On Tue, Jun 24, 2014 at 15:07 +0200, Mike Belopuhov wrote:
> I have carefully tested that and do not expect any unrelated
> fallout. And for the reasons stated above I don't believe
> anyone is using this since it's largely error prone.
>
and a regress chunk that avoids using such combination.
note that this diff basically finishes previous attemts at
modifying tests to match present syntax.
diff --git regress/sbin/pfctl/pf48.in regress/sbin/pfctl/pf48.in
index 540711a..a0dd143 100644
--- regress/sbin/pfctl/pf48.in
+++ regress/sbin/pfctl/pf48.in
@@ -1,12 +1,12 @@
table < regress > { 1.2.3.4 !5.6.7.8 10/8 lo0 }
table <regress.1> const { ::1 fe80::/64 }
table <regress.a> { 1.2.3.4 !5.6.7.8 } { ::1 ::2 ::3 } file "/dev/null" const
{ 4.3.2.1 }
-match out on lo0 from < regress.1> to <regress.2> nat-to lo0:0
+match out on lo0 inet from < regress.1> to <regress.2> nat-to lo0:0
match out on !lo0 inet from !<regress.1 > to <regress.2> nat-to lo0:0
match in on lo0 inet6 from <regress.1> to <regress.2> rdr-to lo0:0
-match in on !lo0 from !< regress.1 > to <regress.2> rdr-to lo0:0
+match in on !lo0 inet6 from !< regress.1 > to <regress.2> rdr-to lo0:0
match in from { <regress.1> !<regress.2> } to any
match out from any to { !<regress.1>, <regress.2> }
pass in from <regress> to any
pass out from any to <regress >
pass in from { <regress.1> <regress.2> } to any
diff --git regress/sbin/pfctl/pf48.loaded regress/sbin/pfctl/pf48.loaded
index 68b9854..cfdc8a2 100644
--- regress/sbin/pfctl/pf48.loaded
+++ regress/sbin/pfctl/pf48.loaded
@@ -1,7 +1,7 @@
-@0 match out on lo0 inet6 from <regress.1:2> to <regress.2:*> nat-to ::1
- [ Skip steps: d=2 p=end da=4 sp=end dp=end ]
+@0 match out on lo0 inet from <regress.1:2> to <regress.2:*> nat-to 127.0.0.1
+ [ Skip steps: d=2 f=2 p=end da=4 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0
]
@1 match out on ! lo0 inet from ! <regress.1:2> to <regress.2:*> nat-to
127.0.0.1
[ Skip steps: p=end da=4 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
diff --git regress/sbin/pfctl/pf48.ok regress/sbin/pfctl/pf48.ok
index 5f6e6ab..aeccfcf 100644
--- regress/sbin/pfctl/pf48.ok
+++ regress/sbin/pfctl/pf48.ok
@@ -1,9 +1,9 @@
table <regress> { 1.2.3.4 !5.6.7.8 10.0.0.0/8 ::1 fe80::1 127.0.0.1 }
table <regress.1> const { ::1 fe80::/64 }
table <regress.a> const { 1.2.3.4 !5.6.7.8 ::1 ::2 ::3 } file "/dev/null" {
4.3.2.1 }
-match out on lo0 inet6 from <regress.1> to <regress.2> nat-to ::1
+match out on lo0 inet from <regress.1> to <regress.2> nat-to 127.0.0.1
match out on ! lo0 inet from ! <regress.1> to <regress.2> nat-to 127.0.0.1
match in on lo0 inet6 from <regress.1> to <regress.2> rdr-to ::1
match in on ! lo0 inet6 from ! <regress.1> to <regress.2> rdr-to ::1
match in from <regress.1> to any
match in from ! <regress.2> to any
diff --git regress/sbin/pfctl/pf48.optimized regress/sbin/pfctl/pf48.optimized
index 63309a7..90e2036 100644
--- regress/sbin/pfctl/pf48.optimized
+++ regress/sbin/pfctl/pf48.optimized
@@ -1,7 +1,7 @@
-@0 match out on lo0 inet6 from <regress.1:2> to <regress.2:*> nat-to ::1
- [ Skip steps: d=2 p=end da=4 sp=end dp=end ]
+@0 match out on lo0 inet from <regress.1:2> to <regress.2:*> nat-to 127.0.0.1
+ [ Skip steps: d=2 f=2 p=end da=4 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0
]
@1 match out on ! lo0 inet from ! <regress.1:2> to <regress.2:*> nat-to
127.0.0.1
[ Skip steps: p=end da=4 sp=end dp=end ]
[ queue: qname= qid=0 pqname= pqid=0 ]
diff --git regress/sbin/pfctl/pf98.in regress/sbin/pfctl/pf98.in
index a18a491..a224f9e 100644
--- regress/sbin/pfctl/pf98.in
+++ regress/sbin/pfctl/pf98.in
@@ -1,4 +1,4 @@
# Test rule order processing should pass (require-order no longer required)
pass in on lo1000000 all
-match out on lo0 all nat-to lo0
+match out on lo0 inet6 all nat-to lo0
