pf tests: verify blocked count on log interface

Also check the IPv6 pass/block numbers.

PR:		291763
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")

1 files changed, 13 insertions, 1 deletions

diff --git a/tests/sys/netpfil/pf/loginterface.sh b/tests/sys/netpfil/pf/loginterface.sh
index 6decb69fe63d..c192d8e4e4a4 100644
--- a/tests/sys/netpfil/pf/loginterface.sh
+++ b/tests/sys/netpfil/pf/loginterface.sh
@@ -41,9 +41,11 @@ basic_body()
 	epair=$(vnet_mkepair)
 
 	ifconfig ${epair}a 192.0.2.2/24 up
+	ifconfig ${epair}a inet6 2001:db8::2/64 no_dad
 
 	vnet_mkjail alcatraz ${epair}b
 	jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up
+	jexec alcatraz ifconfig ${epair}b inet6 2001:db8::1/64 no_dad
 
 	# Sanity check
 	atf_check -s exit:0 -o ignore ping -c 1 192.0.2.1
@@ -63,10 +65,11 @@ basic_body()
 
 	# And after we've sent traffic there's non-zero counters
 	atf_check -s exit:0 -o ignore ping -c 1 192.0.2.1
+	atf_check -s exit:0 -o ignore ping -c 1 2001:db8::1
 
 	atf_check -o match:"Interface Stats for ${epair}b" \
 		jexec alcatraz pfctl -s info
-	atf_check -o match:"Passed                               1" \
+	atf_check -o match:"Passed                               1                [1-9]" \
 		jexec alcatraz pfctl -s info
 
 	# And no interface stats once we remove the loginterface
@@ -74,6 +77,15 @@ basic_body()
 		"pass"
 	atf_check -o not-match:"Interface Stats for ${epair}b" \
 		jexec alcatraz pfctl -s info
+
+	# Check blocked count
+	pft_set_rules alcatraz \
+		"set loginterface ${epair}b" \
+		"block"
+	atf_check -s exit:2 -o ignore ping -c 1 2001:db8::1
+	atf_check -s exit:2 -o ignore ping -c 1 192.0.2.1
+	atf_check -o match:"Blocked                              1                [1-9]" \
+		jexec alcatraz pfctl -s info
 }
 
 basic_cleanup()