1/*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright 2020 Alex Richardson <arichardson@FreeBSD.org> 5 * 6 * This software was developed by SRI International and the University of 7 * Cambridge Computer Laboratory (Department of Computer Science and 8 * Technology) under DARPA contract HR0011-18-C-0016 ("ECATS"), as part of the 9 * DARPA SSITH research programme. 10 * 11 * This work was supported by Innovate UK project 105694, "Digital Security by 12 * Design (DSbD) Technology Platform Prototype". 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions are met: 16 * 1. Redistributions of source code must retain the above copyright notice, 17 * this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright notice, 19 * this list of conditions and the following disclaimer in the documentation 20 * and/or other materials provided with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY 23 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 24 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 25 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY 26 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 27 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 29 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34/* 35 * No include guards since this file is included multiple times by pfctl_test 36 * to avoid duplicating code. 37 */ 38PFCTL_TEST(0001, "Pass with labels") 39PFCTL_TEST(0002, "Block/pass") 40PFCTL_TEST(0003, "Block/pass with flags") 41PFCTL_TEST(0004, "Block") 42PFCTL_TEST(0005, "Block with variables") 43PFCTL_TEST(0006, "Variables") 44PFCTL_TEST(0007, "Block/pass with return") 45PFCTL_TEST(0008, "Block with address list") 46PFCTL_TEST(0009, "Block with interface list") 47PFCTL_TEST(0010, "Block/pass with return") 48PFCTL_TEST(0011, "Block/pass ICMP") 49PFCTL_TEST(0012, "Pass to subnets") 50PFCTL_TEST(0013, "Pass quick") 51PFCTL_TEST(0014, "Pass quick IPv6") 52PFCTL_TEST(0016, "Pass with no state") 53PFCTL_TEST(0018, "Address lists") 54PFCTL_TEST(0019, "Lists") 55PFCTL_TEST(0020, "Lists") 56PFCTL_TEST(0022, "Set options") 57PFCTL_TEST(0023, "Block on negated interface") 58PFCTL_TEST(0024, "Variable concatenation") 59PFCTL_TEST(0025, "Antispoof") 60PFCTL_TEST(0026, "Block from negated interface") 61PFCTL_TEST(0028, "Block with log and quick") 62PFCTL_TEST(0030, "Line continuation") 63PFCTL_TEST(0031, "Block policy") 64PFCTL_TEST(0032, "Pass to any") 65PFCTL_TEST(0034, "Pass with probability") 66PFCTL_TEST(0035, "Matching on TOS") 67PFCTL_TEST(0038, "Pass with user") 68PFCTL_TEST(0039, "Ordered opts") 69PFCTL_TEST(0040, "Block/pass") 70PFCTL_TEST(0041, "Anchors") 71PFCTL_TEST(0047, "Pass with labels") 72PFCTL_TEST(0048, "Tables") 73PFCTL_TEST(0049, "Broadcast and network modifiers") 74PFCTL_TEST(0050, "Double macro set") 75PFCTL_TEST(0052, "Set optimization") 76PFCTL_TEST(0053, "Pass with labels") 77PFCTL_TEST(0055, "Set options") 78PFCTL_TEST(0056, "State opts") 79PFCTL_TEST(0057, "Variables") 80PFCTL_TEST(0060, "Pass from multicast") 81PFCTL_TEST(0061, "Dynaddr with netmask") 82PFCTL_TEST(0065, "Antispoof with labels") 83PFCTL_TEST(0067, "Tags") 84PFCTL_TEST(0069, "Tags") 85PFCTL_TEST(0070, "Tags") 86PFCTL_TEST(0071, "Tags") 87PFCTL_TEST(0072, "Tags") 88PFCTL_TEST(0074, "Synproxy") 89PFCTL_TEST(0075, "Block quick with tags") 90PFCTL_TEST(0077, "Dynaddr with netmask") 91PFCTL_TEST(0078, "Table with label") 92PFCTL_TEST(0079, "No-route with label") 93PFCTL_TEST(0081, "Address list and table list with no-route") 94PFCTL_TEST(0082, "Pass with interface, table and no-route") 95PFCTL_TEST(0084, "Source track") 96PFCTL_TEST(0085, "Tag macro expansion") 97PFCTL_TEST(0087, "Optimization rule reordering") 98PFCTL_TEST(0088, "Optimization duplicate rules handling") 99PFCTL_TEST(0089, "TCP connection tracking") 100PFCTL_TEST(0090, "Log opts") 101PFCTL_TEST(0091, "Nested anchors") 102PFCTL_TEST(0092, "Comments") 103PFCTL_TEST(0094, "Address ranges") 104PFCTL_TEST(0095, "Include") 105PFCTL_TEST(0096, "Variables") 106PFCTL_TEST(0097, "Divert-to") 107PFCTL_TEST(0098, "Pass") 108PFCTL_TEST(0100, "Anchor with multiple path components") 109PFCTL_TEST(0101, "Prio") 110PFCTL_TEST(0102, "Address lists with mixed address family") 111PFCTL_TEST(0104, "Divert-to with localhost") 112PFCTL_TEST(1001, "Binat") 113PFCTL_TEST(1002, "Set timeout interval") 114PFCTL_TEST(1003, "ALTQ") 115PFCTL_TEST(1004, "ALTQ with Codel") 116PFCTL_TEST(1005, "PR 231323") 117PFCTL_TEST(1006, "pfctl crashes with certain fairq configurations") 118PFCTL_TEST(1007, "Basic ethernet rule") 119PFCTL_TEST(1008, "Ethernet rule with mask length") 120PFCTL_TEST(1009, "Ethernet rule with mask") 121PFCTL_TEST(1010, "POM_STICKYADDRESS test") 122PFCTL_TEST(1011, "Test disabling scrub fragment reassemble") 123PFCTL_TEST(1012, "Test scrub fragment reassemble is default") 124PFCTL_TEST(1013, "Ethernet rule with ridentifier") 125PFCTL_TEST(1014, "Ethernet rule with one label") 126PFCTL_TEST(1015, "Ethernet rule with several labels") 127PFCTL_TEST(1016, "Ethernet rule with ridentifier and one label") 128PFCTL_TEST(1017, "Ethernet rule with ridentifier and several labels") 129PFCTL_TEST(1018, "Test dynamic address mask") 130PFCTL_TEST(1019, "Test pflow option") 131PFCTL_TEST(1020, "Test hashmark and semicolon comment") 132PFCTL_TEST(1021, "Endpoint-independent") 133PFCTL_TEST(1022, "Test received-on") 134PFCTL_TEST(1023, "Test match log(matches)") 135PFCTL_TEST(1024, "nat64") 136PFCTL_TEST(1025, "nat64 with implicit address family") 137PFCTL_TEST(1026, "nat64 with route-to") 138PFCTL_TEST(1027, "nat64 with reply-to") 139PFCTL_TEST(1028, "RDR pool: For RDR rules no port specified means keep port") 140PFCTL_TEST(1029, "RDR pool: A single port is shown") 141PFCTL_TEST(1030, "RDR pool: The default values are shown for RDR rules") 142PFCTL_TEST(1031, "RDR pool: Multiple ports redirected to a single port") 143PFCTL_TEST(1032, "RDR pool: Multiple ports redirected to a port range") 144PFCTL_TEST_FAIL(1033, "RDR pool: static-port can't be used with RDR rules") 145PFCTL_TEST_FAIL(1034, "RDR pool: MAP-E port can't be used with RDR rules") 146PFCTL_TEST(1035, "NAT pool: For NAT rules no port specified means default values") 147PFCTL_TEST(1036, "NAT pool: Default port numbers are not shown, even if explicitly applied") 148PFCTL_TEST(1037, "NAT pool: Single port") 149PFCTL_TEST(1038, "NAT pool: Two ports") 150PFCTL_TEST(1039, "NAT pool: Static port") 151PFCTL_TEST_FAIL(1040, "NAT pool: Static port can't be used with port numbers") 152PFCTL_TEST(1041, "NAT pool: MAP-E is displayed using decimal system") 153PFCTL_TEST_FAIL(1042, "NAT pool: MAP-E port can't be used with static port") 154PFCTL_TEST_FAIL(1043, "NAT pool: MAP-E port can't be used with port numbers") 155PFCTL_TEST(1044, "pool: sticky-address is applied on top of round-robin") 156PFCTL_TEST(1045, "pool: bitmask is allowed for prefixes") 157PFCTL_TEST_FAIL(1046, "pool: bitmask is not allowed for tables") 158PFCTL_TEST_FAIL(1047, "pool: bitmask is not allowed for interfaces in brackets") 159PFCTL_TEST(1048, "pool: random is allowed for prefixes") 160PFCTL_TEST(1049, "pool: round-robin is not set for a single host, even if it looks like a table") 161PFCTL_TEST(1050, "pool: round-robin is set automatically for tables") 162PFCTL_TEST(1051, "pool: round-robin is set automatically for multiple targets") 163PFCTL_TEST(1052, "pool: hosts and table are allowed, round-robin is automatically set") 164PFCTL_TEST(1053, "pool: round-robin is not set automatically for prefixes") 165PFCTL_TEST(1054, "pool: round-robin is allowed for prefixes") 166PFCTL_TEST(1055, "pool: source hash") 167PFCTL_TEST(1056, "af-to: from and to") 168PFCTL_TEST_IFACE(1057, "Interface translation: IPv4 rule, interface without brackets is translated") 169PFCTL_TEST_IFACE(1058, "Interface translation: IPv4 rule, interface without brackets is translated, extra host, round-robin is applied") 170PFCTL_TEST_IFACE(1059, "Interface translation: IPv4 rule, interface with brackets is not translated, round-robin is applied") 171PFCTL_TEST_IFACE(1060, "Interface translation: IPv4 rule, interface with brackets is not translated, extra host, round-robin is applied") 172PFCTL_TEST_IFACE(1061, "Interface translation: IPv6 rule, interface without brackets is translated") 173PFCTL_TEST_IFACE(1062, "Interface translation: IPv6 rule, interface without brackets is translated, extra host, round-robin is applied") 174PFCTL_TEST_IFACE(1063, "Interface translation: IPv6 rule, interface with brackets is not translated, round-robin is applied") 175PFCTL_TEST_IFACE(1064, "Interface translation: IPv6 rule, interface with brackets is not translated, extra host, round robin is applied") 176PFCTL_TEST(1065, "no nat") 177PFCTL_TEST(1066, "no rdr") 178PFCTL_TEST_FAIL(1067, "route-to can't be used on block rules") 179