On Mon, Jan 04, 2021 at 12:58:17AM +0100, Alexander Bluhm wrote: > On Sun, Jan 03, 2021 at 06:56:20PM +0100, Alexander Bluhm wrote: > > I am currently running a full regress to find more fallout. > > These regress tests fail: > > sys/net/pf_forward > sys/net/pf_fragment > sbin/pfctl > > The first two are easy to fix. That means my tests using route-to > work fine with your diff. Just remove the @interface as below.
pretty much, yes. > pfctl tests pfail8 and pf13 use very strange routespec syntax. You > might want to take a look at what that meant before and what should > be valid now. this is another syntax which we seem to agree is confusing. this makes me more convinced that it needs to be changed. pfail8.in and pf13.in should be modified to route-to an IP address instead of an interface. these regress tests are a bit confusing because they're just testing the parser and the addresses that they're using aren't configured anywhere. pfail8.ok shows that pfctl should generate some more specific error messages, which is easily fixed. > > bluhm > > Index: regress/sys/net/pf_forward/pf.conf > =================================================================== > RCS file: /mount/openbsd/cvs/src/regress/sys/net/pf_forward/pf.conf,v > retrieving revision 1.5 > diff -u -p -r1.5 pf.conf > --- regress/sys/net/pf_forward/pf.conf 11 Jan 2018 03:23:16 -0000 > 1.5 > +++ regress/sys/net/pf_forward/pf.conf 3 Jan 2021 23:26:54 -0000 > @@ -17,22 +17,22 @@ pass out inet6 > pass in to $AF_IN6/64 af-to inet from $PF_OUT to $ECO_IN/24 tag af > pass out inet tagged af > > -pass in to $RTT_IN/24 route-to $RT_IN@$PF_IFOUT tag rttin > -pass out tagged rttin > -pass in to $RTT_IN6/64 route-to $RT_IN6@$PF_IFOUT tag rttin > -pass out tagged rttin > +pass in to $RTT_IN/24 route-to $RT_IN tag rttin > +pass out tagged rttin > +pass in to $RTT_IN6/64 route-to $RT_IN6 tag rttin > +pass out tagged rttin > > -pass in to $RTT_OUT/24 tag rttout > -pass out route-to $RT_IN@$PF_IFOUT tagged rttout > -pass in to $RTT_OUT6/64 tag rttout > -pass out route-to $RT_IN6@$PF_IFOUT tagged rttout > +pass in to $RTT_OUT/24 tag rttout > +pass out route-to $RT_IN tagged rttout > +pass in to $RTT_OUT6/64 tag rttout > +pass out route-to $RT_IN6 tagged rttout > > -pass in from $RPT_IN/24 reply-to $SRC_OUT@$PF_IFIN tag rptin > -pass out tagged rptin > -pass in from $RPT_IN6/64 reply-to $SRC_OUT6@$PF_IFIN tag rptin > -pass out tagged rptin > +pass in from $RPT_IN/24 reply-to $SRC_OUT tag rptin > +pass out tagged rptin > +pass in from $RPT_IN6/64 reply-to $SRC_OUT6 tag rptin > +pass out tagged rptin > > -pass in from $RPT_OUT/24 tag rptout > -pass out reply-to $SRC_OUT@$PF_IFIN tagged rptout > -pass in from $RPT_OUT6/64 tag rptout > -pass out reply-to $SRC_OUT6@$PF_IFIN tagged rptout > +pass in from $RPT_OUT/24 tag rptout > +pass out reply-to $SRC_OUT tagged rptout > +pass in from $RPT_OUT6/64 tag rptout > +pass out reply-to $SRC_OUT6 tagged rptout > Index: regress/sys/net/pf_fragment/pf.conf > =================================================================== > RCS file: /mount/openbsd/cvs/src/regress/sys/net/pf_fragment/pf.conf,v > retrieving revision 1.5 > diff -u -p -r1.5 pf.conf > --- regress/sys/net/pf_fragment/pf.conf 7 Jun 2017 20:09:07 -0000 > 1.5 > +++ regress/sys/net/pf_fragment/pf.conf 3 Jan 2021 23:28:07 -0000 > @@ -10,7 +10,7 @@ pass out nat-to $PF_OUT > pass in to $RDR_IN6/64 rdr-to $ECO_IN6 allow-opts tag rdr > pass out nat-to $PF_OUT6 allow-opts tagged rdr > > -pass in to $RTT_IN/24 allow-opts tag rtt > -pass out route-to $RT_IN@$PF_IFOUT allow-opts tagged rtt > -pass in to $RTT_IN6/64 allow-opts tag rtt > -pass out route-to $RT_IN6@$PF_IFOUT allow-opts tagged rtt > +pass in to $RTT_IN/24 allow-opts tag rtt > +pass out route-to $RT_IN allow-opts tagged rtt > +pass in to $RTT_IN6/64 allow-opts tag rtt > +pass out route-to $RT_IN6 allow-opts tagged rtt >
