aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorKristof Provost <kp@FreeBSD.org>2020-10-12 12:41:10 +0000
committerKristof Provost <kp@FreeBSD.org>2020-10-12 12:41:10 +0000
commite6f9af16bc09b3d2789f473073a66870657e9e96 (patch)
treed2a3cb855dfdf2ceeb5b476ffcd4506c634baa8c /tests
parentc9449e4fb81d7f6c89d760b3b16fee4873174b17 (diff)
downloadsrc-e6f9af16bc09b3d2789f473073a66870657e9e96.tar.gz
src-e6f9af16bc09b3d2789f473073a66870657e9e96.zip
pf tests: Test that 'set skip on <group>' works on new group members
There's a know issue where new group members don't get the 'set skip on' applied until the rules are re-loaded. Do this by setting rules that block all traffic, but skip members of the 'epair' group. If we can communicate over the epair interface we know the set skip rule took effect, even if the rule was set before the interface was created. MFC after: 2 weeks
Notes
Notes: svn path=/head/; revision=366648
Diffstat (limited to 'tests')
-rw-r--r--tests/sys/netpfil/pf/set_skip.sh33
1 files changed, 33 insertions, 0 deletions
diff --git a/tests/sys/netpfil/pf/set_skip.sh b/tests/sys/netpfil/pf/set_skip.sh
index 013c34241667..95c6b6f77825 100644
--- a/tests/sys/netpfil/pf/set_skip.sh
+++ b/tests/sys/netpfil/pf/set_skip.sh
@@ -85,8 +85,41 @@ set_skip_group_lo_cleanup()
pft_cleanup
}
+atf_test_case "set_skip_dynamic" "cleanup"
+set_skip_dynamic_head()
+{
+ atf_set descr "Cope with group changes"
+ atf_set require.user root
+}
+
+set_skip_dynamic_body()
+{
+ pft_init
+
+ set -x
+
+ vnet_mkjail alcatraz
+ jexec alcatraz pfctl -e
+ pft_set_rules alcatraz "set skip on epair" \
+ "block"
+
+ epair=$(vnet_mkepair)
+ ifconfig ${epair}a 192.0.2.2/24 up
+ ifconfig ${epair}b vnet alcatraz
+
+ jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up
+
+ atf_check -s exit:0 -o ignore jexec alcatraz ping -c 1 192.0.2.2
+}
+
+set_skip_dynamic_cleanup()
+{
+ pft_cleanup
+}
+
atf_init_test_cases()
{
atf_add_test_case "set_skip_group"
atf_add_test_case "set_skip_group_lo"
+ atf_add_test_case "set_skip_dynamic"
}