pf tests: ensure that $nr expansion is correct

Test the $nr expansion in labels is correct, even if the optimiser reduces the rule count. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D32489
2021-10-03 18:07:04 +02:00 · 2021-10-03 18:07:04 +02:00 · 914ec9c78d
commit 914ec9c78d
parent 09c7f23869
2 changed files with 41 additions and 0 deletions
--- a/tests/sys/netpfil/pf/Makefile
+++ b/tests/sys/netpfil/pf/Makefile
@ -14,6 +14,7 @@ ATF_TESTS_SH+=	altq \
 		get_state \
 		icmp \
 		killstate \
+		macro \
 		map_e \
 		names \
 		nat \
--- a/tests/sys/netpfil/pf/macro.sh
+++ b/tests/sys/netpfil/pf/macro.sh
@ -0,0 +1,40 @@
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "nr" "cleanup"
+nr_head()
+{
+	atf_set descr 'Test $nr expansion'
+	atf_set require.user root
+}
+
+nr_body()
+{
+	# Ensure that when the optimiser collapses rules the macro expansion
+	# has the correct rule number
+	pft_init
+
+	vnet_mkjail alcatraz
+	jexec alcatraz ifconfig lo0 inet 127.0.0.1/8
+	jexec alcatraz ifconfig lo0 inet 127.0.0.2/32 alias
+
+	pft_set_rules alcatraz \
+	    "pass quick on lo from lo:network to lo:network" \
+	    "block quick all label \"ruleNo:\$nr\""
+
+	no=$(jexec alcatraz pfctl -sr -vv | awk '/ruleNo/ { gsub("@", "", $1); print $1; }')
+	ruleno=$(jexec alcatraz pfctl -sr -vv | awk '/ruleNo/ { gsub(/"ruleNo:/, "", $7); gsub(/"/, "", $7); print $7; }')
+	if [ "${no}" -ne "${ruleno}" ];
+	then
+		atf_fail "Expected ruleNo $no != $ruleno"
+	fi
+}
+
+nr_cleanup()
+{
+	pft_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "nr"
+}