Merge ^/head r320994 through r321238.

bin/dd/tests/Makefile

@@ -1,9 +1,5 @@
 # $FreeBSD$
 
-.include <src.opts.mk>
-
-.PATH: ${.CURDIR}/..
-
 ATF_TESTS_SH=	dd2_test
 NETBSD_ATF_TESTS_SH=	dd_test
 

bin/sh/options.c

@@ -191,16 +191,11 @@ options(int cmdline)
 		while ((c = *p++) != '\0') {
 			if (c == 'c' && cmdline) {
 				char *q;
-#ifdef NOHACK	/* removing this code allows sh -ce 'foo' for compat */
-				if (*p == '\0')
-#endif
-					q = *argptr++;
+
+				q = *argptr++;
 				if (q == NULL || minusc != NULL)
 					error("Bad -c option");
 				minusc = q;
-#ifdef NOHACK
-				break;
-#endif
 			} else if (c == 'o') {
 				minus_o(*argptr, val);
 				if (*argptr)

contrib/bmake/ChangeLog

@@ -1,3 +1,16 @@
+2017-07-11  Simon J. Gerraty  <sjg@bad.crufty.net>
+
+	* Makefile (_MAKE_VERSION): 20170711
+	  forgot to update after merge on 20170708 ;-)
+	  o main.c: refactor to reduce size of main function.
+	    add -v option to always fully expand values.
+	  o meta.c: ensure command output in meta file has ending newline
+	    even when filemon not being used.
+	    When matching ${.MAKE.META.IGNORE_PATTERNS} do not use
+	    pathname via ':L' since any ':' in pathname breaks that.
+	    Instead set a '${.p.}' to pathname in the target context and
+	    use that.
+
 2017-05-10  Simon J. Gerraty  <sjg@bad.crufty.net>
 
 	* Makefile (_MAKE_VERSION): 20170510

contrib/bmake/Makefile

@@ -1,7 +1,7 @@
-#	$Id: Makefile,v 1.92 2017/05/10 22:29:04 sjg Exp $
+#	$Id: Makefile,v 1.94 2017/07/15 18:22:14 sjg Exp $
 
 # Base version on src date
-_MAKE_VERSION= 20170510
+_MAKE_VERSION= 20170711
 
 PROG=	bmake
 

contrib/bmake/bmake.1

@@ -1,4 +1,4 @@
-.\"	$NetBSD: make.1,v 1.266 2017/02/01 18:39:27 sjg Exp $
+.\"	$NetBSD: make.1,v 1.271 2017/07/03 21:34:20 wiz Exp $
 .\"
 .\" Copyright (c) 1990, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"	from: @(#)make.1	8.4 (Berkeley) 3/19/94
 .\"
-.Dd February 1, 2017
+.Dd June 22, 2017
 .Dt BMAKE 1
 .Os
 .Sh NAME
@@ -48,6 +48,7 @@
 .Op Fl m Ar directory
 .Op Fl T Ar file
 .Op Fl V Ar variable
+.Op Fl v Ar variable
 .Op Ar variable=value
 .Op Ar target ...
 .Sh DESCRIPTION
@@ -206,7 +207,9 @@ Print debugging information about target list maintenance.
 .It Ar V
 Force the
 .Fl V
-option to print raw values of variables.
+option to print raw values of variables, overriding the default behavior
+set via
+.Va .MAKE.EXPAND_VARIABLES .
 .It Ar v
 Print debugging information about variable assignment.
 .It Ar x
@@ -334,20 +337,39 @@ for each job started and completed.
 Rather than re-building a target as specified in the makefile, create it
 or update its modification time to make it appear up-to-date.
 .It Fl V Ar variable
-Print
-.Nm Ns 's
-idea of the value of
-.Ar variable ,
-in the global context.
+Print the value of
+.Ar variable .
 Do not build any targets.
 Multiple instances of this option may be specified;
 the variables will be printed one per line,
 with a blank line for each null or undefined variable.
+The value printed is extracted from the global context after all
+makefiles have been read.
+By default, the raw variable contents (which may
+include additional unexpanded variable references) are shown.
 If
 .Ar variable
 contains a
 .Ql \&$
-then the value will be expanded before printing.
+then the value will be recursively expanded to its complete resultant
+text before printing.
+The expanded value will also be printed if
+.Va .MAKE.EXPAND_VARIABLES
+is set to true and
+the
+.Fl dV
+option has not been used to override it.
+Note that loop-local and target-local variables, as well as values
+taken temporarily by global variables during makefile processing, are
+not accessible via this option.
+The
+.Fl dv
+debug mode can be used to see these at the cost of generating
+substantial extraneous output.
+.It Fl v Ar variable
+Like
+.Fl V
+but the variable is always expanded to its complete value.
 .It Fl W
 Treat any warnings during makefile parsing as errors.
 .It Fl w
@@ -657,7 +679,7 @@ The seven local variables are as follows:
 .Bl -tag -width ".ARCHIVE" -offset indent
 .It Va .ALLSRC
 The list of all sources for this target; also known as
-.Ql Va \&\*[Gt] .
+.Ql Va \&> .
 .It Va .ARCHIVE
 The name of the archive file; also known as
 .Ql Va \&! .
@@ -666,7 +688,7 @@ In suffix-transformation rules, the name/path of the source from which the
 target is to be transformed (the
 .Dq implied
 source); also known as
-.Ql Va \&\*[Lt] .
+.Ql Va \&< .
 It is not defined in explicit rules.
 .It Va .MEMBER
 The name of the archive member; also known as
@@ -691,9 +713,9 @@ in archive member rules.
 .El
 .Pp
 The shorter forms
-.Ql ( Va \*[Gt] ,
+.Ql ( Va > ,
 .Ql Va \&! ,
-.Ql Va \*[Lt] ,
+.Ql Va < ,
 .Ql Va % ,
 .Ql Va \&? ,
 .Ql Va * ,
@@ -776,6 +798,10 @@ from which generated dependencies are read.
 A boolean that controls the default behavior of the
 .Fl V
 option.
+If true, variable values printed with
+.Fl V
+are fully expanded; if false, the raw variable contents (which may
+include additional unexpanded variable references) are shown.
 .It Va .MAKE.EXPORTED
 The list of variables exported by
 .Nm .
@@ -1287,7 +1313,7 @@ it is anchored at the end of each word.
 Inside
 .Ar new_string ,
 an ampersand
-.Pq Ql \*[Am]
+.Pq Ql &
 is replaced by
 .Ar old_string
 (without any
@@ -1751,7 +1777,7 @@ may be any one of the following:
 .Bl -tag -width "Cm XX"
 .It Cm \&|\&|
 Logical OR.
-.It Cm \&\*[Am]\*[Am]
+.It Cm \&&&
 Logical
 .Tn AND ;
 of higher precedence than
@@ -1768,7 +1794,7 @@ The boolean operator
 may be used to logically negate an entire
 conditional.
 It is of higher precedence than
-.Ql Ic \&\*[Am]\*[Am] .
+.Ql Ic \&&& .
 .Pp
 The value of
 .Ar expression

contrib/bmake/bmake.cat1

@@ -6,8 +6,8 @@ NNAAMMEE
 SSYYNNOOPPSSIISS
      bbmmaakkee [--BBeeiikkNNnnqqrrssttWWwwXX] [--CC _d_i_r_e_c_t_o_r_y] [--DD _v_a_r_i_a_b_l_e] [--dd _f_l_a_g_s]
            [--ff _m_a_k_e_f_i_l_e] [--II _d_i_r_e_c_t_o_r_y] [--JJ _p_r_i_v_a_t_e] [--jj _m_a_x___j_o_b_s]
-           [--mm _d_i_r_e_c_t_o_r_y] [--TT _f_i_l_e] [--VV _v_a_r_i_a_b_l_e] [_v_a_r_i_a_b_l_e_=_v_a_l_u_e]
-           [_t_a_r_g_e_t _._._.]
+           [--mm _d_i_r_e_c_t_o_r_y] [--TT _f_i_l_e] [--VV _v_a_r_i_a_b_l_e] [--vv _v_a_r_i_a_b_l_e]
+           [_v_a_r_i_a_b_l_e_=_v_a_l_u_e] [_t_a_r_g_e_t _._._.]
 
 DDEESSCCRRIIPPTTIIOONN
      bbmmaakkee is a program designed to simplify the maintenance of other pro-
@@ -118,7 +118,9 @@ DDEESSCCRRIIPPTTIIOONN
              _t       Print debugging information about target list mainte-
                      nance.
 
-             _V       Force the --VV option to print raw values of variables.
+             _V       Force the --VV option to print raw values of variables,
+                     overriding the default behavior set via
+                     _._M_A_K_E_._E_X_P_A_N_D___V_A_R_I_A_B_L_E_S.
 
              _v       Print debugging information about variable assignment.
 
@@ -209,12 +211,25 @@ DDEESSCCRRIIPPTTIIOONN
              to-date.
 
      --VV _v_a_r_i_a_b_l_e
-             Print bbmmaakkee's idea of the value of _v_a_r_i_a_b_l_e, in the global con-
-             text.  Do not build any targets.  Multiple instances of this
-             option may be specified; the variables will be printed one per
-             line, with a blank line for each null or undefined variable.  If
-             _v_a_r_i_a_b_l_e contains a `$' then the value will be expanded before
-             printing.
+             Print the value of _v_a_r_i_a_b_l_e.  Do not build any targets.  Multiple
+             instances of this option may be specified; the variables will be
+             printed one per line, with a blank line for each null or unde-
+             fined variable.  The value printed is extracted from the global
+             context after all makefiles have been read.  By default, the raw
+             variable contents (which may include additional unexpanded vari-
+             able references) are shown.  If _v_a_r_i_a_b_l_e contains a `$' then the
+             value will be recursively expanded to its complete resultant text
+             before printing.  The expanded value will also be printed if
+             _._M_A_K_E_._E_X_P_A_N_D___V_A_R_I_A_B_L_E_S is set to true and the --ddVV option has not
+             been used to override it.  Note that loop-local and target-local
+             variables, as well as values taken temporarily by global vari-
+             ables during makefile processing, are not accessible via this
+             option.  The --ddvv debug mode can be used to see these at the cost
+             of generating substantial extraneous output.
+
+     --vv _v_a_r_i_a_b_l_e
+             Like --VV but the variable is always expanded to its complete
+             value.
 
      --WW      Treat any warnings during makefile parsing as errors.
 
@@ -488,7 +503,10 @@ VVAARRIIAABBLLEE AASSSSIIGGNNMMEENNTTSS
 
      _._M_A_K_E_._E_X_P_A_N_D___V_A_R_I_A_B_L_E_S
                      A boolean that controls the default behavior of the --VV
-                     option.
+                     option.  If true, variable values printed with --VV are
+                     fully expanded; if false, the raw variable contents
+                     (which may include additional unexpanded variable refer-
+                     ences) are shown.
 
      _._M_A_K_E_._E_X_P_O_R_T_E_D  The list of variables exported by bbmmaakkee.
 
@@ -1523,4 +1541,4 @@ BBUUGGSS
 
      There is no way of escaping a space character in a filename.
 
-NetBSD 7.1_RC1                 February 1, 2017                 NetBSD 7.1_RC1
+NetBSD 7.1_RC1                   June 22, 2017                  NetBSD 7.1_RC1

contrib/bmake/buf.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: buf.h,v 1.17 2012/04/24 20:26:58 sjg Exp $	*/
+/*	$NetBSD: buf.h,v 1.19 2017/05/31 22:02:06 maya Exp $	*/
 
 /*
  * Copyright (c) 1988, 1989, 1990 The Regents of the University of California.
@@ -77,8 +77,8 @@
  *	Header for users of the buf library.
  */
 
-#ifndef _BUF_H
-#define _BUF_H
+#ifndef MAKE_BUF_H
+#define MAKE_BUF_H
 
 typedef char Byte;
 
@@ -116,4 +116,4 @@ void Buf_Init(Buffer *, int);
 Byte *Buf_Destroy(Buffer *, Boolean);
 Byte *Buf_DestroyCompact(Buffer *);
 
-#endif /* _BUF_H */
+#endif /* MAKE_BUF_H */

contrib/bmake/dir.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: dir.h,v 1.15 2012/04/07 18:29:08 christos Exp $	*/
+/*	$NetBSD: dir.h,v 1.18 2017/05/31 22:02:06 maya Exp $	*/
 
 /*
  * Copyright (c) 1988, 1989, 1990 The Regents of the University of California.
@@ -75,8 +75,8 @@
 /* dir.h --
  */
 
-#ifndef	_DIR
-#define	_DIR
+#ifndef	MAKE_DIR_H
+#define	MAKE_DIR_H
 
 typedef struct Path {
     char         *name;	    	/* Name of directory */
@@ -105,4 +105,4 @@ void Dir_PrintPath(Lst);
 void Dir_Destroy(void *);
 void * Dir_CopyDir(void *);
 
-#endif /* _DIR */
+#endif /* MAKE_DIR_H */

contrib/bmake/hash.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: hash.h,v 1.11 2016/06/07 00:40:00 sjg Exp $	*/
+/*	$NetBSD: hash.h,v 1.12 2017/05/31 21:07:03 maya Exp $	*/
 
 /*
  * Copyright (c) 1988, 1989, 1990 The Regents of the University of California.
@@ -78,8 +78,8 @@
  * 	which maintains hash tables.
  */
 
-#ifndef	_HASH
-#define	_HASH
+#ifndef	_HASH_H
+#define	_HASH_H
 
 /*
  * The following defines one entry in the hash table.
@@ -146,4 +146,4 @@ void Hash_DeleteEntry(Hash_Table *, Hash_Entry *);
 Hash_Entry *Hash_EnumFirst(Hash_Table *, Hash_Search *);
 Hash_Entry *Hash_EnumNext(Hash_Search *);
 
-#endif /* _HASH */
+#endif /* _HASH_H */

contrib/bmake/main.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.265 2017/05/10 22:26:14 sjg Exp $	*/
+/*	$NetBSD: main.c,v 1.272 2017/06/19 19:58:24 christos Exp $	*/
 
 /*
  * Copyright (c) 1988, 1989, 1990, 1993
@@ -69,7 +69,7 @@
  */
 
 #ifndef MAKE_NATIVE
-static char rcsid[] = "$NetBSD: main.c,v 1.265 2017/05/10 22:26:14 sjg Exp $";
+static char rcsid[] = "$NetBSD: main.c,v 1.272 2017/06/19 19:58:24 christos Exp $";
 #else
 #include <sys/cdefs.h>
 #ifndef lint
@@ -81,7 +81,7 @@ __COPYRIGHT("@(#) Copyright (c) 1988, 1989, 1990, 1993\
 #if 0
 static char sccsid[] = "@(#)main.c	8.3 (Berkeley) 3/19/94";
 #else
-__RCSID("$NetBSD: main.c,v 1.265 2017/05/10 22:26:14 sjg Exp $");
+__RCSID("$NetBSD: main.c,v 1.272 2017/06/19 19:58:24 christos Exp $");
 #endif
 #endif /* not lint */
 #endif
@@ -159,7 +159,9 @@ Boolean			deleteOnError;	/* .DELETE_ON_ERROR: set */
 
 static Boolean		noBuiltins;	/* -r flag */
 static Lst		makefiles;	/* ordered list of makefiles to read */
-static Boolean		printVars;	/* print value of one or more vars */
+static int		printVars;	/* -[vV] argument */
+#define COMPAT_VARS 1
+#define EXPAND_VARS 2
 static Lst		variables;	/* list of variables to print */
 int			maxJobs;	/* -j argument */
 static int		maxJobTokens;	/* -j argument */
@@ -421,7 +423,7 @@ MainParseArgs(int argc, char **argv)
 	Boolean inOption, dashDash = FALSE;
 	char found_path[MAXPATHLEN + 1];	/* for searching for sys.mk */
 
-#define OPTFLAGS "BC:D:I:J:NST:V:WXd:ef:ij:km:nqrstw"
+#define OPTFLAGS "BC:D:I:J:NST:V:WXd:ef:ij:km:nqrstv:w"
 /* Can't actually use getopt(3) because rescanning is not portable */
 
 	getopt_def = OPTFLAGS;
@@ -546,8 +548,9 @@ MainParseArgs(int argc, char **argv)
 			Var_Append(MAKEFLAGS, argvalue, VAR_GLOBAL);
 			break;
 		case 'V':
+		case 'v':
 			if (argvalue == NULL) goto noarg;
-			printVars = TRUE;
+			printVars = c == 'v' ? EXPAND_VARS : COMPAT_VARS;
 			(void)Lst_AtEnd(variables, argvalue);
 			Var_Append(MAKEFLAGS, "-V", VAR_GLOBAL);
 			Var_Append(MAKEFLAGS, argvalue, VAR_GLOBAL);
@@ -877,6 +880,89 @@ MakeMode(const char *mode)
     free(mp);
 }
 
+static void
+doPrintVars(void)
+{
+	LstNode ln;
+	Boolean expandVars;
+
+	if (printVars == EXPAND_VARS)
+		expandVars = TRUE;
+	else if (debugVflag)
+		expandVars = FALSE;
+	else
+		expandVars = getBoolean(".MAKE.EXPAND_VARIABLES", FALSE);
+
+	for (ln = Lst_First(variables); ln != NULL;
+	    ln = Lst_Succ(ln)) {
+		char *var = (char *)Lst_Datum(ln);
+		char *value;
+		char *p1;
+		
+		if (strchr(var, '$')) {
+			value = p1 = Var_Subst(NULL, var, VAR_GLOBAL,
+			    VARF_WANTRES);
+		} else if (expandVars) {
+			char tmp[128];
+			int len = snprintf(tmp, sizeof(tmp), "${%s}", var);
+							
+			if (len >= (int)sizeof(tmp))
+				Fatal("%s: variable name too big: %s",
+				    progname, var);
+			value = p1 = Var_Subst(NULL, tmp, VAR_GLOBAL,
+			    VARF_WANTRES);
+		} else {
+			value = Var_Value(var, VAR_GLOBAL, &p1);
+		}
+		printf("%s\n", value ? value : "");
+		free(p1);
+	}
+}
+
+static Boolean
+runTargets(void)
+{
+	Lst targs;	/* target nodes to create -- passed to Make_Init */
+	Boolean outOfDate; 	/* FALSE if all targets up to date */
+
+	/*
+	 * Have now read the entire graph and need to make a list of
+	 * targets to create. If none was given on the command line,
+	 * we consult the parsing module to find the main target(s)
+	 * to create.
+	 */
+	if (Lst_IsEmpty(create))
+		targs = Parse_MainName();
+	else
+		targs = Targ_FindList(create, TARG_CREATE);
+
+	if (!compatMake) {
+		/*
+		 * Initialize job module before traversing the graph
+		 * now that any .BEGIN and .END targets have been read.
+		 * This is done only if the -q flag wasn't given
+		 * (to prevent the .BEGIN from being executed should
+		 * it exist).
+		 */
+		if (!queryFlag) {
+			Job_Init();
+			jobsRunning = TRUE;
+		}
+
+		/* Traverse the graph, checking on all the targets */
+		outOfDate = Make_Run(targs);
+	} else {
+		/*
+		 * Compat_Init will take care of creating all the
+		 * targets as well as initializing the module.
+		 */
+		Compat_Run(targs);
+		outOfDate = FALSE;
+	}
+	Lst_Destroy(targs, NULL);
+	return outOfDate;
+}
+
 /*-
  * main --
  *	The main function, for obvious reasons. Initializes variables
@@ -897,8 +983,7 @@ MakeMode(const char *mode)
 int
 main(int argc, char **argv)
 {
-	Lst targs;	/* target nodes to create -- passed to Make_Init */
-	Boolean outOfDate = FALSE; 	/* FALSE if all targets up to date */
+	Boolean outOfDate; 	/* FALSE if all targets up to date */
 	struct stat sb, sa;
 	char *p1, *path;
 	char mdpath[MAXPATHLEN];
@@ -1027,7 +1112,7 @@ main(int argc, char **argv)
 
 	create = Lst_Init(FALSE);
 	makefiles = Lst_Init(FALSE);
-	printVars = FALSE;
+	printVars = 0;
 	debugVflag = FALSE;
 	variables = Lst_Init(FALSE);
 	beSilent = FALSE;		/* Print commands as executed */
@@ -1406,73 +1491,13 @@ main(int argc, char **argv)
 
 	/* print the values of any variables requested by the user */
 	if (printVars) {
-		LstNode ln;
-		Boolean expandVars;
-
-		if (debugVflag)
-			expandVars = FALSE;
-		else
-			expandVars = getBoolean(".MAKE.EXPAND_VARIABLES", FALSE);
-		for (ln = Lst_First(variables); ln != NULL;
-		    ln = Lst_Succ(ln)) {
-			char *var = (char *)Lst_Datum(ln);
-			char *value;
-			
-			if (strchr(var, '$')) {
-			    value = p1 = Var_Subst(NULL, var, VAR_GLOBAL,
-						   VARF_WANTRES);
-			} else if (expandVars) {
-				char tmp[128];
-								
-				if (snprintf(tmp, sizeof(tmp), "${%s}", var) >= (int)(sizeof(tmp)))
-					Fatal("%s: variable name too big: %s",
-					      progname, var);
-				value = p1 = Var_Subst(NULL, tmp, VAR_GLOBAL,
-						       VARF_WANTRES);
-			} else {
-				value = Var_Value(var, VAR_GLOBAL, &p1);
-			}
-			printf("%s\n", value ? value : "");
-			free(p1);
-		}
+		doPrintVars();
+		outOfDate = FALSE;
 	} else {
-		/*
-		 * Have now read the entire graph and need to make a list of
-		 * targets to create. If none was given on the command line,
-		 * we consult the parsing module to find the main target(s)
-		 * to create.
-		 */
-		if (Lst_IsEmpty(create))
-			targs = Parse_MainName();
-		else
-			targs = Targ_FindList(create, TARG_CREATE);
-
-		if (!compatMake) {
-			/*
-			 * Initialize job module before traversing the graph
-			 * now that any .BEGIN and .END targets have been read.
-			 * This is done only if the -q flag wasn't given
-			 * (to prevent the .BEGIN from being executed should
-			 * it exist).
-			 */
-			if (!queryFlag) {
-				Job_Init();
-				jobsRunning = TRUE;
-			}
-
-			/* Traverse the graph, checking on all the targets */
-			outOfDate = Make_Run(targs);
-		} else {
-			/*
-			 * Compat_Init will take care of creating all the
-			 * targets as well as initializing the module.
-			 */
-			Compat_Run(targs);
-		}
+		outOfDate = runTargets();
 	}
 
 #ifdef CLEANUP
-	Lst_Destroy(targs, NULL);
 	Lst_Destroy(variables, NULL);
 	Lst_Destroy(makefiles, NULL);
 	Lst_Destroy(create, (FreeProc *)free);
@@ -1931,7 +1956,8 @@ usage(void)
 "usage: %s [-BeikNnqrstWwX] \n\
             [-C directory] [-D variable] [-d flags] [-f makefile]\n\
             [-I directory] [-J private] [-j max_jobs] [-m directory] [-T file]\n\
-            [-V variable] [variable=value] [target ...]\n", progname);
+            [-V variable] [-v variable] [variable=value] [target ...]\n",
+	    progname);
 	exit(2);
 }
 

contrib/bmake/make.1

@@ -1,4 +1,4 @@
-.\"	$NetBSD: make.1,v 1.266 2017/02/01 18:39:27 sjg Exp $
+.\"	$NetBSD: make.1,v 1.271 2017/07/03 21:34:20 wiz Exp $
 .\"
 .\" Copyright (c) 1990, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"	from: @(#)make.1	8.4 (Berkeley) 3/19/94
 .\"
-.Dd February 1, 2017
+.Dd June 22, 2017
 .Dt MAKE 1
 .Os
 .Sh NAME
@@ -48,6 +48,7 @@
 .Op Fl m Ar directory
 .Op Fl T Ar file
 .Op Fl V Ar variable
+.Op Fl v Ar variable
 .Op Ar variable=value
 .Op Ar target ...
 .Sh DESCRIPTION
@@ -206,7 +207,9 @@ Print debugging information about target list maintenance.
 .It Ar V
 Force the
 .Fl V
-option to print raw values of variables.
+option to print raw values of variables, overriding the default behavior
+set via
+.Va .MAKE.EXPAND_VARIABLES .
 .It Ar v
 Print debugging information about variable assignment.
 .It Ar x
@@ -334,20 +337,39 @@ for each job started and completed.
 Rather than re-building a target as specified in the makefile, create it
 or update its modification time to make it appear up-to-date.
 .It Fl V Ar variable
-Print
-.Nm Ns 's
-idea of the value of
-.Ar variable ,
-in the global context.
+Print the value of
+.Ar variable .
 Do not build any targets.
 Multiple instances of this option may be specified;
 the variables will be printed one per line,
 with a blank line for each null or undefined variable.
+The value printed is extracted from the global context after all
+makefiles have been read.
+By default, the raw variable contents (which may
+include additional unexpanded variable references) are shown.
 If
 .Ar variable
 contains a
 .Ql \&$
-then the value will be expanded before printing.
+then the value will be recursively expanded to its complete resultant
+text before printing.
+The expanded value will also be printed if
+.Va .MAKE.EXPAND_VARIABLES
+is set to true and
+the
+.Fl dV
+option has not been used to override it.
+Note that loop-local and target-local variables, as well as values
+taken temporarily by global variables during makefile processing, are
+not accessible via this option.
+The
+.Fl dv
+debug mode can be used to see these at the cost of generating
+substantial extraneous output.
+.It Fl v Ar variable
+Like
+.Fl V
+but the variable is always expanded to its complete value.
 .It Fl W
 Treat any warnings during makefile parsing as errors.
 .It Fl w
@@ -657,7 +679,7 @@ The seven local variables are as follows:
 .Bl -tag -width ".ARCHIVE" -offset indent
 .It Va .ALLSRC
 The list of all sources for this target; also known as
-.Ql Va \&\*[Gt] .
+.Ql Va \&> .
 .It Va .ARCHIVE
 The name of the archive file; also known as
 .Ql Va \&! .
@@ -666,7 +688,7 @@ In suffix-transformation rules, the name/path of the source from which the
 target is to be transformed (the
 .Dq implied
 source); also known as
-.Ql Va \&\*[Lt] .
+.Ql Va \&< .
 It is not defined in explicit rules.
 .It Va .MEMBER
 The name of the archive member; also known as
@@ -691,9 +713,9 @@ in archive member rules.
 .El
 .Pp
 The shorter forms
-.Ql ( Va \*[Gt] ,
+.Ql ( Va > ,
 .Ql Va \&! ,
-.Ql Va \*[Lt] ,
+.Ql Va < ,
 .Ql Va % ,
 .Ql Va \&? ,
 .Ql Va * ,
@@ -787,6 +809,10 @@ from which generated dependencies are read.
 A boolean that controls the default behavior of the
 .Fl V
 option.
+If true, variable values printed with
+.Fl V
+are fully expanded; if false, the raw variable contents (which may
+include additional unexpanded variable references) are shown.
 .It Va .MAKE.EXPORTED
 The list of variables exported by
 .Nm .
@@ -1298,7 +1324,7 @@ it is anchored at the end of each word.
 Inside
 .Ar new_string ,
 an ampersand
-.Pq Ql \*[Am]
+.Pq Ql &
 is replaced by
 .Ar old_string
 (without any
@@ -1762,7 +1788,7 @@ may be any one of the following:
 .Bl -tag -width "Cm XX"
 .It Cm \&|\&|
 Logical OR.
-.It Cm \&\*[Am]\*[Am]
+.It Cm \&&&
 Logical
 .Tn AND ;
 of higher precedence than
@@ -1779,7 +1805,7 @@ The boolean operator
 may be used to logically negate an entire
 conditional.
 It is of higher precedence than
-.Ql Ic \&\*[Am]\*[Am] .
+.Ql Ic \&&& .
 .Pp
 The value of
 .Ar expression

contrib/bmake/meta.c

@@ -1,4 +1,4 @@
-/*      $NetBSD: meta.c,v 1.67 2016/08/17 15:52:42 sjg Exp $ */
+/*      $NetBSD: meta.c,v 1.68 2017/07/09 04:54:00 sjg Exp $ */
 
 /*
  * Implement 'meta' mode.
@@ -727,7 +727,7 @@ meta_job_error(Job *job, GNode *gn, int flags, int status)
 	pbm = &Mybm;
     }
     if (pbm->mfp != NULL) {
-	fprintf(pbm->mfp, "*** Error code %d%s\n",
+	fprintf(pbm->mfp, "\n*** Error code %d%s\n",
 		status,
 		(flags & JOB_IGNERR) ?
 		"(ignored)" : "");
@@ -782,13 +782,13 @@ int
 meta_cmd_finish(void *pbmp)
 {
     int error = 0;
-#ifdef USE_FILEMON
     BuildMon *pbm = pbmp;
     int x;
 
     if (!pbm)
 	pbm = &Mybm;
 
+#ifdef USE_FILEMON
     if (pbm->filemon_fd >= 0) {
 	if (close(pbm->filemon_fd) < 0)
 	    error = errno;
@@ -796,8 +796,9 @@ meta_cmd_finish(void *pbmp)
 	if (error == 0 && x != 0)
 	    error = x;
 	pbm->filemon_fd = pbm->mon_fd = -1;
-    }
+    } else
 #endif
+	fprintf(pbm->mfp, "\n");	/* ensure end with newline */
     return error;
 }
 
@@ -861,6 +862,8 @@ fgetLine(char **bufp, size_t *szp, int o, FILE *fp)
 	    newsz = ROUNDUP((fs.st_size / 2), BUFSIZ);
 	    if (newsz <= bufsz)
 		newsz = ROUNDUP(fs.st_size, BUFSIZ);
+	    if (newsz <= bufsz)
+		return x;		/* truncated */
 	    if (DEBUG(META)) 
 		fprintf(debug_file, "growing buffer %u -> %u\n",
 			(unsigned)bufsz, (unsigned)newsz);
@@ -948,10 +951,10 @@ meta_ignore(GNode *gn, const char *p)
     if (metaIgnorePatterns) {
 	char *pm;
 
-	snprintf(fname, sizeof(fname),
-		 "${%s:@m@${%s:L:M$m}@}",
-		 MAKE_META_IGNORE_PATTERNS, p);
-	pm = Var_Subst(NULL, fname, gn, VARF_WANTRES);
+	Var_Set(".p.", p, gn, 0);
+	pm = Var_Subst(NULL,
+		       "${" MAKE_META_IGNORE_PATTERNS ":@m@${.p.:M$m}@}",
+		       gn, VARF_WANTRES);
 	if (*pm) {
 #ifdef DEBUG_META_MODE
 	    if (DEBUG(META))

contrib/bmake/mk/ChangeLog

@@ -1,3 +1,22 @@
+2017-06-30  Simon J. Gerraty  <sjg@bad.crufty.net>
+
+	* install-mk (MK_VERSION): 20170630
+
+	* meta.stage.mk: avoid triggering stage_* targets with nothing to do.
+
+2017-05-23  Simon J. Gerraty  <sjg@bad.crufty.net>
+
+	* meta2deps.py: take special care of '..'
+
+2017-05-15  Simon J. Gerraty  <sjg@bad.crufty.net>
+
+	* install-mk (MK_VERSION): 20170515
+
+	* dirdeps.mk (DEP_EXPORT_VARS): on rare occasions it is
+	useful/necessary for a Makefile.depend file to export some knobs.
+	This is complicated when we are doing DIRDEPS_CACHE, so we will
+	handle export of any variables listed in DEP_EXPORT_VARS.
+
 2017-05-08  Simon J. Gerraty  <sjg@bad.crufty.net>
 
 	* install-mk (MK_VERSION): 20170505

contrib/bmake/mk/dirdeps.mk

@@ -1,4 +1,4 @@
-# $Id: dirdeps.mk,v 1.88 2017/04/24 20:34:59 sjg Exp $
+# $Id: dirdeps.mk,v 1.89 2017/05/17 17:41:47 sjg Exp $
 
 # Copyright (c) 2010-2013, Juniper Networks, Inc.
 # All rights reserved.
@@ -636,6 +636,11 @@ _build_all_dirs := ${_build_all_dirs:O:u}
 x!= { echo; echo '\# ${DEP_RELDIR}.${DEP_TARGET_SPEC}'; \
 	echo 'dirdeps: ${_build_all_dirs:${M_oneperline}}'; echo; } >&3; echo
 x!= { ${_build_all_dirs:@x@${target($x):?:echo '$x: _DIRDEP_USE';}@} echo; } >&3; echo
+.if !empty(DEP_EXPORT_VARS)
+# Discouraged, but there are always exceptions.
+# Handle it here rather than explain how.
+x!= { echo; ${DEP_EXPORT_VARS:@v@echo '$v=${$v}';@} echo '.export ${DEP_EXPORT_VARS}'; echo; } >&3; echo
+.endif
 .else
 # this makes it all happen
 dirdeps: ${_build_all_dirs}
@@ -646,6 +651,11 @@ ${_build_all_dirs}:	_DIRDEP_USE
 .info ${DEP_RELDIR}.${DEP_TARGET_SPEC}: needs: ${_build_dirs}
 .endif
 
+.if !empty(DEP_EXPORT_VARS)
+.export ${DEP_EXPORT_VARS}
+DEP_EXPORT_VARS=
+.endif
+
 # this builds the dependency graph
 .for m in ${_machines}
 # it would be nice to do :N${.TARGET}

contrib/bmake/mk/install-mk

@@ -55,7 +55,7 @@
 #       Simon J. Gerraty <sjg@crufty.net>
 
 # RCSid:
-#	$Id: install-mk,v 1.145 2017/05/09 04:05:32 sjg Exp $
+#	$Id: install-mk,v 1.148 2017/06/30 23:46:15 sjg Exp $
 #
 #	@(#) Copyright (c) 1994 Simon J. Gerraty
 #
@@ -70,7 +70,7 @@
 #	sjg@crufty.net
 #
 
-MK_VERSION=20170505
+MK_VERSION=20170630
 OWNER=
 GROUP=
 MODE=444

contrib/bmake/mk/lib.mk

@@ -1,4 +1,4 @@
-# $Id: lib.mk,v 1.61 2017/05/06 17:30:09 sjg Exp $
+# $Id: lib.mk,v 1.62 2017/06/11 03:24:04 sjg Exp $
 
 .if !target(__${.PARSEFILE}__)
 __${.PARSEFILE}__:
@@ -268,8 +268,7 @@ ${CXX_SUFFIXES:%=%.o}:
 	${COMPILE.cc} ${.IMPSRC}
 
 .S.o .s.o:
-	@echo ${COMPILE.S} ${CFLAGS:M-[ID]*} ${AINC} ${.IMPSRC}
-	@${COMPILE.S} ${CFLAGS:M-[ID]*} ${AINC} ${.IMPSRC} 
+	${COMPILE.S} ${CFLAGS:M-[ID]*} ${AINC} ${.IMPSRC} 
 
 .if (${LD_X} == "")
 .c.po:
@@ -282,21 +281,18 @@ ${CXX_SUFFIXES:%=%.po}:
 	${COMPILE.S} ${PICFLAG} ${CC_PIC} ${CFLAGS:M-[ID]*} ${AINC} ${.IMPSRC} -o ${.TARGET}
 .else
 .c.po:
-	@echo ${COMPILE.c} ${CC_PG} ${PROFFLAGS} ${.IMPSRC} -o ${.TARGET}
-	@${COMPILE.c} ${CC_PG} ${PROFFLAGS} ${.IMPSRC} -o ${.TARGET}.o
+	${COMPILE.c} ${CC_PG} ${PROFFLAGS} ${.IMPSRC} -o ${.TARGET}.o
 	@${LD} ${LD_X} ${LD_r} ${.TARGET}.o -o ${.TARGET}
 	@rm -f ${.TARGET}.o
 
 ${CXX_SUFFIXES:%=%.po}:
-	@echo ${COMPILE.cc} ${CXX_PG} ${PROFFLAGS} ${.IMPSRC} -o ${.TARGET}
-	@${COMPILE.cc} ${CXX_PG} ${.IMPSRC} -o ${.TARGET}.o
-	@${LD} ${LD_X} ${LD_r} ${.TARGET}.o -o ${.TARGET}
+	${COMPILE.cc} ${CXX_PG} ${.IMPSRC} -o ${.TARGET}.o
+	${LD} ${LD_X} ${LD_r} ${.TARGET}.o -o ${.TARGET}
 	@rm -f ${.TARGET}.o
 
 .S${PICO} .s${PICO}:
-	@echo ${COMPILE.S} ${PICFLAG} ${CC_PIC} ${CFLAGS:M-[ID]*} ${AINC} ${.IMPSRC} -o ${.TARGET}
-	@${COMPILE.S} ${PICFLAG} ${CC_PIC} ${CFLAGS:M-[ID]*} ${AINC} ${.IMPSRC} -o ${.TARGET}.o
-	@${LD} ${LD_x} ${LD_r} ${.TARGET}.o -o ${.TARGET}
+	${COMPILE.S} ${PICFLAG} ${CC_PIC} ${CFLAGS:M-[ID]*} ${AINC} ${.IMPSRC} -o ${.TARGET}.o
+	${LD} ${LD_x} ${LD_r} ${.TARGET}.o -o ${.TARGET}
 	@rm -f ${.TARGET}.o
 .endif
 
@@ -312,21 +308,18 @@ ${CXX_SUFFIXES:%=%${PICO}}:
 .else
 
 .c${PICO}:
-	@echo ${COMPILE.c} ${PICFLAG} ${CC_PIC} ${.IMPSRC} -o ${.TARGET}
-	@${COMPILE.c} ${PICFLAG} ${CC_PIC} ${.IMPSRC} -o ${.TARGET}.o
-	@${LD} ${LD_x} ${LD_r} ${.TARGET}.o -o ${.TARGET}
+	${COMPILE.c} ${PICFLAG} ${CC_PIC} ${.IMPSRC} -o ${.TARGET}.o
+	${LD} ${LD_x} ${LD_r} ${.TARGET}.o -o ${.TARGET}
 	@rm -f ${.TARGET}.o
 
 ${CXX_SUFFIXES:%=%${PICO}}:
-	@echo ${COMPILE.cc} ${PICFLAG} ${CC_PIC} ${.IMPSRC} -o ${.TARGET}
-	@${COMPILE.cc} ${PICFLAG} ${CC_PIC} ${.IMPSRC} -o ${.TARGET}.o
-	@${LD} ${LD_x} ${LD_r} ${.TARGET}.o -o ${.TARGET}
+	${COMPILE.cc} ${PICFLAG} ${CC_PIC} ${.IMPSRC} -o ${.TARGET}.o
+	${LD} ${LD_x} ${LD_r} ${.TARGET}.o -o ${.TARGET}
 	@rm -f ${.TARGET}.o
 
 .S.po .s.po:
-	@echo ${COMPILE.S} ${PROFFLAGS} ${CFLAGS:M-[ID]*} ${AINC} ${.IMPSRC} -o ${.TARGET}
-	@${COMPILE.S} ${PROFFLAGS} ${CFLAGS:M-[ID]*} ${AINC} ${.IMPSRC} -o ${.TARGET}.o
-	@${LD} ${LD_X} ${LD_r} ${.TARGET}.o -o ${.TARGET}
+	${COMPILE.S} ${PROFFLAGS} ${CFLAGS:M-[ID]*} ${AINC} ${.IMPSRC} -o ${.TARGET}.o
+	${LD} ${LD_X} ${LD_r} ${.TARGET}.o -o ${.TARGET}
 	@rm -f ${.TARGET}.o
 
 .endif
@@ -418,7 +411,7 @@ lib${LIB}.${LD_so}:: lib${LIB}.a
 .else  # MK_LIBTOOL=yes
 
 lib${LIB}.a:: ${OBJS}
-	@echo building standard ${LIB} library
+	@${META_NOECHO} building standard ${LIB} library
 	@rm -f ${.TARGET}
 	@${AR} ${AR_cq} ${.TARGET} ${LD_objs}
 	${RANLIB} ${.TARGET}
@@ -426,7 +419,7 @@ lib${LIB}.a:: ${OBJS}
 POBJS+=	${OBJS:.o=.po}
 .NOPATH:	${POBJS}
 lib${LIB}_p.a:: ${POBJS}
-	@echo building profiled ${LIB} library
+	@${META_NOECHO} building profiled ${LIB} library
 	@rm -f ${.TARGET}
 	@${AR} ${AR_cq} ${.TARGET} ${LD_pobjs}
 	${RANLIB} ${.TARGET}
@@ -434,7 +427,7 @@ lib${LIB}_p.a:: ${POBJS}
 SOBJS+=	${OBJS:.o=${PICO}}
 .NOPATH:	${SOBJS}
 lib${LIB}_pic.a:: ${SOBJS}
-	@echo building shared object ${LIB} library
+	@${META_NOECHO} building shared object ${LIB} library
 	@rm -f ${.TARGET}
 	@${AR} ${AR_cq} ${.TARGET} ${LD_sobjs}
 	${RANLIB} ${.TARGET}
@@ -444,7 +437,7 @@ lib${LIB}_pic.a:: ${SOBJS}
 # bound to be non-portable...
 # this is known to work for NetBSD 1.6 and FreeBSD 4.2
 lib${LIB}.${LD_so}: ${SOLIB} ${DPADD}
-	@echo building shared ${LIB} library \(version ${SHLIB_FULLVERSION}\)
+	@${META_NOECHO} building shared ${LIB} library \(version ${SHLIB_FULLVERSION}\)
 	@rm -f ${.TARGET}
 .if ${TARGET_OSNAME} == "NetBSD" || ${TARGET_OSNAME} == "FreeBSD"
 .if ${OBJECT_FMT} == "ELF"
@@ -468,7 +461,7 @@ LOBJS+=	${LSRCS:.c=.ln} ${SRCS:M*.c:.c=.ln}
 .NOPATH:	${LOBJS}
 LLIBS?=	-lc
 llib-l${LIB}.ln: ${LOBJS}
-	@echo building llib-l${LIB}.ln
+	@${META_NOECHO} building llib-l${LIB}.ln
 	@rm -f llib-l${LIB}.ln
 	@${LINT} -C${LIB} ${LOBJS} ${LLIBS}
 
@@ -508,10 +501,8 @@ LIB_INSTALL_OWN ?= -o ${LIBOWN} -g ${LIBGRP}
 
 .include <links.mk>
 
-.if !target(realinstall) && !empty(LIB)
+.if !target(libinstall) && !empty(LIB)
 realinstall: libinstall
-.endif
-.if !target(libinstall)
 libinstall:
 	[ -d ${DESTDIR}/${LIBDIR} ] || \
 	${INSTALL} -d ${LIB_INSTALL_OWN} -m 775 ${DESTDIR}${LIBDIR}

contrib/bmake/mk/meta.stage.mk

@@ -1,4 +1,4 @@
-# $Id: meta.stage.mk,v 1.49 2017/04/01 02:10:34 sjg Exp $
+# $Id: meta.stage.mk,v 1.54 2017/07/06 23:20:33 sjg Exp $
 #
 #	@(#) Copyright (c) 2011-2017, Simon J. Gerraty
 #
@@ -136,11 +136,31 @@ _STAGE_AS_BASENAME_USE:        .USE .dirdep ${.TARGET:T}
 	@${STAGE_AS_SCRIPT}; StageAs ${.TARGET:H:${STAGE_DIR_FILTER}} ${.TARGET:T} ${STAGE_AS_${.TARGET:T}:U${.TARGET:T}}
 
 
+.endif				# first time
+
+
+.if !empty(STAGE_INCSDIR)
+.if !empty(STAGE_INCS)
+stage_incs: ${STAGE_INCS}
+.endif
+.if target(stage_incs) || !empty(.ALLTARGETS:Mstage_includes)
+STAGE_TARGETS += stage_incs
+STAGE_INCS ?= ${.ALLSRC:N.dirdep:Nstage_*}
 stage_includes: stage_incs
 stage_incs:	.dirdep
 	@${STAGE_FILE_SCRIPT}; StageFiles ${STAGE_INCSDIR:${STAGE_DIR_FILTER}} ${STAGE_INCS}
 	@touch $@
 
+.endif
+.endif
+
+.if !empty(STAGE_LIBDIR)
+.if !empty(STAGE_LIBS)
+stage_libs: ${STAGE_LIBS}
+.endif
+.if target(stage_libs)
+STAGE_TARGETS += stage_libs
+STAGE_LIBS ?= ${.ALLSRC:N.dirdep:Nstage_*}
 stage_libs:	.dirdep
 	@${STAGE_FILE_SCRIPT}; StageFiles ${STAGE_LIBDIR:${STAGE_DIR_FILTER}} ${STAGE_LIBS}
 .if !defined(NO_SHLIB_LINKS)
@@ -152,18 +172,7 @@ stage_libs:	.dirdep
 .endif
 .endif
 	@touch $@
-
-.endif				# first time
-
-
-.if !empty(STAGE_INCSDIR)
-STAGE_TARGETS += stage_incs
-STAGE_INCS ?= ${.ALLSRC:N.dirdep:Nstage_*}
 .endif
-
-.if !empty(STAGE_LIBDIR)
-STAGE_TARGETS += stage_libs
-STAGE_LIBS ?= ${.ALLSRC:N.dirdep:Nstage_*}
 .endif
 
 .if !empty(STAGE_DIR)
@@ -174,8 +183,6 @@ STAGE_SYMLINKS_DIR._default = ${STAGE_SYMLINKS_DIR:U${STAGE_OBJTOP}}
 STAGE_FILES._default = ${STAGE_FILES}
 STAGE_LINKS._default = ${STAGE_LINKS}
 STAGE_SYMLINKS._default = ${STAGE_SYMLINKS}
-STAGE_FILES ?= ${.ALLSRC:N.dirdep:Nstage_*}
-STAGE_SYMLINKS ?= ${.ALLSRC:T:N.dirdep:Nstage_*}
 .endif
 
 .if !empty(STAGE_SETS)
@@ -183,24 +190,31 @@ CLEANFILES += ${STAGE_SETS:@s@stage*$s@}
 
 # some makefiles need to populate multiple directories
 .for s in ${STAGE_SETS:O:u}
-STAGE_FILES.$s ?= ${.ALLSRC:N.dirdep:Nstage_*}
-STAGE_SYMLINKS.$s ?= ${.ALLSRC:N.dirdep:Nstage_*}
-STAGE_LINKS_DIR.$s ?= ${STAGE_OBJTOP}
-STAGE_SYMLINKS_DIR.$s ?= ${STAGE_OBJTOP}
-
+.if !empty(STAGE_FILES.$s)
+stage_files.$s: ${STAGE_FILES.$s}
+.endif
+.if target(stage_files.$s) || target(stage_files${s:S,^,.,:N._default})
 STAGE_TARGETS += stage_files
+STAGE_FILES.$s ?= ${.ALLSRC:N.dirdep:Nstage_*}
 .if !target(.stage_files.$s)
 .stage_files.$s:
 .if $s != "_default"
 stage_files:	stage_files.$s
 stage_files.$s:	.dirdep
 .else
+STAGE_FILES ?= ${.ALLSRC:N.dirdep:Nstage_*}
 stage_files:	.dirdep
 .endif
 	@${STAGE_FILE_SCRIPT}; StageFiles ${FLAGS.$@} ${STAGE_FILES_DIR.$s:U${STAGE_DIR.$s}:${STAGE_DIR_FILTER}} ${STAGE_FILES.$s}
 	@touch $@
 .endif
+.endif
 
+.if !empty(STAGE_LINKS.$s)
+stage_links.$s:
+.endif
+.if target(stage_links.$s) || target(stage_links${s:S,^,.,:N._default})
+STAGE_LINKS_DIR.$s ?= ${STAGE_OBJTOP}
 STAGE_TARGETS += stage_links
 .if !target(.stage_links.$s)
 .stage_links.$s:
@@ -213,7 +227,13 @@ stage_links:	.dirdep
 	@${STAGE_LINKS_SCRIPT}; StageLinks ${STAGE_LINKS_DIR.$s:U${STAGE_DIR.$s}:${STAGE_DIR_FILTER}} ${STAGE_LINKS.$s}
 	@touch $@
 .endif
+.endif
 
+.if !empty(STAGE_SYMLINKS.$s)
+stage_symlinks.$s:
+.endif
+.if target(stage_symlinks.$s) || target(stage_symlinks${s:S,^,.,:N._default})
+STAGE_SYMLINKS_DIR.$s ?= ${STAGE_OBJTOP}
 STAGE_TARGETS += stage_symlinks
 .if !target(.stage_symlinks.$s)
 .stage_symlinks.$s:
@@ -226,6 +246,7 @@ stage_symlinks:	.dirdep
 	@${STAGE_LINKS_SCRIPT}; StageLinks -s ${STAGE_SYMLINKS_DIR.$s:U${STAGE_DIR.$s}:${STAGE_DIR_FILTER}} ${STAGE_SYMLINKS.$s}
 	@touch $@
 .endif
+.endif
 
 .endfor
 .endif
@@ -233,8 +254,6 @@ stage_symlinks:	.dirdep
 .if !empty(STAGE_AS_SETS)
 CLEANFILES += ${STAGE_AS_SETS:@s@stage*$s@}
 
-STAGE_TARGETS += stage_as stage_as_and_symlink
-
 # sometimes things need to be renamed as they are staged
 # each ${file} will be staged as ${STAGE_AS_${file:T}}
 # one could achieve the same with SYMLINKS
@@ -242,9 +261,12 @@ STAGE_TARGETS += stage_as stage_as_and_symlink
 # it is the same as using stage_as and stage_symlinks but ensures
 # both operations happen together
 .for s in ${STAGE_AS_SETS:O:u}
+.if !empty(STAGE_AS.$s)
+stage_as.$s: ${STAGE_AS.$s}
+.endif
+.if target(stage_as.$s)
+STAGE_TARGETS += stage_as
 STAGE_AS.$s ?= ${.ALLSRC:N.dirdep:Nstage_*}
-STAGE_AS_AND_SYMLINK.$s ?= ${.ALLSRC:N.dirdep:Nstage_*}
-
 .if !target(.stage_as.$s)
 .stage_as.$s:
 stage_as:	stage_as.$s
@@ -252,7 +274,14 @@ stage_as.$s:	.dirdep
 	@${STAGE_AS_SCRIPT}; StageAs ${FLAGS.$@} ${STAGE_FILES_DIR.$s:U${STAGE_DIR.$s}:${STAGE_DIR_FILTER}} ${STAGE_AS.$s:@f@$f ${STAGE_AS_${f:tA}:U${STAGE_AS_${f:T}:U${f:T}}}@}
 	@touch $@
 .endif
+.endif
 
+.if !empty(STAGE_AS_AND_SYMLINK.$s)
+stage_as_and_symlink.$s: ${STAGE_AS_AND_SYMLINK.$s}
+.endif
+.if target(stage_as_and_symlink.$s)
+STAGE_TARGETS += stage_as_and_symlink
+STAGE_AS_AND_SYMLINK.$s ?= ${.ALLSRC:N.dirdep:Nstage_*}
 .if !target(.stage_as_and_symlink.$s)
 .stage_as_and_symlink.$s:
 stage_as_and_symlink:	stage_as_and_symlink.$s
@@ -261,6 +290,7 @@ stage_as_and_symlink.$s:	.dirdep
 	@${STAGE_LINKS_SCRIPT}; StageLinks -s ${STAGE_FILES_DIR.$s:U${STAGE_DIR.$s}:${STAGE_DIR_FILTER}} ${STAGE_AS_AND_SYMLINK.$s:@f@${STAGE_AS_${f:tA}:U${STAGE_AS_${f:T}:U${f:T}}} $f@}
 	@touch $@
 .endif
+.endif
 
 .endfor
 .endif
@@ -304,6 +334,9 @@ beforeinstall: .dirdep
 .NOPATH: ${STAGE_FILES}
 
 .if !empty(STAGE_TARGETS)
+# for backwards compat make sure they exist
+${STAGE_TARGETS}:
+
 .NOPATH: ${CLEANFILES}
 
 MK_STALE_STAGED?= no

contrib/bmake/mk/meta.sys.mk

@@ -1,4 +1,4 @@
-# $Id: meta.sys.mk,v 1.31 2016/09/10 00:44:46 sjg Exp $
+# $Id: meta.sys.mk,v 1.32 2017/06/11 03:24:04 sjg Exp $
 
 #
 #	@(#) Copyright (c) 2010, Simon J. Gerraty
@@ -120,6 +120,7 @@ MKDEP_MK = meta.autodep.mk
 # re-running needlessly
 META_COOKIE_TOUCH?= touch ${COOKIE.${.TARGET}:U${.OBJDIR}/${.TARGET:T}}
 META_NOPHONY=
+META_NOECHO= :
 
 # some targets involve old pre-built targets
 # ignore mtime of shell
@@ -163,5 +164,6 @@ BUILD_AT_LEVEL0 ?= no
 META_COOKIE_TOUCH=
 # some targets need to be .PHONY in non-meta mode
 META_NOPHONY= .PHONY
+META_NOECHO= echo
 .endif
 .endif

contrib/bmake/mk/meta2deps.py

@@ -37,7 +37,7 @@
 
 """
 RCSid:
-	$Id: meta2deps.py,v 1.26 2017/05/09 04:04:16 sjg Exp $
+	$Id: meta2deps.py,v 1.27 2017/05/24 00:04:04 sjg Exp $
 
 	Copyright (c) 2011-2013, Juniper Networks, Inc.
 	All rights reserved.
@@ -90,6 +90,12 @@ def resolve(path, cwd, last_dir=None, debug=0, debug_out=sys.stderr):
     for d in [last_dir, cwd]:
         if not d:
             continue
+        if path == '..':
+            dw = d.split('/')
+            p = '/'.join(dw[:-1])
+            if not p:
+                p = '/'
+            return p
         p = '/'.join([d,path])
         if debug > 2:
             print("looking for:", p, end=' ', file=debug_out)
@@ -115,8 +121,11 @@ def cleanpath(path):
         if not d or d == '.':
             continue
         if d == '..':
-            p.pop()
-            continue
+            try:
+                p.pop()
+                continue
+            except:
+                break
         p.append(d)
 
     return r + '/'.join(p)

contrib/bmake/mk/own.mk

@@ -1,4 +1,4 @@
-# $Id: own.mk,v 1.35 2017/05/03 18:09:44 sjg Exp $
+# $Id: own.mk,v 1.36 2017/07/08 21:58:46 sjg Exp $
 
 .if !target(__${.PARSEFILE}__)
 __${.PARSEFILE}__:
@@ -7,7 +7,7 @@ __${.PARSEFILE}__:
 .include "init.mk"
 .endif
 
-.ifndef NOMAKECONF
+.if !defined(NOMAKECONF) && !defined(NO_MAKECONF)
 MAKECONF?=	/etc/mk.conf
 .-include "${MAKECONF}"
 .endif
@@ -35,7 +35,7 @@ libprefix?=	/usr
 .endif
 
 # FreeBSD at least does not set this
-MACHINE_ARCH?=${MACHINE}
+MACHINE_ARCH?=	${MACHINE}
 # we need to make sure these are defined too in case sys.mk fails to.
 COMPILE.s?=	${CC} ${AFLAGS} -c
 LINK.s?=	${CC} ${AFLAGS} ${LDFLAGS}
@@ -129,12 +129,11 @@ _uid!=  id -u
 USERGRP!=  id -g
 .export USERGRP
 .endif
-.for x in BIN CONF DOC INC INFO FILES KMOD LIB MAN NLS SHARE
+.for x in BIN CONF DOC INC INFO FILES KMOD LIB MAN NLS PROG SHARE
 $xOWN=  ${USER}
 $xGRP=  ${USERGRP}
 $x_INSTALL_OWN=
 .endfor
-PROG_INSTALL_OWN=
 .endif
 .endif
 

contrib/bmake/sprite.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: sprite.h,v 1.11 2009/01/23 21:26:30 dsl Exp $	*/
+/*	$NetBSD: sprite.h,v 1.14 2017/05/31 22:02:06 maya Exp $	*/
 
 /*
  * Copyright (c) 1988, 1989, 1990, 1993
@@ -78,8 +78,8 @@
  * Common constants and type declarations for Sprite.
  */
 
-#ifndef _SPRITE
-#define _SPRITE
+#ifndef MAKE_SPRITE_H
+#define MAKE_SPRITE_H
 
 
 /*
@@ -113,4 +113,4 @@ typedef int  ReturnStatus;
 #define	SUCCESS			0x00000000
 #define	FAILURE			0x00000001
 
-#endif /* _SPRITE */
+#endif /* MAKE_SPRITE_H */

contrib/elftoolchain/readelf/readelf.c

@@ -783,6 +783,80 @@ dt_type(unsigned int mach, unsigned int dtype)
 {
 	static char s_dtype[32];
 
+	switch (dtype) {
+	case DT_NULL: return "NULL";
+	case DT_NEEDED: return "NEEDED";
+	case DT_PLTRELSZ: return "PLTRELSZ";
+	case DT_PLTGOT: return "PLTGOT";
+	case DT_HASH: return "HASH";
+	case DT_STRTAB: return "STRTAB";
+	case DT_SYMTAB: return "SYMTAB";
+	case DT_RELA: return "RELA";
+	case DT_RELASZ: return "RELASZ";
+	case DT_RELAENT: return "RELAENT";
+	case DT_STRSZ: return "STRSZ";
+	case DT_SYMENT: return "SYMENT";
+	case DT_INIT: return "INIT";
+	case DT_FINI: return "FINI";
+	case DT_SONAME: return "SONAME";
+	case DT_RPATH: return "RPATH";
+	case DT_SYMBOLIC: return "SYMBOLIC";
+	case DT_REL: return "REL";
+	case DT_RELSZ: return "RELSZ";
+	case DT_RELENT: return "RELENT";
+	case DT_PLTREL: return "PLTREL";
+	case DT_DEBUG: return "DEBUG";
+	case DT_TEXTREL: return "TEXTREL";
+	case DT_JMPREL: return "JMPREL";
+	case DT_BIND_NOW: return "BIND_NOW";
+	case DT_INIT_ARRAY: return "INIT_ARRAY";
+	case DT_FINI_ARRAY: return "FINI_ARRAY";
+	case DT_INIT_ARRAYSZ: return "INIT_ARRAYSZ";
+	case DT_FINI_ARRAYSZ: return "FINI_ARRAYSZ";
+	case DT_RUNPATH: return "RUNPATH";
+	case DT_FLAGS: return "FLAGS";
+	case DT_PREINIT_ARRAY: return "PREINIT_ARRAY";
+	case DT_PREINIT_ARRAYSZ: return "PREINIT_ARRAYSZ";
+	case DT_MAXPOSTAGS: return "MAXPOSTAGS";
+	case DT_SUNW_AUXILIARY: return "SUNW_AUXILIARY";
+	case DT_SUNW_RTLDINF: return "SUNW_RTLDINF";
+	case DT_SUNW_FILTER: return "SUNW_FILTER";
+	case DT_SUNW_CAP: return "SUNW_CAP";
+	case DT_CHECKSUM: return "CHECKSUM";
+	case DT_PLTPADSZ: return "PLTPADSZ";
+	case DT_MOVEENT: return "MOVEENT";
+	case DT_MOVESZ: return "MOVESZ";
+	case DT_FEATURE: return "FEATURE";
+	case DT_POSFLAG_1: return "POSFLAG_1";
+	case DT_SYMINSZ: return "SYMINSZ";
+	case DT_SYMINENT: return "SYMINENT";
+	case DT_GNU_HASH: return "GNU_HASH";
+	case DT_TLSDESC_PLT: return "DT_TLSDESC_PLT";
+	case DT_TLSDESC_GOT: return "DT_TLSDESC_GOT";
+	case DT_GNU_CONFLICT: return "GNU_CONFLICT";
+	case DT_GNU_LIBLIST: return "GNU_LIBLIST";
+	case DT_CONFIG: return "CONFIG";
+	case DT_DEPAUDIT: return "DEPAUDIT";
+	case DT_AUDIT: return "AUDIT";
+	case DT_PLTPAD: return "PLTPAD";
+	case DT_MOVETAB: return "MOVETAB";
+	case DT_SYMINFO: return "SYMINFO";
+	case DT_VERSYM: return "VERSYM";
+	case DT_RELACOUNT: return "RELACOUNT";
+	case DT_RELCOUNT: return "RELCOUNT";
+	case DT_FLAGS_1: return "FLAGS_1";
+	case DT_VERDEF: return "VERDEF";
+	case DT_VERDEFNUM: return "VERDEFNUM";
+	case DT_VERNEED: return "VERNEED";
+	case DT_VERNEEDNUM: return "VERNEEDNUM";
+	case DT_AUXILIARY: return "AUXILIARY";
+	case DT_USED: return "USED";
+	case DT_FILTER: return "FILTER";
+	case DT_GNU_PRELINKED: return "GNU_PRELINKED";
+	case DT_GNU_CONFLICTSZ: return "GNU_CONFLICTSZ";
+	case DT_GNU_LIBLISTSZ: return "GNU_LIBLISTSZ";
+	}
+
 	if (dtype >= DT_LOPROC && dtype <= DT_HIPROC) {
 		switch (mach) {
 		case EM_ARM:
@@ -903,86 +977,10 @@ dt_type(unsigned int mach, unsigned int dtype)
 		default:
 			break;
 		}
-		snprintf(s_dtype, sizeof(s_dtype), "<unknown: %#x>", dtype);
-		return (s_dtype);
 	}
 
-	switch (dtype) {
-	case DT_NULL: return "NULL";
-	case DT_NEEDED: return "NEEDED";
-	case DT_PLTRELSZ: return "PLTRELSZ";
-	case DT_PLTGOT: return "PLTGOT";
-	case DT_HASH: return "HASH";
-	case DT_STRTAB: return "STRTAB";
-	case DT_SYMTAB: return "SYMTAB";
-	case DT_RELA: return "RELA";
-	case DT_RELASZ: return "RELASZ";
-	case DT_RELAENT: return "RELAENT";
-	case DT_STRSZ: return "STRSZ";
-	case DT_SYMENT: return "SYMENT";
-	case DT_INIT: return "INIT";
-	case DT_FINI: return "FINI";
-	case DT_SONAME: return "SONAME";
-	case DT_RPATH: return "RPATH";
-	case DT_SYMBOLIC: return "SYMBOLIC";
-	case DT_REL: return "REL";
-	case DT_RELSZ: return "RELSZ";
-	case DT_RELENT: return "RELENT";
-	case DT_PLTREL: return "PLTREL";
-	case DT_DEBUG: return "DEBUG";
-	case DT_TEXTREL: return "TEXTREL";
-	case DT_JMPREL: return "JMPREL";
-	case DT_BIND_NOW: return "BIND_NOW";
-	case DT_INIT_ARRAY: return "INIT_ARRAY";
-	case DT_FINI_ARRAY: return "FINI_ARRAY";
-	case DT_INIT_ARRAYSZ: return "INIT_ARRAYSZ";
-	case DT_FINI_ARRAYSZ: return "FINI_ARRAYSZ";
-	case DT_RUNPATH: return "RUNPATH";
-	case DT_FLAGS: return "FLAGS";
-	case DT_PREINIT_ARRAY: return "PREINIT_ARRAY";
-	case DT_PREINIT_ARRAYSZ: return "PREINIT_ARRAYSZ";
-	case DT_MAXPOSTAGS: return "MAXPOSTAGS";
-	case DT_SUNW_AUXILIARY: return "SUNW_AUXILIARY";
-	case DT_SUNW_RTLDINF: return "SUNW_RTLDINF";
-	case DT_SUNW_FILTER: return "SUNW_FILTER";
-	case DT_SUNW_CAP: return "SUNW_CAP";
-	case DT_CHECKSUM: return "CHECKSUM";
-	case DT_PLTPADSZ: return "PLTPADSZ";
-	case DT_MOVEENT: return "MOVEENT";
-	case DT_MOVESZ: return "MOVESZ";
-	case DT_FEATURE: return "FEATURE";
-	case DT_POSFLAG_1: return "POSFLAG_1";
-	case DT_SYMINSZ: return "SYMINSZ";
-	case DT_SYMINENT: return "SYMINENT";
-	case DT_GNU_HASH: return "GNU_HASH";
-	case DT_TLSDESC_PLT: return "DT_TLSDESC_PLT";
-	case DT_TLSDESC_GOT: return "DT_TLSDESC_GOT";
-	case DT_GNU_CONFLICT: return "GNU_CONFLICT";
-	case DT_GNU_LIBLIST: return "GNU_LIBLIST";
-	case DT_CONFIG: return "CONFIG";
-	case DT_DEPAUDIT: return "DEPAUDIT";
-	case DT_AUDIT: return "AUDIT";
-	case DT_PLTPAD: return "PLTPAD";
-	case DT_MOVETAB: return "MOVETAB";
-	case DT_SYMINFO: return "SYMINFO";
-	case DT_VERSYM: return "VERSYM";
-	case DT_RELACOUNT: return "RELACOUNT";
-	case DT_RELCOUNT: return "RELCOUNT";
-	case DT_FLAGS_1: return "FLAGS_1";
-	case DT_VERDEF: return "VERDEF";
-	case DT_VERDEFNUM: return "VERDEFNUM";
-	case DT_VERNEED: return "VERNEED";
-	case DT_VERNEEDNUM: return "VERNEEDNUM";
-	case DT_AUXILIARY: return "AUXILIARY";
-	case DT_USED: return "USED";
-	case DT_FILTER: return "FILTER";
-	case DT_GNU_PRELINKED: return "GNU_PRELINKED";
-	case DT_GNU_CONFLICTSZ: return "GNU_CONFLICTSZ";
-	case DT_GNU_LIBLISTSZ: return "GNU_LIBLISTSZ";
-	default:
-		snprintf(s_dtype, sizeof(s_dtype), "<unknown: %#x>", dtype);
-		return (s_dtype);
-	}
+	snprintf(s_dtype, sizeof(s_dtype), "<unknown: %#x>", dtype);
+	return (s_dtype);
 }
 
 static const char *
@@ -2638,10 +2636,8 @@ dyn_str(struct readelf *re, uint32_t stab, uint64_t d_val)
 }
 
 static void
-dump_arch_dyn_val(struct readelf *re, GElf_Dyn *dyn, uint32_t stab)
+dump_arch_dyn_val(struct readelf *re, GElf_Dyn *dyn)
 {
-	const char *name;
-
 	switch (re->ehdr.e_machine) {
 	case EM_MIPS:
 	case EM_MIPS_RS3_LE:
@@ -2694,11 +2690,6 @@ dump_arch_dyn_val(struct readelf *re, GElf_Dyn *dyn, uint32_t stab)
 			break;
 		case DT_MIPS_IVERSION:
 		case DT_MIPS_PERF_SUFFIX:
-		case DT_AUXILIARY:
-		case DT_FILTER:
-			name = dyn_str(re, stab, dyn->d_un.d_val);
-			printf(" %s\n", name);
-			break;
 		case DT_MIPS_TIME_STAMP:
 			printf(" %s\n", timestamp(dyn->d_un.d_val));
 			break;
@@ -2715,14 +2706,16 @@ dump_dyn_val(struct readelf *re, GElf_Dyn *dyn, uint32_t stab)
 {
 	const char *name;
 
-	if (dyn->d_tag >= DT_LOPROC && dyn->d_tag <= DT_HIPROC) {
-		dump_arch_dyn_val(re, dyn, stab);
+	if (dyn->d_tag >= DT_LOPROC && dyn->d_tag <= DT_HIPROC &&
+	    dyn->d_tag != DT_AUXILIARY && dyn->d_tag != DT_FILTER) {
+		dump_arch_dyn_val(re, dyn);
 		return;
 	}
 
 	/* These entry values are index into the string table. */
 	name = NULL;
-	if (dyn->d_tag == DT_NEEDED || dyn->d_tag == DT_SONAME ||
+	if (dyn->d_tag == DT_AUXILIARY || dyn->d_tag == DT_FILTER ||
+	    dyn->d_tag == DT_NEEDED || dyn->d_tag == DT_SONAME ||
 	    dyn->d_tag == DT_RPATH || dyn->d_tag == DT_RUNPATH)
 		name = dyn_str(re, stab, dyn->d_un.d_val);
 
@@ -2767,6 +2760,12 @@ dump_dyn_val(struct readelf *re, GElf_Dyn *dyn, uint32_t stab)
 	case DT_VERNEEDNUM:
 		printf(" %ju\n", (uintmax_t) dyn->d_un.d_val);
 		break;
+	case DT_AUXILIARY:
+		printf(" Auxiliary library: [%s]\n", name);
+		break;
+	case DT_FILTER:
+		printf(" Filter library: [%s]\n", name);
+		break;
 	case DT_NEEDED:
 		printf(" Shared library: [%s]\n", name);
 		break;

etc/defaults/rc.conf

@@ -168,6 +168,7 @@ firewall_nat_enable="NO"	# Enable kernel NAT (if firewall_enable == YES)
 firewall_nat_interface=""	# Public interface or IPaddress to use
 firewall_nat_flags=""		# Additional configuration parameters
 dummynet_enable="NO"		# Load the dummynet(4) module
+ipfw_netflow_enable="NO"	# Enable netflow logging via ng_netflow
 ip_portrange_first="NO"		# Set first dynamically allocated port
 ip_portrange_last="NO"		# Set last dynamically allocated port
 ike_enable="NO"			# Enable IKE daemon (usually racoon or isakmpd)

etc/mtree/BSD.tests.dist

@@ -378,6 +378,10 @@
         ..
         mdconfig
         ..
+        pfctl
+            files
+            ..
+        ..
     ..
     secure
         lib

etc/rc.d/Makefile

@@ -47,7 +47,6 @@ FILES=	DAEMON \
 	ip6addrctl \
 	ipfilter \
 	ipfs \
-	ipfw \
 	ipmon \
 	ipnat \
 	ipsec \
@@ -206,6 +205,13 @@ HASTPACKAGE=	hast
 FILES+=		inetd
 .endif
 
+.if ${MK_IPFW} != "no"
+FILES+=		ipfw
+.if ${MK_NETGRAPH} != "no"
+FILES+=		ipfw_netflow
+.endif
+.endif
+
 .if ${MK_ISCSI} != "no"
 FILES+=		iscsictl
 FILES+=		iscsid

etc/rc.d/ipfw_netflow

@@ -54,7 +54,7 @@ ipfw_netflow_status()
 ipfw_netflow_start()
 {
 	ipfw_netflow_is_running && err 1 "ipfw_netflow is already active"
-	ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any
+	ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any ${ipfw_netflow_fib:+fib ${ipfw_netflow_fib}}
 	ngctl -f - <<-EOF
 	mkpeer ipfw: netflow ${ipfw_netflow_hook} iface0
 	name ipfw:${ipfw_netflow_hook} netflow

lib/libsysdecode/mkioctls

@@ -18,14 +18,12 @@ LC_ALL=C; export LC_ALL
 ioctl_includes=$(
 	cd $includedir
 	find -H -s * -name '*.h' | \
-	egrep -v '(.*disk.*|net/pfvar|net/if_pfsync)\.h' | \
+	egrep -v '(net/pfvar|net/if_pfsync)\.h' | \
 		xargs egrep -l \
 '^#[ 	]*define[ 	]+[A-Za-z_][A-Za-z0-9_]*[ 	]+_IO[^a-z0-9_]' |
 		awk '{printf("#include <%s>\\n", $1)}'
 )
 
-ioctl_includes="$ioctl_includes#include <sys/diskmbr.h>\\n"
-
 awk -v x="$ioctl_includes" 'BEGIN {print x}' |
 	$CPP -nostdinc -I$includedir -dM -DCOMPAT_43TTY - |
 	awk -v ioctl_includes="$ioctl_includes" '

lib/libthr/thread/thr_barrier.c

@@ -100,7 +100,7 @@ _pthread_barrier_init(pthread_barrier_t *barrier,
 	pthread_barrier_t bar;
 	int pshared;
 
-	if (barrier == NULL || count == 0)
+	if (barrier == NULL || count == 0 || count > INT_MAX)
 		return (EINVAL);
 
 	if (attr == NULL || *attr == NULL ||

lib/libutil/tests/Makefile

@@ -3,9 +3,7 @@
 TAP_TESTS_C+=	flopen_test
 TAP_TESTS_C+=	grp_test
 TAP_TESTS_C+=	humanize_number_test
-.if ${MACHINE_CPUARCH} != "aarch64" # PR202304: pidfile_test hangs on arm64
 TAP_TESTS_C+=	pidfile_test
-.endif
 TAP_TESTS_C+=	trimdomain_test
 TAP_TESTS_C+=	trimdomain-nodomain_test
 

sbin/pfctl/Makefile

@@ -31,4 +31,8 @@ YFLAGS=
 
 LIBADD=	m md
 
+.if ${MK_TESTS} != "no"
+SUBDIR+=    tests
+.endif
+
 .include <bsd.prog.mk>

sbin/pfctl/tests/Makefile

@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+ATF_TESTS_SH=	pfctl_test
+
+SUBDIR+=	files
+
+.include <bsd.test.mk>

sbin/pfctl/tests/files/Makefile

@@ -0,0 +1,12 @@
+# $FreeBSD$
+
+TESTSDIR=	${TESTSBASE}/sbin/pfctl/files
+BINDIR=		${TESTSDIR}
+
+# We use ${.CURDIR} as workaround so that the glob patterns work.
+FILES=		${.CURDIR}/pf????.in
+FILES+=		${.CURDIR}/pf????.include
+FILES+=		${.CURDIR}/pf????.ok
+FILES+=		${.CURDIR}/pfctl_test_descr.sh
+
+.include <bsd.progs.mk>

sbin/pfctl/tests/files/pf0001.in

@@ -0,0 +1,8 @@
+pass in all
+pass in from any to any no state
+pass in proto tcp from any port <= 1024 to any label foo_bar
+pass in proto tcp from any to any port = 25
+pass in proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != 22
+pass in proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts
+pass in proto tcp from { 1.2.3.4, 1.2.3.5 } to any label \
+"$nr:$proto:$srcaddr:$srcport:$dstaddr:$dstport"

sbin/pfctl/tests/files/pf0001.ok

@@ -0,0 +1,8 @@
+pass in all flags S/SA keep state
+pass in all no state
+pass in proto tcp from any port <= 1024 to any flags S/SA keep state label "foo_bar"
+pass in proto tcp from any to any port = smtp flags S/SA keep state
+pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh flags S/SA keep state
+pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 keep state allow-opts
+pass in inet proto tcp from 1.2.3.4 to any flags S/SA keep state label "6:tcp:1.2.3.4::any:"
+pass in inet proto tcp from 1.2.3.5 to any flags S/SA keep state label "7:tcp:1.2.3.5::any:"

sbin/pfctl/tests/files/pf0002.in

@@ -0,0 +1,34 @@
+# test
+
+block	       out log on tun1000000		 all
+block	       in  log on tun1000000		 all
+
+block return-rst  out log on tun1000000 proto tcp all
+block return-rst  in  log on tun1000000 proto tcp all
+block return-icmp out log on tun1000000 proto udp all
+block return-icmp in  log on tun1000000 proto udp all
+
+block out log quick on tun1000000 from ! 157.161.48.183 to any
+
+block in quick on tun1000000 from any to 255.255.255.255
+
+block in log quick on tun1000000 from 10.0.0.0/8		to any
+block in log quick on tun1000000 from 172.16.0.0/12	to any
+block in quick log on tun1000000 from 192.168.0.0/16	to any
+block in quick log on tun1000000 from 255.255.255.255/32 to any
+
+block in log quick from no-route to any
+
+pass out on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+pass in  on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+
+pass out on tun1000000 proto udp all keep state
+
+pass in on tun1000000 proto udp from any to any port = domain keep state
+
+pass out on tun1000000 proto tcp all keep state
+
+pass in on tun1000000 proto tcp from any to any port = ssh    keep state
+pass in on tun1000000 proto tcp from any to any port = smtp   keep state
+pass in on tun1000000 proto tcp from any to any port = domain keep state
+pass in on tun1000000 proto tcp from any to any port = auth   keep state

sbin/pfctl/tests/files/pf0002.ok

@@ -0,0 +1,22 @@
+block drop out log on tun1000000 all
+block drop in log on tun1000000 all
+block return-rst out log on tun1000000 proto tcp all
+block return-rst in log on tun1000000 proto tcp all
+block return-icmp(port-unr, port-unr) out log on tun1000000 proto udp all
+block return-icmp(port-unr, port-unr) in log on tun1000000 proto udp all
+block drop out log quick on tun1000000 inet from ! 157.161.48.183 to any
+block drop in quick on tun1000000 inet from any to 255.255.255.255
+block drop in log quick on tun1000000 inet from 10.0.0.0/8 to any
+block drop in log quick on tun1000000 inet from 172.16.0.0/12 to any
+block drop in log quick on tun1000000 inet from 192.168.0.0/16 to any
+block drop in log quick on tun1000000 inet from 255.255.255.255 to any
+block drop in log quick from no-route to any
+pass out on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
+pass in on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
+pass out on tun1000000 proto udp all keep state
+pass in on tun1000000 proto udp from any to any port = domain keep state
+pass out on tun1000000 proto tcp all flags S/SA keep state
+pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA keep state
+pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA keep state
+pass in on tun1000000 proto tcp from any to any port = domain flags S/SA keep state
+pass in on tun1000000 proto tcp from any to any port = auth flags S/SA keep state

sbin/pfctl/tests/files/pf0003.in

@@ -0,0 +1,13 @@
+pass in all
+pass in from any to any
+
+block in proto tcp from any to any flags FUPEW/FSRPAUEW
+block in proto tcp from any to any flags SF/SFRA
+block in proto tcp from any to any flags /SFRAW
+
+pass in proto { udp, icmp, tcp } from any to any flags S/SA
+pass in from any to any flags S/SA no state
+pass in from any to any flags any no state
+pass in from any to any flags any
+pass in from any to any keep state
+pass in from any to any

sbin/pfctl/tests/files/pf0003.ok

@@ -0,0 +1,13 @@
+pass in all flags S/SA keep state
+pass in all flags S/SA keep state
+block drop in proto tcp all flags FPUEW/FSRPAUEW
+block drop in proto tcp all flags FS/FSRA
+block drop in proto tcp all flags /FSRAW
+pass in proto udp all keep state
+pass in proto icmp all keep state
+pass in proto tcp all flags S/SA keep state
+pass in all flags S/SA no state
+pass in all no state
+pass in all flags any keep state
+pass in all flags S/SA keep state
+pass in all flags S/SA keep state

sbin/pfctl/tests/files/pf0004.in

@@ -0,0 +1,16 @@
+block in all
+block in proto tcp all
+block in proto { tcp, udp } all
+
+block in from any to any
+block in from 10.0.0.0/8 to any
+block in from ! 10.0.0.0/8 to any
+block in from { 10.0.0.0/8, 172.16.0.0/12 } to any
+
+block in proto tcp from any port = ssh to any
+block in proto tcp from any port { ssh, ftp >< 2048, != 1234, >= www } \
+	to any port 1024:2048
+
+block in proto { tcp, udp } from { 10.0.0.0/8, 172.16.0.0/12 } port { ssh, ftp } \
+	to { 192.168.0.0/16, 12.34.56.78 } port { 6667, 6668, 6669:65535 }
+

sbin/pfctl/tests/files/pf0004.ok

@@ -0,0 +1,62 @@
+block drop in all
+block drop in proto tcp all
+block drop in proto tcp all
+block drop in proto udp all
+block drop in all
+block drop in inet from 10.0.0.0/8 to any
+block drop in inet from ! 10.0.0.0/8 to any
+block drop in inet from 10.0.0.0/8 to any
+block drop in inet from 172.16.0.0/12 to any
+block drop in proto tcp from any port = ssh to any
+block drop in proto tcp from any port = ssh to any port 1024:2048
+block drop in proto tcp from any port 21 >< 2048 to any port 1024:2048
+block drop in proto tcp from any port != 1234 to any port 1024:2048
+block drop in proto tcp from any port >= 80 to any port 1024:2048
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = ircd
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port 6669:65535
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = ircd
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port 6669:65535
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = ircd
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port 6669:65535
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = ircd
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port 6669:65535
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = ircd
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port 6669:65535
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = ircd
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port 6669:65535
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = ircd
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port 6669:65535
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = ircd
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port 6669:65535
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port 6669:65535
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port 6669:65535
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port 6669:65535
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port 6669:65535
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port 6669:65535
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port 6669:65535
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6667
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port 6669:65535
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6667
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 12.34.56.78 port 6669:65535

sbin/pfctl/tests/files/pf0005.in

@@ -0,0 +1,6 @@
+foo = "ssh, ftp"
+bar = "other thing"
+inside="10.0.0.0/8"
+
+block in proto udp from $inside port { echo, $foo, ident } \
+	to 12.34.56.78 port { 6667, 0x10 }

sbin/pfctl/tests/files/pf0005.ok

@@ -0,0 +1,11 @@
+foo = "ssh, ftp"
+bar = "other thing"
+inside = "10.0.0.0/8"
+block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 16
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 16
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 16
+block drop in inet proto udp from 10.0.0.0/8 port = auth to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = auth to 12.34.56.78 port = 16

sbin/pfctl/tests/files/pf0006.in

@@ -0,0 +1,3 @@
+a=b
+c=x
+a_b_c=d

sbin/pfctl/tests/files/pf0006.ok

@@ -0,0 +1,3 @@
+a = "b"
+c = "x"
+a_b_c = "d"

sbin/pfctl/tests/files/pf0007.in

@@ -0,0 +1,34 @@
+# test modulate state
+
+block	       out log on tun1000000		 all
+block	       in  log on tun1000000		 all
+
+block return-rst  out log on tun1000000 proto tcp all
+block return-rst  in  log on tun1000000 proto tcp all
+block return-icmp out log on tun1000000 proto udp all
+block return-icmp in  log on tun1000000 proto udp all
+
+block out log quick on tun1000000 from ! 157.161.48.183 to any
+
+block in quick on tun1000000 from any to 255.255.255.255
+
+block in log quick on tun1000000 from 10.0.0.0/8		to any
+block in log quick on tun1000000 from 172.16.0.0/12	to any
+block in log quick on tun1000000 from 192.168.0.0/16	to any
+block in log quick on tun1000000 from 255.255.255.255/32 to any
+
+pass out on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+pass in  on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+
+pass out on tun1000000 proto udp all keep state
+
+pass in on tun1000000 proto udp from any to any port = domain keep state
+
+pass out on tun1000000 proto tcp all modulate state
+pass in on tun1000000 proto { tcp udp icmp } all modulate state
+pass in on tun1000000 proto { udp tcp icmp } all flags S/SA synproxy state
+
+pass in on tun1000000 proto tcp from any to any port = ssh    modulate state
+pass in on tun1000000 proto tcp from any to any port = smtp   modulate state
+pass in on tun1000000 proto tcp from any to any port = domain modulate state
+pass in on tun1000000 proto tcp from any to any port = auth   modulate state

sbin/pfctl/tests/files/pf0007.ok

@@ -0,0 +1,27 @@
+block drop out log on tun1000000 all
+block drop in log on tun1000000 all
+block return-rst out log on tun1000000 proto tcp all
+block return-rst in log on tun1000000 proto tcp all
+block return-icmp(port-unr, port-unr) out log on tun1000000 proto udp all
+block return-icmp(port-unr, port-unr) in log on tun1000000 proto udp all
+block drop out log quick on tun1000000 inet from ! 157.161.48.183 to any
+block drop in quick on tun1000000 inet from any to 255.255.255.255
+block drop in log quick on tun1000000 inet from 10.0.0.0/8 to any
+block drop in log quick on tun1000000 inet from 172.16.0.0/12 to any
+block drop in log quick on tun1000000 inet from 192.168.0.0/16 to any
+block drop in log quick on tun1000000 inet from 255.255.255.255 to any
+pass out on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
+pass in on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
+pass out on tun1000000 proto udp all keep state
+pass in on tun1000000 proto udp from any to any port = domain keep state
+pass out on tun1000000 proto tcp all flags S/SA modulate state
+pass in on tun1000000 proto tcp all flags S/SA modulate state
+pass in on tun1000000 proto udp all keep state
+pass in on tun1000000 proto icmp all keep state
+pass in on tun1000000 proto udp all keep state
+pass in on tun1000000 proto tcp all flags S/SA synproxy state
+pass in on tun1000000 proto icmp all keep state
+pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA modulate state
+pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA modulate state
+pass in on tun1000000 proto tcp from any to any port = domain flags S/SA modulate state
+pass in on tun1000000 proto tcp from any to any port = auth flags S/SA modulate state

sbin/pfctl/tests/files/pf0008.in

@@ -0,0 +1,2 @@
+extern =  "{ ! 10.0.0.0/8, 10.1.2.3 }"
+block out log on tun1000001 from $extern to any

sbin/pfctl/tests/files/pf0008.ok

@@ -0,0 +1,3 @@
+extern = "{ ! 10.0.0.0/8, 10.1.2.3 }"
+block drop out log on tun1000001 inet from ! 10.0.0.0/8 to any
+block drop out log on tun1000001 inet from 10.1.2.3 to any

sbin/pfctl/tests/files/pf0009.in

@@ -0,0 +1,3 @@
+interfaces = "{ enc0, tun1000000 }"
+
+block in on $interfaces all

sbin/pfctl/tests/files/pf0009.ok

@@ -0,0 +1,3 @@
+interfaces = "{ enc0, tun1000000 }"
+block drop in on enc0 all
+block drop in on tun1000000 all

sbin/pfctl/tests/files/pf0010.in

@@ -0,0 +1,31 @@
+# return variants
+pass in inet proto icmp all
+pass in inet6 proto icmp6 all
+block in inet proto icmp all
+block in inet6 proto icmp6 all
+block return-rst in inet proto tcp all
+block return-rst in inet6 proto tcp all
+block return-rst(ttl 10) in inet proto tcp all
+block return-rst(ttl 10) in inet6 proto tcp all
+block return-icmp in inet proto icmp all
+block return-icmp(0) in inet proto icmp all
+block return-icmp(net-unr) in inet proto icmp all
+block return-icmp(5) in inet proto icmp all
+block return-icmp(srcfail) in inet proto icmp all
+block return-icmp(10) in inet proto icmp all
+block return-icmp(host-prohib) in inet proto icmp all
+block return-icmp(15) in inet proto icmp all
+block return-icmp(cutoff-preced) in inet proto icmp all
+block return-icmp6 in inet6 proto icmp6 all
+block return-icmp6(0) in inet6 proto icmp6 all
+block return-icmp6(noroute-unr) in inet6 proto icmp6 all
+block return-icmp6(1) in inet6 proto icmp6 all
+block return-icmp6(admin-unr) in inet6 proto icmp6 all
+block return-icmp6(2) in inet6 proto icmp6 all
+block return-icmp6(notnbr-unr) in inet6 proto icmp6 all
+block return-icmp6(3) in inet6 proto icmp6 all
+block return-icmp6(addr-unr) in inet6 proto icmp6 all
+block return-icmp6(4) in inet6 proto icmp6 all
+block return-icmp6(port-unr) in inet6 proto icmp6 all
+block return-icmp(5, 1) in all
+block return-icmp(srcfail, admin-unr) in all

sbin/pfctl/tests/files/pf0010.ok

@@ -0,0 +1,30 @@
+pass in inet proto icmp all keep state
+pass in inet6 proto ipv6-icmp all keep state
+block drop in inet proto icmp all
+block drop in inet6 proto ipv6-icmp all
+block return-rst in inet proto tcp all
+block return-rst in inet6 proto tcp all
+block return-rst(ttl 10) in inet proto tcp all
+block return-rst(ttl 10) in inet6 proto tcp all
+block return-icmp(port-unr) in inet proto icmp all
+block return-icmp(net-unr) in inet proto icmp all
+block return-icmp(net-unr) in inet proto icmp all
+block return-icmp(srcfail) in inet proto icmp all
+block return-icmp(srcfail) in inet proto icmp all
+block return-icmp(host-prohib) in inet proto icmp all
+block return-icmp(host-prohib) in inet proto icmp all
+block return-icmp(cutoff-preced) in inet proto icmp all
+block return-icmp(cutoff-preced) in inet proto icmp all
+block return-icmp6(port-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(port-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(port-unr) in inet6 proto ipv6-icmp all
+block return-icmp(srcfail, admin-unr) in all
+block return-icmp(srcfail, admin-unr) in all

sbin/pfctl/tests/files/pf0011.in

@@ -0,0 +1,18 @@
+pass in inet proto icmp all icmp-type 0
+pass in inet proto icmp all icmp-type 0 code 0
+pass in inet proto icmp all icmp-type 1
+pass in inet proto icmp all icmp-type 1 code 1
+pass in inet6 proto ipv6-icmp all icmp6-type 0
+pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0
+pass in inet6 proto ipv6-icmp all icmp6-type 1
+pass in inet6 proto ipv6-icmp all icmp6-type 1 code 1
+block in inet proto icmp all icmp-type 0
+block in inet proto icmp all icmp-type 0 code 0
+block in inet proto icmp all icmp-type 1
+block in inet proto icmp all icmp-type 1 code 1
+block in inet6 proto ipv6-icmp all icmp6-type 0
+block in inet6 proto ipv6-icmp all icmp6-type 0 code 0
+block in inet6 proto ipv6-icmp all icmp6-type 1
+block in inet6 proto ipv6-icmp all icmp6-type 1 code 1
+pass in inet proto icmp all icmp-type unreach code needfrag
+pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb

sbin/pfctl/tests/files/pf0011.ok

@@ -0,0 +1,18 @@
+pass in inet proto icmp all icmp-type echorep keep state
+pass in inet proto icmp all icmp-type echorep code 0 keep state
+pass in inet proto icmp all icmp-type 1 keep state
+pass in inet proto icmp all icmp-type 1 code 1 keep state
+pass in inet6 proto ipv6-icmp all icmp6-type 0 keep state
+pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0 keep state
+pass in inet6 proto ipv6-icmp all icmp6-type unreach keep state
+pass in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr keep state
+block drop in inet proto icmp all icmp-type echorep
+block drop in inet proto icmp all icmp-type echorep code 0
+block drop in inet proto icmp all icmp-type 1
+block drop in inet proto icmp all icmp-type 1 code 1
+block drop in inet6 proto ipv6-icmp all icmp6-type 0
+block drop in inet6 proto ipv6-icmp all icmp6-type 0 code 0
+block drop in inet6 proto ipv6-icmp all icmp6-type unreach
+block drop in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr
+pass in inet proto icmp all icmp-type unreach code needfrag keep state
+pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb keep state

sbin/pfctl/tests/files/pf0012.in

@@ -0,0 +1,5 @@
+pass in from 127.0.0.1 to 127.0.0.1/8 no state
+pass in from 127.0.0.1/16 to 127.0.0.1/24 no state
+pass in from 127.0.0.1/25 to ! 127.0.0.1/26
+pass in inet from ! localhost to localhost/16
+pass in inet from ! lo0 to ! lo0/8

sbin/pfctl/tests/files/pf0012.ok

@@ -0,0 +1,5 @@
+pass in inet from 127.0.0.1 to 127.0.0.0/8 no state
+pass in inet from 127.0.0.0/16 to 127.0.0.0/24 no state
+pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 flags S/SA keep state
+pass in inet from ! 127.0.0.1 to 127.0.0.0/16 flags S/SA keep state
+pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 flags S/SA keep state

sbin/pfctl/tests/files/pf0013.in

@@ -0,0 +1,22 @@
+pass in quick on enc0 from any to any
+pass in quick on enc0 inet from any to any
+pass in quick on enc0 inet6 from any to any
+
+#pass out quick on tun1000000 inet from any to any route-to tun1000001
+#pass out quick on tun1000000 from any to 192.168.1.1 route-to tun1000001
+#pass out quick on tun1000000 from any to fec0::1 route-to tun1000001
+
+#pass in on tun1000000 proto tcp from any to any port = 21 dup-to (tun1000001 192.168.1.1)
+#pass in on tun1000000 proto tcp from any to any port = 21 dup-to (tun1000001 fec0::1)
+
+#pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 route-to tun1000001
+#pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 route-to tun1000001
+
+#pass in on tun1000000 proto tcp from any to any port = 21 reply-to (tun1000001 192.168.1.1)
+#pass in on tun1000000 proto tcp from any to any port = 21 reply-to (tun1000001 fec0::1)
+
+#pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 reply-to tun1000001
+#pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 reply-to tun1000001
+
+#pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 dup-to (tun1000001 192.168.1.100)
+#pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 dup-to (tun1000001 fec1::2)

sbin/pfctl/tests/files/pf0013.ok

@@ -0,0 +1,3 @@
+pass in quick on enc0 all flags S/SA keep state
+pass in quick on enc0 inet all flags S/SA keep state
+pass in quick on enc0 inet6 all flags S/SA keep state

sbin/pfctl/tests/files/pf0014.in

@@ -0,0 +1,6 @@
+pass in quick on lo0 from fe80::1%lo0 to fe80::1%lo0
+pass in quick from fe80::1%lo0 to fe80::1%lo0
+pass in quick from fe80::1%lo0 to any
+pass in quick from any to fe80::1%lo0
+pass in quick on lo0 from fe80::1%lo0 to any
+pass in quick on lo0 from any to fe80::1%lo0

sbin/pfctl/tests/files/pf0014.ok

@@ -0,0 +1,6 @@
+pass in quick on lo0 inet6 from fe80::1 to fe80::1 flags S/SA keep state
+pass in quick on lo0 inet6 from fe80::1 to fe80::1 flags S/SA keep state
+pass in quick on lo0 inet6 from fe80::1 to any flags S/SA keep state
+pass in quick on lo0 inet6 from any to fe80::1 flags S/SA keep state
+pass in quick on lo0 inet6 from fe80::1 to any flags S/SA keep state
+pass in quick on lo0 inet6 from any to fe80::1 flags S/SA keep state

sbin/pfctl/tests/files/pf0016.in

@@ -0,0 +1,5 @@
+# Test rule order processing: should fail unless nat -> filter
+#match out on lo0 from 192.168.1.1 to any nat-to 10.0.0.1
+#match in on lo0 proto tcp from any to 1.2.3.4/32 port 2222 rdr-to 10.0.0.10 port 22   
+#match on lo0 from 192.168.1.1 to any binat-to 10.0.0.1
+pass in on lo1000000 from any to any no state

sbin/pfctl/tests/files/pf0016.ok

@@ -0,0 +1 @@
+pass in on lo1000000 all no state

sbin/pfctl/tests/files/pf0018.in

@@ -0,0 +1,19 @@
+# test nat
+
+TEST_LIST1 = "{ 192.168.1.5, 192.168.1.6, 192.168.1.7 }"
+TEST_LIST2 = "{ 172.6.1.1, 172.14.1.2/32, 172.16.2.0/24 }"
+
+#match out on lo0 from 192.168.1.1 to any nat-to 10.0.0.1
+#match out on lo0 proto tcp from 192.168.1.2 to any nat-to 10.0.0.2
+#match out on lo0 proto udp from 192.168.1.3 to any nat-to 10.0.0.3
+#match out on lo0 proto icmp from 192.168.1.4 to any nat-to 10.0.0.4
+
+#match out on lo0 inet from $TEST_LIST1 to $TEST_LIST2 nat-to lo0
+
+#match out on lo0 inet from 192.168.0.1/24 to any nat-to (lo0)
+
+#match out on lo0 from 192.168.1.8 to ! 172.17.0.0/16 nat-to 10.0.0.8
+
+#match out on ! lo0 proto { udp, tcp } from any to any nat-to 10.0.0.8 static-port
+
+#match out on { lo0, tun1000000 } from any to any nat-to 10.0.0.8

sbin/pfctl/tests/files/pf0018.ok

@@ -0,0 +1,2 @@
+TEST_LIST1 = "{ 192.168.1.5, 192.168.1.6, 192.168.1.7 }"
+TEST_LIST2 = "{ 172.6.1.1, 172.14.1.2/32, 172.16.2.0/24 }"

sbin/pfctl/tests/files/pf0019.in

@@ -0,0 +1,9 @@
+EVIL = "lo0"
+GOOD = "{ lo0, lo1000000 }"
+GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }"
+DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }"
+
+#match in on lo0 proto tcp from any to 1.2.3.4/32 port 2222 rdr-to 10.0.0.10 port 22   
+
+# Test list processing
+#match in on $GOOD proto tcp from $GOOD_NET to $DEST_NET port 21 rdr-to 127.0.0.1 port 8021

sbin/pfctl/tests/files/pf0019.ok

@@ -0,0 +1,4 @@
+EVIL = "lo0"
+GOOD = "{ lo0, lo1000000 }"
+GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }"
+DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }"

sbin/pfctl/tests/files/pf0020.in

@@ -0,0 +1,9 @@
+# Test whether list expansion in NAT/RDR works correctly
+
+EVIL = "lo0"
+GOOD = "{ lo0, lo1000000 }"
+GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }"
+DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }"
+
+#match out on $EVIL inet from $GOOD_NET to $DEST_NET nat-to $EVIL
+#match in on $GOOD proto tcp from $GOOD_NET to $DEST_NET port 21 rdr-to 127.0.0.1 port 8021

sbin/pfctl/tests/files/pf0020.ok

@@ -0,0 +1,4 @@
+EVIL = "lo0"
+GOOD = "{ lo0, lo1000000 }"
+GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }"
+DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }"

sbin/pfctl/tests/files/pf0022.in

@@ -0,0 +1,8 @@
+set optimization aggressive
+set timeout { tcp.closing 6, tcp.opening 6 }
+set timeout tcp.first 6
+set limit states 500
+set limit {states 1000,frags 1000}
+set loginterface lo0
+set loginterface none
+set hostid 1

sbin/pfctl/tests/files/pf0022.ok

@@ -0,0 +1,10 @@
+set optimization aggressive
+set timeout tcp.closing 6
+set timeout tcp.opening 6
+set timeout tcp.first 6
+set limit states 500
+set limit states 1000
+set limit frags 1000
+set loginterface lo0
+set loginterface none
+set hostid 0x00000001

sbin/pfctl/tests/files/pf0023.in

@@ -0,0 +1,2 @@
+#test negated interface matching
+block in on ! lo0 all

sbin/pfctl/tests/files/pf0023.ok

@@ -0,0 +1 @@
+block drop in on ! lo0 all

sbin/pfctl/tests/files/pf0024.in

@@ -0,0 +1,8 @@
+#test variable concat
+a="ssh"
+b="ftp"
+c=$a $b
+d=$a $b $a $b
+e=$a $b $b "test" $a $b
+
+pass in proto tcp from any to any port { $c }

sbin/pfctl/tests/files/pf0024.ok

@@ -0,0 +1,7 @@
+a = "ssh"
+b = "ftp"
+c = "ssh ftp"
+d = "ssh ftp ssh ftp"
+e = "ssh ftp ftp test ssh ftp"
+pass in proto tcp from any to any port = ssh flags S/SA keep state
+pass in proto tcp from any to any port = ftp flags S/SA keep state

sbin/pfctl/tests/files/pf0025.in

@@ -0,0 +1,4 @@
+antispoof for lo0
+antispoof log quick for lo0 inet
+antispoof for (lo0)
+antispoof log quick for (lo0) inet

sbin/pfctl/tests/files/pf0025.ok

@@ -0,0 +1,5 @@
+block drop in on ! lo0 inet6 from ::1 to any
+block drop in on ! lo0 inet from 127.0.0.0/8 to any
+block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any
+block drop in on ! lo0 from (lo0:network) to any
+block drop in log quick on ! lo0 inet from (lo0:network) to any

sbin/pfctl/tests/files/pf0026.in

@@ -0,0 +1,2 @@
+block in on lo0 inet from ! (lo0) to any
+block out on lo0 inet from any to ! (lo0)

sbin/pfctl/tests/files/pf0026.ok

@@ -0,0 +1,2 @@
+block drop in on lo0 inet from ! (lo0) to any
+block drop out on lo0 inet from any to ! (lo0)

sbin/pfctl/tests/files/pf0028.in

@@ -0,0 +1,7 @@
+# test logging keywords, and log quick/quick log order
+block in log (all) quick on lo0 all
+block in quick log       on lo0 all
+block in quick log (all) on lo0 all
+block in log quick       on lo0 all
+block in log             on lo0 all
+block in log (all)       on lo0 all 

sbin/pfctl/tests/files/pf0028.ok

@@ -0,0 +1,6 @@
+block drop in log (all) quick on lo0 all
+block drop in log quick on lo0 all
+block drop in log (all) quick on lo0 all
+block drop in log quick on lo0 all
+block drop in log on lo0 all
+block drop in log (all) on lo0 all

sbin/pfctl/tests/files/pf0030.in

@@ -0,0 +1,7 @@
+#test line continuation
+
+block \
+    in \
+    on lo0 \
+    from any \
+    to any

sbin/pfctl/tests/files/pf0030.ok

@@ -0,0 +1 @@
+block drop in on lo0 all

sbin/pfctl/tests/files/pf0031.in

@@ -0,0 +1,21 @@
+set block-policy drop
+block return in on lo0 all
+block return in on lo0 inet all
+block return in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
+block in on lo0 all
+block in on lo0 inet all
+block in on lo0 inet6 all
+#set block-policy return
+block return in on lo0 all
+block return in on lo0 inet all
+block return in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
+block in on lo0 all
+block in on lo0 inet all
+block in on lo0 inet6 all
+

sbin/pfctl/tests/files/pf0031.ok

@@ -0,0 +1,19 @@
+set block-policy drop
+block return in on lo0 all
+block return in on lo0 inet all
+block return in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
+block return in on lo0 all
+block return in on lo0 inet all
+block return in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all

sbin/pfctl/tests/files/pf0032.in

@@ -0,0 +1,7 @@
+pass in from 10/8 to any
+pass in from 10.1/8 to any
+pass in from 192.168.37.29/25 to any
+pass in from 192.168.37.29/24 to any
+pass in from 192.168.37.29/16 to any
+pass in from 192.168.37.29/8 to any
+

sbin/pfctl/tests/files/pf0032.ok

@@ -0,0 +1,6 @@
+pass in inet from 10.0.0.0/8 to any flags S/SA keep state
+pass in inet from 10.0.0.0/8 to any flags S/SA keep state
+pass in inet from 192.168.37.0/25 to any flags S/SA keep state
+pass in inet from 192.168.37.0/24 to any flags S/SA keep state
+pass in inet from 192.168.0.0/16 to any flags S/SA keep state
+pass in inet from 192.0.0.0/8 to any flags S/SA keep state

sbin/pfctl/tests/files/pf0034.in

@@ -0,0 +1,5 @@
+#mixed af, probability
+pass in from any to { 127.0.0.1, 2000::1 }
+pass in probability 0.5
+pass in probability 50%
+pass in inet6 proto tcp from ::1 probability 0.8%

sbin/pfctl/tests/files/pf0034.ok

@@ -0,0 +1,5 @@
+pass in inet from any to 127.0.0.1 flags S/SA keep state
+pass in inet6 from any to 2000::1 flags S/SA keep state
+pass in all flags S/SA keep state probability 50%
+pass in all flags S/SA keep state probability 50%
+pass in inet6 proto tcp from ::1 to any flags S/SA keep state probability 0.8%

sbin/pfctl/tests/files/pf0035.in

@@ -0,0 +1,5 @@
+#test matching on tos
+
+intf = "lo0"
+pass out on $intf inet proto tcp from any to any port 22 tos 0x10
+pass out on $intf inet proto tcp from any to any port 22 tos 0x08

sbin/pfctl/tests/files/pf0035.ok

@@ -0,0 +1,3 @@
+intf = "lo0"
+pass out on lo0 inet proto tcp from any to any port = ssh flags S/SA tos 0x10 keep state
+pass out on lo0 inet proto tcp from any to any port = ssh flags S/SA tos 0x08 keep state

sbin/pfctl/tests/files/pf0038.in

@@ -0,0 +1,5 @@
+# test
+
+pass in on tun1000000 proto tcp from any to any user bin
+pass in on tun1000000 proto tcp from any to any group bin
+pass in on tun1000000 proto tcp from any to any group wheel user root user bin

sbin/pfctl/tests/files/pf0038.ok

@@ -0,0 +1,4 @@
+pass in on tun1000000 proto tcp all user = 3 flags S/SA keep state
+pass in on tun1000000 proto tcp all group = 7 flags S/SA keep state
+pass in on tun1000000 proto tcp all user = 3 group = 0 flags S/SA keep state
+pass in on tun1000000 proto tcp all user = 0 group = 0 flags S/SA keep state

sbin/pfctl/tests/files/pf0039.in

@@ -0,0 +1,25 @@
+#test random ordered opts
+
+body1="pass in log quick on lo0 inet proto icmp all "
+body2="pass in log quick on lo0 inet proto tcp all "
+o_user="user root "
+o_user2="user bin "
+o_group="group wheel "
+o_group2="group nobody "
+o_flags="flags S/SA "
+o_icmpspec="icmp-type 0 code 0 "
+o_tos="tos 0x08 "
+o_keep="keep state "
+o_fragment="fragment "
+o_allowopts="allow-opts "
+o_label="label blah"
+o_prio="set prio 2"
+
+$body2 $o_fragment $o_keep $o_label $o_tos
+$body2 $o_user $o_prio $o_tos $o_keep $o_group $o_label $o_allowopts \
+$o_user2 $o_group2
+$body1 $o_icmpspec $o_keep $o_label $o_prio
+$body2 $o_keep
+$body2 $o_label $o_keep $o_prio $o_tos
+$body1 $o_icmpspec $o_tos
+$body2 $o_flags $o_allowopts 

sbin/pfctl/tests/files/pf0039.ok

@@ -0,0 +1,24 @@
+body1 = "pass in log quick on lo0 inet proto icmp all "
+body2 = "pass in log quick on lo0 inet proto tcp all "
+o_user = "user root "
+o_user2 = "user bin "
+o_group = "group wheel "
+o_group2 = "group nobody "
+o_flags = "flags S/SA "
+o_icmpspec = "icmp-type 0 code 0 "
+o_tos = "tos 0x08 "
+o_keep = "keep state "
+o_fragment = "fragment "
+o_allowopts = "allow-opts "
+o_label = "label blah"
+o_prio = "set prio 2"
+pass in log quick on lo0 inet proto tcp all tos 0x08 keep state fragment label "blah"
+pass in log quick on lo0 inet proto tcp all user = 3 group = 65534 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah"
+pass in log quick on lo0 inet proto tcp all user = 3 group = 0 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah"
+pass in log quick on lo0 inet proto tcp all user = 0 group = 65534 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah"
+pass in log quick on lo0 inet proto tcp all user = 0 group = 0 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah"
+pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 set ( prio 2 ) keep state label "blah"
+pass in log quick on lo0 inet proto tcp all flags S/SA keep state
+pass in log quick on lo0 inet proto tcp all flags S/SA tos 0x08 set ( prio 2 ) keep state label "blah"
+pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 keep state
+pass in log quick on lo0 inet proto tcp all flags S/SA keep state allow-opts

sbin/pfctl/tests/files/pf0040.in

@@ -0,0 +1,20 @@
+block
+block return
+block return-rst proto tcp
+pass
+pass in no state
+pass out no state
+pass all no state
+block in all
+block out all
+block from any to any
+pass in from any to any
+pass out from any to any
+block on lo0
+pass on lo0 all
+block on lo0 from any to any
+pass proto tcp flags S/SA
+pass proto udp keep state
+pass in proto udp all keep state
+pass out proto udp from any to any keep state
+pass out on lo0 proto tcp from any to any port 25 keep state

sbin/pfctl/tests/files/pf0040.ok

@@ -0,0 +1,20 @@
+block drop all
+block return all
+block return-rst proto tcp all
+pass all flags S/SA keep state
+pass in all no state
+pass out all no state
+pass all no state
+block drop in all
+block drop out all
+block drop all
+pass in all flags S/SA keep state
+pass out all flags S/SA keep state
+block drop on lo0 all
+pass on lo0 all flags S/SA keep state
+block drop on lo0 all
+pass proto tcp all flags S/SA keep state
+pass proto udp all keep state
+pass in proto udp all keep state
+pass out proto udp all keep state
+pass out on lo0 proto tcp from any to any port = smtp flags S/SA keep state

sbin/pfctl/tests/files/pf0041.in

@@ -0,0 +1,12 @@
+anchor foo
+anchor bar all
+anchor bar from any to any
+anchor foo inet
+anchor foo inet6
+anchor foo inet all
+anchor foo proto tcp
+anchor foo inet proto tcp from 10.1.2.3 port smtp to 10.2.3.4 port ssh
+anchor foobar inet6 proto udp from ::1 port 1 to ::1 port 2
+anchor filteropt out proto tcp to any port 22 user root
+anchor filteropt in proto tcp to (self) port 22 group sshd
+anchor filteropt out inet proto icmp all icmp-type echoreq

sbin/pfctl/tests/files/pf0041.ok

@@ -0,0 +1,12 @@
+anchor "foo" all
+anchor "bar" all
+anchor "bar" all
+anchor "foo" inet all
+anchor "foo" inet6 all
+anchor "foo" inet all
+anchor "foo" proto tcp all
+anchor "foo" inet proto tcp from 10.1.2.3 port = smtp to 10.2.3.4 port = ssh
+anchor "foobar" inet6 proto udp from ::1 port = tcpmux to ::1 port = compressnet
+anchor "filteropt" out proto tcp from any to any port = ssh user = 0
+anchor "filteropt" in proto tcp from any to (self) port = ssh group = 22
+anchor "filteropt" out inet proto icmp all icmp-type echoreq

sbin/pfctl/tests/files/pf0047.in

@@ -0,0 +1,67 @@
+pass in on lo0 all label ""
+
+pass in all label "$if"
+pass in on lo0 all label "$if"
+pass in on lo0 all label "$if$if"
+
+pass in on lo0 all label "$srcaddr"
+pass in on lo0 from 0/0 to any label "$srcaddr"
+pass in on lo0 from 127.0.0.1 to any label "$srcaddr"
+pass in on lo0 from 127.0.0.1 to any label "$srcaddr$srcaddr"
+pass in on lo0 from 127.0.0.1 to any label ":$srcaddr:$srcaddr:"
+pass in on lo0 from 127.0.0.1/8 to any label "$srcaddr"
+pass in on lo0 from 127.0.0.1/16 to any label "$srcaddr$srcaddr"
+pass in on lo0 from 127.0.0.1/31 to any label ":$srcaddr:$srcaddr:"
+pass in on lo0 inet6 from fe80::1 to any label "$srcaddr"
+pass in on lo0 inet6 from fe80::1 to any label "$srcaddr$srcaddr"
+pass in on lo0 inet6 from fe80::1 to any label ":$srcaddr:$srcaddr:"
+pass in on lo0 inet6 from lo0/8 to any label "$srcaddr"
+pass in on lo0 inet6 from lo0/64 to any label "$srcaddr$srcaddr"
+pass in on lo0 inet6 from lo0/127 to any label ":$srcaddr:$srcaddr:"
+
+pass in on lo0 all label "!$dstaddr!"
+pass in on lo0 inet from any to (lo0) label "$dstaddr"
+pass in on lo0 inet from any to (lo0) label "$dstaddr$dstaddr"
+pass in on lo0 inet from any to (lo0) label " $dstaddr $dstaddr "
+pass in on lo0 from any to ! 127.0.0.1/8 label "$dstaddr"
+pass in on lo0 from any to ! 127.0.0.1/16 label "$dstaddr$dstaddr"
+pass in on lo0 from any to ! 127.0.0.1/31 label " $dstaddr $dstaddr "
+pass in on lo0 inet6 from any to ! (lo0) label "$dstaddr"
+pass in on lo0 inet6 from any to ! (lo0) label "$dstaddr$dstaddr"
+pass in on lo0 inet6 from any to ! (lo0) label " $dstaddr $dstaddr "
+pass in on lo0 inet6 from any to ! ::1/8 label "$dstaddr"
+pass in on lo0 inet6 from any to ! ::1/64 label "$dstaddr$dstaddr"
+pass in on lo0 inet6 from any to ! ::1/127 label " $dstaddr $dstaddr "
+
+pass in on lo0 all label "x$srcportx"
+pass in on lo0 proto tcp from any port = 28 to any label "$srcport"
+pass in on lo0 proto tcp from any port 28 >< 29 to any label "$srcport"
+pass in on lo0 proto tcp from any port 28 <> 29 to any label "$srcport"
+pass in on lo0 proto tcp from any port 28:29 to any label "$srcport"
+pass in on lo0 proto tcp from any port != 28 to any label "$srcport"
+pass in on lo0 proto tcp from any port < 28 to any label "$srcport"
+pass in on lo0 proto tcp from any port <= 28 to any label "$srcport"
+pass in on lo0 proto tcp from any port > 28 to any label "$srcport"
+pass in on lo0 proto tcp from any port >= 28 to any label "$srcport"
+pass in on lo0 proto tcp from any port = 28 to any label "$srcport$srcport"
+pass in on lo0 proto tcp from any port = 28 to any label "$$srcport$$srcport$"
+
+pass in on lo0 all label "$dstport"
+pass in on lo0 proto udp from any to any port = 29 label "$dstport"
+pass in on lo0 proto udp from any to any port != 29 label "$dstport$dstport"
+pass in on lo0 proto udp from any to any port > 29 label "x$dstportx$dstportx"
+
+pass in on lo0 all label "$proto"
+pass in on lo0 proto esp all label "$proto"
+pass in on lo0 proto esp all label "$proto$proto"
+pass in on lo0 proto esp all label "-$proto-$proto-"
+pass in on lo0 proto 166 all label "$proto"
+pass in on lo0 proto 166 all label "$proto$proto"
+pass in on lo0 proto 166 all label "_$proto_$proto_"
+
+pass in on lo0 all label "$nr"
+pass in on lo0 all label "$nr$nr"
+pass in on lo0 all label "%$nr%$nr%"
+
+pass in on lo0 proto tcp from 127.0.0.1 port = 30 to 127.0.0.2 port = 44 \
+    label "if $if proto $proto $srcaddr $srcport $dstaddr $dstport"

sbin/pfctl/tests/files/pf0047.ok

@@ -0,0 +1,61 @@
+pass in on lo0 all flags S/SA keep state
+pass in all flags S/SA keep state label "any"
+pass in on lo0 all flags S/SA keep state label "lo0"
+pass in on lo0 all flags S/SA keep state label "lo0lo0"
+pass in on lo0 all flags S/SA keep state label "any"
+pass in on lo0 inet all flags S/SA keep state label "any"
+pass in on lo0 inet from 127.0.0.1 to any flags S/SA keep state label "127.0.0.1"
+pass in on lo0 inet from 127.0.0.1 to any flags S/SA keep state label "127.0.0.1127.0.0.1"
+pass in on lo0 inet from 127.0.0.1 to any flags S/SA keep state label ":127.0.0.1:127.0.0.1:"
+pass in on lo0 inet from 127.0.0.0/8 to any flags S/SA keep state label "127.0.0.0/8"
+pass in on lo0 inet from 127.0.0.0/16 to any flags S/SA keep state label "127.0.0.0/16127.0.0.0/16"
+pass in on lo0 inet from 127.0.0.0/31 to any flags S/SA keep state label ":127.0.0.0/31:127.0.0.0/31:"
+pass in on lo0 inet6 from fe80::1 to any flags S/SA keep state label "fe80::1"
+pass in on lo0 inet6 from fe80::1 to any flags S/SA keep state label "fe80::1fe80::1"
+pass in on lo0 inet6 from fe80::1 to any flags S/SA keep state label ":fe80::1:fe80::1:"
+pass in on lo0 inet6 from ::/8 to any flags S/SA keep state label "::/8"
+pass in on lo0 inet6 from fe00::/8 to any flags S/SA keep state label "fe00::/8"
+pass in on lo0 inet6 from ::/64 to any flags S/SA keep state label "::/64::/64"
+pass in on lo0 inet6 from fe80::/64 to any flags S/SA keep state label "fe80::/64fe80::/64"
+pass in on lo0 inet6 from ::/127 to any flags S/SA keep state label ":::/127:::/127:"
+pass in on lo0 inet6 from fe80::/127 to any flags S/SA keep state label ":fe80::/127:fe80::/127:"
+pass in on lo0 all flags S/SA keep state label "!any!"
+pass in on lo0 inet from any to (lo0) flags S/SA keep state label "(lo0)"
+pass in on lo0 inet from any to (lo0) flags S/SA keep state label "(lo0)(lo0)"
+pass in on lo0 inet from any to (lo0) flags S/SA keep state label " (lo0) (lo0) "
+pass in on lo0 inet from any to ! 127.0.0.0/8 flags S/SA keep state label "! 127.0.0.0/8"
+pass in on lo0 inet from any to ! 127.0.0.0/16 flags S/SA keep state label "! 127.0.0.0/16! 127.0.0.0/16"
+pass in on lo0 inet from any to ! 127.0.0.0/31 flags S/SA keep state label " ! 127.0.0.0/31 ! 127.0.0.0/31 "
+pass in on lo0 inet6 from any to ! (lo0) flags S/SA keep state label "! (lo0)"
+pass in on lo0 inet6 from any to ! (lo0) flags S/SA keep state label "! (lo0)! (lo0)"
+pass in on lo0 inet6 from any to ! (lo0) flags S/SA keep state label " ! (lo0) ! (lo0) "
+pass in on lo0 inet6 from any to ! ::/8 flags S/SA keep state label "! ::/8"
+pass in on lo0 inet6 from any to ! ::/64 flags S/SA keep state label "! ::/64! ::/64"
+pass in on lo0 inet6 from any to ! ::/127 flags S/SA keep state label " ! ::/127 ! ::/127 "
+pass in on lo0 all flags S/SA keep state label "xx"
+pass in on lo0 proto tcp from any port = 28 to any flags S/SA keep state label "28"
+pass in on lo0 proto tcp from any port 28 >< 29 to any flags S/SA keep state label "28><29"
+pass in on lo0 proto tcp from any port 28 <> 29 to any flags S/SA keep state label "28<>29"
+pass in on lo0 proto tcp from any port 28:29 to any flags S/SA keep state
+pass in on lo0 proto tcp from any port != 28 to any flags S/SA keep state label "!=28"
+pass in on lo0 proto tcp from any port < 28 to any flags S/SA keep state label "<28"
+pass in on lo0 proto tcp from any port <= 28 to any flags S/SA keep state label "<=28"
+pass in on lo0 proto tcp from any port > 28 to any flags S/SA keep state label ">28"
+pass in on lo0 proto tcp from any port >= 28 to any flags S/SA keep state label ">=28"
+pass in on lo0 proto tcp from any port = 28 to any flags S/SA keep state label "2828"
+pass in on lo0 proto tcp from any port = 28 to any flags S/SA keep state label "$28$28$"
+pass in on lo0 all flags S/SA keep state
+pass in on lo0 proto udp from any to any port = msg-icp keep state label "29"
+pass in on lo0 proto udp from any to any port != msg-icp keep state label "!=29!=29"
+pass in on lo0 proto udp from any to any port > 29 keep state label "x>29x>29x"
+pass in on lo0 all flags S/SA keep state label "ip"
+pass in on lo0 proto esp all keep state label "esp"
+pass in on lo0 proto esp all keep state label "espesp"
+pass in on lo0 proto esp all keep state label "-esp-esp-"
+pass in on lo0 proto 166 all keep state label "166"
+pass in on lo0 proto 166 all keep state label "166166"
+pass in on lo0 proto 166 all keep state label "_166_166_"
+pass in on lo0 all flags S/SA keep state label "57"
+pass in on lo0 all flags S/SA keep state label "5858"
+pass in on lo0 all flags S/SA keep state label "%59%59%"
+pass in on lo0 inet proto tcp from 127.0.0.1 port = 30 to 127.0.0.2 port = mpm-flags flags S/SA keep state label "if lo0 proto tcp 127.0.0.1 30 127.0.0.2 44"