From a8e3e73627cfa19308889fa99131e4deef49c6c6 Mon Sep 17 00:00:00 2001 From: Darren Reed Date: Fri, 7 Jun 2002 08:58:26 +0000 Subject: [PATCH] Import IPFilter 3.4.28 --- contrib/ipfilter/test/dotest6 | 33 +++++++++++++++++++++++++++ contrib/ipfilter/test/expected/i12 | 4 ++++ contrib/ipfilter/test/expected/ni3 | 4 ++++ contrib/ipfilter/test/input/ipv6.1 | 20 ++++++++++++++++ contrib/ipfilter/test/input/ni3 | 10 ++++++++ contrib/ipfilter/test/regress/i12 | 4 ++++ contrib/ipfilter/test/regress/ipv6.1 | 1 + contrib/ipfilter/test/regress/ni3.ipf | 4 ++++ contrib/ipfilter/test/regress/ni3.nat | 1 + 9 files changed, 81 insertions(+) create mode 100755 contrib/ipfilter/test/dotest6 create mode 100644 contrib/ipfilter/test/expected/i12 create mode 100644 contrib/ipfilter/test/expected/ni3 create mode 100644 contrib/ipfilter/test/input/ipv6.1 create mode 100644 contrib/ipfilter/test/input/ni3 create mode 100644 contrib/ipfilter/test/regress/i12 create mode 100644 contrib/ipfilter/test/regress/ipv6.1 create mode 100644 contrib/ipfilter/test/regress/ni3.ipf create mode 100644 contrib/ipfilter/test/regress/ni3.nat diff --git a/contrib/ipfilter/test/dotest6 b/contrib/ipfilter/test/dotest6 new file mode 100755 index 000000000000..297de6f7f374 --- /dev/null +++ b/contrib/ipfilter/test/dotest6 @@ -0,0 +1,33 @@ +#!/bin/sh +if [ -f /usr/ucb/touch ] ; then + TOUCH=/usr/ucb/touch +else + if [ -f /usr/bin/touch ] ; then + TOUCH=/usr/bin/touch + else + if [ -f /bin/touch ] ; then + TOUCH=/bin/touch + fi + fi +fi +echo "$1..."; +/bin/cp /dev/null results/$1 +../ipftest -6 -r /dev/null -i /dev/null >/dev/null 2>&1 +if [ $? -ne 0 ] ; then + echo "skipping IPv6 tests" + $TOUCH $1 + exit 0 +fi +( while read rule; do + echo "$rule" | ../ipftest -6Hbr - -i input/$1 >> results/$1; + if [ $? -ne 0 ] ; then + exit 1; + fi + echo "--------" >> results/$1 +done ) < regress/$1 +cmp expected/$1 results/$1 +status=$? +if [ $status = 0 ] ; then + $TOUCH $1 +fi +exit $status diff --git a/contrib/ipfilter/test/expected/i12 b/contrib/ipfilter/test/expected/i12 new file mode 100644 index 000000000000..2a904a31746b --- /dev/null +++ b/contrib/ipfilter/test/expected/i12 @@ -0,0 +1,4 @@ +block in on eri0(!) from any to any head 1 +pass in on eri0(!) proto icmp from any to any group 1 +pass out on ed0(!) from any to any head 1000000 +block out on ed0(!) proto udp from any to any group 1000000 diff --git a/contrib/ipfilter/test/expected/ni3 b/contrib/ipfilter/test/expected/ni3 new file mode 100644 index 000000000000..cd0f5d95c16b --- /dev/null +++ b/contrib/ipfilter/test/expected/ni3 @@ -0,0 +1,4 @@ +4500 003c 4706 4000 ff06 28aa 0606 0606 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d0da 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 +4500 0038 809a 0000 ff01 3323 0303 0303 0202 0202 0303 acab 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 +4500 0058 809a 0000 ff01 3303 0303 0303 0202 0202 0303 0937 0000 0000 4500 003c 4706 4000 ff06 28aa 0202 0202 0404 0404 5000 0050 0000 0001 0000 0000 a002 16d0 d8e2 0000 0204 05b4 0402 080a 0047 fbb0 0000 0000 0103 0300 +------------------------------- diff --git a/contrib/ipfilter/test/input/ipv6.1 b/contrib/ipfilter/test/input/ipv6.1 new file mode 100644 index 000000000000..1d7d54687bc2 --- /dev/null +++ b/contrib/ipfilter/test/input/ipv6.1 @@ -0,0 +1,20 @@ +[out,gif0] 6000 0000 0018 1101 +ef00 1001 2002 0001 0000 0000 0000 0070 +2001 1002 3333 0001 0000 0000 0000 0001 +8083 829a +0018 +f427 +0000 0344 0000 0004 f8f1 9d3c ddba 0e00 + +[in,gif0] 6000 0000 0048 3a40 +ef00 1001 0880 6cbf 0000 0000 0000 0001 +ef00 1001 2002 0001 0000 0000 0000 0070 +0300 7d44 0000 0000 +6000 0000 0018 1101 +ef00 1001 2002 0001 0000 0000 0000 0070 +2001 1002 3333 0001 0000 0000 0000 0001 +8083 829a +0018 +f427 +0000 0344 0000 0004 f8f1 9d3c ddba 0e00 + diff --git a/contrib/ipfilter/test/input/ni3 b/contrib/ipfilter/test/input/ni3 new file mode 100644 index 000000000000..44aa663e1d23 --- /dev/null +++ b/contrib/ipfilter/test/input/ni3 @@ -0,0 +1,10 @@ +#v tos len id off ttl p sum src dst +# ICMP dest unreachable with 64 bits in payload (in reply to a TCP packet +# going out) +[out,df0] 45 00 00 3c 47 06 40 00 ff 06 28 aa 02 02 02 02 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d8 e2 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 + +[in,df0] 45 00 00 38 80 9a 00 00 ff 01 33 23 03 03 03 03 01 01 01 01 03 03 ac ab 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01 + +# ICMP dest unreachable with whole packet in payload (40 bytes = 320 bits) +[in,df0] 45 00 00 58 80 9a 00 00 ff 01 33 03 03 03 03 03 01 01 01 01 03 03 11 3f 00 00 00 00 45 00 00 3c 47 06 40 00 ff 06 20 a2 06 06 06 06 04 04 04 04 50 00 00 50 00 00 00 01 00 00 00 00 a0 02 16 d0 d0 da 00 00 02 04 05 b4 04 02 08 0a 00 47 fb b0 00 00 00 00 01 03 03 00 + diff --git a/contrib/ipfilter/test/regress/i12 b/contrib/ipfilter/test/regress/i12 new file mode 100644 index 000000000000..d923f08b2521 --- /dev/null +++ b/contrib/ipfilter/test/regress/i12 @@ -0,0 +1,4 @@ +block in on eri0 all head 1 +pass in on eri0 proto icmp all group 1 +pass out on ed0 all head 1000000 +block out on ed0 proto udp all group 1000000 diff --git a/contrib/ipfilter/test/regress/ipv6.1 b/contrib/ipfilter/test/regress/ipv6.1 new file mode 100644 index 000000000000..fc532b677c7f --- /dev/null +++ b/contrib/ipfilter/test/regress/ipv6.1 @@ -0,0 +1 @@ +pass out log quick on gif0 proto udp from ef00:1001:2002::/48 to any port 33433 >< 34000 keep state diff --git a/contrib/ipfilter/test/regress/ni3.ipf b/contrib/ipfilter/test/regress/ni3.ipf new file mode 100644 index 000000000000..c7e5797185dc --- /dev/null +++ b/contrib/ipfilter/test/regress/ni3.ipf @@ -0,0 +1,4 @@ +block in all +block out all +pass out proto udp from any to any keep state +pass out proto tcp from any to any flags S keep state diff --git a/contrib/ipfilter/test/regress/ni3.nat b/contrib/ipfilter/test/regress/ni3.nat new file mode 100644 index 000000000000..4306f4b45d3d --- /dev/null +++ b/contrib/ipfilter/test/regress/ni3.nat @@ -0,0 +1 @@ +map df0 2.2.2.2/32 -> 6.6.6.6/32