pf tests: make killstate:match more robust

Only lists the states relevant to the connection we're killing.
Sometimes there are IPv6 related states (due to the usual IPv6
background traffic of router solicitations, DAD, ...) that causes us to
think we failed to kill the state, which in turn caused the test to fail
intermittently.

MFC after:	3 days
Sponsored by:	Rubicon Communications, LLC ("Netgate")

(cherry picked from commit 4e860bd5da)
This commit is contained in:
Kristof Provost 2021-07-27 15:31:00 +02:00
parent e1d7668f87
commit 6581afbb33

View File

@ -354,7 +354,7 @@ match_body()
wait_for_state alcatraz 192.0.2.1 wait_for_state alcatraz 192.0.2.1
# Expect two states # Expect two states
states=$(jexec alcatraz pfctl -s s | wc -l) states=$(jexec alcatraz pfctl -s s | grep 192.0.2.1 | wc -l)
if [ $states -ne 2 ] ; if [ $states -ne 2 ] ;
then then
atf_fail "Expected two states, found $states" atf_fail "Expected two states, found $states"
@ -362,7 +362,7 @@ match_body()
# If we don't kill the matching NAT state one should be left # If we don't kill the matching NAT state one should be left
jexec alcatraz pfctl -k 192.0.2.1 jexec alcatraz pfctl -k 192.0.2.1
states=$(jexec alcatraz pfctl -s s | wc -l) states=$(jexec alcatraz pfctl -s s | grep 192.0.2.1 | wc -l)
if [ $states -ne 1 ] ; if [ $states -ne 1 ] ;
then then
atf_fail "Expected one states, found $states" atf_fail "Expected one states, found $states"
@ -376,7 +376,7 @@ match_body()
# Kill matching states, expect all of them to be gone # Kill matching states, expect all of them to be gone
jexec alcatraz pfctl -M -k 192.0.2.1 jexec alcatraz pfctl -M -k 192.0.2.1
states=$(jexec alcatraz pfctl -s s | wc -l) states=$(jexec alcatraz pfctl -s s | grep 192.0.2.1 | wc -l)
if [ $states -ne 0 ] ; if [ $states -ne 0 ] ;
then then
atf_fail "Expected zero states, found $states" atf_fail "Expected zero states, found $states"