From 1a1e221318028f1db02337ca6288829e326f31bd Mon Sep 17 00:00:00 2001 From: Darren Reed Date: Thu, 25 Apr 2002 03:34:27 +0000 Subject: [PATCH] Import IPFilter 3.4.26 --- contrib/ipfilter/QNX_OCL.txt | 275 ++++++++++++++++++++++++++ contrib/ipfilter/test/expected/f17 | 10 + contrib/ipfilter/test/expected/in1 | 24 +++ contrib/ipfilter/test/expected/in2 | 22 +++ contrib/ipfilter/test/expected/in3 | 5 + contrib/ipfilter/test/expected/in4 | 5 + contrib/ipfilter/test/expected/ipv6.1 | 3 + contrib/ipfilter/test/expected/ipv6.2 | 15 ++ contrib/ipfilter/test/expected/ni4 | 4 + contrib/ipfilter/test/input/f17 | 61 ++++++ contrib/ipfilter/test/input/ipv6.2 | 26 +++ contrib/ipfilter/test/input/ni4 | 10 + contrib/ipfilter/test/intest | 21 ++ contrib/ipfilter/test/mhtest | 36 ++++ contrib/ipfilter/test/regress/f17 | 4 + contrib/ipfilter/test/regress/in1 | 24 +++ contrib/ipfilter/test/regress/in2 | 22 +++ contrib/ipfilter/test/regress/in3 | 5 + contrib/ipfilter/test/regress/in4 | 5 + contrib/ipfilter/test/regress/ipv6.2 | 3 + contrib/ipfilter/test/regress/ni4.ipf | 4 + contrib/ipfilter/test/regress/ni4.nat | 1 + 22 files changed, 585 insertions(+) create mode 100644 contrib/ipfilter/QNX_OCL.txt create mode 100644 contrib/ipfilter/test/expected/f17 create mode 100644 contrib/ipfilter/test/expected/in1 create mode 100644 contrib/ipfilter/test/expected/in2 create mode 100644 contrib/ipfilter/test/expected/in3 create mode 100644 contrib/ipfilter/test/expected/in4 create mode 100644 contrib/ipfilter/test/expected/ipv6.1 create mode 100644 contrib/ipfilter/test/expected/ipv6.2 create mode 100644 contrib/ipfilter/test/expected/ni4 create mode 100644 contrib/ipfilter/test/input/f17 create mode 100644 contrib/ipfilter/test/input/ipv6.2 create mode 100644 contrib/ipfilter/test/input/ni4 create mode 100755 contrib/ipfilter/test/intest create mode 100755 contrib/ipfilter/test/mhtest create mode 100644 contrib/ipfilter/test/regress/f17 create mode 100644 contrib/ipfilter/test/regress/in1 create mode 100644 contrib/ipfilter/test/regress/in2 create mode 100644 contrib/ipfilter/test/regress/in3 create mode 100644 contrib/ipfilter/test/regress/in4 create mode 100644 contrib/ipfilter/test/regress/ipv6.2 create mode 100644 contrib/ipfilter/test/regress/ni4.ipf create mode 100644 contrib/ipfilter/test/regress/ni4.nat diff --git a/contrib/ipfilter/QNX_OCL.txt b/contrib/ipfilter/QNX_OCL.txt new file mode 100644 index 000000000000..6aa33eaf6b06 --- /dev/null +++ b/contrib/ipfilter/QNX_OCL.txt @@ -0,0 +1,275 @@ + End User License Certificate (EULA) End User License Certificate + (EULA) + Support Support + QNX Source Licenses QNX Source Licenses + License of the month + Confidential Source License + Version 1.0 + +QNX Open Community License Version 1.0 + + THIS QNX OPEN COMMUNITY LICENSE ( "THE OCL", OR "THIS AGREEMENT") + APPLIES TO PROGRAMS THAT QNX SOFTWARE SYSTEMS LTD. ("QSS") EXPRESSLY + ELECTS TO LICENSE UNDER THE OCL TERMS. IT ALSO APPLIES TO DERIVATIVE + WORKS CREATED UNDER THIS AGREEMENT THAT CREATORS ELECT TO LICENSE TO + OTHERS IN SOURCE CODE FORM. ANY USE, REPRODUCTION, MODIFICATION OR + DISTRIBUTION OF SUCH PROGRAMS CONSTITUTES RECIPIENT'S ACCEPTANCE OF + THE OCL. THE LICENSE RIGHTS GRANTED BELOW ARE CONDITIONAL UPON + RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT AND THE FORMATION OF A + BINDING CONTRACT. NOTHING ELSE GRANTS PERMISSION TO USE, REPRODUCE, + MODIFY OR DISTRIBUTE SUCH PROGRAMS OR THEIR DERIVATIVE WORKS. THESE + ACTIONS ARE OTHERWISE PROHIBITED. CONTACT QSS IF OTHER STEPS ARE + REQUIRED LOCALLY TO CREATE A BINDING CONTRACT. + + The OCL is intended to promote the development, use and distribution + of derivative works created from QSS source code. This includes + commercial distribution of object code versions under the terms of + Recipient's own license agreement and, at Recipient's option, sharing + of source code modifications within the QNX developer's community. The + license granted under the OCL is royalty free. Recipient is entitled + to charge royalties for object code versions of derivative works that + originate with Recipient. If Recipient elects to license source code + for its derivative works to others, then it must be licensed under the + OCL. The terms of the OCL are as follows: + +1. DEFINITIONS + + "Contribution" means: + + a. in the case of QSS: (i) the Original Program, where the Original + Program originates from QSS, (ii) changes and/or additions to + Unrestricted Open Source, where the Original Program originates + from Unrestricted Open Source and where such changes and/or + additions originate from QSS, and (iii) changes and/or additions + to the Program where such changes and/or additions originate from + QSS. + b. in the case of each Contributor, changes and/or additions to the + Program, where such changes and/or additions originate from and + are distributed by that particular Contributor. + + A Contribution 'originates' from a Contributor if it was added to the + Program by such Contributor itself or anyone acting on such + Contributor's behalf. Contributions do not include additions to the + Program which: (i) are separate modules of software distributed in + conjunction with the Program under their own license agreement, and + (ii) are not derivative works of the Program. + + "Contributor" means QSS and any other entity that distributes the + Program. + + "Licensed Patents " mean patent claims licensable by Contributor to + others, which are necessarily infringed by the use or sale of its + Contribution alone or when combined with the Program. + + "Unrestricted Open Source" means published source code that is + licensed for free use and distribution under an unrestricted licensing + and distribution model, such as the Berkley Software Design ("BSD") + and "BSD-like" licenses. It specifically excludes any source code + licensed under any version of the GNU General Public License (GPL) or + the GNU Lesser/Library GPL. All "Unrestricted Open Source" license + terms appear or are clearly identified in the header of any affected + source code for the Original Program. + + "Original Program" means the original version of the software + accompanying this Agreement as released by QSS, including source code, + object code and documentation, if any. + + "Program" means the Original Program and Contributions. + + "Recipient" means anyone who receives the Program under this + Agreement, including all Contributors. + +2. GRANT OF RIGHTS + + a. Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free + copyright license to reproduce, prepare derivative works of, + publicly display, publicly perform, and directly and indirectly + sublicense and distribute the Contribution of such Contributor, if + any, and such derivative works, in source code and object code + form. + b. Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free patent + license under Licensed Patents to make, use, sell, offer to sell, + import and otherwise transfer the Contribution of such + Contributor, if any, in source code and object code form. This + patent license shall apply to the combination of the Contribution + and the Program if, at the time the Contribution is added by the + Contributor, such addition of the Contribution causes such + combination to be covered by the Licensed Patents. The patent + license shall not apply to any other combinations which include + the Contribution. + c. Recipient understands that although each Contributor grants the + licenses to its Contributions set forth herein, no assurances are + provided by any Contributor that the Program does not infringe the + patent or other intellectual property rights of any other entity. + Each Contributor disclaims any liability to Recipient for claims + brought by any other entity based on infringement of intellectual + property rights or otherwise. As a condition to exercising the + rights and licenses granted hereunder, each Recipient hereby + assumes sole responsibility to secure any other intellectual + property rights needed, if any. For example, if a third party + patent license is required to allow Recipient to distribute the + Program, it is Recipient's responsibility to acquire that license + before distributing the Program. + d. Each Contributor represents that to its knowledge it has + sufficient copyright rights in its Contribution, if any, to grant + the copyright license set forth in this Agreement. + + 3. REQUIREMENTS + + A Contributor may choose to distribute the Program in object code form + under its own license agreement, provided that: + + a. it complies with the terms and conditions of this Agreement; and + b. its license agreement: + i. effectively disclaims on behalf of all Contributors all + warranties and conditions, express and implied, including + warranties or conditions of title and non-infringement, and + implied warranties or conditions of merchantability and + fitness for a particular purpose; + ii. effectively excludes on behalf of all Contributors all + liability for damages, including direct, indirect, special, + incidental and consequential damages, such as lost profits; + and + iii. states that any provisions which differ from this Agreement + are offered by that Contributor alone and not by any other + party. + + If the Program is made available in source code form: + + a. it must be made available under this Agreement; and + b. a copy of this Agreement must be included with each copy of the + Program. Each Contributor must include the following in a + conspicuous location in the Program along with any other copyright + or attribution statements required by the terms of any applicable + Unrestricted Open Source license: + Copyright {date here}, QNX Software Systems Ltd. and others. All + Rights Reserved. + + In addition, each Contributor must identify itself as the originator + of its Contribution, if any, in a manner that reasonably allows + subsequent Recipients to identify the originator of the Contribution. + + 4. COMMERCIAL DISTRIBUTION + + Commercial distributors of software may accept certain + responsibilities with respect to end users, business partners and the + like. While this license is intended to facilitate the commercial use + of the Program, the Contributor who includes the Program in a + commercial product offering should do so in a manner which does not + create potential liability for other Contributors. Therefore, if a + Contributor includes the Program in a commercial product offering, + such Contributor ("Commercial Contributor") hereby agrees to defend + and indemnify every other Contributor ("Indemnified Contributor") + against any losses, damages and costs (collectively "Losses") arising + from claims, lawsuits and other legal actions brought by a third party + against the Indemnified Contributor to the extent caused by the acts + or omissions of such Commercial Contributor in connection with its + distribution of the Program in a commercial product offering. The + obligations in this section do not apply to any claims or Losses + relating to any actual or alleged intellectual property infringement. + In order to qualify, an Indemnified Contributor must: a) promptly + notify the Commercial Contributor in writing of such claim, and b) + allow the Commercial Contributor to control, and cooperate with the + Commercial Contributor in, the defense and any related settlement + negotiations. The Indemnified Contributor may participate in any such + claim at its own expense. + + For example, a Contributor might include the Program in a commercial + product offering, Product X. That Contributor is then a Commercial + Contributor. If that Commercial Contributor then makes performance + claims, or offers warranties related to Product X, those performance + claims and warranties are such Commercial Contributor's responsibility + alone. Under this section, the Commercial Contributor would have to + defend claims against the other Contributors related to those + performance claims and warranties, and if a court requires any other + Contributor to pay any damages as a result, the Commercial Contributor + must pay those damages. + + 5. NO WARRANTY + + Recipient acknowledges that there may be errors or bugs in the Program + and that it is imperative that Recipient conduct thorough testing to + identify and correct any problems prior to the productive use or + commercial release of any products that use the Program, and prior to + the release of any modifications, updates or enhancements thereto. + + EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS + PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY + WARRANTIES OR CONDITIONS OF TITLE, NON- INFRINGEMENT, MERCHANTABILITY + OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely + responsible for determining the appropriateness of using and + distributing the Program and assumes all risks associated with its + exercise of rights under this Agreement, including but not limited to + the risks and costs of program errors, compliance with applicable + laws, damage to or loss of data, programs or equipment, and + unavailability or interruption of operations. + + 6. DISCLAIMER OF LIABILITY + + EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR + ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING + WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR + DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED + HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + + 7. GENERAL + + If any provision of this Agreement is invalid or unenforceable under + applicable law, it shall not affect the validity or enforceability of + the remainder of the terms of this Agreement, and without further + action by the parties hereto, such provision shall be reformed to the + minimum extent necessary to make such provision valid and enforceable. + + If Recipient institutes patent litigation against a Contributor with + respect to a patent applicable to software (including a cross-claim or + counterclaim in a lawsuit), then any patent licenses granted by that + Contributor to such recipient under this Agreement shall terminate as + of the date such litigation is filed. In addition, If Recipient + institutes patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Program + itself (excluding combinations of the Program with other software or + hardware) infringes such Recipient's patent(s), then such Recipient's + rights granted under Section 2(b) shall terminate as of the date such + litigation is filed. + + All Recipient's rights under this Agreement shall terminate if it + fails to comply with any of the material terms or conditions of this + Agreement and does not cure such failure in a reasonable period of + time after becoming aware of such noncompliance. If all Recipient's + rights under this Agreement terminate, Recipient agrees to cease use + and distribution of the Program as soon as reasonably practicable. + However, Recipient's obligations under this Agreement and any licenses + granted by Recipient relating to the Program shall continue and + survive. + + QSS may publish new versions (including revisions) of this Agreement + from time to time. Each new version of the Agreement will be given a + distinguishing version number. The Program (including Contributions) + may always be distributed subject to the version of the Agreement + under which it was received. In addition, after a new version of the + Agreement is published, Contributor may elect to distribute the + Program (including its Contributions) under the new version. No one + other than QSS has the right to modify this Agreement. Except as + expressly stated in Sections 2(a) and 2(b) above, Recipient receives + no rights or licenses to the intellectual property of any Contributor + under this Agreement, whether expressly, by implication, estoppel or + otherwise. All rights in the Program not expressly granted under this + Agreement are reserved. + + This Agreement is governed by the laws in force in the Province of + Ontario, Canada without regard to the conflict of law provisions + therein. The parties expressly disclaim the provisions of the United + Nations Convention on Contracts for the International Sale of Goods. + No party to this Agreement will bring a legal action under this + Agreement more than one year after the cause of action arose. Each + party waives its rights to a jury trial in any resulting litigation. + + * QNX is a registered trademark of QNX Software Systems Ltd. + + Document Version: ocl1_00 diff --git a/contrib/ipfilter/test/expected/f17 b/contrib/ipfilter/test/expected/f17 new file mode 100644 index 000000000000..99eee84d78fb --- /dev/null +++ b/contrib/ipfilter/test/expected/f17 @@ -0,0 +1,10 @@ +pass +block return-rst +pass +pass +pass +pass +pass +pass +pass +-------- diff --git a/contrib/ipfilter/test/expected/in1 b/contrib/ipfilter/test/expected/in1 new file mode 100644 index 000000000000..f3d0777943c0 --- /dev/null +++ b/contrib/ipfilter/test/expected/in1 @@ -0,0 +1,24 @@ +map le0 0.0.0.0/0 -> 0.0.0.0/32 +map le0 0.0.0.1/32 -> 0.0.0.1/32 +map le0 128.0.0.0/1 -> 0.0.0.0/0 +map le0 10.0.0.0/8 -> 1.2.3.0/24 +map le0 10.0.0.0/8 -> 1.2.3.0/24 +map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 +map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp 10000:19999 +map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap udp 20000:29999 +map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp 30000:39999 +map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap auto +map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap auto +map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap auto +map ppp0 192.168.0.0/16 -> 0.0.0.0/32 proxy port ftp ftp/tcp +map ppp0 192.168.0.0/16 -> 0.0.0.0/32 proxy port 1010 ftp/tcp +map le0 0.0.0.0/0 -> 0.0.0.0/32 frag +map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 frag +map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp 10000:19999 frag +map ppp0 192.168.0.0/16 -> 0.0.0.0/32 proxy port ftp ftp/tcp frag +map le0 0.0.0.0/0 -> 0.0.0.0/32 age 10/10 +map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 age 10/20 +map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp 10000:19999 age 30/30 +map le0 0.0.0.0/0 -> 0.0.0.0/32 frag age 10/10 +map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 frag age 10/20 +map ppp0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp 10000:19999 frag age 30/30 diff --git a/contrib/ipfilter/test/expected/in2 b/contrib/ipfilter/test/expected/in2 new file mode 100644 index 000000000000..ebe747b13a36 --- /dev/null +++ b/contrib/ipfilter/test/expected/in2 @@ -0,0 +1,22 @@ +rdr le0 0.0.0.0/0 port 0 -> 1.1.1.1 port 0 tcp +rdr le0 0.0.0.0/0 port 0 -> 1.1.1.1 port 0 ip +rdr le0 0.0.0.0/0 port 80 -> 1.1.1.1 port 80 tcp +rdr le0 0.0.0.0/0 port 0 -> 1.1.1.1 port 0 ip +rdr le0 0.0.0.0/0 port 80 -> 1.1.1.1 port 80 tcp +rdr le0 0.0.0.0/0 port 80 -> 1.1.1.1 port 80 udp +rdr le0 0.0.0.0/0 port 80 -> 1.1.1.1 port 80 tcp/udp +rdr le0 0.0.0.0/0 port 0 -> 1.1.1.1 port 0 icmp +rdr le0 0.0.0.0/0 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp +rdr le0 0.0.0.0/0 port 80 -> 1.1.1.1 port 80 tcp round-robin +rdr le0 0.0.0.0/0 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin +rdr le0 0.0.0.0/0 port 0 -> 1.1.1.1 port 0 ip frag +rdr le0 0.0.0.0/0 port 0 -> 1.1.1.1 port 0 icmp frag +rdr le0 0.0.0.0/0 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp frag +rdr le0 0.0.0.0/0 port 80 -> 1.1.1.1 port 80 tcp round-robin frag +rdr le0 0.0.0.0/0 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin frag +rdr le0 0.0.0.0/0 port 0 -> 1.1.1.1 port 0 ip frag age 10/10 +rdr le0 0.0.0.0/0 port 0 -> 1.1.1.1 port 0 ip frag age 10/20 +rdr le0 0.0.0.0/0 port 0 -> 1.1.1.1 port 0 icmp frag age 10/10 +rdr le0 0.0.0.0/0 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp frag age 20/20 +rdr le0 0.0.0.0/0 port 80 -> 1.1.1.1 port 80 tcp round-robin frag age 30/30 +rdr le0 0.0.0.0/0 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin frag age 40/40 diff --git a/contrib/ipfilter/test/expected/in3 b/contrib/ipfilter/test/expected/in3 new file mode 100644 index 000000000000..b8a85bf9f380 --- /dev/null +++ b/contrib/ipfilter/test/expected/in3 @@ -0,0 +1,5 @@ +bimap le0 0.0.0.0/0 -> 0.0.0.0/32 +bimap le0 0.0.0.1/32 -> 0.0.0.1/32 +bimap le0 128.0.0.0/1 -> 0.0.0.0/0 +bimap le0 10.0.0.0/8 -> 1.2.3.0/24 +bimap le0 10.0.5.0/24 -> 1.2.3.0/24 diff --git a/contrib/ipfilter/test/expected/in4 b/contrib/ipfilter/test/expected/in4 new file mode 100644 index 000000000000..ac8dce1bac8e --- /dev/null +++ b/contrib/ipfilter/test/expected/in4 @@ -0,0 +1,5 @@ +map-block le0 10.0.0.0/24 -> 203.1.1.0/24 ports 0 +map-block le0 10.0.0.0/24 -> 203.1.1.0/24 ports 0 +map-block le0 10.0.0.0/24 -> 203.1.1.0/24 ports 256 +map-block le0 10.0.0.0/24 -> 203.1.1.0/24 ports auto +map-block le0 10.0.0.0/16 -> 203.1.1.0/24 ports auto diff --git a/contrib/ipfilter/test/expected/ipv6.1 b/contrib/ipfilter/test/expected/ipv6.1 new file mode 100644 index 000000000000..abc0e87c6917 --- /dev/null +++ b/contrib/ipfilter/test/expected/ipv6.1 @@ -0,0 +1,3 @@ +pass +pass +-------- diff --git a/contrib/ipfilter/test/expected/ipv6.2 b/contrib/ipfilter/test/expected/ipv6.2 new file mode 100644 index 000000000000..ba1581b489c6 --- /dev/null +++ b/contrib/ipfilter/test/expected/ipv6.2 @@ -0,0 +1,15 @@ +nomatch +block +nomatch +block +-------- +block +nomatch +block +nomatch +-------- +pass +pass +pass +pass +-------- diff --git a/contrib/ipfilter/test/expected/ni4 b/contrib/ipfilter/test/expected/ni4 new file mode 100644 index 000000000000..f5b0ec9a0053 --- /dev/null +++ b/contrib/ipfilter/test/expected/ni4 @@ -0,0 +1,4 @@ +4500 003c 4706 4000 ff06 28aa 0606 0606 0404 0404 9c40 0050 0000 0001 0000 0000 a002 16d0 849a 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 +4500 0038 809a 0000 ff01 3323 0303 0303 0202 0202 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 +4500 0058 809a 0000 ff01 3303 0303 0303 0202 0202 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 +------------------------------- diff --git a/contrib/ipfilter/test/input/f17 b/contrib/ipfilter/test/input/f17 new file mode 100644 index 000000000000..7ab1aab4840f --- /dev/null +++ b/contrib/ipfilter/test/input/f17 @@ -0,0 +1,61 @@ +# (1.1.1.1,54076,seq=0xbfd08989) -> (2.2.2.2,25,seq=0) SYN +[out,ppp0] +4500 003c 8262 0000 4006 8417 0101 0101 +0202 0202 d33c 0019 bfd0 8989 0000 0000 +a002 4000 6190 0000 0204 05b4 0103 0300 +0101 080a 008e 17f7 0000 0000 + +# (2.2.2.2,25,seq=0x40203436) -> (1.1.1.1,54076,seq=0xbfdfcbc9) ACK +[in,ppp0] +4500 003c 8262 0000 1106 b317 0202 0202 +0101 0101 0019 d33c 4020 3436 bfdf cbc9 +5010 4000 fb0c 0000 0204 0584 0103 0300 +0101 080a 008e 17f7 0000 0000 + +# (1.1.1.1,54076,seq=0xbfd08989) -> (2.2.2.2,25,seq=0x0) SYN +[out,ppp0] +4500 003c 8265 0000 4006 8414 0101 0101 +0202 0202 d33c 0019 bfd0 8989 0000 0000 +a002 4000 6185 0000 0204 05b4 0103 0300 +0101 080a 008e 1802 0000 0000 + +# (2.2.2.2,25,seq=0xed674d4e) -> (1.1.1.1,54076,seq=0xbfd0898a) SYN-ACK +[in,ppp0] +4500 002c 7442 4000 2906 6947 0202 0202 +0101 0101 0019 d33c ed67 4d4e bfd0 898a +6012 2118 ab84 0000 0204 0584 + +# +# (2.2.2.2,25,seq=0xbfd0898a) -> (1.1.1.1,54076,seq=0xed674d4e) ACK +[out,ppp0] +4500 002c 8262 0000 4006 8417 0101 0101 +0202 0202 d33c 0019 bfd0 898a ed67 4d4e +5010 4000 6190 0000 0000 + +# (1.1.1.1,54076,seq=0xcfd08989) -> (2.2.2.2,25,seq=0x0) SYN +[out,ppp0] +4500 003c 8265 0000 4006 8414 0101 0101 +0202 0202 d33c 0019 cfd0 8989 0000 0000 +a002 4000 6185 0000 0204 05b4 0103 0300 +0101 080a 008e 1802 0000 0000 + +# (1.1.1.1,54076,seq=0xcfd08989) -> (2.2.2.2,25,seq=0x0) SYN +[out,ppp0] +4500 003c 8266 0000 4006 8413 0101 0101 +0202 0202 d33c 0019 cfd0 8989 0000 0000 +a002 4000 6185 0000 0204 05b4 0103 0300 +0101 080a 008e 1802 0000 0000 + +# (2.2.2.2,25,seq=0xed674d4e) -> (1.1.1.1,54076,seq=0xcfd0898a) SYN-ACK +[in,ppp0] +4500 002c 7442 4000 2906 6947 0202 0202 +0101 0101 0019 d33c ed67 4d4e cfd0 898a +6012 2118 ab84 0000 0204 0584 + +# +# (2.2.2.2,25,seq=0xcfd0898a) -> (1.1.1.1,54076,seq=0xed674d4e) ACK +[out,ppp0] +4500 002c 8262 0000 4006 8417 0101 0101 +0202 0202 d33c 0019 cfd0 898a ed67 4d4e +5010 4000 6190 0000 0000 + diff --git a/contrib/ipfilter/test/input/ipv6.2 b/contrib/ipfilter/test/input/ipv6.2 new file mode 100644 index 000000000000..8cc2d175dc24 --- /dev/null +++ b/contrib/ipfilter/test/input/ipv6.2 @@ -0,0 +1,26 @@ +[out,de0] +6000 0000 0020 3aff ef00 0000 0000 0000 +0000 0000 0001 0013 ff02 0000 0000 0000 +0000 0001 ff01 000b 8700 ea32 0000 0000 +ef00 0000 0000 0000 0000 0000 0001 000b +0101 0048 5487 5c6f + +[in,de0] +6000 0000 0020 3aff ef00 0000 0000 0000 +0000 0000 0001 000b ef00 0000 0000 0000 +0000 0000 0001 0013 8800 5322 6000 0000 +ef00 0000 0000 0000 0000 0000 0001 000b +0201 0800 2071 cce1 + +[out,de0] +6000 0000 0010 3a40 ef00 0000 0000 0000 +0000 0000 0001 0013 ef00 0000 0000 0000 +0000 0000 0001 000b 8000 3210 06ff 0002 +9ec3 3c3c 8a82 0300 + +[in,de0] +6000 0000 0010 3aff ef00 0000 0000 0000 +0000 0000 0001 000b ef00 0000 0000 0000 +0000 0000 0001 0013 8100 3110 06ff 0002 +9ec3 3c3c 8a82 0300 + diff --git a/contrib/ipfilter/test/input/ni4 b/contrib/ipfilter/test/input/ni4 new file mode 100644 index 000000000000..445d7c8d63b1 --- /dev/null +++ b/contrib/ipfilter/test/input/ni4 @@ -0,0 +1,10 @@ +#v tos len id off ttl p sum src dst +# ICMP dest unreachable with 64 bits in payload (in reply to a TCP packet +# going out) +[out,df0] 45 00 00 3c 47 06 40 00 ff 06 28 aa 02 02 02 02 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d8 e2 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 + +[in,df0] 45 00 00 38 80 9a 00 00 ff 01 33 23 03 03 03 03 01 01 01 01 03 03 60 6b 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01 + +# ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits) +[in,df0] 45 00 00 58 80 9a 00 00 ff 01 33 03 03 03 03 03 01 01 01 01 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 9c 40 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 84 9a 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 + diff --git a/contrib/ipfilter/test/intest b/contrib/ipfilter/test/intest new file mode 100755 index 000000000000..98241fc0627b --- /dev/null +++ b/contrib/ipfilter/test/intest @@ -0,0 +1,21 @@ +#!/bin/sh +if [ -f /usr/ucb/touch ] ; then + TOUCH=/usr/ucb/touch +else + if [ -f /usr/bin/touch ] ; then + TOUCH=/usr/bin/touch + else + if [ -f /bin/touch ] ; then + TOUCH=/bin/touch + fi + fi +fi +echo "$1..."; +/bin/cp /dev/null results/$1 +../ipnat -nvf regress/$1 2>/dev/null > results/$1 +cmp expected/$1 results/$1 +status=$? +if [ $status = 0 ] ; then + $TOUCH $1 +fi +exit $status diff --git a/contrib/ipfilter/test/mhtest b/contrib/ipfilter/test/mhtest new file mode 100755 index 000000000000..52a002754b14 --- /dev/null +++ b/contrib/ipfilter/test/mhtest @@ -0,0 +1,36 @@ +#!/bin/sh +# multiple rules at the same time + +if [ -f /usr/ucb/touch ] ; then + TOUCH=/usr/ucb/touch +else + if [ -f /usr/bin/touch ] ; then + TOUCH=/usr/bin/touch + else + if [ -f /bin/touch ] ; then + TOUCH=/bin/touch + fi + fi +fi +echo "$1..."; + +/bin/cp /dev/null results/$1 + +../ipftest -br regress/$1 -Hi input/$1 > results/$1 +if [ $? -ne 0 ] ; then + exit 1 +fi +echo "--------" >> results/$1 + +cmp expected/$1 results/$1 +status=$? +if [ $status -ne 0 ] ; then + exit $status +fi +cmp expected/$1 results/$1 +status=$? +if [ $status -ne 0 ] ; then + exit $status +fi +$TOUCH $1 +exit 0 diff --git a/contrib/ipfilter/test/regress/f17 b/contrib/ipfilter/test/regress/f17 new file mode 100644 index 000000000000..9a75ae3c1b54 --- /dev/null +++ b/contrib/ipfilter/test/regress/f17 @@ -0,0 +1,4 @@ +block in all +block out all +pass out quick on ppp0 proto tcp all flags S keep state +block return-rst in quick proto tcp all diff --git a/contrib/ipfilter/test/regress/in1 b/contrib/ipfilter/test/regress/in1 new file mode 100644 index 000000000000..6f3b0637632d --- /dev/null +++ b/contrib/ipfilter/test/regress/in1 @@ -0,0 +1,24 @@ +map le0 0/0 -> 0/32 +map le0 1/32 -> 1/32 +map le0 128.0.0.0/1 -> 0/0 +map le0 10.0.0.0/8 -> 1.2.3.0/24 +map le0 10.0.0.5/8 -> 1.2.3.4/24 +map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 +map ppp0 192.168.0.0/16 -> 0/32 portmap tcp 10000:19999 +map ppp0 192.168.0.0/16 -> 0/32 portmap udp 20000:29999 +map ppp0 192.168.0.0/16 -> 0/32 portmap tcp/udp 30000:39999 +map ppp0 192.168.0.0/16 -> 0/32 portmap tcp auto +map ppp0 192.168.0.0/16 -> 0/32 portmap udp auto +map ppp0 192.168.0.0/16 -> 0/32 portmap tcp/udp auto +map ppp0 192.168.0.0/16 -> 0/32 proxy port ftp ftp/tcp +map ppp0 192.168.0.0/16 -> 0/32 proxy port 1010 ftp/tcp +map le0 0/0 -> 0/32 frag +map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 frag +map ppp0 192.168.0.0/16 -> 0/32 portmap tcp 10000:19999 frag +map ppp0 192.168.0.0/16 -> 0/32 proxy port ftp ftp/tcp frag +map le0 0/0 -> 0/32 age 10 +map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 age 10/20 +map ppp0 192.168.0.0/16 -> 0/32 portmap tcp 10000:19999 age 30 +map le0 0/0 -> 0/32 frag age 10 +map le0 192.168.0.0/16 -> range 203.1.1.23-203.1.3.45 frag age 10/20 +map ppp0 192.168.0.0/16 -> 0/32 portmap tcp 10000:19999 frag age 30 diff --git a/contrib/ipfilter/test/regress/in2 b/contrib/ipfilter/test/regress/in2 new file mode 100644 index 000000000000..33151f0e85cd --- /dev/null +++ b/contrib/ipfilter/test/regress/in2 @@ -0,0 +1,22 @@ +rdr le0 0/0 port 0 -> 1.1.1.1 port 0 +rdr le0 0/0 port 0 -> 1.1.1.1 port 0 ip +rdr le0 0/0 port 80 -> 1.1.1.1 port 80 +rdr le0 0/0 port 80 -> 1.1.1.1 port 80 ip +rdr le0 0/0 port 80 -> 1.1.1.1 port 80 tcp +rdr le0 0/0 port 80 -> 1.1.1.1 port 80 udp +rdr le0 0/0 port 80 -> 1.1.1.1 port 80 tcp/udp +rdr le0 0/0 port 80 -> 1.1.1.1 port 80 icmp +rdr le0 0/0 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp +rdr le0 0/0 port 80 -> 1.1.1.1 port 80 tcp round-robin +rdr le0 0/0 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin +rdr le0 0/0 port 0 -> 1.1.1.1 port 0 ip frag +rdr le0 0/0 port 80 -> 1.1.1.1 port 80 icmp frag +rdr le0 0/0 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp frag +rdr le0 0/0 port 80 -> 1.1.1.1 port 80 tcp round-robin frag +rdr le0 0/0 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin frag +rdr le0 0/0 port 0 -> 1.1.1.1 port 0 ip frag age 10 +rdr le0 0/0 port 0 -> 1.1.1.1 port 0 ip frag age 10/20 +rdr le0 0/0 port 80 -> 1.1.1.1 port 80 icmp frag age 10 +rdr le0 0/0 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp frag age 20 +rdr le0 0/0 port 80 -> 1.1.1.1 port 80 tcp round-robin frag age 30 +rdr le0 0/0 port 80 -> 1.1.1.1,1.1.1.2 port 80 tcp round-robin frag age 40 diff --git a/contrib/ipfilter/test/regress/in3 b/contrib/ipfilter/test/regress/in3 new file mode 100644 index 000000000000..d8016b69e916 --- /dev/null +++ b/contrib/ipfilter/test/regress/in3 @@ -0,0 +1,5 @@ +bimap le0 0/0 -> 0/32 +bimap le0 1/32 -> 1/32 +bimap le0 128.0.0.0/1 -> 0/0 +bimap le0 10.0.0.0/8 -> 1.2.3.0/24 +bimap le0 10.0.5.6/24 -> 1.2.3.4/24 diff --git a/contrib/ipfilter/test/regress/in4 b/contrib/ipfilter/test/regress/in4 new file mode 100644 index 000000000000..46bbd81012dc --- /dev/null +++ b/contrib/ipfilter/test/regress/in4 @@ -0,0 +1,5 @@ +map-block le0 10.0.0.0/24 -> 203.1.1.0/24 +map-block le0 10.0.0.0/24 -> 203.1.1.0/24 ports 0 +map-block le0 10.0.0.0/24 -> 203.1.1.0/24 ports 256 +map-block le0 10.0.0.0/24 -> 203.1.1.0/24 ports auto +map-block le0 10.0.0.0/16 -> 203.1.1.0/24 ports auto diff --git a/contrib/ipfilter/test/regress/ipv6.2 b/contrib/ipfilter/test/regress/ipv6.2 new file mode 100644 index 000000000000..814dfd6cd664 --- /dev/null +++ b/contrib/ipfilter/test/regress/ipv6.2 @@ -0,0 +1,3 @@ +block in all +block out all +pass out proto 58 all keep state diff --git a/contrib/ipfilter/test/regress/ni4.ipf b/contrib/ipfilter/test/regress/ni4.ipf new file mode 100644 index 000000000000..c7e5797185dc --- /dev/null +++ b/contrib/ipfilter/test/regress/ni4.ipf @@ -0,0 +1,4 @@ +block in all +block out all +pass out proto udp from any to any keep state +pass out proto tcp from any to any flags S keep state diff --git a/contrib/ipfilter/test/regress/ni4.nat b/contrib/ipfilter/test/regress/ni4.nat new file mode 100644 index 000000000000..6eefdc2a988f --- /dev/null +++ b/contrib/ipfilter/test/regress/ni4.nat @@ -0,0 +1 @@ +map df0 2.2.2.2/32 -> 6.6.6.6/32 portmap tcp/udp 40000:60000