From: dlg <dlg@openbsd.org>
Date: Thu, 4 Feb 2021 21:26:02 +0000 (+0000)
Subject: route-to rules take ips, not interfaces with optional ips.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=43df509762e1d9d6e8e63c7f0598e73f4f03e7af;p=openbsd

route-to rules take ips, not interfaces with optional ips.

reminded by bluhm@
---

diff --git a/regress/sbin/pfctl/pf13.in b/regress/sbin/pfctl/pf13.in
index e9c9a82a673..69f49fb2fb2 100644
--- a/regress/sbin/pfctl/pf13.in
+++ b/regress/sbin/pfctl/pf13.in
@@ -2,21 +2,21 @@ pass in quick on enc0 from any to any
 pass in quick on enc0 inet from any to any
 pass in quick on enc0 inet6 from any to any
 
-pass out quick on tun1000000 inet from any to any route-to tun1000001
-pass out quick on tun1000000 from any to 192.168.1.1 route-to tun1000001
-pass out quick on tun1000000 from any to fec0::1 route-to tun1000001
+pass out quick on tun1000000 inet from any to any route-to (tun1000001:peer)
+pass out quick on tun1000000 from any to 192.168.1.1 route-to (tun1000001:peer)
+pass out quick on tun1000000 from any to fec0::1 route-to (tun1000001:peer)
 
-pass in on tun1000000 proto tcp from any to any port = 21 dup-to (tun1000001 192.168.1.1)
-pass in on tun1000000 proto tcp from any to any port = 21 dup-to (tun1000001 fec0::1)
+pass in on tun1000000 proto tcp from any to any port = 21 dup-to 192.168.1.1
+pass in on tun1000000 proto tcp from any to any port = 21 dup-to fec0::1
 
-pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 route-to tun1000001
-pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 route-to tun1000001
+pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 route-to (tun1000001:peer)
+pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 route-to (tun1000001:peer)
 
-pass in on tun1000000 proto tcp from any to any port = 21 reply-to (tun1000001 192.168.1.1)
-pass in on tun1000000 proto tcp from any to any port = 21 reply-to (tun1000001 fec0::1)
+pass in on tun1000000 proto tcp from any to any port = 21 reply-to 192.168.1.1
+pass in on tun1000000 proto tcp from any to any port = 21 reply-to fec0::1
 
-pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 reply-to tun1000001
-pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 reply-to tun1000001
+pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 reply-to (tun1000001:peer)
+pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 reply-to (tun1000001:peer)
 
-pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 dup-to (tun1000001 192.168.1.100)
-pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 dup-to (tun1000001 fec1::2)
+pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 dup-to 192.168.1.100
+pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 dup-to fec1::2
diff --git a/regress/sbin/pfctl/pf13.ok b/regress/sbin/pfctl/pf13.ok
index f9cf634626f..a1320c4460f 100644
--- a/regress/sbin/pfctl/pf13.ok
+++ b/regress/sbin/pfctl/pf13.ok
@@ -1,16 +1,16 @@
 pass in quick on enc0 all flags S/SA
 pass in quick on enc0 inet all flags S/SA
 pass in quick on enc0 inet6 all flags S/SA
-pass out quick on tun1000000 inet all flags S/SA route-to tun1000001
-pass out quick on tun1000000 inet from any to 192.168.1.1 flags S/SA route-to tun1000001
-pass out quick on tun1000000 inet6 from any to fec0::1 flags S/SA route-to tun1000001
-pass in on tun1000000 inet proto tcp from any to any port = 21 flags S/SA dup-to 192.168.1.1@tun1000001
-pass in on tun1000000 inet6 proto tcp from any to any port = 21 flags S/SA dup-to fec0::1@tun1000001
-pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA route-to tun1000001
-pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA route-to tun1000001
-pass in on tun1000000 inet proto tcp from any to any port = 21 flags S/SA reply-to 192.168.1.1@tun1000001
-pass in on tun1000000 inet6 proto tcp from any to any port = 21 flags S/SA reply-to fec0::1@tun1000001
-pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA reply-to tun1000001
-pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA reply-to tun1000001
-pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA dup-to 192.168.1.100@tun1000001
-pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA dup-to fec1::2@tun1000001
+pass out quick on tun1000000 inet all flags S/SA route-to (tun1000001:peer) round-robin
+pass out quick on tun1000000 inet from any to 192.168.1.1 flags S/SA route-to (tun1000001:peer) round-robin
+pass out quick on tun1000000 inet6 from any to fec0::1 flags S/SA route-to (tun1000001:peer) round-robin
+pass in on tun1000000 inet proto tcp from any to any port = 21 flags S/SA dup-to 192.168.1.1
+pass in on tun1000000 inet6 proto tcp from any to any port = 21 flags S/SA dup-to fec0::1
+pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA route-to (tun1000001:peer) round-robin
+pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA route-to (tun1000001:peer) round-robin
+pass in on tun1000000 inet proto tcp from any to any port = 21 flags S/SA reply-to 192.168.1.1
+pass in on tun1000000 inet6 proto tcp from any to any port = 21 flags S/SA reply-to fec0::1
+pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA reply-to (tun1000001:peer) round-robin
+pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA reply-to (tun1000001:peer) round-robin
+pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA dup-to 192.168.1.100
+pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA dup-to fec1::2
diff --git a/regress/sbin/pfctl/pf13.optimized b/regress/sbin/pfctl/pf13.optimized
index b324ec3f482..98ddb773d70 100644
--- a/regress/sbin/pfctl/pf13.optimized
+++ b/regress/sbin/pfctl/pf13.optimized
@@ -2,51 +2,51 @@
   [ Skip steps: r=end p=3 sa=5 da=2 sp=end dp=3 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@1 pass out quick on tun1000000 inet all flags S/SA route-to tun1000001
+@1 pass out quick on tun1000000 inet all flags S/SA route-to (tun1000001:peer:*) round-robin
   [ Skip steps: i=end d=3 r=end p=3 sa=5 sp=end dp=3 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@2 pass out quick on tun1000000 inet6 from any to fec0::1 flags S/SA route-to tun1000001
+@2 pass out quick on tun1000000 inet6 from any to fec0::1 flags S/SA route-to (tun1000001:peer:*) round-robin
   [ Skip steps: i=end r=end sa=5 sp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@3 pass in on tun1000000 inet proto tcp from any to any port = 21 flags S/SA dup-to 192.168.1.1@tun1000001
+@3 pass in on tun1000000 inet proto tcp from any to any port = 21 flags S/SA dup-to 192.168.1.1
   [ Skip steps: i=end d=end r=end p=5 sa=5 da=5 sp=end dp=5 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@4 pass in on tun1000000 inet6 proto tcp from any to any port = 21 flags S/SA dup-to fec0::1@tun1000001
+@4 pass in on tun1000000 inet6 proto tcp from any to any port = 21 flags S/SA dup-to fec0::1
   [ Skip steps: i=end d=end r=end sp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@5 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA route-to tun1000001
+@5 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA route-to (tun1000001:peer:*) round-robin
   [ Skip steps: i=end d=end r=end p=7 sp=end dp=7 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@6 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA route-to tun1000001
+@6 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA route-to (tun1000001:peer:*) round-robin
   [ Skip steps: i=end d=end r=end sp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@7 pass in on tun1000000 inet proto tcp from any to any port = 21 flags S/SA reply-to 192.168.1.1@tun1000001
+@7 pass in on tun1000000 inet proto tcp from any to any port = 21 flags S/SA reply-to 192.168.1.1
   [ Skip steps: i=end d=end r=end p=9 sa=9 da=9 sp=end dp=9 ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@8 pass in on tun1000000 inet6 proto tcp from any to any port = 21 flags S/SA reply-to fec0::1@tun1000001
+@8 pass in on tun1000000 inet6 proto tcp from any to any port = 21 flags S/SA reply-to fec0::1
   [ Skip steps: i=end d=end r=end sp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@9 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA reply-to tun1000001
+@9 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA reply-to (tun1000001:peer:*) round-robin
   [ Skip steps: i=end d=end r=end p=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@10 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA reply-to tun1000001
+@10 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA reply-to (tun1000001:peer:*) round-robin
   [ Skip steps: i=end d=end r=end p=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@11 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA dup-to 192.168.1.100@tun1000001
+@11 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA dup-to 192.168.1.100
   [ Skip steps: i=end d=end r=end p=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
-@12 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA dup-to fec1::2@tun1000001
+@12 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA dup-to fec1::2
   [ Skip steps: i=end d=end r=end f=end p=end sa=end da=end sp=end dp=end ]
   [ queue: qname= qid=0 pqname= pqid=0 ]
   [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]