D47435.diff
No OneTemporary
Actions

Size

4 KB

Referenced Files

None

Subscribers

None

D47435.diff
View Options

	diff --git a/tests/sys/netpfil/pf/fragmentation_pass.sh b/tests/sys/netpfil/pf/fragmentation_pass.sh
	--- a/tests/sys/netpfil/pf/fragmentation_pass.sh
	+++ b/tests/sys/netpfil/pf/fragmentation_pass.sh
	@@ -580,13 +580,12 @@
	ping_dummy_check_request exit:0 --ping-type=udp --send-length=10000 --send-frag-length=1280

	rules=$(mktemp) \|\| exit 1
	- jexec router pfctl -qvsr > $rules
	+ jexec router pfctl -qvsr \| normalize_pfctl_s > $rules

	# Count that fragmented packets have hit the rule only once and that
	# they have not created states. There is no stateful firewall support
	# for fragmented packets.
	- grep -A2 'pass in on epair0b inet proto udp all keep state dnpipe(1, 1)' $rules \|
	- grep -qE 'Packets: 8\s+Bytes: 10168\s+States: 0\s+' \|\|
	+ grep -qE 'pass in on epair0b inet proto udp all keep state dnpipe$1, 1$ .* Packets: 8 Bytes: 10168 States: 0 ' $rules \|\|
	atf_fail "Fragmented packets not counted correctly"
	}

	diff --git a/tests/sys/netpfil/pf/src_track.sh b/tests/sys/netpfil/pf/src_track.sh
	--- a/tests/sys/netpfil/pf/src_track.sh
	+++ b/tests/sys/netpfil/pf/src_track.sh
	@@ -98,16 +98,16 @@
	ping_server_check_reply exit:0 --ping-type=tcp3way --send-sport=4205 --fromaddr 2001:db8:44::2

	states=$(mktemp) \|\| exit 1
	- jexec router pfctl -qss \| grep 'tcp 2001:db8:43::2\[9\] <-' > $states
	+ jexec router pfctl -qss \| normalize_pfctl_s \| grep 'tcp 2001:db8:43::2\[9\] <-' > $states

	- grep -qE '2001:db8:44::1\[4201\]\s+ESTABLISHED:ESTABLISHED' $states \|\| atf_fail "State for port 4201 not found or not established"
	- grep -qE '2001:db8:44::1\[4202\]\s+ESTABLISHED:ESTABLISHED' $states \|\| atf_fail "State for port 4202 not found or not established"
	- grep -qE '2001:db8:44::1\[4203\]\s+ESTABLISHED:ESTABLISHED' $states \|\| atf_fail "State for port 4203 not found or not established"
	- grep -qE '2001:db8:44::2\[4205\]\s+ESTABLISHED:ESTABLISHED' $states \|\| atf_fail "State for port 4205 not found or not established"
	+ grep -qE '2001:db8:44::1\[4201\] ESTABLISHED:ESTABLISHED' $states \|\| atf_fail "State for port 4201 not found or not established"
	+ grep -qE '2001:db8:44::1\[4202\] ESTABLISHED:ESTABLISHED' $states \|\| atf_fail "State for port 4202 not found or not established"
	+ grep -qE '2001:db8:44::1\[4203\] ESTABLISHED:ESTABLISHED' $states \|\| atf_fail "State for port 4203 not found or not established"
	+ grep -qE '2001:db8:44::2\[4205\] ESTABLISHED:ESTABLISHED' $states \|\| atf_fail "State for port 4205 not found or not established"

	if (
	- grep -qE '2001:db8:44::1\[4204\]\s+' $states &&
	- ! grep -qE '2001:db8:44::1\[4204\]\s+CLOSED:CLOSED' $states
	+ grep -qE '2001:db8:44::1\[4204\] ' $states &&
	+ ! grep -qE '2001:db8:44::1\[4204\] CLOSED:CLOSED' $states
	); then
	atf_fail "State for port 4204 found but not closed"
	fi
	@@ -167,13 +167,13 @@
	# We will check the resulting source nodes, though.
	# Order of source nodes in output is not guaranteed, find each one separately.
	nodes=$(mktemp) \|\| exit 1
	- jexec router pfctl -qvsS > $nodes
	+ jexec router pfctl -qvsS \| normalize_pfctl_s > $nodes
	for node_regexp in \
	- '2001:db8:44::1 -> :: $ states 2, connections 2, rate [0-9/\.]+s $\s+age [0-9:]+, 6 pkts, [0-9]+ bytes, filter rule 3' \
	- '2001:db8:44::1 -> :: $ states 2, connections 2, rate [0-9/\.]+s $\s+age [0-9:]+, 6 pkts, [0-9]+ bytes, filter rule 4' \
	- '2001:db8:44::2 -> :: $ states 2, connections 2, rate [0-9/\.]+s $\s+age [0-9:]+, 6 pkts, [0-9]+ bytes, filter rule 4' \
	+ '2001:db8:44::1 -> :: $ states 2, connections 2, rate [0-9/\.]+s $ age [0-9:]+, 6 pkts, [0-9]+ bytes, filter rule 3$' \
	+ '2001:db8:44::1 -> :: $ states 2, connections 2, rate [0-9/\.]+s $ age [0-9:]+, 6 pkts, [0-9]+ bytes, filter rule 4$' \
	+ '2001:db8:44::2 -> :: $ states 2, connections 2, rate [0-9/\.]+s $ age [0-9:]+, 6 pkts, [0-9]+ bytes, filter rule 4$' \
	; do
	- cat $nodes \| tr '\n' ' ' \| grep -qE "$node_regexp" \|\| atf_fail "Source nodes not matching expected output"
	+ grep -qE "$node_regexp" $nodes \|\| atf_fail "Source nodes not matching expected output"
	done

	# Check if limit counters have been properly set.
	diff --git a/tests/sys/netpfil/pf/utils.subr b/tests/sys/netpfil/pf/utils.subr
	--- a/tests/sys/netpfil/pf/utils.subr
	+++ b/tests/sys/netpfil/pf/utils.subr
	@@ -301,3 +301,13 @@
	--replyif ${epair_tester}a \
	$params
	}
	+
	+normalize_pfctl_s()
	+{
	+ # `pfctl -s[rsS]` output is divided into sections. Each rule, state or
	+ # source node starts with the beginning of a line and next lines with leading
	+ # spaces are various parameters of said rule, state or source node.
	+ # Convert it into a single line per entry, and remove multiple spaces,
	+ # so that regular expressions for matching them in tests can be simpler.
	+ awk '{ if ($0 ~ /^[^ ]/ && NR > 1) print(""); gsub(/ +/, " ", $0); printf("%s", $0); } END {print("");}'
	+}

File Metadata

Mime Type: text/plain
Expires: Mon, Feb 10, 6:13 PM (7 h, 54 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 16581462
Default Alt Text: D47435.diff (4 KB)

D47435.diffNo OneTemporaryActions

D47435.diffView Options

File Metadata

Event Timeline

D47435.diff
No OneTemporary
Actions

D47435.diff
View Options