From 9c44b8297cd8a92875e1110ae477a0bc3a624641 Mon Sep 17 00:00:00 2001
From: Alexander Bluhm <alexander.bluhm@gmx.net>
Date: Fri, 3 Nov 2023 15:39:07 +0100
Subject: [PATCH] Test IP address in config file.

Write constant IP addresses into pfresolved config.
Wait until pfresolved creates table regress-pfresolved.
Read IP addresses from pf table with pfctl.
Check that output IP is the same as input IP.
---
 regress/Pfctl.pm      | 61 +++++++++++++++++++++++++++++++++++++++++++
 regress/Pfresolved.pm |  2 ++
 regress/Proc.pm       |  1 -
 regress/args-ip.pl    | 21 +++++++++++++++
 regress/funcs.pl      | 10 +++----
 regress/pfresolved.pl | 12 +++++++--
 6 files changed, 99 insertions(+), 8 deletions(-)
 create mode 100644 regress/Pfctl.pm
 create mode 100644 regress/args-ip.pl

diff --git a/regress/Pfctl.pm b/regress/Pfctl.pm
new file mode 100644
index 0000000..2b901ec
--- /dev/null
+++ b/regress/Pfctl.pm
@@ -0,0 +1,61 @@
+#       $OpenBSD$
+
+# Copyright (c) 2023 Alexander Bluhm <bluhm@openbsd.org>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+use strict;
+use warnings;
+
+package Pfctl;
+use parent 'Proc';
+use Carp;
+
+sub new {
+	my $class = shift;
+	my %args = @_;
+	$args{func} ||= \&func;
+	$args{logfile} ||= "pfctl.log";
+	$args{up} ||= "Table";
+
+	my $self = Proc::new($class, %args);
+	return $self;
+}
+
+sub child {
+	my $self = shift;
+	my $timeout = $self->{timeout} || 5;
+	my $updates = $self->{updates};
+	my $pfresolved = $self->{pfresolved};
+
+	my $table = "updating addresses for pf table";
+	my $tomsg = $timeout ? " after $timeout seconds" : "";
+	my $upmsg = $updates ? " for $updates times" : "";
+	$pfresolved->loggrep($table, $timeout, $updates)
+	    or die ref($self), " no '$table' in $pfresolved->{logfile}",
+		$tomsg, $upmsg;
+
+	open(STDOUT, '>&', \*STDERR)
+	    or die ref($self), " dup STDOUT failed: $!";
+}
+
+sub func {
+	my $self = shift;
+	my @sudo = $ENV{SUDO} ? $ENV{SUDO} : ();
+
+	my @cmd = (@sudo, qw(pfctl -t regress-pfresolved -T show));
+	system(@cmd)
+	    and die die ref($self), " command '@cmd' failed: $?";
+}
+
+1;
diff --git a/regress/Pfresolved.pm b/regress/Pfresolved.pm
index fc2d56c..6d29a3b 100644
--- a/regress/Pfresolved.pm
+++ b/regress/Pfresolved.pm
@@ -43,6 +43,8 @@ sub new {
 	    " config file '$self->{conffile}' create failed: $!";
 	print $fh "# test $test\n";
 	print $fh "regress-pfresolved {\n";
+	print $fh "\t", join(",", @{$self->{address_list}}), "\n"
+	    if $self->{address_list};
 	print $fh  "\n}\n";
 
 	return $self;
diff --git a/regress/Proc.pm b/regress/Proc.pm
index 4aaaea3..eb936cd 100644
--- a/regress/Proc.pm
+++ b/regress/Proc.pm
@@ -108,7 +108,6 @@ sub run {
 	do {
 		$self->child();
 		print STDERR $self->{up}, "\n";
-		$self->{begin} = time();
 		$self->{func}->($self);
 	} while ($self->{redo});
 	print STDERR "Shutdown", "\n";
diff --git a/regress/args-ip.pl b/regress/args-ip.pl
new file mode 100644
index 0000000..670c7db
--- /dev/null
+++ b/regress/args-ip.pl
@@ -0,0 +1,21 @@
+# Write constant IP addresses into pfresolved config.
+# Wait until pfresolved creates table regress-pfresolved.
+# Read IP addresses from pf table with pfctl.
+# Check that output IP is the same as input IP.
+
+use strict;
+use warnings;
+
+our %args = (
+    pfresolved => {
+	address_list => [qw(192.0.2.1 2001:DB8::1)],  # documentation IPs
+    },
+    pfctl => {
+	loggrep => {
+	    qr/^   192.0.2.1$/ => 1,
+	    qr/^   2001:db8::1$/ => 1,
+	},
+    },
+);
+
+1;
diff --git a/regress/funcs.pl b/regress/funcs.pl
index 6d54fa3..2e2ed15 100644
--- a/regress/funcs.pl
+++ b/regress/funcs.pl
@@ -18,18 +18,18 @@
 use warnings;
 
 sub check_logs {
-	my ($n, $d, $p, %args) = @_;
+	my ($n, $d, $s, %args) = @_;
 
 	return if $args{nocheck};
 
-	check_loggrep($n, $d, $p, %args);
+	check_loggrep($n, $d, $s, %args);
 }
 
 sub check_loggrep {
-	my ($n, $d, $p, %args) = @_;
+	my ($n, $d, $s, %args) = @_;
 
-	my %name2proc = (nsd => $n, pfresolved => $d, pf => $p);
-	foreach my $name (qw(pfresolved)) {
+	my %name2proc = (nsd => $n, pfresolved => $d, pfctl => $s);
+	foreach my $name (qw(pfresolved pfctl)) {
 		my $p = $name2proc{$name} or next;
 		my $pattern = $args{$name}{loggrep} or next;
 		$pattern = [ $pattern ] unless ref($pattern) eq 'ARRAY';
diff --git a/regress/pfresolved.pl b/regress/pfresolved.pl
index 887ef99..e8fdc1f 100644
--- a/regress/pfresolved.pl
+++ b/regress/pfresolved.pl
@@ -19,6 +19,7 @@
 use warnings;
 
 use Pfresolved;
+use Pfctl;
 require 'funcs.pl';
 
 sub usage {
@@ -36,13 +37,20 @@ sub usage {
 
 my $d = Pfresolved->new(
     %{$args{pfresolved}},
-    testfile            => $testfile,
+    testfile		=> $testfile,
+);
+my $s = Pfctl->new(
+    %{$args{pfctl}},
+    pfresolved		=> $d,
 );
 
 $d->run;
 $d->up;
 
+$s->run;
+$s->up;
+
 $d->kill_child;
 $d->down;
 
-check_logs(undef, $d, undef, %args);
+check_logs(undef, $d, $s, %args);