diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2021-10-03 16:07:04 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2021-10-15 20:19:45 +0000 |
| commit | 914ec9c78dcd5d8f77552fb93d3bc15efe9c0f40 (patch) | |
| tree | 9e481a1e3217e7bb93cde8e9856be3426fc23a55 | |
| parent | 09c7f2386973f8c36978895a7600320916bc3d07 (diff) | |
| download | src-914ec9c78dcd5d8f77552fb93d3bc15efe9c0f40.tar.gz src-914ec9c78dcd5d8f77552fb93d3bc15efe9c0f40.zip | |
pf tests: ensure that $nr expansion is correct
Test the $nr expansion in labels is correct, even if the optimiser
reduces the rule count.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D32489
| -rw-r--r-- | tests/sys/netpfil/pf/Makefile | 1 | ||||
| -rw-r--r-- | tests/sys/netpfil/pf/macro.sh | 40 |
2 files changed, 41 insertions, 0 deletions
diff --git a/tests/sys/netpfil/pf/Makefile b/tests/sys/netpfil/pf/Makefile index 2f9ce73f381b..246c267e7d2b 100644 --- a/tests/sys/netpfil/pf/Makefile +++ b/tests/sys/netpfil/pf/Makefile @@ -14,6 +14,7 @@ ATF_TESTS_SH+= altq \ get_state \ icmp \ killstate \ + macro \ map_e \ names \ nat \ diff --git a/tests/sys/netpfil/pf/macro.sh b/tests/sys/netpfil/pf/macro.sh new file mode 100644 index 000000000000..442677c9f946 --- /dev/null +++ b/tests/sys/netpfil/pf/macro.sh @@ -0,0 +1,40 @@ +. $(atf_get_srcdir)/utils.subr + +atf_test_case "nr" "cleanup" +nr_head() +{ + atf_set descr 'Test $nr expansion' + atf_set require.user root +} + +nr_body() +{ + # Ensure that when the optimiser collapses rules the macro expansion + # has the correct rule number + pft_init + + vnet_mkjail alcatraz + jexec alcatraz ifconfig lo0 inet 127.0.0.1/8 + jexec alcatraz ifconfig lo0 inet 127.0.0.2/32 alias + + pft_set_rules alcatraz \ + "pass quick on lo from lo:network to lo:network" \ + "block quick all label \"ruleNo:\$nr\"" + + no=$(jexec alcatraz pfctl -sr -vv | awk '/ruleNo/ { gsub("@", "", $1); print $1; }') + ruleno=$(jexec alcatraz pfctl -sr -vv | awk '/ruleNo/ { gsub(/"ruleNo:/, "", $7); gsub(/"/, "", $7); print $7; }') + if [ "${no}" -ne "${ruleno}" ]; + then + atf_fail "Expected ruleNo $no != $ruleno" + fi +} + +nr_cleanup() +{ + pft_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case "nr" +} |