144ec023cSAlex Richardson/*- 244ec023cSAlex Richardson * SPDX-License-Identifier: BSD-2-Clause 344ec023cSAlex Richardson * 444ec023cSAlex Richardson * Copyright 2020 Alex Richardson <arichardson@FreeBSD.org> 544ec023cSAlex Richardson * 644ec023cSAlex Richardson * This software was developed by SRI International and the University of 744ec023cSAlex Richardson * Cambridge Computer Laboratory (Department of Computer Science and 844ec023cSAlex Richardson * Technology) under DARPA contract HR0011-18-C-0016 ("ECATS"), as part of the 944ec023cSAlex Richardson * DARPA SSITH research programme. 1044ec023cSAlex Richardson * 1144ec023cSAlex Richardson * This work was supported by Innovate UK project 105694, "Digital Security by 1244ec023cSAlex Richardson * Design (DSbD) Technology Platform Prototype". 1344ec023cSAlex Richardson * 1444ec023cSAlex Richardson * Redistribution and use in source and binary forms, with or without 1544ec023cSAlex Richardson * modification, are permitted provided that the following conditions are met: 1644ec023cSAlex Richardson * 1. Redistributions of source code must retain the above copyright notice, 1744ec023cSAlex Richardson * this list of conditions and the following disclaimer. 1844ec023cSAlex Richardson * 2. Redistributions in binary form must reproduce the above copyright notice, 1944ec023cSAlex Richardson * this list of conditions and the following disclaimer in the documentation 2044ec023cSAlex Richardson * and/or other materials provided with the distribution. 2144ec023cSAlex Richardson * 2244ec023cSAlex Richardson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY 2344ec023cSAlex Richardson * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 2444ec023cSAlex Richardson * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 2544ec023cSAlex Richardson * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY 2644ec023cSAlex Richardson * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 2744ec023cSAlex Richardson * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 2844ec023cSAlex Richardson * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 2944ec023cSAlex Richardson * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 3044ec023cSAlex Richardson * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 3144ec023cSAlex Richardson * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 3244ec023cSAlex Richardson */ 3344ec023cSAlex Richardson 3444ec023cSAlex Richardson/* 3544ec023cSAlex Richardson * No include guards since this file is included multiple times by pfctl_test 3644ec023cSAlex Richardson * to avoid duplicating code. 3744ec023cSAlex Richardson */ 3844ec023cSAlex RichardsonPFCTL_TEST(0001, "Pass with labels") 3944ec023cSAlex RichardsonPFCTL_TEST(0002, "Block/pass") 4044ec023cSAlex RichardsonPFCTL_TEST(0003, "Block/pass with flags") 4144ec023cSAlex RichardsonPFCTL_TEST(0004, "Block") 4244ec023cSAlex RichardsonPFCTL_TEST(0005, "Block with variables") 4344ec023cSAlex RichardsonPFCTL_TEST(0006, "Variables") 4444ec023cSAlex RichardsonPFCTL_TEST(0007, "Block/pass with return") 4544ec023cSAlex RichardsonPFCTL_TEST(0008, "Block with address list") 4644ec023cSAlex RichardsonPFCTL_TEST(0009, "Block with interface list") 4744ec023cSAlex RichardsonPFCTL_TEST(0010, "Block/pass with return") 4844ec023cSAlex RichardsonPFCTL_TEST(0011, "Block/pass ICMP") 4944ec023cSAlex RichardsonPFCTL_TEST(0012, "Pass to subnets") 5044ec023cSAlex RichardsonPFCTL_TEST(0013, "Pass quick") 5144ec023cSAlex RichardsonPFCTL_TEST(0014, "Pass quick IPv6") 5244ec023cSAlex RichardsonPFCTL_TEST(0016, "Pass with no state") 5344ec023cSAlex RichardsonPFCTL_TEST(0018, "Address lists") 5444ec023cSAlex RichardsonPFCTL_TEST(0019, "Lists") 5544ec023cSAlex RichardsonPFCTL_TEST(0020, "Lists") 5644ec023cSAlex RichardsonPFCTL_TEST(0022, "Set options") 5744ec023cSAlex RichardsonPFCTL_TEST(0023, "Block on negated interface") 5844ec023cSAlex RichardsonPFCTL_TEST(0024, "Variable concatenation") 5944ec023cSAlex RichardsonPFCTL_TEST(0025, "Antispoof") 6044ec023cSAlex RichardsonPFCTL_TEST(0026, "Block from negated interface") 6144ec023cSAlex RichardsonPFCTL_TEST(0028, "Block with log and quick") 6244ec023cSAlex RichardsonPFCTL_TEST(0030, "Line continuation") 6344ec023cSAlex RichardsonPFCTL_TEST(0031, "Block policy") 6444ec023cSAlex RichardsonPFCTL_TEST(0032, "Pass to any") 6544ec023cSAlex RichardsonPFCTL_TEST(0034, "Pass with probability") 6644ec023cSAlex RichardsonPFCTL_TEST(0035, "Matching on TOS") 6744ec023cSAlex RichardsonPFCTL_TEST(0038, "Pass with user") 6844ec023cSAlex RichardsonPFCTL_TEST(0039, "Ordered opts") 6944ec023cSAlex RichardsonPFCTL_TEST(0040, "Block/pass") 7044ec023cSAlex RichardsonPFCTL_TEST(0041, "Anchors") 7144ec023cSAlex RichardsonPFCTL_TEST(0047, "Pass with labels") 7244ec023cSAlex RichardsonPFCTL_TEST(0048, "Tables") 7344ec023cSAlex RichardsonPFCTL_TEST(0049, "Broadcast and network modifiers") 7444ec023cSAlex RichardsonPFCTL_TEST(0050, "Double macro set") 7544ec023cSAlex RichardsonPFCTL_TEST(0052, "Set optimization") 7644ec023cSAlex RichardsonPFCTL_TEST(0053, "Pass with labels") 7744ec023cSAlex RichardsonPFCTL_TEST(0055, "Set options") 7844ec023cSAlex RichardsonPFCTL_TEST(0056, "State opts") 7944ec023cSAlex RichardsonPFCTL_TEST(0057, "Variables") 8044ec023cSAlex RichardsonPFCTL_TEST(0060, "Pass from multicast") 8144ec023cSAlex RichardsonPFCTL_TEST(0061, "Dynaddr with netmask") 8244ec023cSAlex RichardsonPFCTL_TEST(0065, "Antispoof with labels") 8344ec023cSAlex RichardsonPFCTL_TEST(0067, "Tags") 8444ec023cSAlex RichardsonPFCTL_TEST(0069, "Tags") 8544ec023cSAlex RichardsonPFCTL_TEST(0070, "Tags") 8644ec023cSAlex RichardsonPFCTL_TEST(0071, "Tags") 8744ec023cSAlex RichardsonPFCTL_TEST(0072, "Tags") 8844ec023cSAlex RichardsonPFCTL_TEST(0074, "Synproxy") 8944ec023cSAlex RichardsonPFCTL_TEST(0075, "Block quick with tags") 9044ec023cSAlex RichardsonPFCTL_TEST(0077, "Dynaddr with netmask") 9144ec023cSAlex RichardsonPFCTL_TEST(0078, "Table with label") 9244ec023cSAlex RichardsonPFCTL_TEST(0079, "No-route with label") 9344ec023cSAlex RichardsonPFCTL_TEST(0081, "Address list and table list with no-route") 9444ec023cSAlex RichardsonPFCTL_TEST(0082, "Pass with interface, table and no-route") 9544ec023cSAlex RichardsonPFCTL_TEST(0084, "Source track") 9644ec023cSAlex RichardsonPFCTL_TEST(0085, "Tag macro expansion") 9744ec023cSAlex RichardsonPFCTL_TEST(0087, "Optimization rule reordering") 9844ec023cSAlex RichardsonPFCTL_TEST(0088, "Optimization duplicate rules handling") 9944ec023cSAlex RichardsonPFCTL_TEST(0089, "TCP connection tracking") 10044ec023cSAlex RichardsonPFCTL_TEST(0090, "Log opts") 10144ec023cSAlex RichardsonPFCTL_TEST(0091, "Nested anchors") 10244ec023cSAlex RichardsonPFCTL_TEST(0092, "Comments") 10344ec023cSAlex RichardsonPFCTL_TEST(0094, "Address ranges") 10444ec023cSAlex RichardsonPFCTL_TEST(0095, "Include") 10544ec023cSAlex RichardsonPFCTL_TEST(0096, "Variables") 10644ec023cSAlex RichardsonPFCTL_TEST(0097, "Divert-to") 10744ec023cSAlex RichardsonPFCTL_TEST(0098, "Pass") 10844ec023cSAlex RichardsonPFCTL_TEST(0100, "Anchor with multiple path components") 10944ec023cSAlex RichardsonPFCTL_TEST(0101, "Prio") 11044ec023cSAlex RichardsonPFCTL_TEST(0102, "Address lists with mixed address family") 11144ec023cSAlex RichardsonPFCTL_TEST(0104, "Divert-to with localhost") 11244ec023cSAlex RichardsonPFCTL_TEST(1001, "Binat") 11344ec023cSAlex RichardsonPFCTL_TEST(1002, "Set timeout interval") 11444ec023cSAlex RichardsonPFCTL_TEST(1003, "ALTQ") 11544ec023cSAlex RichardsonPFCTL_TEST(1004, "ALTQ with Codel") 11644ec023cSAlex RichardsonPFCTL_TEST(1005, "PR 231323") 1179938fcaaSKristof ProvostPFCTL_TEST(1006, "pfctl crashes with certain fairq configurations") 118e5349a29SKristof ProvostPFCTL_TEST(1007, "Basic ethernet rule") 119e5349a29SKristof ProvostPFCTL_TEST(1008, "Ethernet rule with mask length") 120e5349a29SKristof ProvostPFCTL_TEST(1009, "Ethernet rule with mask") 12163167eb4SKristof ProvostPFCTL_TEST(1010, "POM_STICKYADDRESS test") 12257e047e5SKristof ProvostPFCTL_TEST(1011, "Test disabling scrub fragment reassemble") 12357e047e5SKristof ProvostPFCTL_TEST(1012, "Test scrub fragment reassemble is default") 124ef661d4aSChristian McDonaldPFCTL_TEST(1013, "Ethernet rule with ridentifier") 125ef661d4aSChristian McDonaldPFCTL_TEST(1014, "Ethernet rule with one label") 126ef661d4aSChristian McDonaldPFCTL_TEST(1015, "Ethernet rule with several labels") 127ef661d4aSChristian McDonaldPFCTL_TEST(1016, "Ethernet rule with ridentifier and one label") 128ef661d4aSChristian McDonaldPFCTL_TEST(1017, "Ethernet rule with ridentifier and several labels") 1297ce98cf2SKristof ProvostPFCTL_TEST(1018, "Test dynamic address mask") 1307ec34ebeSKristof ProvostPFCTL_TEST(1019, "Test pflow option") 131a8a95277SJuraj LutterPFCTL_TEST(1020, "Test hashmark and semicolon comment") 132e1b1984aSTom JonesPFCTL_TEST(1021, "Endpoint-independent") 133661d0031SKristof ProvostPFCTL_TEST(1022, "Test received-on") 1347309c551SKristof ProvostPFCTL_TEST(1023, "Test match log(matches)") 13586bcaeddSKristof ProvostPFCTL_TEST(1024, "nat64") 136899e7976SKristof ProvostPFCTL_TEST(1025, "nat64 with implicit address family") 137ca0e6934SKristof ProvostPFCTL_TEST(1026, "nat64 with route-to") 1387a372bdeSKristof ProvostPFCTL_TEST(1027, "nat64 with reply-to") 139aeddee83SKajetan StaszkiewiczPFCTL_TEST(1028, "RDR pool: For RDR rules no port specified means keep port") 140aeddee83SKajetan StaszkiewiczPFCTL_TEST(1029, "RDR pool: A single port is shown") 141aeddee83SKajetan StaszkiewiczPFCTL_TEST(1030, "RDR pool: The default values are shown for RDR rules") 142aeddee83SKajetan StaszkiewiczPFCTL_TEST(1031, "RDR pool: Multiple ports redirected to a single port") 143aeddee83SKajetan StaszkiewiczPFCTL_TEST(1032, "RDR pool: Multiple ports redirected to a port range") 144aeddee83SKajetan StaszkiewiczPFCTL_TEST_FAIL(1033, "RDR pool: static-port can't be used with RDR rules") 145aeddee83SKajetan StaszkiewiczPFCTL_TEST_FAIL(1034, "RDR pool: MAP-E port can't be used with RDR rules") 146aeddee83SKajetan StaszkiewiczPFCTL_TEST(1035, "NAT pool: For NAT rules no port specified means default values") 147aeddee83SKajetan StaszkiewiczPFCTL_TEST(1036, "NAT pool: Default port numbers are not shown, even if explicitly applied") 148aeddee83SKajetan StaszkiewiczPFCTL_TEST(1037, "NAT pool: Single port") 149aeddee83SKajetan StaszkiewiczPFCTL_TEST(1038, "NAT pool: Two ports") 150aeddee83SKajetan StaszkiewiczPFCTL_TEST(1039, "NAT pool: Static port") 151aeddee83SKajetan StaszkiewiczPFCTL_TEST_FAIL(1040, "NAT pool: Static port can't be used with port numbers") 152aeddee83SKajetan StaszkiewiczPFCTL_TEST(1041, "NAT pool: MAP-E is displayed using decimal system") 153aeddee83SKajetan StaszkiewiczPFCTL_TEST_FAIL(1042, "NAT pool: MAP-E port can't be used with static port") 154aeddee83SKajetan StaszkiewiczPFCTL_TEST_FAIL(1043, "NAT pool: MAP-E port can't be used with port numbers") 155aeddee83SKajetan StaszkiewiczPFCTL_TEST(1044, "pool: sticky-address is applied on top of round-robin") 156aeddee83SKajetan StaszkiewiczPFCTL_TEST(1045, "pool: bitmask is allowed for prefixes") 157aeddee83SKajetan StaszkiewiczPFCTL_TEST_FAIL(1046, "pool: bitmask is not allowed for tables") 158aeddee83SKajetan StaszkiewiczPFCTL_TEST_FAIL(1047, "pool: bitmask is not allowed for interfaces in brackets") 159aeddee83SKajetan StaszkiewiczPFCTL_TEST(1048, "pool: random is allowed for prefixes") 160aeddee83SKajetan StaszkiewiczPFCTL_TEST(1049, "pool: round-robin is not set for a single host, even if it looks like a table") 161aeddee83SKajetan StaszkiewiczPFCTL_TEST(1050, "pool: round-robin is set automatically for tables") 162aeddee83SKajetan StaszkiewiczPFCTL_TEST(1051, "pool: round-robin is set automatically for multiple targets") 163aeddee83SKajetan StaszkiewiczPFCTL_TEST(1052, "pool: hosts and table are allowed, round-robin is automatically set") 164aeddee83SKajetan StaszkiewiczPFCTL_TEST(1053, "pool: round-robin is not set automatically for prefixes") 165aeddee83SKajetan StaszkiewiczPFCTL_TEST(1054, "pool: round-robin is allowed for prefixes") 166aeddee83SKajetan StaszkiewiczPFCTL_TEST(1055, "pool: source hash") 167aeddee83SKajetan StaszkiewiczPFCTL_TEST(1056, "af-to: from and to") 168aeddee83SKajetan StaszkiewiczPFCTL_TEST_IFACE(1057, "Interface translation: IPv4 rule, interface without brackets is translated") 169aeddee83SKajetan StaszkiewiczPFCTL_TEST_IFACE(1058, "Interface translation: IPv4 rule, interface without brackets is translated, extra host, round-robin is applied") 170aeddee83SKajetan StaszkiewiczPFCTL_TEST_IFACE(1059, "Interface translation: IPv4 rule, interface with brackets is not translated, round-robin is applied") 171aeddee83SKajetan StaszkiewiczPFCTL_TEST_IFACE(1060, "Interface translation: IPv4 rule, interface with brackets is not translated, extra host, round-robin is applied") 172aeddee83SKajetan StaszkiewiczPFCTL_TEST_IFACE(1061, "Interface translation: IPv6 rule, interface without brackets is translated") 173aeddee83SKajetan StaszkiewiczPFCTL_TEST_IFACE(1062, "Interface translation: IPv6 rule, interface without brackets is translated, extra host, round-robin is applied") 174aeddee83SKajetan StaszkiewiczPFCTL_TEST_IFACE(1063, "Interface translation: IPv6 rule, interface with brackets is not translated, round-robin is applied") 175aeddee83SKajetan StaszkiewiczPFCTL_TEST_IFACE(1064, "Interface translation: IPv6 rule, interface with brackets is not translated, extra host, round robin is applied") 17697a74f46SKristof ProvostPFCTL_TEST(1065, "no nat") 17797a74f46SKristof ProvostPFCTL_TEST(1066, "no rdr") 178*0a376f7eSKristof ProvostPFCTL_TEST_FAIL(1067, "route-to can't be used on block rules") 179