From 1887cc9dc6d127e58763111e1d5bdcf121f35d3e Mon Sep 17 00:00:00 2001
From: Markus Friedl <markus@cvs.openbsd.org>
Date: Thu, 26 Jul 2001 14:33:46 +0000
Subject: initial tests for the pfctl parser

---
 regress/sbin/pfctl/Makefile  | 27 +++++++++++++++++++++++++++
 regress/sbin/pfctl/pf1.in    |  5 +++++
 regress/sbin/pfctl/pf1.ok    |  5 +++++
 regress/sbin/pfctl/pf2.in    | 32 ++++++++++++++++++++++++++++++++
 regress/sbin/pfctl/pf2.ok    | 21 +++++++++++++++++++++
 regress/sbin/pfctl/pfail1.in |  5 +++++
 regress/sbin/pfctl/rdr1.in   |  1 +
 7 files changed, 96 insertions(+)
 create mode 100644 regress/sbin/pfctl/Makefile
 create mode 100644 regress/sbin/pfctl/pf1.in
 create mode 100644 regress/sbin/pfctl/pf1.ok
 create mode 100644 regress/sbin/pfctl/pf2.in
 create mode 100644 regress/sbin/pfctl/pf2.ok
 create mode 100644 regress/sbin/pfctl/pfail1.in
 create mode 100644 regress/sbin/pfctl/rdr1.in

diff --git a/regress/sbin/pfctl/Makefile b/regress/sbin/pfctl/Makefile
new file mode 100644
index 00000000000..207bc67ddaa
--- /dev/null
+++ b/regress/sbin/pfctl/Makefile
@@ -0,0 +1,27 @@
+# $OpenBSD: Makefile,v 1.1 2001/07/26 14:33:45 markus Exp $
+
+NOMAN=
+NOPROG=
+PFTESTS=1 2
+
+pfail1:
+	@pfctl -nvR- < ${.CURDIR}/pfail1.in > /dev/null 2>&1 || \
+	    echo 'test pfail1 should fail'
+
+.for n in ${PFTESTS}
+regress: pf${n}
+
+pf${n}: pf${n}.out
+	@cmp -s ${.CURDIR}/pf${n}.ok pf${n}.out || \
+	    echo 'test pf${n} output does not match expected output'
+pf${n}.out:
+	pfctl -nvR- < ${.CURDIR}/pf${n}.in > $@
+
+.PHONY: pf${n} regress
+CLEANFILES+=pf${n}.out
+.endfor
+
+regress: pfail1
+
+.PHONY: regress pfail1
+.include <bsd.prog.mk>
diff --git a/regress/sbin/pfctl/pf1.in b/regress/sbin/pfctl/pf1.in
new file mode 100644
index 00000000000..0cd1e474680
--- /dev/null
+++ b/regress/sbin/pfctl/pf1.in
@@ -0,0 +1,5 @@
+pass in all
+pass in from any to any
+pass in proto tcp from any port <= 1024 to any
+pass in proto tcp from any to any port = 25
+pass in proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != 22
diff --git a/regress/sbin/pfctl/pf1.ok b/regress/sbin/pfctl/pf1.ok
new file mode 100644
index 00000000000..746117aefb7
--- /dev/null
+++ b/regress/sbin/pfctl/pf1.ok
@@ -0,0 +1,5 @@
+@1 pass in all 
+@1 pass in all 
+@1 pass in proto tcp from any port <= 1024 to any 
+@1 pass in proto tcp from any to any port = smtp 
+@1 pass in proto tcp from 10.0.0.0/255.0.0.0 port > 1024 to ! 10.1.2.3 port != ssh 
diff --git a/regress/sbin/pfctl/pf2.in b/regress/sbin/pfctl/pf2.in
new file mode 100644
index 00000000000..dda840a4ca0
--- /dev/null
+++ b/regress/sbin/pfctl/pf2.in
@@ -0,0 +1,32 @@
+# test
+
+block	       out log on kue0		 all
+block	       in  log on kue0		 all
+
+block return-rst  out log on kue0 proto tcp all
+block return-rst  in  log on kue0 proto tcp all
+block return-icmp out log on kue0 proto udp all
+block return-icmp in  log on kue0 proto udp all
+
+block out log quick on kue0 from ! 157.161.48.183 to any
+
+block in quick on kue0 from any to 255.255.255.255
+
+block in log quick on kue0 from 10.0.0.0/8		to any
+block in log quick on kue0 from 172.16.0.0/12	to any
+block in log quick on kue0 from 192.168.0.0/16	to any
+block in log quick on kue0 from 255.255.255.255/32 to any
+
+pass out on kue0 proto icmp all icmp-type 8 code 0 keep state
+pass in  on kue0 proto icmp all icmp-type 8 code 0 keep state
+
+pass out on kue0 proto udp all keep state
+
+pass in on kue0 proto udp from any to any port = domain keep state
+
+pass out on kue0 proto tcp all keep state
+
+pass in on kue0 proto tcp from any to any port = ssh    keep state
+pass in on kue0 proto tcp from any to any port = smtp   keep state
+pass in on kue0 proto tcp from any to any port = domain keep state
+pass in on kue0 proto tcp from any to any port = auth   keep state
diff --git a/regress/sbin/pfctl/pf2.ok b/regress/sbin/pfctl/pf2.ok
new file mode 100644
index 00000000000..29ae432136e
--- /dev/null
+++ b/regress/sbin/pfctl/pf2.ok
@@ -0,0 +1,21 @@
+@1 block out log on kue0 all 
+@1 block in log on kue0 all 
+@1 block return-rst out log on kue0 proto tcp all 
+@1 block return-rst in log on kue0 proto tcp all 
+@1 block return-icmp out log on kue0 proto udp all 
+@1 block return-icmp in log on kue0 proto udp all 
+@1 block out log quick on kue0 from ! 157.161.48.183 to any 
+@1 block in quick on kue0 from any to 255.255.255.255 
+@1 block in log quick on kue0 from 10.0.0.0/255.0.0.0 to any 
+@1 block in log quick on kue0 from 172.16.0.0/255.240.0.0 to any 
+@1 block in log quick on kue0 from 192.168.0.0/255.255.0.0 to any 
+@1 block in log quick on kue0 from 255.255.255.255 to any 
+@1 pass out on kue0 proto icmp all icmp-type echoreq code 0 keep state 
+@1 pass in on kue0 proto icmp all icmp-type echoreq code 0 keep state 
+@1 pass out on kue0 proto udp all keep state 
+@1 pass in on kue0 proto udp from any to any port = domain keep state 
+@1 pass out on kue0 proto tcp all keep state 
+@1 pass in on kue0 proto tcp from any to any port = ssh keep state 
+@1 pass in on kue0 proto tcp from any to any port = smtp keep state 
+@1 pass in on kue0 proto tcp from any to any port = domain keep state 
+@1 pass in on kue0 proto tcp from any to any port = auth keep state 
diff --git a/regress/sbin/pfctl/pfail1.in b/regress/sbin/pfctl/pfail1.in
new file mode 100644
index 00000000000..e03ee35928c
--- /dev/null
+++ b/regress/sbin/pfctl/pfail1.in
@@ -0,0 +1,5 @@
+pass in all
+pass in from any to any
+pass in from any port <= 1024 to any
+pass in from any to any port = 25
+pass in from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != 22
diff --git a/regress/sbin/pfctl/rdr1.in b/regress/sbin/pfctl/rdr1.in
new file mode 100644
index 00000000000..1eb062750cd
--- /dev/null
+++ b/regress/sbin/pfctl/rdr1.in
@@ -0,0 +1 @@
+rdr on ne0 proto tcp from any to 1.2.3.4/32 port 2222 -> 10.0.0.10 port 22   
-- 
cgit v1.2.3