44ec023c17
The new C test takes 25 seconds on QEMU-RISC-V, wheras the shell version
takes 332 seconds.
Even with the latest optimizations to atf-sh this test still takes a few
seconds to startup in QEMU. Re-writing it in C reduces the runtime for a
single test from about 2-3 seconds to less than .5 seconds. Since there
are ~80 tests, this adds up to about 3-4 minutes.
This may not seem like a big speedup, but before the recent optimizations
to avoid atf_get_srcdir, each test took almost 100 seconds on QEMU RISC-V
instead of 3. This also significantly reduces the time it takes to list
the available test cases, which speeds up running the tests via kyua:
```
root@qemu-riscv64-alex:~ # /usr/bin/time kyua test -k /usr/tests/sbin/pfctl/Kyuafile pfctl_test_old
...
158/158 passed (0 failed)
332.08 real 42.58 user 286.17 sys
root@qemu-riscv64-alex:~ # /usr/bin/time kyua test -k /usr/tests/sbin/pfctl/Kyuafile pfctl_test
158/158 passed (0 failed)
24.96 real 9.75 user 14.26 sys
root@qemu-riscv64-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test pf1001
pfctl_test: WARNING: Running test cases outside of kyua(1) is unsupported
pfctl_test: WARNING: No isolation nor timeout control is being applied; you may get unexpected failures; see atf-test-case(4)
Running pfctl -o none -nvf /usr/tests/sbin/pfctl/./files/pf1001.in
---
binat on em0 inet6 from fc00::/64 to any -> fc00:0:0:1::/64
binat on em0 inet6 from any to fc00:0:0:1::/64 -> fc00::/64
---
passed
0.17 real 0.06 user 0.08 sys
root@qemu-riscv64-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test_old pf1001
pfctl_test_old: WARNING: Running test cases outside of kyua(1) is unsupported
pfctl_test_old: WARNING: No isolation nor timeout control is being applied; you may get unexpected failures; see atf-test-case(4)
Id Refs Name
141 1 pf
Executing command [ pfctl -o none -nvf - ]
passed
1.73 real 0.25 user 1.41 sys
root@qemu-riscv64-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test_old -l > /dev/null
24.36 real 2.26 user 21.86 sys
root@qemu-riscv64-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test -l > /dev/null
0.04 real 0.02 user 0.01 sys
```
The speedups are even more noticeable on CHERI-RISC-V (since QEMU runs
slower when emulating CHERI instructions):
```
root@qemu-cheri-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test_new -l > /dev/null
0.51 real 0.49 user 0.00 sys
root@qemu-cheri-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test -l > /dev/null
34.20 real 32.69 user 0.16 sys
root@qemu-cheri-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test pf1001
pfctl_test: WARNING: Running test cases outside of kyua(1) is unsupported
pfctl_test: WARNING: No isolation nor timeout control is being applied; you may get unexpected failures; see atf-test-case(4)
Id Refs Name
147 1 pf
Executing command [ pfctl -o none -nvf - ]
passed
5.74 real 5.41 user 0.03 sys
root@qemu-cheri-alex:/usr/tests/sbin/pfctl # /usr/bin/time ./pfctl_test_new pf1001
pfctl_test_new: WARNING: Running test cases outside of kyua(1) is unsupported
pfctl_test_new: WARNING: No isolation nor timeout control is being applied; you may get unexpected failures; see atf-test-case(4)
Running pfctl -o none -nvf /usr/tests/sbin/pfctl/./files/pf1001.in
---
binat on em0 inet6 from fc00::/64 to any -> fc00:0:0:1::/64
binat on em0 inet6 from any to fc00:0:0:1::/64 -> fc00::/64
---
passed
0.68 real 0.66 user 0.00 sys
root@qemu-cheri-alex:/usr/tests/sbin/pfctl #
```
Reviewed By: kp
Differential Revision: https://reviews.freebsd.org/D26779
119 lines
4.7 KiB
SQL
119 lines
4.7 KiB
SQL
/*-
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
|
*
|
|
* Copyright 2020 Alex Richardson <arichardson@FreeBSD.org>
|
|
*
|
|
* This software was developed by SRI International and the University of
|
|
* Cambridge Computer Laboratory (Department of Computer Science and
|
|
* Technology) under DARPA contract HR0011-18-C-0016 ("ECATS"), as part of the
|
|
* DARPA SSITH research programme.
|
|
*
|
|
* This work was supported by Innovate UK project 105694, "Digital Security by
|
|
* Design (DSbD) Technology Platform Prototype".
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions are met:
|
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
* this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
|
* this list of conditions and the following disclaimer in the documentation
|
|
* and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
|
|
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
|
|
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
/*
|
|
* No include guards since this file is included multiple times by pfctl_test
|
|
* to avoid duplicating code.
|
|
*/
|
|
PFCTL_TEST(0001, "Pass with labels")
|
|
PFCTL_TEST(0002, "Block/pass")
|
|
PFCTL_TEST(0003, "Block/pass with flags")
|
|
PFCTL_TEST(0004, "Block")
|
|
PFCTL_TEST(0005, "Block with variables")
|
|
PFCTL_TEST(0006, "Variables")
|
|
PFCTL_TEST(0007, "Block/pass with return")
|
|
PFCTL_TEST(0008, "Block with address list")
|
|
PFCTL_TEST(0009, "Block with interface list")
|
|
PFCTL_TEST(0010, "Block/pass with return")
|
|
PFCTL_TEST(0011, "Block/pass ICMP")
|
|
PFCTL_TEST(0012, "Pass to subnets")
|
|
PFCTL_TEST(0013, "Pass quick")
|
|
PFCTL_TEST(0014, "Pass quick IPv6")
|
|
PFCTL_TEST(0016, "Pass with no state")
|
|
PFCTL_TEST(0018, "Address lists")
|
|
PFCTL_TEST(0019, "Lists")
|
|
PFCTL_TEST(0020, "Lists")
|
|
PFCTL_TEST(0022, "Set options")
|
|
PFCTL_TEST(0023, "Block on negated interface")
|
|
PFCTL_TEST(0024, "Variable concatenation")
|
|
PFCTL_TEST(0025, "Antispoof")
|
|
PFCTL_TEST(0026, "Block from negated interface")
|
|
PFCTL_TEST(0028, "Block with log and quick")
|
|
PFCTL_TEST(0030, "Line continuation")
|
|
PFCTL_TEST(0031, "Block policy")
|
|
PFCTL_TEST(0032, "Pass to any")
|
|
PFCTL_TEST(0034, "Pass with probability")
|
|
PFCTL_TEST(0035, "Matching on TOS")
|
|
PFCTL_TEST(0038, "Pass with user")
|
|
PFCTL_TEST(0039, "Ordered opts")
|
|
PFCTL_TEST(0040, "Block/pass")
|
|
PFCTL_TEST(0041, "Anchors")
|
|
PFCTL_TEST(0047, "Pass with labels")
|
|
PFCTL_TEST(0048, "Tables")
|
|
PFCTL_TEST(0049, "Broadcast and network modifiers")
|
|
PFCTL_TEST(0050, "Double macro set")
|
|
PFCTL_TEST(0052, "Set optimization")
|
|
PFCTL_TEST(0053, "Pass with labels")
|
|
PFCTL_TEST(0055, "Set options")
|
|
PFCTL_TEST(0056, "State opts")
|
|
PFCTL_TEST(0057, "Variables")
|
|
PFCTL_TEST(0060, "Pass from multicast")
|
|
PFCTL_TEST(0061, "Dynaddr with netmask")
|
|
PFCTL_TEST(0065, "Antispoof with labels")
|
|
PFCTL_TEST(0067, "Tags")
|
|
PFCTL_TEST(0069, "Tags")
|
|
PFCTL_TEST(0070, "Tags")
|
|
PFCTL_TEST(0071, "Tags")
|
|
PFCTL_TEST(0072, "Tags")
|
|
PFCTL_TEST(0074, "Synproxy")
|
|
PFCTL_TEST(0075, "Block quick with tags")
|
|
PFCTL_TEST(0077, "Dynaddr with netmask")
|
|
PFCTL_TEST(0078, "Table with label")
|
|
PFCTL_TEST(0079, "No-route with label")
|
|
PFCTL_TEST(0081, "Address list and table list with no-route")
|
|
PFCTL_TEST(0082, "Pass with interface, table and no-route")
|
|
PFCTL_TEST(0084, "Source track")
|
|
PFCTL_TEST(0085, "Tag macro expansion")
|
|
PFCTL_TEST(0087, "Optimization rule reordering")
|
|
PFCTL_TEST(0088, "Optimization duplicate rules handling")
|
|
PFCTL_TEST(0089, "TCP connection tracking")
|
|
PFCTL_TEST(0090, "Log opts")
|
|
PFCTL_TEST(0091, "Nested anchors")
|
|
PFCTL_TEST(0092, "Comments")
|
|
PFCTL_TEST(0094, "Address ranges")
|
|
PFCTL_TEST(0095, "Include")
|
|
PFCTL_TEST(0096, "Variables")
|
|
PFCTL_TEST(0097, "Divert-to")
|
|
PFCTL_TEST(0098, "Pass")
|
|
PFCTL_TEST(0100, "Anchor with multiple path components")
|
|
PFCTL_TEST(0101, "Prio")
|
|
PFCTL_TEST(0102, "Address lists with mixed address family")
|
|
PFCTL_TEST(0104, "Divert-to with localhost")
|
|
PFCTL_TEST(1001, "Binat")
|
|
PFCTL_TEST(1002, "Set timeout interval")
|
|
PFCTL_TEST(1003, "ALTQ")
|
|
PFCTL_TEST(1004, "ALTQ with Codel")
|
|
PFCTL_TEST(1005, "PR 231323")
|