Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 15 Jul 2017 19:22:01 +0000 (UTC)
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r321030 - in head: etc/mtree sbin/pfctl sbin/pfctl/tests sbin/pfctl/tests/files targets/pseudo/tests
Message-ID:  <201707151922.v6FJM1Uq018398@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: kp
Date: Sat Jul 15 19:22:01 2017
New Revision: 321030
URL: https://svnweb.freebsd.org/changeset/base/321030

Log:
  pfctl parser tests
  
  Copy the most important test cases from OpenBSD's corresponding
  src/regress/sbin/pfctl, those that run pfctl on a test input file and check
  correctness of its output. We have also added some new tests using the same
  format.
  
  The tests consist of a collection of input files (pf*.in) and
  corresponding output files (pf*.ok). We run pfctl -nv on the input
  files and check that the output matches the output files. If any
  discrepancy is discovered during future development in the source
  tree, we know that a regression bug has been introduced into the tree.
  
  Submitted by:	paggas
  Sponsored by:	Google, Inc (GSoC 2017)
  Differential Revision:	https://reviews.freebsd.org/D11322

Added:
  head/sbin/pfctl/tests/
  head/sbin/pfctl/tests/Makefile   (contents, props changed)
  head/sbin/pfctl/tests/files/
  head/sbin/pfctl/tests/files/Makefile   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0001.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0001.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0002.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0002.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0003.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0003.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0004.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0004.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0005.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0005.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0006.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0006.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0007.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0007.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0008.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0008.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0009.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0009.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0010.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0010.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0011.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0011.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0012.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0012.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0013.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0013.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0014.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0014.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0016.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0016.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0018.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0018.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0019.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0019.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0020.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0020.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0022.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0022.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0023.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0023.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0024.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0024.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0025.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0025.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0026.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0026.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0028.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0028.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0030.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0030.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0031.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0031.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0032.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0032.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0034.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0034.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0035.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0035.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0038.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0038.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0039.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0039.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0040.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0040.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0041.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0041.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0047.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0047.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0048.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0048.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0049.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0049.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0050.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0050.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0052.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0052.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0053.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0053.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0055.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0055.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0056.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0056.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0057.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0057.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0060.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0060.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0061.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0061.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0065.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0065.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0067.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0067.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0069.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0069.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0070.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0070.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0071.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0071.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0072.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0072.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0074.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0074.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0075.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0075.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0077.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0077.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0078.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0078.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0079.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0079.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0081.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0081.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0082.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0082.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0084.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0084.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0085.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0085.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0087.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0087.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0088.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0088.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0089.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0089.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0090.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0090.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0091.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0091.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0092.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0092.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0094.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0094.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0095.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0095.include   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0095.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0096.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0096.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0097.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0097.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0098.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0098.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0100.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0100.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0101.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0101.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0102.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0102.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0104.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf0104.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf1001.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf1001.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf1002.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf1002.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf1003.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf1003.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pf1004.in   (contents, props changed)
  head/sbin/pfctl/tests/files/pf1004.ok   (contents, props changed)
  head/sbin/pfctl/tests/files/pfctl_test_descr.sh   (contents, props changed)
  head/sbin/pfctl/tests/pfctl_test.sh   (contents, props changed)
Modified:
  head/etc/mtree/BSD.tests.dist
  head/sbin/pfctl/Makefile
  head/targets/pseudo/tests/Makefile.depend

Modified: head/etc/mtree/BSD.tests.dist
==============================================================================
--- head/etc/mtree/BSD.tests.dist	Sat Jul 15 19:18:37 2017	(r321029)
+++ head/etc/mtree/BSD.tests.dist	Sat Jul 15 19:22:01 2017	(r321030)
@@ -378,6 +378,10 @@
         ..
         mdconfig
         ..
+        pfctl
+            files
+            ..
+        ..
     ..
     secure
         lib

Modified: head/sbin/pfctl/Makefile
==============================================================================
--- head/sbin/pfctl/Makefile	Sat Jul 15 19:18:37 2017	(r321029)
+++ head/sbin/pfctl/Makefile	Sat Jul 15 19:22:01 2017	(r321030)
@@ -31,4 +31,8 @@ YFLAGS=
 
 LIBADD=	m md
 
+.if ${MK_TESTS} != "no"
+SUBDIR+=    tests
+.endif
+
 .include <bsd.prog.mk>

Added: head/sbin/pfctl/tests/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/Makefile	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+ATF_TESTS_SH=	pfctl_test
+
+SUBDIR+=	files
+
+.include <bsd.test.mk>

Added: head/sbin/pfctl/tests/files/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/Makefile	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,12 @@
+# $FreeBSD$
+
+TESTSDIR=	${TESTSBASE}/sbin/pfctl/files
+BINDIR=		${TESTSDIR}
+
+# We use ${.CURDIR} as workaround so that the glob patterns work.
+FILES=		${.CURDIR}/pf????.in
+FILES+=		${.CURDIR}/pf????.include
+FILES+=		${.CURDIR}/pf????.ok
+FILES+=		${.CURDIR}/pfctl_test_descr.sh
+
+.include <bsd.progs.mk>

Added: head/sbin/pfctl/tests/files/pf0001.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0001.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,8 @@
+pass in all
+pass in from any to any no state
+pass in proto tcp from any port <= 1024 to any label foo_bar
+pass in proto tcp from any to any port = 25
+pass in proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != 22
+pass in proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts
+pass in proto tcp from { 1.2.3.4, 1.2.3.5 } to any label \
+"$nr:$proto:$srcaddr:$srcport:$dstaddr:$dstport"

Added: head/sbin/pfctl/tests/files/pf0001.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0001.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,8 @@
+pass in all flags S/SA keep state
+pass in all no state
+pass in proto tcp from any port <= 1024 to any flags S/SA keep state label "foo_bar"
+pass in proto tcp from any to any port = smtp flags S/SA keep state
+pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh flags S/SA keep state
+pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 keep state allow-opts
+pass in inet proto tcp from 1.2.3.4 to any flags S/SA keep state label "6:tcp:1.2.3.4::any:"
+pass in inet proto tcp from 1.2.3.5 to any flags S/SA keep state label "7:tcp:1.2.3.5::any:"

Added: head/sbin/pfctl/tests/files/pf0002.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0002.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,34 @@
+# test
+
+block	       out log on tun1000000		 all
+block	       in  log on tun1000000		 all
+
+block return-rst  out log on tun1000000 proto tcp all
+block return-rst  in  log on tun1000000 proto tcp all
+block return-icmp out log on tun1000000 proto udp all
+block return-icmp in  log on tun1000000 proto udp all
+
+block out log quick on tun1000000 from ! 157.161.48.183 to any
+
+block in quick on tun1000000 from any to 255.255.255.255
+
+block in log quick on tun1000000 from 10.0.0.0/8		to any
+block in log quick on tun1000000 from 172.16.0.0/12	to any
+block in quick log on tun1000000 from 192.168.0.0/16	to any
+block in quick log on tun1000000 from 255.255.255.255/32 to any
+
+block in log quick from no-route to any
+
+pass out on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+pass in  on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+
+pass out on tun1000000 proto udp all keep state
+
+pass in on tun1000000 proto udp from any to any port = domain keep state
+
+pass out on tun1000000 proto tcp all keep state
+
+pass in on tun1000000 proto tcp from any to any port = ssh    keep state
+pass in on tun1000000 proto tcp from any to any port = smtp   keep state
+pass in on tun1000000 proto tcp from any to any port = domain keep state
+pass in on tun1000000 proto tcp from any to any port = auth   keep state

Added: head/sbin/pfctl/tests/files/pf0002.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0002.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,22 @@
+block drop out log on tun1000000 all
+block drop in log on tun1000000 all
+block return-rst out log on tun1000000 proto tcp all
+block return-rst in log on tun1000000 proto tcp all
+block return-icmp(port-unr, port-unr) out log on tun1000000 proto udp all
+block return-icmp(port-unr, port-unr) in log on tun1000000 proto udp all
+block drop out log quick on tun1000000 inet from ! 157.161.48.183 to any
+block drop in quick on tun1000000 inet from any to 255.255.255.255
+block drop in log quick on tun1000000 inet from 10.0.0.0/8 to any
+block drop in log quick on tun1000000 inet from 172.16.0.0/12 to any
+block drop in log quick on tun1000000 inet from 192.168.0.0/16 to any
+block drop in log quick on tun1000000 inet from 255.255.255.255 to any
+block drop in log quick from no-route to any
+pass out on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
+pass in on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
+pass out on tun1000000 proto udp all keep state
+pass in on tun1000000 proto udp from any to any port = domain keep state
+pass out on tun1000000 proto tcp all flags S/SA keep state
+pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA keep state
+pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA keep state
+pass in on tun1000000 proto tcp from any to any port = domain flags S/SA keep state
+pass in on tun1000000 proto tcp from any to any port = auth flags S/SA keep state

Added: head/sbin/pfctl/tests/files/pf0003.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0003.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,13 @@
+pass in all
+pass in from any to any
+
+block in proto tcp from any to any flags FUPEW/FSRPAUEW
+block in proto tcp from any to any flags SF/SFRA
+block in proto tcp from any to any flags /SFRAW
+
+pass in proto { udp, icmp, tcp } from any to any flags S/SA
+pass in from any to any flags S/SA no state
+pass in from any to any flags any no state
+pass in from any to any flags any
+pass in from any to any keep state
+pass in from any to any

Added: head/sbin/pfctl/tests/files/pf0003.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0003.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,13 @@
+pass in all flags S/SA keep state
+pass in all flags S/SA keep state
+block drop in proto tcp all flags FPUEW/FSRPAUEW
+block drop in proto tcp all flags FS/FSRA
+block drop in proto tcp all flags /FSRAW
+pass in proto udp all keep state
+pass in proto icmp all keep state
+pass in proto tcp all flags S/SA keep state
+pass in all flags S/SA no state
+pass in all no state
+pass in all flags any keep state
+pass in all flags S/SA keep state
+pass in all flags S/SA keep state

Added: head/sbin/pfctl/tests/files/pf0004.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0004.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,16 @@
+block in all
+block in proto tcp all
+block in proto { tcp, udp } all
+
+block in from any to any
+block in from 10.0.0.0/8 to any
+block in from ! 10.0.0.0/8 to any
+block in from { 10.0.0.0/8, 172.16.0.0/12 } to any
+
+block in proto tcp from any port = ssh to any
+block in proto tcp from any port { ssh, ftp >< 2048, != 1234, >= www } \
+	to any port 1024:2048
+
+block in proto { tcp, udp } from { 10.0.0.0/8, 172.16.0.0/12 } port { ssh, ftp } \
+	to { 192.168.0.0/16, 12.34.56.78 } port { 6667, 6668, 6669:65535 }
+

Added: head/sbin/pfctl/tests/files/pf0004.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0004.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,62 @@
+block drop in all
+block drop in proto tcp all
+block drop in proto tcp all
+block drop in proto udp all
+block drop in all
+block drop in inet from 10.0.0.0/8 to any
+block drop in inet from ! 10.0.0.0/8 to any
+block drop in inet from 10.0.0.0/8 to any
+block drop in inet from 172.16.0.0/12 to any
+block drop in proto tcp from any port = ssh to any
+block drop in proto tcp from any port = ssh to any port 1024:2048
+block drop in proto tcp from any port 21 >< 2048 to any port 1024:2048
+block drop in proto tcp from any port != 1234 to any port 1024:2048
+block drop in proto tcp from any port >= 80 to any port 1024:2048
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = ircd
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port 6669:65535
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = ircd
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port 6669:65535
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = ircd
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port 6669:65535
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = ircd
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port 6669:65535
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = ircd
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port 6669:65535
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = ircd
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port 6669:65535
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = ircd
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port 6669:65535
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = ircd
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port 6669:65535
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port 6669:65535
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port 6669:65535
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port 6669:65535
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port 6669:65535
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port 6669:65535
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port 6669:65535
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6667
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port 6669:65535
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6667
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 12.34.56.78 port 6669:65535

Added: head/sbin/pfctl/tests/files/pf0005.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0005.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,6 @@
+foo = "ssh, ftp"
+bar = "other thing"
+inside="10.0.0.0/8"
+
+block in proto udp from $inside port { echo, $foo, ident } \
+	to 12.34.56.78 port { 6667, 0x10 }

Added: head/sbin/pfctl/tests/files/pf0005.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0005.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,11 @@
+foo = "ssh, ftp"
+bar = "other thing"
+inside = "10.0.0.0/8"
+block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 16
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 16
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 16
+block drop in inet proto udp from 10.0.0.0/8 port = auth to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = auth to 12.34.56.78 port = 16

Added: head/sbin/pfctl/tests/files/pf0006.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0006.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,3 @@
+a=b
+c=x
+a_b_c=d

Added: head/sbin/pfctl/tests/files/pf0006.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0006.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,3 @@
+a = "b"
+c = "x"
+a_b_c = "d"

Added: head/sbin/pfctl/tests/files/pf0007.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0007.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,34 @@
+# test modulate state
+
+block	       out log on tun1000000		 all
+block	       in  log on tun1000000		 all
+
+block return-rst  out log on tun1000000 proto tcp all
+block return-rst  in  log on tun1000000 proto tcp all
+block return-icmp out log on tun1000000 proto udp all
+block return-icmp in  log on tun1000000 proto udp all
+
+block out log quick on tun1000000 from ! 157.161.48.183 to any
+
+block in quick on tun1000000 from any to 255.255.255.255
+
+block in log quick on tun1000000 from 10.0.0.0/8		to any
+block in log quick on tun1000000 from 172.16.0.0/12	to any
+block in log quick on tun1000000 from 192.168.0.0/16	to any
+block in log quick on tun1000000 from 255.255.255.255/32 to any
+
+pass out on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+pass in  on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+
+pass out on tun1000000 proto udp all keep state
+
+pass in on tun1000000 proto udp from any to any port = domain keep state
+
+pass out on tun1000000 proto tcp all modulate state
+pass in on tun1000000 proto { tcp udp icmp } all modulate state
+pass in on tun1000000 proto { udp tcp icmp } all flags S/SA synproxy state
+
+pass in on tun1000000 proto tcp from any to any port = ssh    modulate state
+pass in on tun1000000 proto tcp from any to any port = smtp   modulate state
+pass in on tun1000000 proto tcp from any to any port = domain modulate state
+pass in on tun1000000 proto tcp from any to any port = auth   modulate state

Added: head/sbin/pfctl/tests/files/pf0007.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0007.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,27 @@
+block drop out log on tun1000000 all
+block drop in log on tun1000000 all
+block return-rst out log on tun1000000 proto tcp all
+block return-rst in log on tun1000000 proto tcp all
+block return-icmp(port-unr, port-unr) out log on tun1000000 proto udp all
+block return-icmp(port-unr, port-unr) in log on tun1000000 proto udp all
+block drop out log quick on tun1000000 inet from ! 157.161.48.183 to any
+block drop in quick on tun1000000 inet from any to 255.255.255.255
+block drop in log quick on tun1000000 inet from 10.0.0.0/8 to any
+block drop in log quick on tun1000000 inet from 172.16.0.0/12 to any
+block drop in log quick on tun1000000 inet from 192.168.0.0/16 to any
+block drop in log quick on tun1000000 inet from 255.255.255.255 to any
+pass out on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
+pass in on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
+pass out on tun1000000 proto udp all keep state
+pass in on tun1000000 proto udp from any to any port = domain keep state
+pass out on tun1000000 proto tcp all flags S/SA modulate state
+pass in on tun1000000 proto tcp all flags S/SA modulate state
+pass in on tun1000000 proto udp all keep state
+pass in on tun1000000 proto icmp all keep state
+pass in on tun1000000 proto udp all keep state
+pass in on tun1000000 proto tcp all flags S/SA synproxy state
+pass in on tun1000000 proto icmp all keep state
+pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA modulate state
+pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA modulate state
+pass in on tun1000000 proto tcp from any to any port = domain flags S/SA modulate state
+pass in on tun1000000 proto tcp from any to any port = auth flags S/SA modulate state

Added: head/sbin/pfctl/tests/files/pf0008.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0008.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,2 @@
+extern =  "{ ! 10.0.0.0/8, 10.1.2.3 }"
+block out log on tun1000001 from $extern to any

Added: head/sbin/pfctl/tests/files/pf0008.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0008.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,3 @@
+extern = "{ ! 10.0.0.0/8, 10.1.2.3 }"
+block drop out log on tun1000001 inet from ! 10.0.0.0/8 to any
+block drop out log on tun1000001 inet from 10.1.2.3 to any

Added: head/sbin/pfctl/tests/files/pf0009.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0009.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,3 @@
+interfaces = "{ enc0, tun1000000 }"
+
+block in on $interfaces all

Added: head/sbin/pfctl/tests/files/pf0009.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0009.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,3 @@
+interfaces = "{ enc0, tun1000000 }"
+block drop in on enc0 all
+block drop in on tun1000000 all

Added: head/sbin/pfctl/tests/files/pf0010.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0010.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,31 @@
+# return variants
+pass in inet proto icmp all
+pass in inet6 proto icmp6 all
+block in inet proto icmp all
+block in inet6 proto icmp6 all
+block return-rst in inet proto tcp all
+block return-rst in inet6 proto tcp all
+block return-rst(ttl 10) in inet proto tcp all
+block return-rst(ttl 10) in inet6 proto tcp all
+block return-icmp in inet proto icmp all
+block return-icmp(0) in inet proto icmp all
+block return-icmp(net-unr) in inet proto icmp all
+block return-icmp(5) in inet proto icmp all
+block return-icmp(srcfail) in inet proto icmp all
+block return-icmp(10) in inet proto icmp all
+block return-icmp(host-prohib) in inet proto icmp all
+block return-icmp(15) in inet proto icmp all
+block return-icmp(cutoff-preced) in inet proto icmp all
+block return-icmp6 in inet6 proto icmp6 all
+block return-icmp6(0) in inet6 proto icmp6 all
+block return-icmp6(noroute-unr) in inet6 proto icmp6 all
+block return-icmp6(1) in inet6 proto icmp6 all
+block return-icmp6(admin-unr) in inet6 proto icmp6 all
+block return-icmp6(2) in inet6 proto icmp6 all
+block return-icmp6(notnbr-unr) in inet6 proto icmp6 all
+block return-icmp6(3) in inet6 proto icmp6 all
+block return-icmp6(addr-unr) in inet6 proto icmp6 all
+block return-icmp6(4) in inet6 proto icmp6 all
+block return-icmp6(port-unr) in inet6 proto icmp6 all
+block return-icmp(5, 1) in all
+block return-icmp(srcfail, admin-unr) in all

Added: head/sbin/pfctl/tests/files/pf0010.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0010.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,30 @@
+pass in inet proto icmp all keep state
+pass in inet6 proto ipv6-icmp all keep state
+block drop in inet proto icmp all
+block drop in inet6 proto ipv6-icmp all
+block return-rst in inet proto tcp all
+block return-rst in inet6 proto tcp all
+block return-rst(ttl 10) in inet proto tcp all
+block return-rst(ttl 10) in inet6 proto tcp all
+block return-icmp(port-unr) in inet proto icmp all
+block return-icmp(net-unr) in inet proto icmp all
+block return-icmp(net-unr) in inet proto icmp all
+block return-icmp(srcfail) in inet proto icmp all
+block return-icmp(srcfail) in inet proto icmp all
+block return-icmp(host-prohib) in inet proto icmp all
+block return-icmp(host-prohib) in inet proto icmp all
+block return-icmp(cutoff-preced) in inet proto icmp all
+block return-icmp(cutoff-preced) in inet proto icmp all
+block return-icmp6(port-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(port-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(port-unr) in inet6 proto ipv6-icmp all
+block return-icmp(srcfail, admin-unr) in all
+block return-icmp(srcfail, admin-unr) in all

Added: head/sbin/pfctl/tests/files/pf0011.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0011.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,18 @@
+pass in inet proto icmp all icmp-type 0
+pass in inet proto icmp all icmp-type 0 code 0
+pass in inet proto icmp all icmp-type 1
+pass in inet proto icmp all icmp-type 1 code 1
+pass in inet6 proto ipv6-icmp all icmp6-type 0
+pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0
+pass in inet6 proto ipv6-icmp all icmp6-type 1
+pass in inet6 proto ipv6-icmp all icmp6-type 1 code 1
+block in inet proto icmp all icmp-type 0
+block in inet proto icmp all icmp-type 0 code 0
+block in inet proto icmp all icmp-type 1
+block in inet proto icmp all icmp-type 1 code 1
+block in inet6 proto ipv6-icmp all icmp6-type 0
+block in inet6 proto ipv6-icmp all icmp6-type 0 code 0
+block in inet6 proto ipv6-icmp all icmp6-type 1
+block in inet6 proto ipv6-icmp all icmp6-type 1 code 1
+pass in inet proto icmp all icmp-type unreach code needfrag
+pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb

Added: head/sbin/pfctl/tests/files/pf0011.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0011.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,18 @@
+pass in inet proto icmp all icmp-type echorep keep state
+pass in inet proto icmp all icmp-type echorep code 0 keep state
+pass in inet proto icmp all icmp-type 1 keep state
+pass in inet proto icmp all icmp-type 1 code 1 keep state
+pass in inet6 proto ipv6-icmp all icmp6-type 0 keep state
+pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0 keep state
+pass in inet6 proto ipv6-icmp all icmp6-type unreach keep state
+pass in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr keep state
+block drop in inet proto icmp all icmp-type echorep
+block drop in inet proto icmp all icmp-type echorep code 0
+block drop in inet proto icmp all icmp-type 1
+block drop in inet proto icmp all icmp-type 1 code 1
+block drop in inet6 proto ipv6-icmp all icmp6-type 0
+block drop in inet6 proto ipv6-icmp all icmp6-type 0 code 0
+block drop in inet6 proto ipv6-icmp all icmp6-type unreach
+block drop in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr
+pass in inet proto icmp all icmp-type unreach code needfrag keep state
+pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb keep state

Added: head/sbin/pfctl/tests/files/pf0012.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0012.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,5 @@
+pass in from 127.0.0.1 to 127.0.0.1/8 no state
+pass in from 127.0.0.1/16 to 127.0.0.1/24 no state
+pass in from 127.0.0.1/25 to ! 127.0.0.1/26
+pass in inet from ! localhost to localhost/16
+pass in inet from ! lo0 to ! lo0/8

Added: head/sbin/pfctl/tests/files/pf0012.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0012.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,5 @@
+pass in inet from 127.0.0.1 to 127.0.0.0/8 no state
+pass in inet from 127.0.0.0/16 to 127.0.0.0/24 no state
+pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 flags S/SA keep state
+pass in inet from ! 127.0.0.1 to 127.0.0.0/16 flags S/SA keep state
+pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 flags S/SA keep state

Added: head/sbin/pfctl/tests/files/pf0013.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0013.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,22 @@
+pass in quick on enc0 from any to any
+pass in quick on enc0 inet from any to any
+pass in quick on enc0 inet6 from any to any
+
+#pass out quick on tun1000000 inet from any to any route-to tun1000001
+#pass out quick on tun1000000 from any to 192.168.1.1 route-to tun1000001
+#pass out quick on tun1000000 from any to fec0::1 route-to tun1000001
+
+#pass in on tun1000000 proto tcp from any to any port = 21 dup-to (tun1000001 192.168.1.1)
+#pass in on tun1000000 proto tcp from any to any port = 21 dup-to (tun1000001 fec0::1)
+
+#pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 route-to tun1000001
+#pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 route-to tun1000001
+
+#pass in on tun1000000 proto tcp from any to any port = 21 reply-to (tun1000001 192.168.1.1)
+#pass in on tun1000000 proto tcp from any to any port = 21 reply-to (tun1000001 fec0::1)
+
+#pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 reply-to tun1000001
+#pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 reply-to tun1000001
+
+#pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 dup-to (tun1000001 192.168.1.100)
+#pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 dup-to (tun1000001 fec1::2)

Added: head/sbin/pfctl/tests/files/pf0013.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0013.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,3 @@
+pass in quick on enc0 all flags S/SA keep state
+pass in quick on enc0 inet all flags S/SA keep state
+pass in quick on enc0 inet6 all flags S/SA keep state

Added: head/sbin/pfctl/tests/files/pf0014.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0014.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,6 @@
+pass in quick on lo0 from fe80::1%lo0 to fe80::1%lo0
+pass in quick from fe80::1%lo0 to fe80::1%lo0
+pass in quick from fe80::1%lo0 to any
+pass in quick from any to fe80::1%lo0
+pass in quick on lo0 from fe80::1%lo0 to any
+pass in quick on lo0 from any to fe80::1%lo0

Added: head/sbin/pfctl/tests/files/pf0014.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0014.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,6 @@
+pass in quick on lo0 inet6 from fe80::1 to fe80::1 flags S/SA keep state
+pass in quick on lo0 inet6 from fe80::1 to fe80::1 flags S/SA keep state
+pass in quick on lo0 inet6 from fe80::1 to any flags S/SA keep state
+pass in quick on lo0 inet6 from any to fe80::1 flags S/SA keep state
+pass in quick on lo0 inet6 from fe80::1 to any flags S/SA keep state
+pass in quick on lo0 inet6 from any to fe80::1 flags S/SA keep state

Added: head/sbin/pfctl/tests/files/pf0016.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0016.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,5 @@
+# Test rule order processing: should fail unless nat -> filter
+#match out on lo0 from 192.168.1.1 to any nat-to 10.0.0.1
+#match in on lo0 proto tcp from any to 1.2.3.4/32 port 2222 rdr-to 10.0.0.10 port 22   
+#match on lo0 from 192.168.1.1 to any binat-to 10.0.0.1
+pass in on lo1000000 from any to any no state

Added: head/sbin/pfctl/tests/files/pf0016.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0016.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1 @@
+pass in on lo1000000 all no state

Added: head/sbin/pfctl/tests/files/pf0018.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0018.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,19 @@
+# test nat
+
+TEST_LIST1 = "{ 192.168.1.5, 192.168.1.6, 192.168.1.7 }"
+TEST_LIST2 = "{ 172.6.1.1, 172.14.1.2/32, 172.16.2.0/24 }"
+
+#match out on lo0 from 192.168.1.1 to any nat-to 10.0.0.1
+#match out on lo0 proto tcp from 192.168.1.2 to any nat-to 10.0.0.2
+#match out on lo0 proto udp from 192.168.1.3 to any nat-to 10.0.0.3
+#match out on lo0 proto icmp from 192.168.1.4 to any nat-to 10.0.0.4
+
+#match out on lo0 inet from $TEST_LIST1 to $TEST_LIST2 nat-to lo0
+
+#match out on lo0 inet from 192.168.0.1/24 to any nat-to (lo0)
+
+#match out on lo0 from 192.168.1.8 to ! 172.17.0.0/16 nat-to 10.0.0.8
+
+#match out on ! lo0 proto { udp, tcp } from any to any nat-to 10.0.0.8 static-port
+
+#match out on { lo0, tun1000000 } from any to any nat-to 10.0.0.8

Added: head/sbin/pfctl/tests/files/pf0018.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0018.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,2 @@
+TEST_LIST1 = "{ 192.168.1.5, 192.168.1.6, 192.168.1.7 }"
+TEST_LIST2 = "{ 172.6.1.1, 172.14.1.2/32, 172.16.2.0/24 }"

Added: head/sbin/pfctl/tests/files/pf0019.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0019.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,9 @@
+EVIL = "lo0"
+GOOD = "{ lo0, lo1000000 }"
+GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }"
+DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }"
+
+#match in on lo0 proto tcp from any to 1.2.3.4/32 port 2222 rdr-to 10.0.0.10 port 22   
+
+# Test list processing
+#match in on $GOOD proto tcp from $GOOD_NET to $DEST_NET port 21 rdr-to 127.0.0.1 port 8021

Added: head/sbin/pfctl/tests/files/pf0019.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0019.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,4 @@
+EVIL = "lo0"
+GOOD = "{ lo0, lo1000000 }"
+GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }"
+DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }"

Added: head/sbin/pfctl/tests/files/pf0020.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0020.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,9 @@
+# Test whether list expansion in NAT/RDR works correctly
+
+EVIL = "lo0"
+GOOD = "{ lo0, lo1000000 }"
+GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }"
+DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }"
+
+#match out on $EVIL inet from $GOOD_NET to $DEST_NET nat-to $EVIL
+#match in on $GOOD proto tcp from $GOOD_NET to $DEST_NET port 21 rdr-to 127.0.0.1 port 8021

Added: head/sbin/pfctl/tests/files/pf0020.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0020.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,4 @@
+EVIL = "lo0"
+GOOD = "{ lo0, lo1000000 }"
+GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }"
+DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }"

Added: head/sbin/pfctl/tests/files/pf0022.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0022.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,8 @@
+set optimization aggressive
+set timeout { tcp.closing 6, tcp.opening 6 }
+set timeout tcp.first 6
+set limit states 500
+set limit {states 1000,frags 1000}
+set loginterface lo0
+set loginterface none
+set hostid 1

Added: head/sbin/pfctl/tests/files/pf0022.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0022.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,10 @@
+set optimization aggressive
+set timeout tcp.closing 6
+set timeout tcp.opening 6
+set timeout tcp.first 6
+set limit states 500
+set limit states 1000
+set limit frags 1000
+set loginterface lo0
+set loginterface none
+set hostid 0x00000001

Added: head/sbin/pfctl/tests/files/pf0023.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0023.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,2 @@
+#test negated interface matching
+block in on ! lo0 all

Added: head/sbin/pfctl/tests/files/pf0023.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0023.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1 @@
+block drop in on ! lo0 all

Added: head/sbin/pfctl/tests/files/pf0024.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0024.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,8 @@
+#test variable concat
+a="ssh"
+b="ftp"
+c=$a $b
+d=$a $b $a $b
+e=$a $b $b "test" $a $b
+
+pass in proto tcp from any to any port { $c }

Added: head/sbin/pfctl/tests/files/pf0024.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0024.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,7 @@
+a = "ssh"
+b = "ftp"
+c = "ssh ftp"
+d = "ssh ftp ssh ftp"
+e = "ssh ftp ftp test ssh ftp"
+pass in proto tcp from any to any port = ssh flags S/SA keep state
+pass in proto tcp from any to any port = ftp flags S/SA keep state

Added: head/sbin/pfctl/tests/files/pf0025.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0025.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,4 @@
+antispoof for lo0
+antispoof log quick for lo0 inet
+antispoof for (lo0)
+antispoof log quick for (lo0) inet

Added: head/sbin/pfctl/tests/files/pf0025.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0025.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,5 @@
+block drop in on ! lo0 inet6 from ::1 to any
+block drop in on ! lo0 inet from 127.0.0.0/8 to any
+block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any
+block drop in on ! lo0 from (lo0:network) to any
+block drop in log quick on ! lo0 inet from (lo0:network) to any

Added: head/sbin/pfctl/tests/files/pf0026.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0026.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,2 @@
+block in on lo0 inet from ! (lo0) to any
+block out on lo0 inet from any to ! (lo0)

Added: head/sbin/pfctl/tests/files/pf0026.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0026.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,2 @@
+block drop in on lo0 inet from ! (lo0) to any
+block drop out on lo0 inet from any to ! (lo0)

Added: head/sbin/pfctl/tests/files/pf0028.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0028.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,7 @@
+# test logging keywords, and log quick/quick log order
+block in log (all) quick on lo0 all
+block in quick log       on lo0 all
+block in quick log (all) on lo0 all
+block in log quick       on lo0 all
+block in log             on lo0 all
+block in log (all)       on lo0 all 

Added: head/sbin/pfctl/tests/files/pf0028.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0028.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,6 @@
+block drop in log (all) quick on lo0 all
+block drop in log quick on lo0 all
+block drop in log (all) quick on lo0 all
+block drop in log quick on lo0 all
+block drop in log on lo0 all
+block drop in log (all) on lo0 all

Added: head/sbin/pfctl/tests/files/pf0030.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0030.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,7 @@
+#test line continuation
+
+block \
+    in \
+    on lo0 \
+    from any \
+    to any

Added: head/sbin/pfctl/tests/files/pf0030.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0030.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1 @@
+block drop in on lo0 all

Added: head/sbin/pfctl/tests/files/pf0031.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0031.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,21 @@
+set block-policy drop
+block return in on lo0 all
+block return in on lo0 inet all
+block return in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
+block in on lo0 all
+block in on lo0 inet all
+block in on lo0 inet6 all
+#set block-policy return
+block return in on lo0 all
+block return in on lo0 inet all
+block return in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
+block in on lo0 all
+block in on lo0 inet all
+block in on lo0 inet6 all
+

Added: head/sbin/pfctl/tests/files/pf0031.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0031.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,19 @@
+set block-policy drop
+block return in on lo0 all
+block return in on lo0 inet all
+block return in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
+block return in on lo0 all
+block return in on lo0 inet all
+block return in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all

Added: head/sbin/pfctl/tests/files/pf0032.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0032.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,7 @@
+pass in from 10/8 to any
+pass in from 10.1/8 to any
+pass in from 192.168.37.29/25 to any
+pass in from 192.168.37.29/24 to any
+pass in from 192.168.37.29/16 to any
+pass in from 192.168.37.29/8 to any
+

Added: head/sbin/pfctl/tests/files/pf0032.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0032.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,6 @@
+pass in inet from 10.0.0.0/8 to any flags S/SA keep state
+pass in inet from 10.0.0.0/8 to any flags S/SA keep state
+pass in inet from 192.168.37.0/25 to any flags S/SA keep state
+pass in inet from 192.168.37.0/24 to any flags S/SA keep state
+pass in inet from 192.168.0.0/16 to any flags S/SA keep state
+pass in inet from 192.0.0.0/8 to any flags S/SA keep state

Added: head/sbin/pfctl/tests/files/pf0034.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0034.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,5 @@
+#mixed af, probability
+pass in from any to { 127.0.0.1, 2000::1 }
+pass in probability 0.5
+pass in probability 50%
+pass in inet6 proto tcp from ::1 probability 0.8%

Added: head/sbin/pfctl/tests/files/pf0034.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0034.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,5 @@
+pass in inet from any to 127.0.0.1 flags S/SA keep state
+pass in inet6 from any to 2000::1 flags S/SA keep state
+pass in all flags S/SA keep state probability 50%
+pass in all flags S/SA keep state probability 50%
+pass in inet6 proto tcp from ::1 to any flags S/SA keep state probability 0.8%

Added: head/sbin/pfctl/tests/files/pf0035.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0035.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,5 @@
+#test matching on tos
+
+intf = "lo0"
+pass out on $intf inet proto tcp from any to any port 22 tos 0x10
+pass out on $intf inet proto tcp from any to any port 22 tos 0x08

Added: head/sbin/pfctl/tests/files/pf0035.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0035.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,3 @@
+intf = "lo0"
+pass out on lo0 inet proto tcp from any to any port = ssh flags S/SA tos 0x10 keep state
+pass out on lo0 inet proto tcp from any to any port = ssh flags S/SA tos 0x08 keep state

Added: head/sbin/pfctl/tests/files/pf0038.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0038.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,5 @@
+# test
+
+pass in on tun1000000 proto tcp from any to any user bin
+pass in on tun1000000 proto tcp from any to any group bin
+pass in on tun1000000 proto tcp from any to any group wheel user root user bin

Added: head/sbin/pfctl/tests/files/pf0038.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0038.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,4 @@
+pass in on tun1000000 proto tcp all user = 3 flags S/SA keep state
+pass in on tun1000000 proto tcp all group = 7 flags S/SA keep state
+pass in on tun1000000 proto tcp all user = 3 group = 0 flags S/SA keep state
+pass in on tun1000000 proto tcp all user = 0 group = 0 flags S/SA keep state

Added: head/sbin/pfctl/tests/files/pf0039.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0039.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,25 @@
+#test random ordered opts
+
+body1="pass in log quick on lo0 inet proto icmp all "
+body2="pass in log quick on lo0 inet proto tcp all "
+o_user="user root "
+o_user2="user bin "
+o_group="group wheel "
+o_group2="group nobody "
+o_flags="flags S/SA "
+o_icmpspec="icmp-type 0 code 0 "
+o_tos="tos 0x08 "
+o_keep="keep state "
+o_fragment="fragment "
+o_allowopts="allow-opts "
+o_label="label blah"
+o_prio="set prio 2"
+
+$body2 $o_fragment $o_keep $o_label $o_tos
+$body2 $o_user $o_prio $o_tos $o_keep $o_group $o_label $o_allowopts \
+$o_user2 $o_group2
+$body1 $o_icmpspec $o_keep $o_label $o_prio
+$body2 $o_keep
+$body2 $o_label $o_keep $o_prio $o_tos
+$body1 $o_icmpspec $o_tos
+$body2 $o_flags $o_allowopts 

Added: head/sbin/pfctl/tests/files/pf0039.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0039.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,24 @@
+body1 = "pass in log quick on lo0 inet proto icmp all "
+body2 = "pass in log quick on lo0 inet proto tcp all "
+o_user = "user root "
+o_user2 = "user bin "
+o_group = "group wheel "
+o_group2 = "group nobody "
+o_flags = "flags S/SA "
+o_icmpspec = "icmp-type 0 code 0 "
+o_tos = "tos 0x08 "
+o_keep = "keep state "
+o_fragment = "fragment "
+o_allowopts = "allow-opts "
+o_label = "label blah"
+o_prio = "set prio 2"
+pass in log quick on lo0 inet proto tcp all tos 0x08 keep state fragment label "blah"
+pass in log quick on lo0 inet proto tcp all user = 3 group = 65534 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah"
+pass in log quick on lo0 inet proto tcp all user = 3 group = 0 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah"
+pass in log quick on lo0 inet proto tcp all user = 0 group = 65534 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah"
+pass in log quick on lo0 inet proto tcp all user = 0 group = 0 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah"
+pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 set ( prio 2 ) keep state label "blah"
+pass in log quick on lo0 inet proto tcp all flags S/SA keep state
+pass in log quick on lo0 inet proto tcp all flags S/SA tos 0x08 set ( prio 2 ) keep state label "blah"
+pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 keep state
+pass in log quick on lo0 inet proto tcp all flags S/SA keep state allow-opts

Added: head/sbin/pfctl/tests/files/pf0040.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0040.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,20 @@
+block
+block return
+block return-rst proto tcp
+pass
+pass in no state
+pass out no state
+pass all no state
+block in all
+block out all
+block from any to any
+pass in from any to any
+pass out from any to any
+block on lo0
+pass on lo0 all
+block on lo0 from any to any
+pass proto tcp flags S/SA
+pass proto udp keep state
+pass in proto udp all keep state
+pass out proto udp from any to any keep state
+pass out on lo0 proto tcp from any to any port 25 keep state

Added: head/sbin/pfctl/tests/files/pf0040.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0040.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,20 @@
+block drop all
+block return all
+block return-rst proto tcp all
+pass all flags S/SA keep state
+pass in all no state
+pass out all no state
+pass all no state
+block drop in all
+block drop out all
+block drop all
+pass in all flags S/SA keep state
+pass out all flags S/SA keep state
+block drop on lo0 all
+pass on lo0 all flags S/SA keep state
+block drop on lo0 all
+pass proto tcp all flags S/SA keep state
+pass proto udp all keep state
+pass in proto udp all keep state
+pass out proto udp all keep state
+pass out on lo0 proto tcp from any to any port = smtp flags S/SA keep state

Added: head/sbin/pfctl/tests/files/pf0041.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0041.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,12 @@
+anchor foo
+anchor bar all
+anchor bar from any to any
+anchor foo inet
+anchor foo inet6
+anchor foo inet all
+anchor foo proto tcp
+anchor foo inet proto tcp from 10.1.2.3 port smtp to 10.2.3.4 port ssh
+anchor foobar inet6 proto udp from ::1 port 1 to ::1 port 2
+anchor filteropt out proto tcp to any port 22 user root
+anchor filteropt in proto tcp to (self) port 22 group sshd
+anchor filteropt out inet proto icmp all icmp-type echoreq

Added: head/sbin/pfctl/tests/files/pf0041.ok
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0041.ok	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,12 @@
+anchor "foo" all
+anchor "bar" all
+anchor "bar" all
+anchor "foo" inet all
+anchor "foo" inet6 all
+anchor "foo" inet all
+anchor "foo" proto tcp all
+anchor "foo" inet proto tcp from 10.1.2.3 port = smtp to 10.2.3.4 port = ssh
+anchor "foobar" inet6 proto udp from ::1 port = tcpmux to ::1 port = compressnet
+anchor "filteropt" out proto tcp from any to any port = ssh user = 0
+anchor "filteropt" in proto tcp from any to (self) port = ssh group = 22
+anchor "filteropt" out inet proto icmp all icmp-type echoreq

Added: head/sbin/pfctl/tests/files/pf0047.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0047.in	Sat Jul 15 19:22:01 2017	(r321030)
@@ -0,0 +1,67 @@
+pass in on lo0 all label ""
+
+pass in all label "$if"
+pass in on lo0 all label "$if"
+pass in on lo0 all label "$if$if"
+
+pass in on lo0 all label "$srcaddr"
+pass in on lo0 from 0/0 to any label "$srcaddr"
+pass in on lo0 from 127.0.0.1 to any label "$srcaddr"
+pass in on lo0 from 127.0.0.1 to any label "$srcaddr$srcaddr"
+pass in on lo0 from 127.0.0.1 to any label ":$srcaddr:$srcaddr:"
+pass in on lo0 from 127.0.0.1/8 to any label "$srcaddr"
+pass in on lo0 from 127.0.0.1/16 to any label "$srcaddr$srcaddr"
+pass in on lo0 from 127.0.0.1/31 to any label ":$srcaddr:$srcaddr:"
+pass in on lo0 inet6 from fe80::1 to any label "$srcaddr"
+pass in on lo0 inet6 from fe80::1 to any label "$srcaddr$srcaddr"
+pass in on lo0 inet6 from fe80::1 to any label ":$srcaddr:$srcaddr:"
+pass in on lo0 inet6 from lo0/8 to any label "$srcaddr"
+pass in on lo0 inet6 from lo0/64 to any label "$srcaddr$srcaddr"

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201707151922.v6FJM1Uq018398>