1 files changed, 59 insertions, 0 deletions

diff --git a/tests/sys/netpfil/pf/pflog.sh b/tests/sys/netpfil/pf/pflog.sh
index a34ec893a75c..550548a59c11 100644
--- a/tests/sys/netpfil/pf/pflog.sh
+++ b/tests/sys/netpfil/pf/pflog.sh
@@ -394,6 +394,64 @@ rdr_action_cleanup()
 	pft_cleanup
 }
 
+atf_test_case "rule_number" "cleanup"
+rule_number_head()
+{
+	atf_set descr 'Test rule numbers with anchors'
+	atf_set require.user root
+}
+
+rule_number_body()
+{
+	pflog_init
+
+	epair=$(vnet_mkepair)
+
+	vnet_mkjail alcatraz ${epair}b
+	jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up
+
+	ifconfig ${epair}a 192.0.2.2/24 up
+	ifconfig ${epair}a inet alias 192.0.2.3/24 up
+	ifconfig ${epair}a inet alias 192.0.2.4/24 up
+
+	jexec alcatraz pfctl -e
+	jexec alcatraz ifconfig pflog0 up
+	pft_set_rules alcatraz \
+		"pass log from 192.0.2.2" \
+		"anchor \"foo\" {\n \
+			pass log from 192.0.2.3\n \
+		}" \
+		"pass log from 192.0.2.4"
+
+	jexec alcatraz tcpdump -n -e -ttt --immediate-mode -l -U -i pflog0 >> pflog.txt &
+	sleep 1 # Wait for tcpdump to start
+
+	atf_check -s exit:0 -o ignore \
+	    ping -c 1 -S 192.0.2.2 192.0.2.1
+	atf_check -s exit:0 -o ignore \
+	    ping -c 1 -S 192.0.2.3 192.0.2.1
+	atf_check -s exit:0 -o ignore \
+	    ping -c 1 -S 192.0.2.4 192.0.2.1
+
+	jexec alcatraz pfctl -sr -a '*' -vv
+
+	# Give tcpdump a little time to finish writing to the file
+	sleep 1
+	cat pflog.txt
+
+	atf_check -o match:"rule 0/0\(match\): pass in.*: 192.0.2.2.*ICMP echo request" \
+	    cat pflog.txt
+	atf_check -o match:"rule 1.foo.0/0\(match\): pass in.*: 192.0.2.3.*: ICMP echo request" \
+	    cat pflog.txt
+	atf_check -o match:"rule 2/0\(match\): pass in.*: 192.0.2.4.*: ICMP echo request" \
+	    cat pflog.txt
+}
+
+rule_number_cleanup()
+{
+	pft_cleanup
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case "malformed"
@@ -403,4 +461,5 @@ atf_init_test_cases()
 	atf_add_test_case "unspecified_v4"
 	atf_add_test_case "unspecified_v6"
 	atf_add_test_case "rdr_action"
+	atf_add_test_case "rule_number"
 }