pf tests: make killstate:match more robust

Only lists the states relevant to the connection we're killing. Sometimes there are IPv6 related states (due to the usual IPv6 background traffic of router solicitations, DAD, ...) that causes us to think we failed to kill the state, which in turn caused the test to fail intermittently. MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate")
2021-07-27 15:31:00 +02:00 · 2021-07-27 15:31:00 +02:00 · 4e860bd5da
commit 4e860bd5da
parent ea4dea8394
1 changed files with 3 additions and 3 deletions
--- a/tests/sys/netpfil/pf/killstate.sh
+++ b/tests/sys/netpfil/pf/killstate.sh
@ -426,7 +426,7 @@ match_body()
 	wait_for_state alcatraz 192.0.2.1

 	# Expect two states
-	states=$(jexec alcatraz pfctl -s s | wc -l)
+	states=$(jexec alcatraz pfctl -s s | grep 192.0.2.1 | wc -l)
 	if [ $states -ne 2 ] ;
 	then
 		atf_fail "Expected two states, found $states"
@ -434,7 +434,7 @@ match_body()

 	# If we don't kill the matching NAT state one should be left
 	jexec alcatraz pfctl -k 192.0.2.1
-	states=$(jexec alcatraz pfctl -s s | wc -l)
+	states=$(jexec alcatraz pfctl -s s | grep 192.0.2.1 | wc -l)
 	if [ $states -ne 1 ] ;
 	then
 		atf_fail "Expected one states, found $states"
@ -448,7 +448,7 @@ match_body()

 	# Kill matching states, expect all of them to be gone
 	jexec alcatraz pfctl -M -k 192.0.2.1
-	states=$(jexec alcatraz pfctl -s s | wc -l)
+	states=$(jexec alcatraz pfctl -s s | grep 192.0.2.1 | wc -l)
 	if [ $states -ne 0 ] ;
 	then
 		atf_fail "Expected zero states, found $states"