29x>29x" +@49 pass in on lo0 proto udp from any to any port > 29 keep state label "x>29x>29x" [ Skip steps: i=end d=end f=60 sa=60 sp=60 da=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@50 pass in on lo0 all label "ip" +@50 pass in on lo0 all flags S/SA keep state label "ip" [ Skip steps: i=end d=end f=60 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@51 pass in on lo0 proto esp all label "esp" +@51 pass in on lo0 proto esp all keep state label "esp" [ Skip steps: i=end d=end f=60 p=54 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@52 pass in on lo0 proto esp all label "espesp" +@52 pass in on lo0 proto esp all keep state label "espesp" [ Skip steps: i=end d=end f=60 p=54 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@53 pass in on lo0 proto esp all label "-esp-esp-" +@53 pass in on lo0 proto esp all keep state label "-esp-esp-" [ Skip steps: i=end d=end f=60 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@54 pass in on lo0 proto 166 all label "166" +@54 pass in on lo0 proto 166 all keep state label "166" [ Skip steps: i=end d=end f=60 p=57 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@55 pass in on lo0 proto 166 all label "166166" +@55 pass in on lo0 proto 166 all keep state label "166166" [ Skip steps: i=end d=end f=60 p=57 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@56 pass in on lo0 proto 166 all label "_166_166_" +@56 pass in on lo0 proto 166 all keep state label "_166_166_" [ Skip steps: i=end d=end f=60 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@57 pass in on lo0 all label "57" +@57 pass in on lo0 all flags S/SA keep state label "57" [ Skip steps: i=end d=end f=60 p=60 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@58 pass in on lo0 all label "5858" +@58 pass in on lo0 all flags S/SA keep state label "5858" [ Skip steps: i=end d=end f=60 p=60 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@59 pass in on lo0 all label "%59%59%" +@59 pass in on lo0 all flags S/SA keep state label "%59%59%" [ Skip steps: i=end d=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@60 pass in on lo0 inet proto tcp from 127.0.0.1 port = 30 to 127.0.0.2 port = 44 label "if lo0 proto tcp 127.0.0.1 30 127.0.0.2 44" +@60 pass in on lo0 inet proto tcp from 127.0.0.1 port = 30 to 127.0.0.2 port = 44 flags S/SA keep state label "if lo0 proto tcp 127.0.0.1 30 127.0.0.2 44" [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf47.ok b/regress/sbin/pfctl/pf47.ok index a1e0485c5f1..fb9e6e3c158 100644 --- a/regress/sbin/pfctl/pf47.ok +++ b/regress/sbin/pfctl/pf47.ok @@ -1,61 +1,61 @@ -pass in on lo0 all -pass in all label "any" -pass in on lo0 all label "lo0" -pass in on lo0 all label "lo0lo0" -pass in on lo0 all label "any" -pass in on lo0 inet all label "any" -pass in on lo0 inet from 127.0.0.1 to any label "127.0.0.1" -pass in on lo0 inet from 127.0.0.1 to any label "127.0.0.1127.0.0.1" -pass in on lo0 inet from 127.0.0.1 to any label ":127.0.0.1:127.0.0.1:" -pass in on lo0 inet from 127.0.0.0/8 to any label "127.0.0.0/8" -pass in on lo0 inet from 127.0.0.0/16 to any label "127.0.0.0/16127.0.0.0/16" -pass in on lo0 inet from 127.0.0.0/31 to any label ":127.0.0.0/31:127.0.0.0/31:" -pass in on lo0 inet6 from fe80::1 to any label "fe80::1" -pass in on lo0 inet6 from fe80::1 to any label "fe80::1fe80::1" -pass in on lo0 inet6 from fe80::1 to any label ":fe80::1:fe80::1:" -pass in on lo0 inet6 from ::/8 to any label "::/8" -pass in on lo0 inet6 from fe00::/8 to any label "fe00::/8" -pass in on lo0 inet6 from ::/64 to any label "::/64::/64" -pass in on lo0 inet6 from fe80::/64 to any label "fe80::/64fe80::/64" -pass in on lo0 inet6 from ::/127 to any label ":::/127:::/127:" -pass in on lo0 inet6 from fe80::/127 to any label ":fe80::/127:fe80::/127:" -pass in on lo0 all label "!any!" -pass in on lo0 inet from any to (lo0) label "(lo0)" -pass in on lo0 inet from any to (lo0) label "(lo0)(lo0)" -pass in on lo0 inet from any to (lo0) label " (lo0) (lo0) " -pass in on lo0 inet from any to ! 127.0.0.0/8 label "! 127.0.0.0/8" -pass in on lo0 inet from any to ! 127.0.0.0/16 label "! 127.0.0.0/16! 127.0.0.0/16" -pass in on lo0 inet from any to ! 127.0.0.0/31 label " ! 127.0.0.0/31 ! 127.0.0.0/31 " -pass in on lo0 inet6 from any to ! (lo0) label "! (lo0)" -pass in on lo0 inet6 from any to ! (lo0) label "! (lo0)! (lo0)" -pass in on lo0 inet6 from any to ! (lo0) label " ! (lo0) ! (lo0) " -pass in on lo0 inet6 from any to ! ::/8 label "! ::/8" -pass in on lo0 inet6 from any to ! ::/64 label "! ::/64! ::/64" -pass in on lo0 inet6 from any to ! ::/127 label " ! ::/127 ! ::/127 " -pass in on lo0 all label "xx" -pass in on lo0 proto tcp from any port = 28 to any label "28" -pass in on lo0 proto tcp from any port 28 >< 29 to any label "28><29" -pass in on lo0 proto tcp from any port 28 <> 29 to any label "28<>29" -pass in on lo0 proto tcp from any port 28:29 to any -pass in on lo0 proto tcp from any port != 28 to any label "!=28" -pass in on lo0 proto tcp from any port < 28 to any label "<28" -pass in on lo0 proto tcp from any port <= 28 to any label "<=28" -pass in on lo0 proto tcp from any port > 28 to any label ">28" -pass in on lo0 proto tcp from any port >= 28 to any label ">=28" -pass in on lo0 proto tcp from any port = 28 to any label "2828" -pass in on lo0 proto tcp from any port = 28 to any label "$28$28$" -pass in on lo0 all -pass in on lo0 proto udp from any to any port = 29 label "29" -pass in on lo0 proto udp from any to any port != 29 label "!=29!=29" -pass in on lo0 proto udp from any to any port > 29 label "x>29x>29x" -pass in on lo0 all label "ip" -pass in on lo0 proto esp all label "esp" -pass in on lo0 proto esp all label "espesp" -pass in on lo0 proto esp all label "-esp-esp-" -pass in on lo0 proto 166 all label "166" -pass in on lo0 proto 166 all label "166166" -pass in on lo0 proto 166 all label "_166_166_" -pass in on lo0 all label "57" -pass in on lo0 all label "5858" -pass in on lo0 all label "%59%59%" -pass in on lo0 inet proto tcp from 127.0.0.1 port = 30 to 127.0.0.2 port = 44 label "if lo0 proto tcp 127.0.0.1 30 127.0.0.2 44" +pass in on lo0 all flags S/SA keep state +pass in all flags S/SA keep state label "any" +pass in on lo0 all flags S/SA keep state label "lo0" +pass in on lo0 all flags S/SA keep state label "lo0lo0" +pass in on lo0 all flags S/SA keep state label "any" +pass in on lo0 inet all flags S/SA keep state label "any" +pass in on lo0 inet from 127.0.0.1 to any flags S/SA keep state label "127.0.0.1" +pass in on lo0 inet from 127.0.0.1 to any flags S/SA keep state label "127.0.0.1127.0.0.1" +pass in on lo0 inet from 127.0.0.1 to any flags S/SA keep state label ":127.0.0.1:127.0.0.1:" +pass in on lo0 inet from 127.0.0.0/8 to any flags S/SA keep state label "127.0.0.0/8" +pass in on lo0 inet from 127.0.0.0/16 to any flags S/SA keep state label "127.0.0.0/16127.0.0.0/16" +pass in on lo0 inet from 127.0.0.0/31 to any flags S/SA keep state label ":127.0.0.0/31:127.0.0.0/31:" +pass in on lo0 inet6 from fe80::1 to any flags S/SA keep state label "fe80::1" +pass in on lo0 inet6 from fe80::1 to any flags S/SA keep state label "fe80::1fe80::1" +pass in on lo0 inet6 from fe80::1 to any flags S/SA keep state label ":fe80::1:fe80::1:" +pass in on lo0 inet6 from ::/8 to any flags S/SA keep state label "::/8" +pass in on lo0 inet6 from fe00::/8 to any flags S/SA keep state label "fe00::/8" +pass in on lo0 inet6 from ::/64 to any flags S/SA keep state label "::/64::/64" +pass in on lo0 inet6 from fe80::/64 to any flags S/SA keep state label "fe80::/64fe80::/64" +pass in on lo0 inet6 from ::/127 to any flags S/SA keep state label ":::/127:::/127:" +pass in on lo0 inet6 from fe80::/127 to any flags S/SA keep state label ":fe80::/127:fe80::/127:" +pass in on lo0 all flags S/SA keep state label "!any!" +pass in on lo0 inet from any to (lo0) flags S/SA keep state label "(lo0)" +pass in on lo0 inet from any to (lo0) flags S/SA keep state label "(lo0)(lo0)" +pass in on lo0 inet from any to (lo0) flags S/SA keep state label " (lo0) (lo0) " +pass in on lo0 inet from any to ! 127.0.0.0/8 flags S/SA keep state label "! 127.0.0.0/8" +pass in on lo0 inet from any to ! 127.0.0.0/16 flags S/SA keep state label "! 127.0.0.0/16! 127.0.0.0/16" +pass in on lo0 inet from any to ! 127.0.0.0/31 flags S/SA keep state label " ! 127.0.0.0/31 ! 127.0.0.0/31 " +pass in on lo0 inet6 from any to ! (lo0) flags S/SA keep state label "! (lo0)" +pass in on lo0 inet6 from any to ! (lo0) flags S/SA keep state label "! (lo0)! (lo0)" +pass in on lo0 inet6 from any to ! (lo0) flags S/SA keep state label " ! (lo0) ! (lo0) " +pass in on lo0 inet6 from any to ! ::/8 flags S/SA keep state label "! ::/8" +pass in on lo0 inet6 from any to ! ::/64 flags S/SA keep state label "! ::/64! ::/64" +pass in on lo0 inet6 from any to ! ::/127 flags S/SA keep state label " ! ::/127 ! ::/127 " +pass in on lo0 all flags S/SA keep state label "xx" +pass in on lo0 proto tcp from any port = 28 to any flags S/SA keep state label "28" +pass in on lo0 proto tcp from any port 28 >< 29 to any flags S/SA keep state label "28><29" +pass in on lo0 proto tcp from any port 28 <> 29 to any flags S/SA keep state label "28<>29" +pass in on lo0 proto tcp from any port 28:29 to any flags S/SA keep state +pass in on lo0 proto tcp from any port != 28 to any flags S/SA keep state label "!=28" +pass in on lo0 proto tcp from any port < 28 to any flags S/SA keep state label "<28" +pass in on lo0 proto tcp from any port <= 28 to any flags S/SA keep state label "<=28" +pass in on lo0 proto tcp from any port > 28 to any flags S/SA keep state label ">28" +pass in on lo0 proto tcp from any port >= 28 to any flags S/SA keep state label ">=28" +pass in on lo0 proto tcp from any port = 28 to any flags S/SA keep state label "2828" +pass in on lo0 proto tcp from any port = 28 to any flags S/SA keep state label "$28$28$" +pass in on lo0 all flags S/SA keep state +pass in on lo0 proto udp from any to any port = 29 keep state label "29" +pass in on lo0 proto udp from any to any port != 29 keep state label "!=29!=29" +pass in on lo0 proto udp from any to any port > 29 keep state label "x>29x>29x" +pass in on lo0 all flags S/SA keep state label "ip" +pass in on lo0 proto esp all keep state label "esp" +pass in on lo0 proto esp all keep state label "espesp" +pass in on lo0 proto esp all keep state label "-esp-esp-" +pass in on lo0 proto 166 all keep state label "166" +pass in on lo0 proto 166 all keep state label "166166" +pass in on lo0 proto 166 all keep state label "_166_166_" +pass in on lo0 all flags S/SA keep state label "57" +pass in on lo0 all flags S/SA keep state label "5858" +pass in on lo0 all flags S/SA keep state label "%59%59%" +pass in on lo0 inet proto tcp from 127.0.0.1 port = 30 to 127.0.0.2 port = 44 flags S/SA keep state label "if lo0 proto tcp 127.0.0.1 30 127.0.0.2 44" diff --git a/regress/sbin/pfctl/pf47.optimized b/regress/sbin/pfctl/pf47.optimized index f674854fc3b..cdbc89021e9 100644 --- a/regress/sbin/pfctl/pf47.optimized +++ b/regress/sbin/pfctl/pf47.optimized @@ -1,244 +1,244 @@ -@0 pass in on lo0 all +@0 pass in on lo0 all flags S/SA keep state [ Skip steps: d=end f=5 p=35 sa=6 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in all label "any" +@1 pass in all flags S/SA keep state label "any" [ Skip steps: d=end f=5 p=35 sa=6 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in on lo0 all label "lo0" +@2 pass in on lo0 all flags S/SA keep state label "lo0" [ Skip steps: i=end d=end f=5 p=35 sa=6 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in on lo0 all label "lo0lo0" +@3 pass in on lo0 all flags S/SA keep state label "lo0lo0" [ Skip steps: i=end d=end f=5 p=35 sa=6 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in on lo0 all label "any" +@4 pass in on lo0 all flags S/SA keep state label "any" [ Skip steps: i=end d=end p=35 sa=6 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in on lo0 inet all label "any" +@5 pass in on lo0 inet all flags S/SA keep state label "any" [ Skip steps: i=end d=end f=12 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in on lo0 inet from 127.0.0.1 to any label "127.0.0.1" +@6 pass in on lo0 inet from 127.0.0.1 to any flags S/SA keep state label "127.0.0.1" [ Skip steps: i=end d=end f=12 p=35 sa=9 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in on lo0 inet from 127.0.0.1 to any label "127.0.0.1127.0.0.1" +@7 pass in on lo0 inet from 127.0.0.1 to any flags S/SA keep state label "127.0.0.1127.0.0.1" [ Skip steps: i=end d=end f=12 p=35 sa=9 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass in on lo0 inet from 127.0.0.1 to any label ":127.0.0.1:127.0.0.1:" +@8 pass in on lo0 inet from 127.0.0.1 to any flags S/SA keep state label ":127.0.0.1:127.0.0.1:" [ Skip steps: i=end d=end f=12 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 pass in on lo0 inet from 127.0.0.0/8 to any label "127.0.0.0/8" +@9 pass in on lo0 inet from 127.0.0.0/8 to any flags S/SA keep state label "127.0.0.0/8" [ Skip steps: i=end d=end f=12 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 pass in on lo0 inet from 127.0.0.0/16 to any label "127.0.0.0/16127.0.0.0/16" +@10 pass in on lo0 inet from 127.0.0.0/16 to any flags S/SA keep state label "127.0.0.0/16127.0.0.0/16" [ Skip steps: i=end d=end f=12 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass in on lo0 inet from 127.0.0.0/31 to any label ":127.0.0.0/31:127.0.0.0/31:" +@11 pass in on lo0 inet from 127.0.0.0/31 to any flags S/SA keep state label ":127.0.0.0/31:127.0.0.0/31:" [ Skip steps: i=end d=end p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass in on lo0 inet6 from fe80::1 to any label "fe80::1" +@12 pass in on lo0 inet6 from fe80::1 to any flags S/SA keep state label "fe80::1" [ Skip steps: i=end d=end f=21 p=35 sa=15 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass in on lo0 inet6 from fe80::1 to any label "fe80::1fe80::1" +@13 pass in on lo0 inet6 from fe80::1 to any flags S/SA keep state label "fe80::1fe80::1" [ Skip steps: i=end d=end f=21 p=35 sa=15 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 pass in on lo0 inet6 from fe80::1 to any label ":fe80::1:fe80::1:" +@14 pass in on lo0 inet6 from fe80::1 to any flags S/SA keep state label ":fe80::1:fe80::1:" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 pass in on lo0 inet6 from ::/8 to any label "::/8" +@15 pass in on lo0 inet6 from ::/8 to any flags S/SA keep state label "::/8" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass in on lo0 inet6 from fe00::/8 to any label "fe00::/8" +@16 pass in on lo0 inet6 from fe00::/8 to any flags S/SA keep state label "fe00::/8" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass in on lo0 inet6 from ::/64 to any label "::/64::/64" +@17 pass in on lo0 inet6 from ::/64 to any flags S/SA keep state label "::/64::/64" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 pass in on lo0 inet6 from fe80::/64 to any label "fe80::/64fe80::/64" +@18 pass in on lo0 inet6 from fe80::/64 to any flags S/SA keep state label "fe80::/64fe80::/64" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 pass in on lo0 inet6 from ::/127 to any label ":::/127:::/127:" +@19 pass in on lo0 inet6 from ::/127 to any flags S/SA keep state label ":::/127:::/127:" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 pass in on lo0 inet6 from fe80::/127 to any label ":fe80::/127:fe80::/127:" +@20 pass in on lo0 inet6 from fe80::/127 to any flags S/SA keep state label ":fe80::/127:fe80::/127:" [ Skip steps: i=end d=end p=35 sp=35 da=22 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@21 pass in on lo0 all label "!any!" +@21 pass in on lo0 all flags S/SA keep state label "!any!" [ Skip steps: i=end d=end p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@22 pass in on lo0 inet from any to (lo0:1) label "(lo0)" +@22 pass in on lo0 inet from any to (lo0:1) flags S/SA keep state label "(lo0)" [ Skip steps: i=end d=end f=28 p=35 sa=60 sp=35 da=25 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@23 pass in on lo0 inet from any to (lo0:1) label "(lo0)(lo0)" +@23 pass in on lo0 inet from any to (lo0:1) flags S/SA keep state label "(lo0)(lo0)" [ Skip steps: i=end d=end f=28 p=35 sa=60 sp=35 da=25 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@24 pass in on lo0 inet from any to (lo0:1) label " (lo0) (lo0) " +@24 pass in on lo0 inet from any to (lo0:1) flags S/SA keep state label " (lo0) (lo0) " [ Skip steps: i=end d=end f=28 p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@25 pass in on lo0 inet from any to ! 127.0.0.0/8 label "! 127.0.0.0/8" +@25 pass in on lo0 inet from any to ! 127.0.0.0/8 flags S/SA keep state label "! 127.0.0.0/8" [ Skip steps: i=end d=end f=28 p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@26 pass in on lo0 inet from any to ! 127.0.0.0/16 label "! 127.0.0.0/16! 127.0.0.0/16" +@26 pass in on lo0 inet from any to ! 127.0.0.0/16 flags S/SA keep state label "! 127.0.0.0/16! 127.0.0.0/16" [ Skip steps: i=end d=end f=28 p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@27 pass in on lo0 inet from any to ! 127.0.0.0/31 label " ! 127.0.0.0/31 ! 127.0.0.0/31 " +@27 pass in on lo0 inet from any to ! 127.0.0.0/31 flags S/SA keep state label " ! 127.0.0.0/31 ! 127.0.0.0/31 " [ Skip steps: i=end d=end p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@28 pass in on lo0 inet6 from any to ! (lo0:2) label "! (lo0)" +@28 pass in on lo0 inet6 from any to ! (lo0:2) flags S/SA keep state label "! (lo0)" [ Skip steps: i=end d=end f=34 p=35 sa=60 sp=35 da=31 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@29 pass in on lo0 inet6 from any to ! (lo0:2) label "! (lo0)! (lo0)" +@29 pass in on lo0 inet6 from any to ! (lo0:2) flags S/SA keep state label "! (lo0)! (lo0)" [ Skip steps: i=end d=end f=34 p=35 sa=60 sp=35 da=31 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@30 pass in on lo0 inet6 from any to ! (lo0:2) label " ! (lo0) ! (lo0) " +@30 pass in on lo0 inet6 from any to ! (lo0:2) flags S/SA keep state label " ! (lo0) ! (lo0) " [ Skip steps: i=end d=end f=34 p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@31 pass in on lo0 inet6 from any to ! ::/8 label "! ::/8" +@31 pass in on lo0 inet6 from any to ! ::/8 flags S/SA keep state label "! ::/8" [ Skip steps: i=end d=end f=34 p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@32 pass in on lo0 inet6 from any to ! ::/64 label "! ::/64! ::/64" +@32 pass in on lo0 inet6 from any to ! ::/64 flags S/SA keep state label "! ::/64! ::/64" [ Skip steps: i=end d=end f=34 p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@33 pass in on lo0 inet6 from any to ! ::/127 label " ! ::/127 ! ::/127 " +@33 pass in on lo0 inet6 from any to ! ::/127 flags S/SA keep state label " ! ::/127 ! ::/127 " [ Skip steps: i=end d=end p=35 sa=60 sp=35 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@34 pass in on lo0 all label "xx" +@34 pass in on lo0 all flags S/SA keep state label "xx" [ Skip steps: i=end d=end f=60 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@35 pass in on lo0 proto tcp from any port = 28 to any label "28" +@35 pass in on lo0 proto tcp from any port = 28 to any flags S/SA keep state label "28" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@36 pass in on lo0 proto tcp from any port 28 >< 29 to any label "28><29" +@36 pass in on lo0 proto tcp from any port 28 >< 29 to any flags S/SA keep state label "28><29" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@37 pass in on lo0 proto tcp from any port 28 <> 29 to any label "28<>29" +@37 pass in on lo0 proto tcp from any port 28 <> 29 to any flags S/SA keep state label "28<>29" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@38 pass in on lo0 proto tcp from any port 28:29 to any +@38 pass in on lo0 proto tcp from any port 28:29 to any flags S/SA keep state [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@39 pass in on lo0 proto tcp from any port != 28 to any label "!=28" +@39 pass in on lo0 proto tcp from any port != 28 to any flags S/SA keep state label "!=28" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@40 pass in on lo0 proto tcp from any port < 28 to any label "<28" +@40 pass in on lo0 proto tcp from any port < 28 to any flags S/SA keep state label "<28" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@41 pass in on lo0 proto tcp from any port <= 28 to any label "<=28" +@41 pass in on lo0 proto tcp from any port <= 28 to any flags S/SA keep state label "<=28" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@42 pass in on lo0 proto tcp from any port > 28 to any label ">28" +@42 pass in on lo0 proto tcp from any port > 28 to any flags S/SA keep state label ">28" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@43 pass in on lo0 proto tcp from any port >= 28 to any label ">=28" +@43 pass in on lo0 proto tcp from any port >= 28 to any flags S/SA keep state label ">=28" [ Skip steps: i=end d=end f=60 p=46 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@44 pass in on lo0 proto tcp from any port = 28 to any label "2828" +@44 pass in on lo0 proto tcp from any port = 28 to any flags S/SA keep state label "2828" [ Skip steps: i=end d=end f=60 p=46 sa=60 sp=46 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@45 pass in on lo0 proto tcp from any port = 28 to any label "$28$28$" +@45 pass in on lo0 proto tcp from any port = 28 to any flags S/SA keep state label "$28$28$" [ Skip steps: i=end d=end f=60 sa=60 da=60 dp=47 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@46 pass in on lo0 all +@46 pass in on lo0 all flags S/SA keep state [ Skip steps: i=end d=end f=60 sa=60 sp=60 da=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@47 pass in on lo0 proto udp from any to any port = 29 label "29" +@47 pass in on lo0 proto udp from any to any port = 29 keep state label "29" [ Skip steps: i=end d=end f=60 p=50 sa=60 sp=60 da=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@48 pass in on lo0 proto udp from any to any port != 29 label "!=29!=29" +@48 pass in on lo0 proto udp from any to any port != 29 keep state label "!=29!=29" [ Skip steps: i=end d=end f=60 p=50 sa=60 sp=60 da=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@49 pass in on lo0 proto udp from any to any port > 29 label "x>29x>29x" +@49 pass in on lo0 proto udp from any to any port > 29 keep state label "x>29x>29x" [ Skip steps: i=end d=end f=60 sa=60 sp=60 da=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@50 pass in on lo0 all label "ip" +@50 pass in on lo0 all flags S/SA keep state label "ip" [ Skip steps: i=end d=end f=60 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@51 pass in on lo0 proto esp all label "esp" +@51 pass in on lo0 proto esp all keep state label "esp" [ Skip steps: i=end d=end f=60 p=54 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@52 pass in on lo0 proto esp all label "espesp" +@52 pass in on lo0 proto esp all keep state label "espesp" [ Skip steps: i=end d=end f=60 p=54 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@53 pass in on lo0 proto esp all label "-esp-esp-" +@53 pass in on lo0 proto esp all keep state label "-esp-esp-" [ Skip steps: i=end d=end f=60 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@54 pass in on lo0 proto 166 all label "166" +@54 pass in on lo0 proto 166 all keep state label "166" [ Skip steps: i=end d=end f=60 p=57 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@55 pass in on lo0 proto 166 all label "166166" +@55 pass in on lo0 proto 166 all keep state label "166166" [ Skip steps: i=end d=end f=60 p=57 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@56 pass in on lo0 proto 166 all label "_166_166_" +@56 pass in on lo0 proto 166 all keep state label "_166_166_" [ Skip steps: i=end d=end f=60 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@57 pass in on lo0 all label "57" +@57 pass in on lo0 all flags S/SA keep state label "57" [ Skip steps: i=end d=end f=60 p=60 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@58 pass in on lo0 all label "5858" +@58 pass in on lo0 all flags S/SA keep state label "5858" [ Skip steps: i=end d=end f=60 p=60 sa=60 sp=60 da=60 dp=60 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@59 pass in on lo0 all label "%59%59%" +@59 pass in on lo0 all flags S/SA keep state label "%59%59%" [ Skip steps: i=end d=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@60 pass in on lo0 inet proto tcp from 127.0.0.1 port = 30 to 127.0.0.2 port = 44 label "if lo0 proto tcp 127.0.0.1 30 127.0.0.2 44" +@60 pass in on lo0 inet proto tcp from 127.0.0.1 port = 30 to 127.0.0.2 port = 44 flags S/SA keep state label "if lo0 proto tcp 127.0.0.1 30 127.0.0.2 44" [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf48.loaded b/regress/sbin/pfctl/pf48.loaded index d53e9665a30..d8f13e17e68 100644 --- a/regress/sbin/pfctl/pf48.loaded +++ b/regress/sbin/pfctl/pf48.loaded @@ -30,27 +30,27 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass in from <regress:6> to any +@0 pass in from <regress:6> to any flags S/SA keep state [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass out from any to <regress:6> +@1 pass out from any to <regress:6> flags S/SA keep state [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in from <regress.1:3> to any +@2 pass in from <regress.1:3> to any flags S/SA keep state [ Skip steps: i=end d=4 f=end p=end sp=end da=4 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in from <regress.2:*> to any +@3 pass in from <regress.2:*> to any flags S/SA keep state [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass out from any to ! <regress.1:3> +@4 pass out from any to ! <regress.1:3> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass out from any to ! <regress.2:*> +@5 pass out from any to ! <regress.2:*> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf48.ok b/regress/sbin/pfctl/pf48.ok index a8ce73a281e..3292087b8bc 100644 --- a/regress/sbin/pfctl/pf48.ok +++ b/regress/sbin/pfctl/pf48.ok @@ -9,9 +9,9 @@ nat on lo0 inet from <regress.1> to <regress.2> -> 127.0.0.1 nat on ! lo0 inet from ! <regress.1> to <regress.2> -> 127.0.0.1 rdr on lo0 inet from <regress.1> to <regress.2> -> 127.0.0.1 rdr on ! lo0 inet from ! <regress.1> to <regress.2> -> 127.0.0.1 -pass in from <regress> to any -pass out from any to <regress> -pass in from <regress.1> to any -pass in from <regress.2> to any -pass out from any to ! <regress.1> -pass out from any to ! <regress.2> +pass in from <regress> to any flags S/SA keep state +pass out from any to <regress> flags S/SA keep state +pass in from <regress.1> to any flags S/SA keep state +pass in from <regress.2> to any flags S/SA keep state +pass out from any to ! <regress.1> flags S/SA keep state +pass out from any to ! <regress.2> flags S/SA keep state diff --git a/regress/sbin/pfctl/pf48.optimized b/regress/sbin/pfctl/pf48.optimized index e37fe8bc68b..eb5416257c6 100644 --- a/regress/sbin/pfctl/pf48.optimized +++ b/regress/sbin/pfctl/pf48.optimized @@ -30,27 +30,27 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass in from <regress:6> to any +@0 pass in from <regress:6> to any flags S/SA keep state [ Skip steps: i=end d=3 f=end p=end sp=end da=3 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in from <regress.1:3> to any +@1 pass in from <regress.1:3> to any flags S/SA keep state [ Skip steps: i=end d=3 f=end p=end sp=end da=3 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in from <regress.2:*> to any +@2 pass in from <regress.2:*> to any flags S/SA keep state [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass out from any to <regress:6> +@3 pass out from any to <regress:6> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass out from any to ! <regress.1:3> +@4 pass out from any to ! <regress.1:3> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass out from any to ! <regress.2:*> +@5 pass out from any to ! <regress.2:*> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf49.loaded b/regress/sbin/pfctl/pf49.loaded index b03fed6ea8d..82b15ae8169 100644 --- a/regress/sbin/pfctl/pf49.loaded +++ b/regress/sbin/pfctl/pf49.loaded @@ -1,8 +1,8 @@ -@0 pass in on lo0 inet from 127.0.0.0/8 to any keep state +@0 pass in on lo0 inet from 127.0.0.0/8 to any flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in on lo0 inet6 from ::1 to any keep state +@1 pass in on lo0 inet6 from ::1 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf49.ok b/regress/sbin/pfctl/pf49.ok index 6bb9f2d1778..19d0d39dc9d 100644 --- a/regress/sbin/pfctl/pf49.ok +++ b/regress/sbin/pfctl/pf49.ok @@ -1,2 +1,2 @@ -pass in on lo0 inet from 127.0.0.0/8 to any keep state -pass in on lo0 inet6 from ::1 to any keep state +pass in on lo0 inet from 127.0.0.0/8 to any flags S/SA keep state +pass in on lo0 inet6 from ::1 to any flags S/SA keep state diff --git a/regress/sbin/pfctl/pf49.optimized b/regress/sbin/pfctl/pf49.optimized index b03fed6ea8d..82b15ae8169 100644 --- a/regress/sbin/pfctl/pf49.optimized +++ b/regress/sbin/pfctl/pf49.optimized @@ -1,8 +1,8 @@ -@0 pass in on lo0 inet from 127.0.0.0/8 to any keep state +@0 pass in on lo0 inet from 127.0.0.0/8 to any flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in on lo0 inet6 from ::1 to any keep state +@1 pass in on lo0 inet6 from ::1 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf51.ok b/regress/sbin/pfctl/pf51.ok index 8c0bdc5a588..9daafb1ed4a 100644 --- a/regress/sbin/pfctl/pf51.ok +++ b/regress/sbin/pfctl/pf51.ok @@ -1,4 +1,4 @@ -pass in on lo0 all +pass in on lo0 all flags S/SA keep state set require-order no nat on lo0 inet all -> 127.0.0.1 altq on lo0 cbq bandwidth 10Mb tbrsize 1824 queue { toad frog } diff --git a/regress/sbin/pfctl/pf53.ok b/regress/sbin/pfctl/pf53.ok index 2a8d7df6998..91866b724d3 100644 --- a/regress/sbin/pfctl/pf53.ok +++ b/regress/sbin/pfctl/pf53.ok @@ -1,4 +1,4 @@ -pass in inet proto tcp from 1.2.3.4 to any label "0:any:tcp:1.2.3.4::any:" -pass in inet proto tcp from 1.2.3.5 to any label "1:any:tcp:1.2.3.5::any:" -pass in on lo0 inet proto tcp from 1.2.3.4 to any label "2:lo0:tcp:1.2.3.4::any:" -pass in on lo0 inet proto tcp from 1.2.3.5 to any label "3:lo0:tcp:1.2.3.5::any:" +pass in inet proto tcp from 1.2.3.4 to any flags S/SA keep state label "0:any:tcp:1.2.3.4::any:" +pass in inet proto tcp from 1.2.3.5 to any flags S/SA keep state label "1:any:tcp:1.2.3.5::any:" +pass in on lo0 inet proto tcp from 1.2.3.4 to any flags S/SA keep state label "2:lo0:tcp:1.2.3.4::any:" +pass in on lo0 inet proto tcp from 1.2.3.5 to any flags S/SA keep state label "3:lo0:tcp:1.2.3.5::any:" diff --git a/regress/sbin/pfctl/pf56.loaded b/regress/sbin/pfctl/pf56.loaded index 5c03ffcc070..c51fb09bba6 100644 --- a/regress/sbin/pfctl/pf56.loaded +++ b/regress/sbin/pfctl/pf56.loaded @@ -1,8 +1,8 @@ -@0 pass in proto tcp from any to any port = www keep state (tcp.established 60) +@0 pass in proto tcp from any to any port = www flags S/SA keep state (tcp.established 60) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in proto tcp from any to any port = www keep state (max 10, no-sync, tcp.first 2, adaptive.start 6, adaptive.end 12) +@1 pass in proto tcp from any to any port = www flags S/SA keep state (max 10, no-sync, tcp.first 2, adaptive.start 6, adaptive.end 12) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf56.ok b/regress/sbin/pfctl/pf56.ok index 0101346b9d9..f7ce36fecc5 100644 --- a/regress/sbin/pfctl/pf56.ok +++ b/regress/sbin/pfctl/pf56.ok @@ -1,2 +1,2 @@ -pass in proto tcp from any to any port = www keep state (tcp.established 60) -pass in proto tcp from any to any port = www keep state (max 10, no-sync, tcp.first 2, adaptive.start 6, adaptive.end 12) +pass in proto tcp from any to any port = www flags S/SA keep state (tcp.established 60) +pass in proto tcp from any to any port = www flags S/SA keep state (max 10, no-sync, tcp.first 2, adaptive.start 6, adaptive.end 12) diff --git a/regress/sbin/pfctl/pf56.optimized b/regress/sbin/pfctl/pf56.optimized index 5c03ffcc070..c51fb09bba6 100644 --- a/regress/sbin/pfctl/pf56.optimized +++ b/regress/sbin/pfctl/pf56.optimized @@ -1,8 +1,8 @@ -@0 pass in proto tcp from any to any port = www keep state (tcp.established 60) +@0 pass in proto tcp from any to any port = www flags S/SA keep state (tcp.established 60) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in proto tcp from any to any port = www keep state (max 10, no-sync, tcp.first 2, adaptive.start 6, adaptive.end 12) +@1 pass in proto tcp from any to any port = www flags S/SA keep state (max 10, no-sync, tcp.first 2, adaptive.start 6, adaptive.end 12) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf57.ok b/regress/sbin/pfctl/pf57.ok index eb9f628e314..23299e28518 100644 --- a/regress/sbin/pfctl/pf57.ok +++ b/regress/sbin/pfctl/pf57.ok @@ -1,4 +1,4 @@ a = "10.0.0.1" b = "x" b = "y" -pass in inet from 10.0.0.1 to any +pass in inet from 10.0.0.1 to any flags S/SA keep state diff --git a/regress/sbin/pfctl/pf60.loaded b/regress/sbin/pfctl/pf60.loaded index 2389f2d8edc..643bc77002a 100644 --- a/regress/sbin/pfctl/pf60.loaded +++ b/regress/sbin/pfctl/pf60.loaded @@ -1,28 +1,28 @@ -@0 pass inet from 224.4.5.4 to any +@0 pass inet from 224.4.5.4 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass inet from 224.4.0.0/16 to any +@1 pass inet from 224.4.0.0/16 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass inet from 224.4.5.0/26 to any +@2 pass inet from 224.4.5.0/26 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass inet from 224.4.5.64/26 to any +@3 pass inet from 224.4.5.64/26 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass inet from 224.4.5.128/26 to any +@4 pass inet from 224.4.5.128/26 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass inet from 224.4.5.192/26 to any +@5 pass inet from 224.4.5.192/26 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass inet from 224.4.5.4 to any +@6 pass inet from 224.4.5.4 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf60.ok b/regress/sbin/pfctl/pf60.ok index 57926d6c781..f0cd27039fe 100644 --- a/regress/sbin/pfctl/pf60.ok +++ b/regress/sbin/pfctl/pf60.ok @@ -1,7 +1,7 @@ -pass inet from 224.4.5.4 to any -pass inet from 224.4.0.0/16 to any -pass inet from 224.4.5.0/26 to any -pass inet from 224.4.5.64/26 to any -pass inet from 224.4.5.128/26 to any -pass inet from 224.4.5.192/26 to any -pass inet from 224.4.5.4 to any +pass inet from 224.4.5.4 to any flags S/SA keep state +pass inet from 224.4.0.0/16 to any flags S/SA keep state +pass inet from 224.4.5.0/26 to any flags S/SA keep state +pass inet from 224.4.5.64/26 to any flags S/SA keep state +pass inet from 224.4.5.128/26 to any flags S/SA keep state +pass inet from 224.4.5.192/26 to any flags S/SA keep state +pass inet from 224.4.5.4 to any flags S/SA keep state diff --git a/regress/sbin/pfctl/pf60.optimized b/regress/sbin/pfctl/pf60.optimized index 8093d58fd8a..a36fa2bca21 100644 --- a/regress/sbin/pfctl/pf60.optimized +++ b/regress/sbin/pfctl/pf60.optimized @@ -1,4 +1,4 @@ -@0 pass inet from 224.4.0.0/16 to any +@0 pass inet from 224.4.0.0/16 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf61.loaded b/regress/sbin/pfctl/pf61.loaded index b8b15e0e4d6..800ad3931d1 100644 --- a/regress/sbin/pfctl/pf61.loaded +++ b/regress/sbin/pfctl/pf61.loaded @@ -1,4 +1,4 @@ -@0 pass inet from any to (lo0:1)/24 +@0 pass inet from any to (lo0:1)/24 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf61.ok b/regress/sbin/pfctl/pf61.ok index 46a634037b5..f28451aa473 100644 --- a/regress/sbin/pfctl/pf61.ok +++ b/regress/sbin/pfctl/pf61.ok @@ -1 +1 @@ -pass inet from any to (lo0)/24 +pass inet from any to (lo0)/24 flags S/SA keep state diff --git a/regress/sbin/pfctl/pf61.optimized b/regress/sbin/pfctl/pf61.optimized index b8b15e0e4d6..800ad3931d1 100644 --- a/regress/sbin/pfctl/pf61.optimized +++ b/regress/sbin/pfctl/pf61.optimized @@ -1,4 +1,4 @@ -@0 pass inet from any to (lo0:1)/24 +@0 pass inet from any to (lo0:1)/24 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf67.loaded b/regress/sbin/pfctl/pf67.loaded index 68cc9cb7def..d8ef5b25e9e 100644 --- a/regress/sbin/pfctl/pf67.loaded +++ b/regress/sbin/pfctl/pf67.loaded @@ -1,8 +1,8 @@ -@0 pass in quick on tun1000000 all keep state tag regress +@0 pass in quick on tun1000000 all flags S/SA keep state tag regress [ Skip steps: f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass out quick on lo0 all keep state tagged regress +@1 pass out quick on lo0 all flags S/SA keep state tagged regress [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf67.ok b/regress/sbin/pfctl/pf67.ok index f245c3eb404..4b09611f9a0 100644 --- a/regress/sbin/pfctl/pf67.ok +++ b/regress/sbin/pfctl/pf67.ok @@ -1,2 +1,2 @@ -pass in quick on tun1000000 all keep state tag regress -pass out quick on lo0 all keep state tagged regress +pass in quick on tun1000000 all flags S/SA keep state tag regress +pass out quick on lo0 all flags S/SA keep state tagged regress diff --git a/regress/sbin/pfctl/pf67.optimized b/regress/sbin/pfctl/pf67.optimized index 68cc9cb7def..d8ef5b25e9e 100644 --- a/regress/sbin/pfctl/pf67.optimized +++ b/regress/sbin/pfctl/pf67.optimized @@ -1,8 +1,8 @@ -@0 pass in quick on tun1000000 all keep state tag regress +@0 pass in quick on tun1000000 all flags S/SA keep state tag regress [ Skip steps: f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass out quick on lo0 all keep state tagged regress +@1 pass out quick on lo0 all flags S/SA keep state tagged regress [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf69.loaded b/regress/sbin/pfctl/pf69.loaded index 3ba0f120cba..b6ada19d8c5 100644 --- a/regress/sbin/pfctl/pf69.loaded +++ b/regress/sbin/pfctl/pf69.loaded @@ -2,7 +2,7 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass out quick on lo0 all keep state tagged regress +@0 pass out quick on lo0 all flags S/SA keep state tagged regress [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf69.ok b/regress/sbin/pfctl/pf69.ok index 3025732d703..3b790daf555 100644 --- a/regress/sbin/pfctl/pf69.ok +++ b/regress/sbin/pfctl/pf69.ok @@ -1,2 +1,2 @@ nat on lo0 inet all tag regress -> 127.0.0.1 -pass out quick on lo0 all keep state tagged regress +pass out quick on lo0 all flags S/SA keep state tagged regress diff --git a/regress/sbin/pfctl/pf69.optimized b/regress/sbin/pfctl/pf69.optimized index 3ba0f120cba..b6ada19d8c5 100644 --- a/regress/sbin/pfctl/pf69.optimized +++ b/regress/sbin/pfctl/pf69.optimized @@ -2,7 +2,7 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass out quick on lo0 all keep state tagged regress +@0 pass out quick on lo0 all flags S/SA keep state tagged regress [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf7.loaded b/regress/sbin/pfctl/pf7.loaded index c6502260b93..58e2422f418 100644 --- a/regress/sbin/pfctl/pf7.loaded +++ b/regress/sbin/pfctl/pf7.loaded @@ -62,11 +62,11 @@ [ Skip steps: i=end f=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass out on tun1000000 proto tcp all modulate state +@16 pass out on tun1000000 proto tcp all flags S/SA modulate state [ Skip steps: i=end f=end p=18 sa=end sp=end da=end dp=23 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass in on tun1000000 proto tcp all modulate state +@17 pass in on tun1000000 proto tcp all flags S/SA modulate state [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=23 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -90,19 +90,19 @@ [ Skip steps: i=end d=end f=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@23 pass in on tun1000000 proto tcp from any to any port = ssh modulate state +@23 pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA modulate state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@24 pass in on tun1000000 proto tcp from any to any port = smtp modulate state +@24 pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA modulate state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@25 pass in on tun1000000 proto tcp from any to any port = domain modulate state +@25 pass in on tun1000000 proto tcp from any to any port = domain flags S/SA modulate state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@26 pass in on tun1000000 proto tcp from any to any port = auth modulate state +@26 pass in on tun1000000 proto tcp from any to any port = auth flags S/SA modulate state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf7.ok b/regress/sbin/pfctl/pf7.ok index 8af3a52d37d..357f3180e30 100644 --- a/regress/sbin/pfctl/pf7.ok +++ b/regress/sbin/pfctl/pf7.ok @@ -14,14 +14,14 @@ pass out on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state pass in on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state pass out on tun1000000 proto udp all keep state pass in on tun1000000 proto udp from any to any port = domain keep state -pass out on tun1000000 proto tcp all modulate state -pass in on tun1000000 proto tcp all modulate state +pass out on tun1000000 proto tcp all flags S/SA modulate state +pass in on tun1000000 proto tcp all flags S/SA modulate state pass in on tun1000000 proto udp all keep state pass in on tun1000000 proto icmp all keep state pass in on tun1000000 proto udp all keep state pass in on tun1000000 proto tcp all flags S/SA synproxy state pass in on tun1000000 proto icmp all keep state -pass in on tun1000000 proto tcp from any to any port = ssh modulate state -pass in on tun1000000 proto tcp from any to any port = smtp modulate state -pass in on tun1000000 proto tcp from any to any port = domain modulate state -pass in on tun1000000 proto tcp from any to any port = auth modulate state +pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA modulate state +pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA modulate state +pass in on tun1000000 proto tcp from any to any port = domain flags S/SA modulate state +pass in on tun1000000 proto tcp from any to any port = auth flags S/SA modulate state diff --git a/regress/sbin/pfctl/pf7.optimized b/regress/sbin/pfctl/pf7.optimized index 2ad6782b24e..79170824334 100644 --- a/regress/sbin/pfctl/pf7.optimized +++ b/regress/sbin/pfctl/pf7.optimized @@ -62,11 +62,11 @@ [ Skip steps: i=end f=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass out on tun1000000 proto tcp all modulate state +@16 pass out on tun1000000 proto tcp all flags S/SA modulate state [ Skip steps: i=end f=end p=18 sa=end sp=end da=end dp=22 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass in on tun1000000 proto tcp all modulate state +@17 pass in on tun1000000 proto tcp all flags S/SA modulate state [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=22 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -86,19 +86,19 @@ [ Skip steps: i=end d=end f=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@22 pass in on tun1000000 proto tcp from any to any port = ssh modulate state +@22 pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA modulate state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@23 pass in on tun1000000 proto tcp from any to any port = smtp modulate state +@23 pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA modulate state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@24 pass in on tun1000000 proto tcp from any to any port = domain modulate state +@24 pass in on tun1000000 proto tcp from any to any port = domain flags S/SA modulate state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@25 pass in on tun1000000 proto tcp from any to any port = auth modulate state +@25 pass in on tun1000000 proto tcp from any to any port = auth flags S/SA modulate state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf74.loaded b/regress/sbin/pfctl/pf74.loaded index 87c4fc1190a..9620cb7becb 100644 --- a/regress/sbin/pfctl/pf74.loaded +++ b/regress/sbin/pfctl/pf74.loaded @@ -1,4 +1,4 @@ -@0 pass in proto tcp all synproxy state +@0 pass in proto tcp all flags S/SA synproxy state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf74.ok b/regress/sbin/pfctl/pf74.ok index 98ceefcbc77..1f5d99dfe10 100644 --- a/regress/sbin/pfctl/pf74.ok +++ b/regress/sbin/pfctl/pf74.ok @@ -1 +1 @@ -pass in proto tcp all synproxy state +pass in proto tcp all flags S/SA synproxy state diff --git a/regress/sbin/pfctl/pf74.optimized b/regress/sbin/pfctl/pf74.optimized index 87c4fc1190a..9620cb7becb 100644 --- a/regress/sbin/pfctl/pf74.optimized +++ b/regress/sbin/pfctl/pf74.optimized @@ -1,4 +1,4 @@ -@0 pass in proto tcp all synproxy state +@0 pass in proto tcp all flags S/SA synproxy state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf77.loaded b/regress/sbin/pfctl/pf77.loaded index 3c25d3b05b8..4a385db4e57 100644 --- a/regress/sbin/pfctl/pf77.loaded +++ b/regress/sbin/pfctl/pf77.loaded @@ -1,4 +1,4 @@ -@0 pass inet from (lo0:1)/8 to any +@0 pass inet from (lo0:1)/8 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf77.ok b/regress/sbin/pfctl/pf77.ok index 859c79a50eb..233d434b782 100644 --- a/regress/sbin/pfctl/pf77.ok +++ b/regress/sbin/pfctl/pf77.ok @@ -1 +1 @@ -pass inet from (lo0)/8 to any +pass inet from (lo0)/8 to any flags S/SA keep state diff --git a/regress/sbin/pfctl/pf77.optimized b/regress/sbin/pfctl/pf77.optimized index 3c25d3b05b8..4a385db4e57 100644 --- a/regress/sbin/pfctl/pf77.optimized +++ b/regress/sbin/pfctl/pf77.optimized @@ -1,4 +1,4 @@ -@0 pass inet from (lo0:1)/8 to any +@0 pass inet from (lo0:1)/8 to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf78.loaded b/regress/sbin/pfctl/pf78.loaded index 0e0f3040068..6331280546d 100644 --- a/regress/sbin/pfctl/pf78.loaded +++ b/regress/sbin/pfctl/pf78.loaded @@ -1,4 +1,4 @@ -@0 pass in inet from 10.0.0.1 to <regress:*> label "10.0.0.1:<regress>" +@0 pass in inet from 10.0.0.1 to <regress:*> flags S/SA keep state label "10.0.0.1:<regress>" [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf78.ok b/regress/sbin/pfctl/pf78.ok index c9635580f4a..fed726e4f67 100644 --- a/regress/sbin/pfctl/pf78.ok +++ b/regress/sbin/pfctl/pf78.ok @@ -1 +1 @@ -pass in inet from 10.0.0.1 to <regress> label "10.0.0.1:<regress>" +pass in inet from 10.0.0.1 to <regress> flags S/SA keep state label "10.0.0.1:<regress>" diff --git a/regress/sbin/pfctl/pf78.optimized b/regress/sbin/pfctl/pf78.optimized index 0e0f3040068..6331280546d 100644 --- a/regress/sbin/pfctl/pf78.optimized +++ b/regress/sbin/pfctl/pf78.optimized @@ -1,4 +1,4 @@ -@0 pass in inet from 10.0.0.1 to <regress:*> label "10.0.0.1:<regress>" +@0 pass in inet from 10.0.0.1 to <regress:*> flags S/SA keep state label "10.0.0.1:<regress>" [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf79.loaded b/regress/sbin/pfctl/pf79.loaded index 84eecc63a30..85c2ff71473 100644 --- a/regress/sbin/pfctl/pf79.loaded +++ b/regress/sbin/pfctl/pf79.loaded @@ -1,4 +1,4 @@ -@0 pass in inet from 10.0.0.1 to no-route label "10.0.0.1:no-route" +@0 pass in inet from 10.0.0.1 to no-route flags S/SA keep state label "10.0.0.1:no-route" [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf79.ok b/regress/sbin/pfctl/pf79.ok index 57792e5ef66..a21475d63ec 100644 --- a/regress/sbin/pfctl/pf79.ok +++ b/regress/sbin/pfctl/pf79.ok @@ -1 +1 @@ -pass in inet from 10.0.0.1 to no-route label "10.0.0.1:no-route" +pass in inet from 10.0.0.1 to no-route flags S/SA keep state label "10.0.0.1:no-route" diff --git a/regress/sbin/pfctl/pf79.optimized b/regress/sbin/pfctl/pf79.optimized index 84eecc63a30..85c2ff71473 100644 --- a/regress/sbin/pfctl/pf79.optimized +++ b/regress/sbin/pfctl/pf79.optimized @@ -1,4 +1,4 @@ -@0 pass in inet from 10.0.0.1 to no-route label "10.0.0.1:no-route" +@0 pass in inet from 10.0.0.1 to no-route flags S/SA keep state label "10.0.0.1:no-route" [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf81.loaded b/regress/sbin/pfctl/pf81.loaded index 1c98f7fa04b..27bc8275765 100644 --- a/regress/sbin/pfctl/pf81.loaded +++ b/regress/sbin/pfctl/pf81.loaded @@ -1,120 +1,120 @@ -@0 pass inet6 from (lo0:2) to ::1 +@0 pass inet6 from (lo0:2) to ::1 flags S/SA keep state [ Skip steps: i=end d=end f=3 p=end sa=6 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass inet6 from (lo0:2) to ::2 +@1 pass inet6 from (lo0:2) to ::2 flags S/SA keep state [ Skip steps: i=end d=end f=3 p=end sa=6 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass inet6 from (lo0:2) to ::3 +@2 pass inet6 from (lo0:2) to ::3 flags S/SA keep state [ Skip steps: i=end d=end p=end sa=6 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass inet from (lo0:1) to 0.0.0.1 +@3 pass inet from (lo0:1) to 0.0.0.1 flags S/SA keep state [ Skip steps: i=end d=end f=6 p=end sa=6 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass inet from (lo0:1) to 0.0.0.2 +@4 pass inet from (lo0:1) to 0.0.0.2 flags S/SA keep state [ Skip steps: i=end d=end f=6 p=end sa=6 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass inet from (lo0:1) to 0.0.0.3 +@5 pass inet from (lo0:1) to 0.0.0.3 flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass from <foo:*> to <bar1:*> +@6 pass from <foo:*> to <bar1:*> flags S/SA keep state [ Skip steps: i=end d=end f=9 p=end sa=18 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass from <foo:*> to <bar2:*> +@7 pass from <foo:*> to <bar2:*> flags S/SA keep state [ Skip steps: i=end d=end f=9 p=end sa=18 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass from <foo:*> to <bar3:*> +@8 pass from <foo:*> to <bar3:*> flags S/SA keep state [ Skip steps: i=end d=end p=end sa=18 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 pass inet6 from <foo:*> to ::1 +@9 pass inet6 from <foo:*> to ::1 flags S/SA keep state [ Skip steps: i=end d=end f=12 p=end sa=18 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 pass inet6 from <foo:*> to ::2 +@10 pass inet6 from <foo:*> to ::2 flags S/SA keep state [ Skip steps: i=end d=end f=12 p=end sa=18 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass inet6 from <foo:*> to ::3 +@11 pass inet6 from <foo:*> to ::3 flags S/SA keep state [ Skip steps: i=end d=end p=end sa=18 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass inet from <foo:*> to 0.0.0.1 +@12 pass inet from <foo:*> to 0.0.0.1 flags S/SA keep state [ Skip steps: i=end d=end f=15 p=end sa=18 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass inet from <foo:*> to 0.0.0.2 +@13 pass inet from <foo:*> to 0.0.0.2 flags S/SA keep state [ Skip steps: i=end d=end f=15 p=end sa=18 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 pass inet from <foo:*> to 0.0.0.3 +@14 pass inet from <foo:*> to 0.0.0.3 flags S/SA keep state [ Skip steps: i=end d=end p=end sa=18 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 pass from <foo:*> to <bar1:*> +@15 pass from <foo:*> to <bar1:*> flags S/SA keep state [ Skip steps: i=end d=end f=21 p=end sa=18 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass from <foo:*> to <bar2:*> +@16 pass from <foo:*> to <bar2:*> flags S/SA keep state [ Skip steps: i=end d=end f=21 p=end sa=18 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass from <foo:*> to <bar3:*> +@17 pass from <foo:*> to <bar3:*> flags S/SA keep state [ Skip steps: i=end d=end f=21 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 pass from no-route to <bar1:*> +@18 pass from no-route to <bar1:*> flags S/SA keep state [ Skip steps: i=end d=end f=21 p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 pass from no-route to <bar2:*> +@19 pass from no-route to <bar2:*> flags S/SA keep state [ Skip steps: i=end d=end f=21 p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 pass from no-route to <bar3:*> +@20 pass from no-route to <bar3:*> flags S/SA keep state [ Skip steps: i=end d=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@21 pass inet6 from no-route to ::1 +@21 pass inet6 from no-route to ::1 flags S/SA keep state [ Skip steps: i=end d=end f=24 p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@22 pass inet6 from no-route to ::2 +@22 pass inet6 from no-route to ::2 flags S/SA keep state [ Skip steps: i=end d=end f=24 p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@23 pass inet6 from no-route to ::3 +@23 pass inet6 from no-route to ::3 flags S/SA keep state [ Skip steps: i=end d=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@24 pass inet from no-route to 0.0.0.1 +@24 pass inet from no-route to 0.0.0.1 flags S/SA keep state [ Skip steps: i=end d=end f=27 p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@25 pass inet from no-route to 0.0.0.2 +@25 pass inet from no-route to 0.0.0.2 flags S/SA keep state [ Skip steps: i=end d=end f=27 p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@26 pass inet from no-route to 0.0.0.3 +@26 pass inet from no-route to 0.0.0.3 flags S/SA keep state [ Skip steps: i=end d=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@27 pass from no-route to <bar1:*> +@27 pass from no-route to <bar1:*> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@28 pass from no-route to <bar2:*> +@28 pass from no-route to <bar2:*> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@29 pass from no-route to <bar3:*> +@29 pass from no-route to <bar3:*> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf81.ok b/regress/sbin/pfctl/pf81.ok index 044af7c1434..2b58a18744d 100644 --- a/regress/sbin/pfctl/pf81.ok +++ b/regress/sbin/pfctl/pf81.ok @@ -1,32 +1,32 @@ ip_list = "{ ::1 ::2 ::3 0.0.0.1 0.0.0.2 0.0.0.3 }" table_list = "{ <bar1> <bar2> <bar3> }" -pass inet6 from (lo0) to ::1 -pass inet6 from (lo0) to ::2 -pass inet6 from (lo0) to ::3 -pass inet from (lo0) to 0.0.0.1 -pass inet from (lo0) to 0.0.0.2 -pass inet from (lo0) to 0.0.0.3 -pass from <foo> to <bar1> -pass from <foo> to <bar2> -pass from <foo> to <bar3> -pass inet6 from <foo> to ::1 -pass inet6 from <foo> to ::2 -pass inet6 from <foo> to ::3 -pass inet from <foo> to 0.0.0.1 -pass inet from <foo> to 0.0.0.2 -pass inet from <foo> to 0.0.0.3 -pass from <foo> to <bar1> -pass from <foo> to <bar2> -pass from <foo> to <bar3> -pass from no-route to <bar1> -pass from no-route to <bar2> -pass from no-route to <bar3> -pass inet6 from no-route to ::1 -pass inet6 from no-route to ::2 -pass inet6 from no-route to ::3 -pass inet from no-route to 0.0.0.1 -pass inet from no-route to 0.0.0.2 -pass inet from no-route to 0.0.0.3 -pass from no-route to <bar1> -pass from no-route to <bar2> -pass from no-route to <bar3> +pass inet6 from (lo0) to ::1 flags S/SA keep state +pass inet6 from (lo0) to ::2 flags S/SA keep state +pass inet6 from (lo0) to ::3 flags S/SA keep state +pass inet from (lo0) to 0.0.0.1 flags S/SA keep state +pass inet from (lo0) to 0.0.0.2 flags S/SA keep state +pass inet from (lo0) to 0.0.0.3 flags S/SA keep state +pass from <foo> to <bar1> flags S/SA keep state +pass from <foo> to <bar2> flags S/SA keep state +pass from <foo> to <bar3> flags S/SA keep state +pass inet6 from <foo> to ::1 flags S/SA keep state +pass inet6 from <foo> to ::2 flags S/SA keep state +pass inet6 from <foo> to ::3 flags S/SA keep state +pass inet from <foo> to 0.0.0.1 flags S/SA keep state +pass inet from <foo> to 0.0.0.2 flags S/SA keep state +pass inet from <foo> to 0.0.0.3 flags S/SA keep state +pass from <foo> to <bar1> flags S/SA keep state +pass from <foo> to <bar2> flags S/SA keep state +pass from <foo> to <bar3> flags S/SA keep state +pass from no-route to <bar1> flags S/SA keep state +pass from no-route to <bar2> flags S/SA keep state +pass from no-route to <bar3> flags S/SA keep state +pass inet6 from no-route to ::1 flags S/SA keep state +pass inet6 from no-route to ::2 flags S/SA keep state +pass inet6 from no-route to ::3 flags S/SA keep state +pass inet from no-route to 0.0.0.1 flags S/SA keep state +pass inet from no-route to 0.0.0.2 flags S/SA keep state +pass inet from no-route to 0.0.0.3 flags S/SA keep state +pass from no-route to <bar1> flags S/SA keep state +pass from no-route to <bar2> flags S/SA keep state +pass from no-route to <bar3> flags S/SA keep state diff --git a/regress/sbin/pfctl/pf81.optimized b/regress/sbin/pfctl/pf81.optimized index 1aa0c60c762..8fa336403f6 100644 --- a/regress/sbin/pfctl/pf81.optimized +++ b/regress/sbin/pfctl/pf81.optimized @@ -1,96 +1,96 @@ -@0 pass inet6 from (lo0:2) to ::1 +@0 pass inet6 from (lo0:2) to ::1 flags S/SA keep state [ Skip steps: i=end d=end f=9 p=end sa=3 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass inet6 from (lo0:2) to ::2 +@1 pass inet6 from (lo0:2) to ::2 flags S/SA keep state [ Skip steps: i=end d=end f=9 p=end sa=3 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass inet6 from (lo0:2) to ::3 +@2 pass inet6 from (lo0:2) to ::3 flags S/SA keep state [ Skip steps: i=end d=end f=9 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass inet6 from <foo:*> to ::1 +@3 pass inet6 from <foo:*> to ::1 flags S/SA keep state [ Skip steps: i=end d=end f=9 p=end sa=6 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass inet6 from <foo:*> to ::2 +@4 pass inet6 from <foo:*> to ::2 flags S/SA keep state [ Skip steps: i=end d=end f=9 p=end sa=6 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass inet6 from <foo:*> to ::3 +@5 pass inet6 from <foo:*> to ::3 flags S/SA keep state [ Skip steps: i=end d=end f=9 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass inet6 from no-route to ::1 +@6 pass inet6 from no-route to ::1 flags S/SA keep state [ Skip steps: i=end d=end f=9 p=end sa=9 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass inet6 from no-route to ::2 +@7 pass inet6 from no-route to ::2 flags S/SA keep state [ Skip steps: i=end d=end f=9 p=end sa=9 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass inet6 from no-route to ::3 +@8 pass inet6 from no-route to ::3 flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 pass inet from (lo0:1) to 0.0.0.1 +@9 pass inet from (lo0:1) to 0.0.0.1 flags S/SA keep state [ Skip steps: i=end d=end f=18 p=end sa=12 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 pass inet from (lo0:1) to 0.0.0.2 +@10 pass inet from (lo0:1) to 0.0.0.2 flags S/SA keep state [ Skip steps: i=end d=end f=18 p=end sa=12 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass inet from (lo0:1) to 0.0.0.3 +@11 pass inet from (lo0:1) to 0.0.0.3 flags S/SA keep state [ Skip steps: i=end d=end f=18 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass inet from <foo:*> to 0.0.0.1 +@12 pass inet from <foo:*> to 0.0.0.1 flags S/SA keep state [ Skip steps: i=end d=end f=18 p=end sa=15 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass inet from <foo:*> to 0.0.0.2 +@13 pass inet from <foo:*> to 0.0.0.2 flags S/SA keep state [ Skip steps: i=end d=end f=18 p=end sa=15 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 pass inet from <foo:*> to 0.0.0.3 +@14 pass inet from <foo:*> to 0.0.0.3 flags S/SA keep state [ Skip steps: i=end d=end f=18 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 pass inet from no-route to 0.0.0.1 +@15 pass inet from no-route to 0.0.0.1 flags S/SA keep state [ Skip steps: i=end d=end f=18 p=end sa=21 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass inet from no-route to 0.0.0.2 +@16 pass inet from no-route to 0.0.0.2 flags S/SA keep state [ Skip steps: i=end d=end f=18 p=end sa=21 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass inet from no-route to 0.0.0.3 +@17 pass inet from no-route to 0.0.0.3 flags S/SA keep state [ Skip steps: i=end d=end p=end sa=21 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 pass from no-route to <bar1:*> +@18 pass from no-route to <bar1:*> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=21 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 pass from no-route to <bar2:*> +@19 pass from no-route to <bar2:*> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=21 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 pass from no-route to <bar3:*> +@20 pass from no-route to <bar3:*> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@21 pass from <foo:*> to <bar1:*> +@21 pass from <foo:*> to <bar1:*> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@22 pass from <foo:*> to <bar2:*> +@22 pass from <foo:*> to <bar2:*> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@23 pass from <foo:*> to <bar3:*> +@23 pass from <foo:*> to <bar3:*> flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf82.loaded b/regress/sbin/pfctl/pf82.loaded index e0469fe3c51..7cc6c7fc8c5 100644 --- a/regress/sbin/pfctl/pf82.loaded +++ b/regress/sbin/pfctl/pf82.loaded @@ -1,52 +1,52 @@ -@0 pass inet from (lo0:1) to any +@0 pass inet from (lo0:1) to any flags S/SA keep state [ Skip steps: i=end d=end f=3 p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass inet from ! (lo0:1) to any +@1 pass inet from ! (lo0:1) to any flags S/SA keep state [ Skip steps: i=end d=end f=3 p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass inet from (lo0:1) to any +@2 pass inet from (lo0:1) to any flags S/SA keep state [ Skip steps: i=end d=end p=end sa=4 sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass inet6 from (lo0:2) to any +@3 pass inet6 from (lo0:2) to any flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass from <foo:*> to any +@4 pass from <foo:*> to any flags S/SA keep state [ Skip steps: i=end d=end f=7 p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass from ! <foo:*> to any +@5 pass from ! <foo:*> to any flags S/SA keep state [ Skip steps: i=end d=end f=7 p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass from <foo:*> to any +@6 pass from <foo:*> to any flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass inet from <bar:*> to any +@7 pass inet from <bar:*> to any flags S/SA keep state [ Skip steps: i=end d=end p=end sa=9 sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass from <bar:*> to any +@8 pass from <bar:*> to any flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 pass inet6 from <foo:*> to any +@9 pass inet6 from <foo:*> to any flags S/SA keep state [ Skip steps: i=end d=end p=end sa=11 sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 pass from <foo:*> to any +@10 pass from <foo:*> to any flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass inet from no-route to any +@11 pass inet from no-route to any flags S/SA keep state [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass from no-route to any +@12 pass from no-route to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf82.ok b/regress/sbin/pfctl/pf82.ok index 5118b8e46b9..4a2071521a3 100644 --- a/regress/sbin/pfctl/pf82.ok +++ b/regress/sbin/pfctl/pf82.ok @@ -1,13 +1,13 @@ -pass inet from (lo0) to any -pass inet from ! (lo0) to any -pass inet from (lo0) to any -pass inet6 from (lo0) to any -pass from <foo> to any -pass from ! <foo> to any -pass from <foo> to any -pass inet from <bar> to any -pass from <bar> to any -pass inet6 from <foo> to any -pass from <foo> to any -pass inet from no-route to any -pass from no-route to any +pass inet from (lo0) to any flags S/SA keep state +pass inet from ! (lo0) to any flags S/SA keep state +pass inet from (lo0) to any flags S/SA keep state +pass inet6 from (lo0) to any flags S/SA keep state +pass from <foo> to any flags S/SA keep state +pass from ! <foo> to any flags S/SA keep state +pass from <foo> to any flags S/SA keep state +pass inet from <bar> to any flags S/SA keep state +pass from <bar> to any flags S/SA keep state +pass inet6 from <foo> to any flags S/SA keep state +pass from <foo> to any flags S/SA keep state +pass inet from no-route to any flags S/SA keep state +pass from no-route to any flags S/SA keep state diff --git a/regress/sbin/pfctl/pf82.optimized b/regress/sbin/pfctl/pf82.optimized index 81f55e07faa..3fa23efa8aa 100644 --- a/regress/sbin/pfctl/pf82.optimized +++ b/regress/sbin/pfctl/pf82.optimized @@ -1,28 +1,28 @@ -@0 pass inet from (lo0:1) to any +@0 pass inet from (lo0:1) to any flags S/SA keep state [ Skip steps: i=end d=end f=2 p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass inet from ! (lo0:1) to any +@1 pass inet from ! (lo0:1) to any flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass inet6 from (lo0:2) to any +@2 pass inet6 from (lo0:2) to any flags S/SA keep state [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass from <foo:*> to any +@3 pass from <foo:*> to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass from ! <foo:*> to any +@4 pass from ! <foo:*> to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass from <bar:*> to any +@5 pass from <bar:*> to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass from no-route to any +@6 pass from no-route to any flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf84.loaded b/regress/sbin/pfctl/pf84.loaded index ca79b21c987..e9de6569a83 100644 --- a/regress/sbin/pfctl/pf84.loaded +++ b/regress/sbin/pfctl/pf84.loaded @@ -10,23 +10,23 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass in proto tcp from any to any port = ssh keep state (source-track global) +@0 pass in proto tcp from any to any port = ssh flags S/SA keep state (source-track global) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in proto tcp from any to any port = smtp keep state (source-track global) +@1 pass in proto tcp from any to any port = smtp flags S/SA keep state (source-track global) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in proto tcp from any to any port = www keep state (source-track rule, max-src-states 3, max-src-nodes 1000) +@2 pass in proto tcp from any to any port = www flags S/SA keep state (source-track rule, max-src-states 3, max-src-nodes 1000) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in proto tcp from any to any port = ntp keep state (source-track rule, max-src-nodes 1000) +@3 pass in proto tcp from any to any port = ntp flags S/SA keep state (source-track rule, max-src-nodes 1000) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in proto tcp from any to any port = 321 keep state (source-track global, max-src-states 3) +@4 pass in proto tcp from any to any port = 321 flags S/SA keep state (source-track global, max-src-states 3) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf84.ok b/regress/sbin/pfctl/pf84.ok index fa0f790566f..b665b24ae55 100644 --- a/regress/sbin/pfctl/pf84.ok +++ b/regress/sbin/pfctl/pf84.ok @@ -1,8 +1,8 @@ nat on tun1000000 inet from 10.0.0.0/24 to any -> { 10.0.1.1, 10.0.1.2 } round-robin sticky-address rdr on tun1000000 inet from any to 10.0.1.1 -> 10.0.0.0/24 random sticky-address rdr on tun1000000 inet from any to 10.0.1.2 -> { 10.0.0.1, 10.0.0.2 } round-robin sticky-address -pass in proto tcp from any to any port = ssh keep state (source-track global) -pass in proto tcp from any to any port = smtp keep state (source-track global) -pass in proto tcp from any to any port = www keep state (source-track rule, max-src-states 3, max-src-nodes 1000) -pass in proto tcp from any to any port = ntp keep state (source-track rule, max-src-nodes 1000) -pass in proto tcp from any to any port = 321 keep state (source-track global, max-src-states 3) +pass in proto tcp from any to any port = ssh flags S/SA keep state (source-track global) +pass in proto tcp from any to any port = smtp flags S/SA keep state (source-track global) +pass in proto tcp from any to any port = www flags S/SA keep state (source-track rule, max-src-states 3, max-src-nodes 1000) +pass in proto tcp from any to any port = ntp flags S/SA keep state (source-track rule, max-src-nodes 1000) +pass in proto tcp from any to any port = 321 flags S/SA keep state (source-track global, max-src-states 3) diff --git a/regress/sbin/pfctl/pf84.optimized b/regress/sbin/pfctl/pf84.optimized index ca79b21c987..e9de6569a83 100644 --- a/regress/sbin/pfctl/pf84.optimized +++ b/regress/sbin/pfctl/pf84.optimized @@ -10,23 +10,23 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass in proto tcp from any to any port = ssh keep state (source-track global) +@0 pass in proto tcp from any to any port = ssh flags S/SA keep state (source-track global) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in proto tcp from any to any port = smtp keep state (source-track global) +@1 pass in proto tcp from any to any port = smtp flags S/SA keep state (source-track global) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in proto tcp from any to any port = www keep state (source-track rule, max-src-states 3, max-src-nodes 1000) +@2 pass in proto tcp from any to any port = www flags S/SA keep state (source-track rule, max-src-states 3, max-src-nodes 1000) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in proto tcp from any to any port = ntp keep state (source-track rule, max-src-nodes 1000) +@3 pass in proto tcp from any to any port = ntp flags S/SA keep state (source-track rule, max-src-nodes 1000) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in proto tcp from any to any port = 321 keep state (source-track global, max-src-states 3) +@4 pass in proto tcp from any to any port = 321 flags S/SA keep state (source-track global, max-src-states 3) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf85.ok b/regress/sbin/pfctl/pf85.ok index 3f62f6bc321..07e71ed5f70 100644 --- a/regress/sbin/pfctl/pf85.ok +++ b/regress/sbin/pfctl/pf85.ok @@ -1,6 +1,6 @@ -pass inet from 127.0.0.1 to any keep state tag 127.0.0.1 -pass inet from 127.0.0.2 to any keep state tag 127.0.0.2 -pass inet from 127.0.0.3 to any keep state tag 127.0.0.3 -pass inet from 127.0.0.1 to any keep state tagged 127.0.0.1 -pass inet from 127.0.0.2 to any keep state tagged 127.0.0.2 -pass inet from 127.0.0.3 to any keep state tagged 127.0.0.3 +pass inet from 127.0.0.1 to any flags S/SA keep state tag 127.0.0.1 +pass inet from 127.0.0.2 to any flags S/SA keep state tag 127.0.0.2 +pass inet from 127.0.0.3 to any flags S/SA keep state tag 127.0.0.3 +pass inet from 127.0.0.1 to any flags S/SA keep state tagged 127.0.0.1 +pass inet from 127.0.0.2 to any flags S/SA keep state tagged 127.0.0.2 +pass inet from 127.0.0.3 to any flags S/SA keep state tagged 127.0.0.3 diff --git a/regress/sbin/pfctl/pf87.loaded b/regress/sbin/pfctl/pf87.loaded index a3c36b9c4aa..a37ce2eef65 100644 --- a/regress/sbin/pfctl/pf87.loaded +++ b/regress/sbin/pfctl/pf87.loaded @@ -1,8 +1,8 @@ -@0 pass in on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh keep state +@0 pass in on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state [ Skip steps: d=5 f=end p=2 da=2 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in on lo1000001 inet proto tcp from 10.0.0.1 port = ssh to 10.0.0.2 keep state +@1 pass in on lo1000001 inet proto tcp from 10.0.0.1 port = ssh to 10.0.0.2 flags S/SA keep state [ Skip steps: i=3 d=5 f=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -14,7 +14,7 @@ [ Skip steps: d=5 f=end sa=9 sp=9 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in inet proto tcp from any to 10.0.0.1 port = www keep state +@4 pass in inet proto tcp from any to 10.0.0.1 port = www flags S/SA keep state [ Skip steps: f=end sa=9 sp=9 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -22,11 +22,11 @@ [ Skip steps: f=end sa=9 sp=9 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in inet proto tcp from any to 10.0.0.3 port = www keep state +@6 pass in inet proto tcp from any to 10.0.0.3 port = www flags S/SA keep state [ Skip steps: i=9 f=end p=8 sa=9 sp=9 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass out inet proto tcp from any to 10.0.0.1 port = 81 keep state +@7 pass out inet proto tcp from any to 10.0.0.1 port = 81 flags S/SA keep state [ Skip steps: i=9 f=end sa=9 sp=9 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -50,11 +50,11 @@ [ Skip steps: d=14 f=end sa=16 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass out on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh keep state +@13 pass out on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state [ Skip steps: f=end p=15 sa=16 sp=end da=16 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 pass in on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh keep state +@14 pass in on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state [ Skip steps: i=18 d=17 f=end sa=16 sp=end da=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -62,15 +62,15 @@ [ Skip steps: i=18 d=17 f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.4 keep state +@16 pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.4 flags S/SA keep state [ Skip steps: i=18 f=end p=19 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass out on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh keep state +@17 pass out on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state [ Skip steps: d=19 f=end p=19 sa=20 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 pass out inet proto tcp from any to 10.0.0.1 port = www keep state +@18 pass out inet proto tcp from any to 10.0.0.1 port = www flags S/SA keep state [ Skip steps: i=20 f=end sa=20 sp=end da=20 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -78,7 +78,7 @@ [ Skip steps: d=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.6 port = ssh keep state +@20 pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.6 port = ssh flags S/SA keep state [ Skip steps: i=end d=end f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf87.ok b/regress/sbin/pfctl/pf87.ok index cdc783c8d8a..c598cc110f8 100644 --- a/regress/sbin/pfctl/pf87.ok +++ b/regress/sbin/pfctl/pf87.ok @@ -1,22 +1,22 @@ -pass in on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh keep state -pass in on lo1000001 inet proto tcp from 10.0.0.1 port = ssh to 10.0.0.2 keep state +pass in on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state +pass in on lo1000001 inet proto tcp from 10.0.0.1 port = ssh to 10.0.0.2 flags S/SA keep state pass in on lo1000001 inet proto udp from 10.0.0.5 to 10.0.0.4 port = domain keep state pass in on lo1000000 inet proto udp from any to 10.0.0.2 port = domain keep state -pass in inet proto tcp from any to 10.0.0.1 port = www keep state +pass in inet proto tcp from any to 10.0.0.1 port = www flags S/SA keep state pass out on lo1000001 inet proto udp from any to 10.0.0.2 port = domain keep state -pass in inet proto tcp from any to 10.0.0.3 port = www keep state -pass out inet proto tcp from any to 10.0.0.1 port = 81 keep state +pass in inet proto tcp from any to 10.0.0.3 port = www flags S/SA keep state +pass out inet proto tcp from any to 10.0.0.1 port = 81 flags S/SA keep state pass in inet proto udp from any to 10.0.0.3 port = domain keep state pass in on lo1000001 inet proto udp from 10.0.0.2 port = domain to 10.0.0.2 keep state pass out inet proto udp from any to 10.0.0.1 port = domain keep state pass out on lo1000000 inet proto udp from any to 10.0.0.2 port = domain keep state pass out inet proto udp from any to 10.0.0.3 port = domain keep state -pass out on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh keep state -pass in on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh keep state +pass out on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state +pass in on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state pass in on lo1000001 inet proto udp from any to 10.0.0.2 port = domain keep state -pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.4 keep state -pass out on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh keep state -pass out inet proto tcp from any to 10.0.0.1 port = www keep state +pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.4 flags S/SA keep state +pass out on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state +pass out inet proto tcp from any to 10.0.0.1 port = www flags S/SA keep state pass in inet proto udp from any to 10.0.0.1 port = domain keep state -pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.6 port = ssh keep state +pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.6 port = ssh flags S/SA keep state pass in on lo1000001 inet proto udp from 10.0.0.5 to 10.0.0.2 keep state diff --git a/regress/sbin/pfctl/pf87.optimized b/regress/sbin/pfctl/pf87.optimized index 4285cdd1b47..d5121a46b32 100644 --- a/regress/sbin/pfctl/pf87.optimized +++ b/regress/sbin/pfctl/pf87.optimized @@ -10,19 +10,19 @@ [ Skip steps: i=8 d=14 f=end da=5 dp=4 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in on lo1000001 inet proto tcp from 10.0.0.1 port = ssh to 10.0.0.2 keep state +@3 pass in on lo1000001 inet proto tcp from 10.0.0.1 port = ssh to 10.0.0.2 flags S/SA keep state [ Skip steps: i=8 d=14 f=end p=7 da=5 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh keep state +@4 pass in on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state [ Skip steps: i=8 d=14 f=end p=7 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.4 keep state +@5 pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.4 flags S/SA keep state [ Skip steps: i=8 d=14 f=end p=7 sa=7 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.6 port = ssh keep state +@6 pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.6 port = ssh flags S/SA keep state [ Skip steps: i=8 d=14 f=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -42,15 +42,15 @@ [ Skip steps: i=13 d=14 f=end sa=end sp=end da=12 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass in inet proto tcp from any to 10.0.0.1 port = www keep state +@11 pass in inet proto tcp from any to 10.0.0.1 port = www flags S/SA keep state [ Skip steps: i=13 d=14 f=end p=14 sa=end sp=end dp=13 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass in inet proto tcp from any to 10.0.0.3 port = www keep state +@12 pass in inet proto tcp from any to 10.0.0.3 port = www flags S/SA keep state [ Skip steps: d=14 f=end p=14 sa=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass in on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh keep state +@13 pass in on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state [ Skip steps: f=end sa=end sp=end da=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -70,19 +70,19 @@ [ Skip steps: d=end f=end sa=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 pass out on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh keep state +@18 pass out on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state [ Skip steps: d=end f=end p=end sa=end sp=end da=20 dp=20 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 pass out on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh keep state +@19 pass out on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state [ Skip steps: d=end f=end p=end sa=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 pass out inet proto tcp from any to 10.0.0.1 port = 81 keep state +@20 pass out inet proto tcp from any to 10.0.0.1 port = 81 flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@21 pass out inet proto tcp from any to 10.0.0.1 port = www keep state +@21 pass out inet proto tcp from any to 10.0.0.1 port = www flags S/SA keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf88.loaded b/regress/sbin/pfctl/pf88.loaded index dadee1a65cd..7d44a2961e4 100644 --- a/regress/sbin/pfctl/pf88.loaded +++ b/regress/sbin/pfctl/pf88.loaded @@ -1,40 +1,40 @@ -@0 pass in on lo1000000 inet from any to 10.0.0.1 +@0 pass in on lo1000000 inet from any to 10.0.0.1 flags S/SA keep state [ Skip steps: i=2 d=2 f=2 p=14 sa=10 sp=end da=2 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in on lo1000000 inet from any to 10.0.0.1 +@1 pass in on lo1000000 inet from any to 10.0.0.1 flags S/SA keep state [ Skip steps: p=14 sa=10 sp=end dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass all +@2 pass all flags S/SA keep state [ Skip steps: i=6 f=6 p=14 sa=10 sp=end da=6 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass out all +@3 pass out all flags S/SA keep state [ Skip steps: i=6 d=6 f=6 p=14 sa=10 sp=end da=6 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass out all +@4 pass out all flags S/SA keep state [ Skip steps: i=6 d=6 f=6 p=14 sa=10 sp=end da=6 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass out quick all +@5 pass out quick all flags S/SA keep state [ Skip steps: p=14 sa=10 sp=end dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass on lo1000001 inet from any to 10.0.0.1 +@6 pass on lo1000001 inet from any to 10.0.0.1 flags S/SA keep state [ Skip steps: d=14 f=16 p=14 sa=10 sp=end da=8 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass on lo1000000 inet from any to 10.0.0.1 +@7 pass on lo1000000 inet from any to 10.0.0.1 flags S/SA keep state [ Skip steps: d=14 f=16 p=14 sa=10 sp=end dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass inet from any to 10.0.0.2 modulate state +@8 pass inet from any to 10.0.0.2 flags S/SA modulate state [ Skip steps: i=18 d=14 f=16 p=14 sa=10 sp=end da=14 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 pass inet from any to 10.0.0.2 keep state +@9 pass inet from any to 10.0.0.2 flags S/SA keep state [ Skip steps: i=18 d=14 f=16 p=14 sp=end da=14 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -42,7 +42,7 @@ [ Skip steps: i=18 d=14 f=16 p=14 sp=end da=14 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass inet from any to 10.0.0.2 modulate state +@11 pass inet from any to 10.0.0.2 flags S/SA modulate state [ Skip steps: i=18 d=14 f=16 p=14 sp=end da=14 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -50,35 +50,35 @@ [ Skip steps: i=18 d=14 f=16 p=14 sp=end da=14 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass inet from any to 10.0.0.2 synproxy state +@13 pass inet from any to 10.0.0.2 flags S/SA synproxy state [ Skip steps: i=18 f=16 sp=end dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 keep state +@14 pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 flags S/SA keep state [ Skip steps: i=18 d=17 f=16 p=16 sa=16 sp=end da=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 port = www keep state +@15 pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 port = www flags S/SA keep state [ Skip steps: i=18 d=17 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass out all +@16 pass out all flags S/SA keep state [ Skip steps: i=18 f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass in all +@17 pass in all flags S/SA keep state [ Skip steps: d=21 f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 pass in on lo1000001 all +@18 pass in on lo1000001 all flags S/SA keep state [ Skip steps: i=21 d=21 f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 pass in on lo1000001 all keep state +@19 pass in on lo1000001 all flags S/SA keep state [ Skip steps: i=21 d=21 f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 pass in on lo1000001 all +@20 pass in on lo1000001 all flags S/SA keep state [ Skip steps: f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf88.ok b/regress/sbin/pfctl/pf88.ok index e54fe473491..dcebcb5cefd 100644 --- a/regress/sbin/pfctl/pf88.ok +++ b/regress/sbin/pfctl/pf88.ok @@ -1,22 +1,22 @@ -pass in on lo1000000 inet from any to 10.0.0.1 -pass in on lo1000000 inet from any to 10.0.0.1 -pass all -pass out all -pass out all -pass out quick all -pass on lo1000001 inet from any to 10.0.0.1 -pass on lo1000000 inet from any to 10.0.0.1 -pass inet from any to 10.0.0.2 modulate state -pass inet from any to 10.0.0.2 keep state +pass in on lo1000000 inet from any to 10.0.0.1 flags S/SA keep state +pass in on lo1000000 inet from any to 10.0.0.1 flags S/SA keep state +pass all flags S/SA keep state +pass out all flags S/SA keep state +pass out all flags S/SA keep state +pass out quick all flags S/SA keep state +pass on lo1000001 inet from any to 10.0.0.1 flags S/SA keep state +pass on lo1000000 inet from any to 10.0.0.1 flags S/SA keep state +pass inet from any to 10.0.0.2 flags S/SA modulate state +pass inet from any to 10.0.0.2 flags S/SA keep state block drop inet from 10.0.0.3 to 10.0.0.2 -pass inet from any to 10.0.0.2 modulate state +pass inet from any to 10.0.0.2 flags S/SA modulate state block drop inet from 10.0.0.3 to 10.0.0.2 -pass inet from any to 10.0.0.2 synproxy state -pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 keep state -pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 port = www keep state -pass out all -pass in all -pass in on lo1000001 all -pass in on lo1000001 all keep state -pass in on lo1000001 all +pass inet from any to 10.0.0.2 flags S/SA synproxy state +pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 flags S/SA keep state +pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 port = www flags S/SA keep state +pass out all flags S/SA keep state +pass in all flags S/SA keep state +pass in on lo1000001 all flags S/SA keep state +pass in on lo1000001 all flags S/SA keep state +pass in on lo1000001 all flags S/SA keep state block drop all diff --git a/regress/sbin/pfctl/pf88.optimized b/regress/sbin/pfctl/pf88.optimized index d937634d7b7..ab9a967da08 100644 --- a/regress/sbin/pfctl/pf88.optimized +++ b/regress/sbin/pfctl/pf88.optimized @@ -1,64 +1,52 @@ -@0 pass all - [ Skip steps: i=2 f=2 p=10 sa=6 sp=end da=2 dp=end ] +@0 pass all flags S/SA keep state + [ Skip steps: i=2 f=2 p=end sa=6 sp=end da=2 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass out quick all - [ Skip steps: p=10 sa=6 sp=end dp=end ] +@1 pass out quick all flags S/SA keep state + [ Skip steps: p=end sa=6 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass on lo1000001 inet from any to 10.0.0.1 - [ Skip steps: d=10 f=11 p=10 sa=6 sp=end da=4 dp=end ] +@2 pass on lo1000001 inet from any to 10.0.0.1 flags S/SA keep state + [ Skip steps: d=10 f=10 p=end sa=6 sp=end da=4 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass on lo1000000 inet from any to 10.0.0.1 - [ Skip steps: d=10 f=11 p=10 sa=6 sp=end dp=end ] +@3 pass on lo1000000 inet from any to 10.0.0.1 flags S/SA keep state + [ Skip steps: d=10 f=10 p=end sa=6 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass inet from any to 10.0.0.2 modulate state - [ Skip steps: i=13 d=10 f=11 p=10 sa=6 sp=end da=10 dp=end ] +@4 pass inet from any to 10.0.0.2 flags S/SA modulate state + [ Skip steps: i=end d=10 f=10 p=end sa=6 sp=end da=10 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass inet from any to 10.0.0.2 keep state - [ Skip steps: i=13 d=10 f=11 p=10 sp=end da=10 dp=end ] +@5 pass inet from any to 10.0.0.2 flags S/SA keep state + [ Skip steps: i=end d=10 f=10 p=end sp=end da=10 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @6 block drop inet from 10.0.0.3 to 10.0.0.2 - [ Skip steps: i=13 d=10 f=11 p=10 sp=end da=10 dp=end ] + [ Skip steps: i=end d=10 f=10 p=end sp=end da=10 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass inet from any to 10.0.0.2 modulate state - [ Skip steps: i=13 d=10 f=11 p=10 sp=end da=10 dp=end ] +@7 pass inet from any to 10.0.0.2 flags S/SA modulate state + [ Skip steps: i=end d=10 f=10 p=end sp=end da=10 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @8 block drop inet from 10.0.0.3 to 10.0.0.2 - [ Skip steps: i=13 d=10 f=11 p=10 sp=end da=10 dp=end ] + [ Skip steps: i=end d=10 f=10 p=end sp=end da=10 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 pass inet from any to 10.0.0.2 synproxy state - [ Skip steps: i=13 f=11 sp=end dp=end ] +@9 pass inet from any to 10.0.0.2 flags S/SA synproxy state + [ Skip steps: i=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 keep state - [ Skip steps: i=13 d=12 sp=end dp=end ] +@10 pass out all flags S/SA keep state + [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass out all - [ Skip steps: i=13 f=end p=end sa=end sp=end da=end dp=end ] +@11 pass in all flags S/SA keep state + [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass in all - [ Skip steps: d=15 f=end p=end sa=end sp=end da=end dp=end ] - [ queue: qname= qid=0 pqname= pqid=0 ] - [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass in on lo1000001 all keep state - [ Skip steps: i=15 d=15 f=end p=end sa=end sp=end da=end dp=end ] - [ queue: qname= qid=0 pqname= pqid=0 ] - [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 pass in on lo1000001 all - [ Skip steps: f=end p=end sa=end sp=end da=end dp=end ] - [ queue: qname= qid=0 pqname= pqid=0 ] - [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 block drop all +@12 block drop all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pfail1.ok b/regress/sbin/pfctl/pfail1.ok index 619c212332f..d640b357c2a 100644 --- a/regress/sbin/pfctl/pfail1.ok +++ b/regress/sbin/pfctl/pfail1.ok @@ -7,5 +7,5 @@ stdin:4: rule expands to no valid combination stdin:5: port only applies to tcp/udp stdin:5: skipping rule due to errors stdin:5: rule expands to no valid combination -pass in all -pass in all +pass in all flags S/SA keep state +pass in all flags S/SA keep state diff --git a/regress/sbin/pfctl/pfail10.ok b/regress/sbin/pfctl/pfail10.ok index 88154d7f5cf..1ee4647fa33 100644 --- a/regress/sbin/pfctl/pfail10.ok +++ b/regress/sbin/pfctl/pfail10.ok @@ -1,3 +1,3 @@ stdin:4: Rules must be in order: options, normalization, queueing, translation, filtering nat on lo0 inet all -> 127.0.0.1 -pass in on lo1000000 all +pass in on lo1000000 all flags S/SA keep state diff --git a/regress/sbin/pfctl/pfail11.ok b/regress/sbin/pfctl/pfail11.ok index ec71004fd35..4a43183476e 100644 --- a/regress/sbin/pfctl/pfail11.ok +++ b/regress/sbin/pfctl/pfail11.ok @@ -3,4 +3,4 @@ stdin:4: Rules must be in order: options, normalization, queueing, translation, stdin:5: Rules must be in order: options, normalization, queueing, translation, filtering set optimization aggressive set timeout tcp.closing 6 -pass in all +pass in all flags S/SA keep state diff --git a/regress/sbin/pfctl/pfail19.ok b/regress/sbin/pfctl/pfail19.ok index dc6fa300986..2b0cd960c0f 100644 --- a/regress/sbin/pfctl/pfail19.ok +++ b/regress/sbin/pfctl/pfail19.ok @@ -2,6 +2,6 @@ stdin:4: invalid use of table <sometable> as the redirect address of a binat rul stdin:5: invalid use of table <sometable> as the source address of a binat rule rdr on lo0 all -> <sometable> round-robin nat on lo0 all -> <sometable> round-robin -pass in dup-to (lo0 <sometable>) round-robin all -pass in route-to (lo0 <sometable>) round-robin all -pass in reply-to (lo0 <sometable>) round-robin all +pass in dup-to (lo0 <sometable>) round-robin all flags S/SA keep state +pass in route-to (lo0 <sometable>) round-robin all flags S/SA keep state +pass in reply-to (lo0 <sometable>) round-robin all flags S/SA keep state diff --git a/regress/sbin/pfctl/pfail44.ok b/regress/sbin/pfctl/pfail44.ok index d1e4ef35eae..71c3486dca4 100644 --- a/regress/sbin/pfctl/pfail44.ok +++ b/regress/sbin/pfctl/pfail44.ok @@ -3,4 +3,4 @@ stdin:6: errors in queue definition ext_if = "lo0" altq on lo0 cbq bandwidth 512Kb tbrsize 33224 queue { q_ext_std } queue root_lo0 priority 0 cbq( wrr root ) -pass in all +pass in all flags S/SA keep state diff --git a/regress/sbin/pfctl/pfail50.ok b/regress/sbin/pfctl/pfail50.ok index 887b242c7df..cdce071999a 100644 --- a/regress/sbin/pfctl/pfail50.ok +++ b/regress/sbin/pfctl/pfail50.ok @@ -3,15 +3,15 @@ stdin:19: syntax error stdin:20: flags always false stdin:21: flags always false stdin:22: flags always false -pass proto tcp all flags F/F -pass proto tcp all flags S/S -pass proto tcp all flags R/R -pass proto tcp all flags P/P -pass proto tcp all flags A/A -pass proto tcp all flags U/U -pass proto tcp all flags E/E -pass proto tcp all flags W/W -pass proto tcp all flags FSRPAUEW/FSRPAUEW -pass proto tcp all flags /FSRPAUEW -pass proto tcp all flags S/FSRA -pass proto tcp all flags /SA +pass proto tcp all flags F/F keep state +pass proto tcp all flags S/S keep state +pass proto tcp all flags R/R keep state +pass proto tcp all flags P/P keep state +pass proto tcp all flags A/A keep state +pass proto tcp all flags U/U keep state +pass proto tcp all flags E/E keep state +pass proto tcp all flags W/W keep state +pass proto tcp all flags FSRPAUEW/FSRPAUEW keep state +pass proto tcp all flags /FSRPAUEW keep state +pass proto tcp all flags S/FSRA keep state +pass proto tcp all flags /SA keep state diff --git a/regress/sbin/pfctl/pfail9.ok b/regress/sbin/pfctl/pfail9.ok index de2402b919b..bb73d32de2a 100644 --- a/regress/sbin/pfctl/pfail9.ok +++ b/regress/sbin/pfctl/pfail9.ok @@ -1,3 +1,3 @@ stdin:5: Rules must be in order: options, normalization, queueing, translation, filtering scrub in on lo0 all fragment reassemble -pass in on lo1000000 all +pass in on lo1000000 all flags S/SA keep state diff --git a/regress/sbin/pfctl/pfopt5.ok b/regress/sbin/pfctl/pfopt5.ok index b6f3bcc8848..4542c620149 100644 --- a/regress/sbin/pfctl/pfopt5.ok +++ b/regress/sbin/pfctl/pfopt5.ok @@ -3,6 +3,6 @@ set limit states 100 set block-policy drop set require-order yes scrub in all fragment reassemble -pass out on lo0 proto tcp from any to any port = ssh keep state queue(pri-med, pri-high) -pass out on lo0 proto tcp from any to any port = www keep state queue pri-med -pass in on lo0 proto tcp from any to any port = www keep state queue pri-low +pass out on lo0 proto tcp from any to any port = ssh flags S/SA keep state queue(pri-med, pri-high) +pass out on lo0 proto tcp from any to any port = www flags S/SA keep state queue pri-med +pass in on lo0 proto tcp from any to any port = www flags S/SA keep state queue pri-low |