The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=90ef7a0b232ef36b67b9b1eadde50cad9192c07f
commit 90ef7a0b232ef36b67b9b1eadde50cad9192c07f
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-02-10 13:33:31 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-02-13 12:38:43 +0000
pf tests: test 'quick' for match rules
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
tests/sys/netpfil/pf/match.sh | 46 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 46 insertions(+)
diff --git a/tests/sys/netpfil/pf/match.sh b/tests/sys/netpfil/pf/match.sh
index bb088c5bf47c..93b908e62f2d 100644
--- a/tests/sys/netpfil/pf/match.sh
+++ b/tests/sys/netpfil/pf/match.sh
@@ -67,7 +67,53 @@ dummynet_cleanup()
pft_cleanup
}
+atf_test_case "quick" "cleanup"
+quick_head()
+{
+ atf_set descr 'Test quick on match rules'
+ atf_set require.user root
+}
+
+quick_body()
+{
+ pft_init
+
+ epair=$(vnet_mkepair)
+ vnet_mkjail alcatraz ${epair}b
+
+ ifconfig ${epair}a 192.0.2.1/24 up
+ jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up
+
+ # Sanity check
+ atf_check -s exit:0 -o ignore \
+ ping -c 1 192.0.2.2
+
+ jexec alcatraz pfctl -e
+ pft_set_rules alcatraz \
+ "pass" \
+ "match in quick proto icmp" \
+ "block"
+
+ # 'match quick' should retain the previous pass/block state
+ atf_check -s exit:0 -o ignore \
+ ping -c 1 192.0.2.2
+
+ pft_set_rules alcatraz \
+ "block" \
+ "match in quick proto icmp" \
+ "pass"
+
+ atf_check -s exit:2 -o ignore \
+ ping -c 1 192.0.2.2
+}
+
+quick_cleanup()
+{
+ pft_cleanup
+}
+
atf_init_test_cases()
{
atf_add_test_case "dummynet"
+ atf_add_test_case "quick"
}
