Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 12 Feb 2025 09:38:47 GMT
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 6c795ce1df47 - main - pf tests: verify that a nested anchor does not clear the quick flag
Message-ID:  <202502120938.51C9clg0037501@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=6c795ce1df47e5fe9030c6c68abc38b48ff1769b

commit 6c795ce1df47e5fe9030c6c68abc38b48ff1769b
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-02-05 15:34:54 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-02-12 08:29:09 +0000

    pf tests: verify that a nested anchor does not clear the quick flag
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 tests/sys/netpfil/pf/anchor.sh | 46 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/tests/sys/netpfil/pf/anchor.sh b/tests/sys/netpfil/pf/anchor.sh
index 847f8d4f6dab..40e8354a2343 100644
--- a/tests/sys/netpfil/pf/anchor.sh
+++ b/tests/sys/netpfil/pf/anchor.sh
@@ -233,6 +233,51 @@ quick_cleanup()
 	pft_cleanup
 }
 
+atf_test_case "quick_nested" "cleanup"
+quick_nested_head()
+{
+	atf_set descr 'Verify that a nested anchor does not clear quick'
+	atf_set require.user root
+}
+
+quick_nested_body()
+{
+	pft_init
+
+	epair=$(vnet_mkepair)
+	vnet_mkjail alcatraz ${epair}a
+
+	ifconfig ${epair}b 192.0.2.2/24 up
+	jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up
+
+	# Sanity check
+	atf_check -s exit:0 -o ignore ping -c 1 192.0.2.1
+
+	jexec alcatraz pfctl -e
+	pft_set_rules alcatraz \
+	    "anchor quick {\n\
+	        pass\n\
+	        anchor {\n\
+	            block proto tcp\n\
+	        }\n\
+	    }" \
+	    "block"
+	ping -c 1 192.0.2.1
+
+	jexec alcatraz pfctl -sr -v
+	jexec alcatraz pfctl -ss -v
+
+	# We can still ping because the anchor is 'quick'
+	atf_check -s exit:0 -o ignore ping -c 1 192.0.2.1
+	jexec alcatraz pfctl -sr -v
+	jexec alcatraz pfctl -ss -v
+}
+
+quick_nested_cleanup()
+{
+	pft_cleanup
+}
+
 atf_test_case "counter" "cleanup"
 counter_head()
 {
@@ -279,5 +324,6 @@ atf_init_test_cases()
 	atf_add_test_case "wildcard"
 	atf_add_test_case "nested_label"
 	atf_add_test_case "quick"
+	atf_add_test_case "quick_nested"
 	atf_add_test_case "counter"
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202502120938.51C9clg0037501>