diff options
| -rw-r--r-- | regress/sbin/pfctl/Makefile | 6 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf91.in | 11 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf91.loaded | 31 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf91.ok | 10 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf91.optimized | 31 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf92.in | 28 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf92.loaded | 71 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf92.ok | 26 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf92.optimized | 71 |
9 files changed, 282 insertions, 3 deletions
diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile index d3d9e333c53..632918880b1 100644 --- a/regress/sbin/pfctl/Makefile +++ b/regress/sbin/pfctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.191 2006/10/25 14:30:46 henning Exp $ +# $OpenBSD: Makefile,v 1.192 2006/11/07 01:14:17 mcbride Exp $ # TARGETS # pf: feed pfNN.in through pfctl and check wether the output matches pfNN.ok @@ -14,14 +14,14 @@ PFTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 PFTESTS+=28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 PFTESTS+=51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 -PFTESTS+=74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 +PFTESTS+=74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 PFFAIL=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 23 24 25 27 PFFAIL+=28 29 30 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 PFSIMPLE=1 2 PFSETUP=1 2 3 4 PFLOAD=1 2 3 4 5 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 23 24 25 26 27 28 29 PFLOAD+=30 31 32 34 36 38 39 40 44 46 47 48 49 54 56 60 61 65 66 67 68 69 70 71 -PFLOAD+=72 73 74 75 76 77 78 79 80 81 82 84 87 88 89 90 +PFLOAD+=72 73 74 75 76 77 78 79 80 81 82 84 87 88 89 90 91 92 PFALTQ=1 2 3 4 5 6 7 8 9 10 11 12 13 14 # disabled; no altq in anchors # PFLOAD+=33 35 37 42 43 45 51 58 59 62 63 64 diff --git a/regress/sbin/pfctl/pf91.in b/regress/sbin/pfctl/pf91.in new file mode 100644 index 00000000000..34f9bc7449a --- /dev/null +++ b/regress/sbin/pfctl/pf91.in @@ -0,0 +1,11 @@ +# basic anchor test +anchor on tun1000000 { + anchor foo out { + pass proto tcp to port 1234 + anchor proto tcp to port 2413 { + block + pass from 127.0.0.1 + } + } + pass in proto tcp to port 1234 +} diff --git a/regress/sbin/pfctl/pf91.loaded b/regress/sbin/pfctl/pf91.loaded new file mode 100644 index 00000000000..a5c2ea74345 --- /dev/null +++ b/regress/sbin/pfctl/pf91.loaded @@ -0,0 +1,31 @@ +@0 anchor on tun1000000 all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor "foo" out all { + [ Skip steps: i=end f=end sa=end sp=end da=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 pass proto tcp from any to any port = 1234 flags S/SA keep state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@1 anchor proto tcp from any to any port = 2413 { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 block drop all + [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@1 pass inet from 127.0.0.1 to any flags S/SA keep state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +} +@1 pass in proto tcp from any to any port = 1234 flags S/SA keep state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} diff --git a/regress/sbin/pfctl/pf91.ok b/regress/sbin/pfctl/pf91.ok new file mode 100644 index 00000000000..00e81175617 --- /dev/null +++ b/regress/sbin/pfctl/pf91.ok @@ -0,0 +1,10 @@ +anchor on tun1000000 all { + anchor "foo" out all { + pass proto tcp from any to any port = 1234 flags S/SA keep state + anchor proto tcp from any to any port = 2413 { + block drop all + pass inet from 127.0.0.1 to any flags S/SA keep state + } + } + pass in proto tcp from any to any port = 1234 flags S/SA keep state +} diff --git a/regress/sbin/pfctl/pf91.optimized b/regress/sbin/pfctl/pf91.optimized new file mode 100644 index 00000000000..a5c2ea74345 --- /dev/null +++ b/regress/sbin/pfctl/pf91.optimized @@ -0,0 +1,31 @@ +@0 anchor on tun1000000 all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor "foo" out all { + [ Skip steps: i=end f=end sa=end sp=end da=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 pass proto tcp from any to any port = 1234 flags S/SA keep state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@1 anchor proto tcp from any to any port = 2413 { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 block drop all + [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@1 pass inet from 127.0.0.1 to any flags S/SA keep state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +} +@1 pass in proto tcp from any to any port = 1234 flags S/SA keep state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} diff --git a/regress/sbin/pfctl/pf92.in b/regress/sbin/pfctl/pf92.in new file mode 100644 index 00000000000..22b002a7f8d --- /dev/null +++ b/regress/sbin/pfctl/pf92.in @@ -0,0 +1,28 @@ +anchor { # testing comments + anchor in { + pass quick + } + # silly nesting + anchor out { + anchor in { + anchor out { + anchor in { + anchor out { + anchor in { + anchor out { + anchor in { + pass + } + } + } + } + } + } + } + } + pass in on tun1000000 + anchor foo on tun1000000 { + pass + } +} # comment after closing brace + diff --git a/regress/sbin/pfctl/pf92.loaded b/regress/sbin/pfctl/pf92.loaded new file mode 100644 index 00000000000..6a4e1a462f3 --- /dev/null +++ b/regress/sbin/pfctl/pf92.loaded @@ -0,0 +1,71 @@ +@0 anchor all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor in all { + [ Skip steps: i=2 f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 pass quick all flags S/SA keep state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +@1 anchor out all { + [ Skip steps: f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor in all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor out all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor in all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor out all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor in all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor out all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor in all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 pass all flags S/SA keep state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +} +} +} +} +} +} +} +@2 pass in on tun1000000 all flags S/SA keep state + [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@3 anchor "foo" on tun1000000 all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 pass all flags S/SA keep state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +} diff --git a/regress/sbin/pfctl/pf92.ok b/regress/sbin/pfctl/pf92.ok new file mode 100644 index 00000000000..43720c1afa2 --- /dev/null +++ b/regress/sbin/pfctl/pf92.ok @@ -0,0 +1,26 @@ +anchor all { + anchor in all { + pass quick all flags S/SA keep state + } + anchor out all { + anchor in all { + anchor out all { + anchor in all { + anchor out all { + anchor in all { + anchor out all { + anchor in all { + pass all flags S/SA keep state + } + } + } + } + } + } + } + } + pass in on tun1000000 all flags S/SA keep state + anchor "foo" on tun1000000 all { + pass all flags S/SA keep state + } +} diff --git a/regress/sbin/pfctl/pf92.optimized b/regress/sbin/pfctl/pf92.optimized new file mode 100644 index 00000000000..6a4e1a462f3 --- /dev/null +++ b/regress/sbin/pfctl/pf92.optimized @@ -0,0 +1,71 @@ +@0 anchor all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor in all { + [ Skip steps: i=2 f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 pass quick all flags S/SA keep state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +@1 anchor out all { + [ Skip steps: f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor in all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor out all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor in all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor out all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor in all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor out all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 anchor in all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 pass all flags S/SA keep state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +} +} +} +} +} +} +} +@2 pass in on tun1000000 all flags S/SA keep state + [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@3 anchor "foo" on tun1000000 all { + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +@0 pass all flags S/SA keep state + [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] + [ queue: qname= qid=0 pqname= pqid=0 ] + [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] +} +} |