diff options
| -rw-r--r-- | regress/sbin/pfctl/Makefile | 6 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf68.in | 47 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf68.loaded | 330 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf68.ok | 66 |
4 files changed, 446 insertions, 3 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile index 12c6a331776..e21be42df9e 100644 --- a/regress/sbin/pfctl/Makefile +++ b/regress/sbin/pfctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.137 2003/05/13 21:43:43 henning Exp $ +# $OpenBSD: Makefile,v 1.138 2003/05/14 05:21:19 frantzen Exp $ # TARGETS # pf: feed pfNN.in through pfctl and check wether the output matches pfNN.ok @@ -12,13 +12,13 @@ PFTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 PFTESTS+=28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 -PFTESTS+=51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 +PFTESTS+=51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 PFFAIL=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 PFFAIL+=28 29 30 31 32 33 34 35 36 PFSIMPLE=1 2 PFSETUP=1 2 3 4 PFLOAD=1 2 3 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 23 24 25 26 27 28 29 -PFLOAD+=30 31 32 34 36 38 39 40 44 46 47 48 49 54 56 60 61 65 66 67 +PFLOAD+=30 31 32 34 36 38 39 40 44 46 47 48 49 54 56 60 61 65 66 67 68 PFALTQ=1 2 3 4 5 6 7 8 9 10 11 12 13 14 # disabled; no altq in anchors # PFLOAD+=33 35 37 42 43 45 51 58 59 62 63 64 diff --git a/regress/sbin/pfctl/pf68.in b/regress/sbin/pfctl/pf68.in new file mode 100644 index 00000000000..1dcec675477 --- /dev/null +++ b/regress/sbin/pfctl/pf68.in @@ -0,0 +1,47 @@ +scrub proto tcp +scrub proto tcp all +scrub proto tcp from any to any +scrub in proto tcp +scrub in proto tcp all +scrub in proto tcp all fragment crop +scrub in proto tcp all fragment drop-ovl +scrub in proto tcp all fragment reassemble +scrub in proto tcp from { <regress.1> !<regress.2> } to any +scrub in inet proto tcp from { 10.0.0.1, 10.0.0.2 } to { 10.0.0.3, 10.0.0.4 } +scrub in log on lo0 proto tcp from any to any min-ttl 25 +scrub in log on lo0 inet6 proto tcp from { (lo1), (lo0) } to 2000::1 +scrub in log on {lo0 lo1} proto tcp from any to any +scrub in on lo0 proto tcp all +scrub in on lo0 proto tcp from any to any fragment reassemble max-mss 224 min-ttl 15 no-df +scrub in on lo0 proto tcp from any to any max-mss 224 +scrub in on lo0 proto tcp from any to any max-mss 224 min-ttl 15 no-df fragment reassemble +scrub in on lo0 proto tcp from any to any min-ttl 15 fragment drop-ovl no-df max-mss 224 +scrub in on lo0 proto tcp from any to any min-ttl 15 no-df max-mss 224 +scrub in on lo0 proto tcp from any to any no-df +scrub in on lo0 proto tcp from any to any no-df max-mss 224 fragment crop min-ttl 15 +scrub in on lo0 proto tcp from any to any no-df max-mss 224 min-ttl 15 +scrub in on lo0 inet proto tcp from (lo0) to any +scrub on lo0 proto tcp from any to any max-mss 224 +scrub out proto tcp +scrub out proto tcp from any to { !<regress.1>, <regress.2> } +scrub out log on lo1 proto tcp from any to 10.0.0.1 no-df max-mss 224 +scrub proto tcp random-id + +scrub proto tcp from any to any port 80 +scrub in proto tcp from { <regress.1> !<regress.2> } to any port 80 +scrub in inet proto tcp from { 10.0.0.1, 10.0.0.2 } to { 10.0.0.3, 10.0.0.4 } port 80 +scrub in log on lo0 proto tcp from any to any port 80 min-ttl 25 +scrub in log on lo0 inet6 proto tcp from { (lo1), (lo0) } port 80 to 2000::1 +scrub in log on {lo0 lo1} proto tcp from any port 80 to any +scrub in on lo0 proto tcp from any port {80, 81} to any fragment reassemble max-mss 224 min-ttl 15 no-df +scrub in on lo0 proto tcp from any to any port 80 max-mss 224 +scrub in on lo0 proto tcp from any port 80 to any max-mss 224 min-ttl 15 no-df fragment reassemble +scrub in on lo0 proto tcp from any port 80 to any min-ttl 15 fragment drop-ovl no-df max-mss 224 +scrub in on lo0 proto tcp from any to any port {80, 81, 82} min-ttl 15 no-df max-mss 224 +scrub in on lo0 proto tcp from any port 80 to any port 80 no-df +scrub in on lo0 proto tcp from any port {80, 81} to any port {80, 81} no-df max-mss 224 fragment crop min-ttl 15 +scrub in on lo0 proto tcp from any to any port 83 no-df max-mss 224 min-ttl 15 +scrub in on lo0 inet proto tcp from (lo0) port 80 to any +scrub on lo0 proto tcp from any to any port 80 max-mss 224 +scrub out proto tcp from any to { !<regress.1>, <regress.2> } port 80 +scrub out log on lo1 proto tcp from any to 10.0.0.1 port 80 no-df max-mss 224 diff --git a/regress/sbin/pfctl/pf68.loaded b/regress/sbin/pfctl/pf68.loaded new file mode 100644 index 00000000000..4f9714f5bea --- /dev/null +++ b/regress/sbin/pfctl/pf68.loaded @@ -0,0 +1,330 @@ +@0 scrub proto tcp all fragment reassemble +[ Skip steps: i=14 d=3 f=10 p=end sa=8 sp=43 da=10 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@1 scrub proto tcp all fragment reassemble +[ Skip steps: i=14 d=3 f=10 p=end sa=8 sp=43 da=10 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@2 scrub proto tcp all fragment reassemble +[ Skip steps: i=14 f=10 p=end sa=8 sp=43 da=10 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@3 scrub in proto tcp all fragment reassemble +[ Skip steps: i=14 d=29 f=10 p=end sa=8 sp=43 da=10 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@4 scrub in proto tcp all fragment reassemble +[ Skip steps: i=14 d=29 f=10 p=end sa=8 sp=43 da=10 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@5 scrub in proto tcp all fragment crop +[ Skip steps: i=14 d=29 f=10 p=end sa=8 sp=43 da=10 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@6 scrub in proto tcp all fragment drop-ovl +[ Skip steps: i=14 d=29 f=10 p=end sa=8 sp=43 da=10 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@7 scrub in proto tcp all fragment reassemble +[ Skip steps: i=14 d=29 f=10 p=end sp=43 da=10 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@8 scrub in proto tcp from <regress.1:*> to any fragment reassemble +[ Skip steps: i=14 d=29 f=10 p=end sp=43 da=10 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@9 scrub in proto tcp from ! <regress.2:*> to any fragment reassemble +[ Skip steps: i=14 d=29 p=end sp=43 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@10 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 fragment reassemble +[ Skip steps: i=14 d=29 f=14 p=end sa=12 sp=43 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@11 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 fragment reassemble +[ Skip steps: i=14 d=29 f=14 p=end sp=43 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@12 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 fragment reassemble +[ Skip steps: i=14 d=29 f=14 p=end sa=14 sp=43 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@13 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 fragment reassemble +[ Skip steps: d=29 p=end sp=43 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@14 scrub in log on lo0 proto tcp all min-ttl 25 fragment reassemble +[ Skip steps: i=18 d=29 p=end sp=43 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@15 scrub in log on lo0 inet6 proto tcp from (lo1) to 2000::1 fragment reassemble +[ Skip steps: i=18 d=29 f=17 p=end sp=43 da=17 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@16 scrub in log on lo0 inet6 proto tcp from (lo0) to 2000::1 fragment reassemble +[ Skip steps: i=18 d=29 p=end sp=43 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@17 scrub in log on lo0 proto tcp all fragment reassemble +[ Skip steps: d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@18 scrub in log on lo1 proto tcp all fragment reassemble +[ Skip steps: d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@19 scrub in on lo0 proto tcp all fragment reassemble +[ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@20 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +[ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@21 scrub in on lo0 proto tcp all max-mss 224 fragment reassemble +[ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@22 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +[ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@23 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment drop-ovl +[ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@24 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +[ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@25 scrub in on lo0 proto tcp all no-df fragment reassemble +[ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@26 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment crop +[ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@27 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +[ Skip steps: i=30 d=29 p=end sp=43 da=31 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@28 scrub in on lo0 inet proto tcp from (lo0) to any fragment reassemble +[ Skip steps: i=30 p=end sp=43 da=31 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@29 scrub on lo0 proto tcp all max-mss 224 fragment reassemble +[ Skip steps: f=33 p=end sa=36 sp=43 da=31 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@30 scrub out proto tcp all fragment reassemble +[ Skip steps: i=33 d=34 f=33 p=end sa=36 sp=43 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@31 scrub out proto tcp from any to ! <regress.1:*> fragment reassemble +[ Skip steps: i=33 d=34 f=33 p=end sa=36 sp=43 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@32 scrub out proto tcp from any to <regress.2:*> fragment reassemble +[ Skip steps: d=34 p=end sa=36 sp=43 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@33 scrub out log on lo1 inet proto tcp from any to 10.0.0.1 no-df max-mss 224 fragment reassemble +[ Skip steps: p=end sa=36 sp=43 dp=35 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@34 scrub proto tcp all random-id fragment reassemble +[ Skip steps: i=42 d=36 f=38 p=end sa=36 sp=43 da=38 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@35 scrub proto tcp from any to any port = www fragment reassemble +[ Skip steps: i=42 f=38 p=end sp=43 da=38 dp=43 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@36 scrub in proto tcp from <regress.1:*> to any port = www fragment reassemble +[ Skip steps: i=42 d=62 f=38 p=end sp=43 da=38 dp=43 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@37 scrub in proto tcp from ! <regress.2:*> to any port = www fragment reassemble +[ Skip steps: i=42 d=62 p=end sp=43 dp=43 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@38 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 port = www fragment reassemble +[ Skip steps: i=42 d=62 f=42 p=end sa=40 sp=43 dp=43 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@39 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 port = www fragment reassemble +[ Skip steps: i=42 d=62 f=42 p=end sp=43 dp=43 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@40 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 port = www fragment reassemble +[ Skip steps: i=42 d=62 f=42 p=end sa=42 sp=43 dp=43 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@41 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 port = www fragment reassemble +[ Skip steps: d=62 p=end sp=43 dp=43 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@42 scrub in log on lo0 proto tcp from any to any port = www min-ttl 25 fragment reassemble +[ Skip steps: i=46 d=62 p=end ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@43 scrub in log on lo0 inet6 proto tcp from (lo1) port = www to 2000::1 fragment reassemble +[ Skip steps: i=46 d=62 f=45 p=end sp=48 da=45 dp=49 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@44 scrub in log on lo0 inet6 proto tcp from (lo0) port = www to 2000::1 fragment reassemble +[ Skip steps: i=46 d=62 p=end sp=48 dp=49 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@45 scrub in log on lo0 proto tcp from any port = www to any fragment reassemble +[ Skip steps: d=62 f=61 p=end sa=61 sp=48 da=63 dp=49 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@46 scrub in log on lo1 proto tcp from any port = www to any fragment reassemble +[ Skip steps: d=62 f=61 p=end sa=61 sp=48 da=63 dp=49 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@47 scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble +[ Skip steps: i=63 d=62 f=61 p=end sa=61 da=63 dp=49 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@48 scrub in on lo0 proto tcp from any port = 81 to any no-df min-ttl 15 max-mss 224 fragment reassemble +[ Skip steps: i=63 d=62 f=61 p=end sa=61 da=63 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@49 scrub in on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble +[ Skip steps: i=63 d=62 f=61 p=end sa=61 da=63 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@50 scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble +[ Skip steps: i=63 d=62 f=61 p=end sa=61 sp=52 da=63 dp=52 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@51 scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment drop-ovl +[ Skip steps: i=63 d=62 f=61 p=end sa=61 da=63 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@52 scrub in on lo0 proto tcp from any to any port = www no-df min-ttl 15 max-mss 224 fragment reassemble +[ Skip steps: i=63 d=62 f=61 p=end sa=61 sp=55 da=63 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@53 scrub in on lo0 proto tcp from any to any port = 81 no-df min-ttl 15 max-mss 224 fragment reassemble +[ Skip steps: i=63 d=62 f=61 p=end sa=61 sp=55 da=63 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@54 scrub in on lo0 proto tcp from any to any port = 82 no-df min-ttl 15 max-mss 224 fragment reassemble +[ Skip steps: i=63 d=62 f=61 p=end sa=61 da=63 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@55 scrub in on lo0 proto tcp from any port = www to any port = www no-df fragment reassemble +[ Skip steps: i=63 d=62 f=61 p=end sa=61 sp=58 da=63 dp=57 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@56 scrub in on lo0 proto tcp from any port = www to any port = www no-df min-ttl 15 max-mss 224 fragment crop +[ Skip steps: i=63 d=62 f=61 p=end sa=61 sp=58 da=63 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@57 scrub in on lo0 proto tcp from any port = www to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop +[ Skip steps: i=63 d=62 f=61 p=end sa=61 da=63 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@58 scrub in on lo0 proto tcp from any port = 81 to any port = www no-df min-ttl 15 max-mss 224 fragment crop +[ Skip steps: i=63 d=62 f=61 p=end sa=61 sp=60 da=63 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@59 scrub in on lo0 proto tcp from any port = 81 to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop +[ Skip steps: i=63 d=62 f=61 p=end sa=61 da=63 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@60 scrub in on lo0 proto tcp from any to any port = 83 no-df min-ttl 15 max-mss 224 fragment reassemble +[ Skip steps: i=63 d=62 p=end da=63 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@61 scrub in on lo0 inet proto tcp from (lo0) port = www to any fragment reassemble +[ Skip steps: i=63 p=end da=63 ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@62 scrub on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble +[ Skip steps: f=65 p=end sa=end sp=end dp=end ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@63 scrub out proto tcp from any to ! <regress.1:*> port = www fragment reassemble +[ Skip steps: i=65 d=end f=65 p=end sa=end sp=end dp=end ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@64 scrub out proto tcp from any to <regress.2:*> port = www fragment reassemble +[ Skip steps: d=end p=end sa=end sp=end dp=end ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + +@65 scrub out log on lo1 inet proto tcp from any to 10.0.0.1 port = www no-df max-mss 224 fragment reassemble +[ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] +[ queue: qname= qid=0 pqname= pqid=0 ] +[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] + diff --git a/regress/sbin/pfctl/pf68.ok b/regress/sbin/pfctl/pf68.ok new file mode 100644 index 00000000000..0870d350a18 --- /dev/null +++ b/regress/sbin/pfctl/pf68.ok @@ -0,0 +1,66 @@ +scrub proto tcp all fragment reassemble +scrub proto tcp all fragment reassemble +scrub proto tcp all fragment reassemble +scrub in proto tcp all fragment reassemble +scrub in proto tcp all fragment reassemble +scrub in proto tcp all fragment crop +scrub in proto tcp all fragment drop-ovl +scrub in proto tcp all fragment reassemble +scrub in proto tcp from <regress.1> to any fragment reassemble +scrub in proto tcp from ! <regress.2> to any fragment reassemble +scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 fragment reassemble +scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 fragment reassemble +scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 fragment reassemble +scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 fragment reassemble +scrub in log on lo0 proto tcp all min-ttl 25 fragment reassemble +scrub in log on lo0 inet6 proto tcp from (lo1) to 2000::1 fragment reassemble +scrub in log on lo0 inet6 proto tcp from (lo0) to 2000::1 fragment reassemble +scrub in log on lo0 proto tcp all fragment reassemble +scrub in log on lo1 proto tcp all fragment reassemble +scrub in on lo0 proto tcp all fragment reassemble +scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp all max-mss 224 fragment reassemble +scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment drop-ovl +scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp all no-df fragment reassemble +scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment crop +scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 inet proto tcp from (lo0) to any fragment reassemble +scrub on lo0 proto tcp all max-mss 224 fragment reassemble +scrub out proto tcp all fragment reassemble +scrub out proto tcp from any to ! <regress.1> fragment reassemble +scrub out proto tcp from any to <regress.2> fragment reassemble +scrub out log on lo1 inet proto tcp from any to 10.0.0.1 no-df max-mss 224 fragment reassemble +scrub proto tcp all random-id fragment reassemble +scrub proto tcp from any to any port = www fragment reassemble +scrub in proto tcp from <regress.1> to any port = www fragment reassemble +scrub in proto tcp from ! <regress.2> to any port = www fragment reassemble +scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 port = www fragment reassemble +scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 port = www fragment reassemble +scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 port = www fragment reassemble +scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 port = www fragment reassemble +scrub in log on lo0 proto tcp from any to any port = www min-ttl 25 fragment reassemble +scrub in log on lo0 inet6 proto tcp from (lo1) port = www to 2000::1 fragment reassemble +scrub in log on lo0 inet6 proto tcp from (lo0) port = www to 2000::1 fragment reassemble +scrub in log on lo0 proto tcp from any port = www to any fragment reassemble +scrub in log on lo1 proto tcp from any port = www to any fragment reassemble +scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp from any port = 81 to any no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble +scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment drop-ovl +scrub in on lo0 proto tcp from any to any port = www no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp from any to any port = 81 no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp from any to any port = 82 no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp from any port = www to any port = www no-df fragment reassemble +scrub in on lo0 proto tcp from any port = www to any port = www no-df min-ttl 15 max-mss 224 fragment crop +scrub in on lo0 proto tcp from any port = www to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop +scrub in on lo0 proto tcp from any port = 81 to any port = www no-df min-ttl 15 max-mss 224 fragment crop +scrub in on lo0 proto tcp from any port = 81 to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop +scrub in on lo0 proto tcp from any to any port = 83 no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 inet proto tcp from (lo0) port = www to any fragment reassemble +scrub on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble +scrub out proto tcp from any to ! <regress.1> port = www fragment reassemble +scrub out proto tcp from any to <regress.2> port = www fragment reassemble +scrub out log on lo1 inet proto tcp from any to 10.0.0.1 port = www no-df max-mss 224 fragment reassemble |