From 6581afbb3335a620ba5f219011ccc898ea2a32ba Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Tue, 27 Jul 2021 15:31:00 +0200 Subject: [PATCH] pf tests: make killstate:match more robust Only lists the states relevant to the connection we're killing. Sometimes there are IPv6 related states (due to the usual IPv6 background traffic of router solicitations, DAD, ...) that causes us to think we failed to kill the state, which in turn caused the test to fail intermittently. MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 4e860bd5da1423aac9aed0541c484ebf9c1d1621) --- tests/sys/netpfil/pf/killstate.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/sys/netpfil/pf/killstate.sh b/tests/sys/netpfil/pf/killstate.sh index 2b77ea189294..adf229945911 100644 --- a/tests/sys/netpfil/pf/killstate.sh +++ b/tests/sys/netpfil/pf/killstate.sh @@ -354,7 +354,7 @@ match_body() wait_for_state alcatraz 192.0.2.1 # Expect two states - states=$(jexec alcatraz pfctl -s s | wc -l) + states=$(jexec alcatraz pfctl -s s | grep 192.0.2.1 | wc -l) if [ $states -ne 2 ] ; then atf_fail "Expected two states, found $states" @@ -362,7 +362,7 @@ match_body() # If we don't kill the matching NAT state one should be left jexec alcatraz pfctl -k 192.0.2.1 - states=$(jexec alcatraz pfctl -s s | wc -l) + states=$(jexec alcatraz pfctl -s s | grep 192.0.2.1 | wc -l) if [ $states -ne 1 ] ; then atf_fail "Expected one states, found $states" @@ -376,7 +376,7 @@ match_body() # Kill matching states, expect all of them to be gone jexec alcatraz pfctl -M -k 192.0.2.1 - states=$(jexec alcatraz pfctl -s s | wc -l) + states=$(jexec alcatraz pfctl -s s | grep 192.0.2.1 | wc -l) if [ $states -ne 0 ] ; then atf_fail "Expected zero states, found $states"