git: dc7eb96ba945 - stable/15 - pf tests: verify blocked count on log interface

Thu, 19 Feb 2026 08:00:59 -0800 

The branch stable/15 has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=dc7eb96ba94580548937632d3a035574fc4feedf

commit dc7eb96ba94580548937632d3a035574fc4feedf
Author:     Kristof Provost <[email protected]>
AuthorDate: 2026-02-12 13:06:34 +0000
Commit:     Kristof Provost <[email protected]>
CommitDate: 2026-02-19 16:00:19 +0000

    pf tests: verify blocked count on log interface
    
    Also check the IPv6 pass/block numbers.
    
    PR:             291763
    MFC after:      1 week
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    
    (cherry picked from commit d03b6bb766f8c816547f9c39e05af8238242251e)
---
 tests/sys/netpfil/pf/loginterface.sh | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/tests/sys/netpfil/pf/loginterface.sh 
b/tests/sys/netpfil/pf/loginterface.sh
index 6decb69fe63d..c192d8e4e4a4 100644
--- a/tests/sys/netpfil/pf/loginterface.sh
+++ b/tests/sys/netpfil/pf/loginterface.sh
@@ -41,9 +41,11 @@ basic_body()
        epair=$(vnet_mkepair)
 
        ifconfig ${epair}a 192.0.2.2/24 up
+       ifconfig ${epair}a inet6 2001:db8::2/64 no_dad
 
        vnet_mkjail alcatraz ${epair}b
        jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up
+       jexec alcatraz ifconfig ${epair}b inet6 2001:db8::1/64 no_dad
 
        # Sanity check
        atf_check -s exit:0 -o ignore ping -c 1 192.0.2.1
@@ -63,10 +65,11 @@ basic_body()
 
        # And after we've sent traffic there's non-zero counters
        atf_check -s exit:0 -o ignore ping -c 1 192.0.2.1
+       atf_check -s exit:0 -o ignore ping -c 1 2001:db8::1
 
        atf_check -o match:"Interface Stats for ${epair}b" \
                jexec alcatraz pfctl -s info
-       atf_check -o match:"Passed                               1" \
+       atf_check -o match:"Passed                               1              
  [1-9]" \
                jexec alcatraz pfctl -s info
 
        # And no interface stats once we remove the loginterface
@@ -74,6 +77,15 @@ basic_body()
                "pass"
        atf_check -o not-match:"Interface Stats for ${epair}b" \
                jexec alcatraz pfctl -s info
+
+       # Check blocked count
+       pft_set_rules alcatraz \
+               "set loginterface ${epair}b" \
+               "block"
+       atf_check -s exit:2 -o ignore ping -c 1 2001:db8::1
+       atf_check -s exit:2 -o ignore ping -c 1 192.0.2.1
+       atf_check -o match:"Blocked                              1              
  [1-9]" \
+               jexec alcatraz pfctl -s info
 }
 
 basic_cleanup()

Reply via email to