git: 615433297d67 - stable/12 - pf tests: ensure that $nr expansion is correct

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Fri, 22 Oct 2021 12:32:50 UTC
The branch stable/12 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=615433297d6764b0a243dfe6156a05f619d6379c

commit 615433297d6764b0a243dfe6156a05f619d6379c
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2021-10-03 16:07:04 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2021-10-22 07:34:32 +0000

    pf tests: ensure that $nr expansion is correct
    
    Test the $nr expansion in labels is correct, even if the optimiser
    reduces the rule count.
    
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D32489
    
    (cherry picked from commit 914ec9c78dcd5d8f77552fb93d3bc15efe9c0f40)
---
 tests/sys/netpfil/pf/Makefile |  1 +
 tests/sys/netpfil/pf/macro.sh | 40 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/tests/sys/netpfil/pf/Makefile b/tests/sys/netpfil/pf/Makefile
index 3882db287f5a..5a8b5fe8de70 100644
--- a/tests/sys/netpfil/pf/Makefile
+++ b/tests/sys/netpfil/pf/Makefile
@@ -14,6 +14,7 @@ ATF_TESTS_SH+=	altq \
 		get_state \
 		icmp \
 		killstate \
+		macro \
 		map_e \
 		names \
 		nat \
diff --git a/tests/sys/netpfil/pf/macro.sh b/tests/sys/netpfil/pf/macro.sh
new file mode 100644
index 000000000000..442677c9f946
--- /dev/null
+++ b/tests/sys/netpfil/pf/macro.sh
@@ -0,0 +1,40 @@
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "nr" "cleanup"
+nr_head()
+{
+	atf_set descr 'Test $nr expansion'
+	atf_set require.user root
+}
+
+nr_body()
+{
+	# Ensure that when the optimiser collapses rules the macro expansion
+	# has the correct rule number
+	pft_init
+
+	vnet_mkjail alcatraz
+	jexec alcatraz ifconfig lo0 inet 127.0.0.1/8
+	jexec alcatraz ifconfig lo0 inet 127.0.0.2/32 alias
+
+	pft_set_rules alcatraz \
+	    "pass quick on lo from lo:network to lo:network" \
+	    "block quick all label \"ruleNo:\$nr\""
+
+	no=$(jexec alcatraz pfctl -sr -vv | awk '/ruleNo/ { gsub("@", "", $1); print $1; }')
+	ruleno=$(jexec alcatraz pfctl -sr -vv | awk '/ruleNo/ { gsub(/"ruleNo:/, "", $7); gsub(/"/, "", $7); print $7; }')
+	if [ "${no}" -ne "${ruleno}" ];
+	then
+		atf_fail "Expected ruleNo $no != $ruleno"
+	fi
+}
+
+nr_cleanup()
+{
+	pft_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "nr"
+}