aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDarren Reed <darrenr@FreeBSD.org>2002-06-07 08:58:26 +0000
committerDarren Reed <darrenr@FreeBSD.org>2002-06-07 08:58:26 +0000
commita8e3e73627cfa19308889fa99131e4deef49c6c6 (patch)
treee74e873f7e023749588736bb9c7dac7257678a3e
parentd37d8bd759240377564d8f2dd862a0c1daed951e (diff)
downloadsrc-a8e3e73627cfa19308889fa99131e4deef49c6c6.tar.gz
src-a8e3e73627cfa19308889fa99131e4deef49c6c6.zip
Import IPFilter 3.4.28
Notes
Notes: svn path=/vendor/ipfilter/dist/; revision=98008
-rwxr-xr-xcontrib/ipfilter/test/dotest633
-rw-r--r--contrib/ipfilter/test/expected/i124
-rw-r--r--contrib/ipfilter/test/expected/ni34
-rw-r--r--contrib/ipfilter/test/input/ipv6.120
-rw-r--r--contrib/ipfilter/test/input/ni310
-rw-r--r--contrib/ipfilter/test/regress/i124
-rw-r--r--contrib/ipfilter/test/regress/ipv6.11
-rw-r--r--contrib/ipfilter/test/regress/ni3.ipf4
-rw-r--r--contrib/ipfilter/test/regress/ni3.nat1
9 files changed, 81 insertions, 0 deletions
diff --git a/contrib/ipfilter/test/dotest6 b/contrib/ipfilter/test/dotest6
new file mode 100755
index 000000000000..297de6f7f374
--- /dev/null
+++ b/contrib/ipfilter/test/dotest6
@@ -0,0 +1,33 @@
+#!/bin/sh
+if [ -f /usr/ucb/touch ] ; then
+ TOUCH=/usr/ucb/touch
+else
+ if [ -f /usr/bin/touch ] ; then
+ TOUCH=/usr/bin/touch
+ else
+ if [ -f /bin/touch ] ; then
+ TOUCH=/bin/touch
+ fi
+ fi
+fi
+echo "$1...";
+/bin/cp /dev/null results/$1
+../ipftest -6 -r /dev/null -i /dev/null >/dev/null 2>&1
+if [ $? -ne 0 ] ; then
+ echo "skipping IPv6 tests"
+ $TOUCH $1
+ exit 0
+fi
+( while read rule; do
+ echo "$rule" | ../ipftest -6Hbr - -i input/$1 >> results/$1;
+ if [ $? -ne 0 ] ; then
+ exit 1;
+ fi
+ echo "--------" >> results/$1
+done ) < regress/$1
+cmp expected/$1 results/$1
+status=$?
+if [ $status = 0 ] ; then
+ $TOUCH $1
+fi
+exit $status
diff --git a/contrib/ipfilter/test/expected/i12 b/contrib/ipfilter/test/expected/i12
new file mode 100644
index 000000000000..2a904a31746b
--- /dev/null
+++ b/contrib/ipfilter/test/expected/i12
@@ -0,0 +1,4 @@
+block in on eri0(!) from any to any head 1
+pass in on eri0(!) proto icmp from any to any group 1
+pass out on ed0(!) from any to any head 1000000
+block out on ed0(!) proto udp from any to any group 1000000
diff --git a/contrib/ipfilter/test/expected/ni3 b/contrib/ipfilter/test/expected/ni3
new file mode 100644
index 000000000000..cd0f5d95c16b
--- /dev/null
+++ b/contrib/ipfilter/test/expected/ni3
@@ -0,0 +1,4 @@
+4500 003c 4706 4000 ff06 28aa 0606 0606 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d0da 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+4500 0038 809a 0000 ff01 3323 0303 0303 0202 0202 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001
+4500 0058 809a 0000 ff01 3303 0303 0303 0202 0202 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300
+-------------------------------
diff --git a/contrib/ipfilter/test/input/ipv6.1 b/contrib/ipfilter/test/input/ipv6.1
new file mode 100644
index 000000000000..1d7d54687bc2
--- /dev/null
+++ b/contrib/ipfilter/test/input/ipv6.1
@@ -0,0 +1,20 @@
+[out,gif0] 6000 0000 0018 1101
+ef00 1001 2002 0001 0000 0000 0000 0070
+2001 1002 3333 0001 0000 0000 0000 0001
+8083 829a
+0018
+f427
+0000 0344 0000 0004 f8f1 9d3c ddba 0e00
+
+[in,gif0] 6000 0000 0048 3a40
+ef00 1001 0880 6cbf 0000 0000 0000 0001
+ef00 1001 2002 0001 0000 0000 0000 0070
+0300 7d44 0000 0000
+6000 0000 0018 1101
+ef00 1001 2002 0001 0000 0000 0000 0070
+2001 1002 3333 0001 0000 0000 0000 0001
+8083 829a
+0018
+f427
+0000 0344 0000 0004 f8f1 9d3c ddba 0e00
+
diff --git a/contrib/ipfilter/test/input/ni3 b/contrib/ipfilter/test/input/ni3
new file mode 100644
index 000000000000..44aa663e1d23
--- /dev/null
+++ b/contrib/ipfilter/test/input/ni3
@@ -0,0 +1,10 @@
+#v tos len id off ttl p sum src dst
+# ICMP dest unreachable with 64 bits in payload (in reply to a TCP packet
+# going out)
+[out,df0] 45 00 00 3c 47 06 40 00 ff 06 28 aa 02 02 02 02 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d8 e2 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00
+
+[in,df0] 45 00 00 38 80 9a 00 00 ff 01 33 23 03 03 03 03 01 01 01 01 03 03 ac ab 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01
+
+# ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits)
+[in,df0] 45 00 00 58 80 9a 00 00 ff 01 33 03 03 03 03 03 01 01 01 01 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d0 da 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00
+
diff --git a/contrib/ipfilter/test/regress/i12 b/contrib/ipfilter/test/regress/i12
new file mode 100644
index 000000000000..d923f08b2521
--- /dev/null
+++ b/contrib/ipfilter/test/regress/i12
@@ -0,0 +1,4 @@
+block in on eri0 all head 1
+pass in on eri0 proto icmp all group 1
+pass out on ed0 all head 1000000
+block out on ed0 proto udp all group 1000000
diff --git a/contrib/ipfilter/test/regress/ipv6.1 b/contrib/ipfilter/test/regress/ipv6.1
new file mode 100644
index 000000000000..fc532b677c7f
--- /dev/null
+++ b/contrib/ipfilter/test/regress/ipv6.1
@@ -0,0 +1 @@
+pass out log quick on gif0 proto udp from ef00:1001:2002::/48 to any port 33433 >< 34000 keep state
diff --git a/contrib/ipfilter/test/regress/ni3.ipf b/contrib/ipfilter/test/regress/ni3.ipf
new file mode 100644
index 000000000000..c7e5797185dc
--- /dev/null
+++ b/contrib/ipfilter/test/regress/ni3.ipf
@@ -0,0 +1,4 @@
+block in all
+block out all
+pass out proto udp from any to any keep state
+pass out proto tcp from any to any flags S keep state
diff --git a/contrib/ipfilter/test/regress/ni3.nat b/contrib/ipfilter/test/regress/ni3.nat
new file mode 100644
index 000000000000..4306f4b45d3d
--- /dev/null
+++ b/contrib/ipfilter/test/regress/ni3.nat
@@ -0,0 +1 @@
+map df0 2.2.2.2/32 -> 6.6.6.6/32