D46311.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D46311.diff
View Options

	diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
	--- a/sbin/pfctl/pfctl.c
	+++ b/sbin/pfctl/pfctl.c
	@@ -394,8 +394,6 @@
	continue;

	for (n = h; n != NULL; n = n->next) {
	- if (p->pfik_ifp == NULL)
	- continue;
	if (strncmp(p->pfik_name, ifname, IFNAMSIZ))
	continue;

	@@ -422,9 +420,6 @@

	for (n = h; n != NULL; n = n->next)
	PFRB_FOREACH(pp, &skip_b) {
	- if (pp->pfik_ifp == NULL)
	- continue;
	-
	if (strncmp(pp->pfik_name, n->ifname, IFNAMSIZ))
	continue;

	@@ -437,7 +432,7 @@
	}

	PFRB_FOREACH(p, &skip_b) {
	- if (p->pfik_ifp == NULL \|\| ! (p->pfik_flags & PFI_IFLAG_SKIP))
	+ if (! (p->pfik_flags & PFI_IFLAG_SKIP))
	continue;

	pfctl_set_interface_flags(pf, p->pfik_name, PFI_IFLAG_SKIP, 0);
	diff --git a/tests/sys/netpfil/pf/set_skip.sh b/tests/sys/netpfil/pf/set_skip.sh
	--- a/tests/sys/netpfil/pf/set_skip.sh
	+++ b/tests/sys/netpfil/pf/set_skip.sh
	@@ -26,6 +26,50 @@

	. $(atf_get_srcdir)/utils.subr

	+atf_test_case "unset" "cleanup"
	+unset_head()
	+{
	+ atf_set descr 'Unset set skip test'
	+ atf_set require.user root
	+}
	+
	+unset_body()
	+{
	+ pft_init
	+
	+ vnet_mkjail alcatraz
	+ jexec alcatraz ifconfig lo0 127.0.0.1/8 up
	+ jexec alcatraz pfctl -e
	+ pft_set_rules alcatraz "set skip on lo0" \
	+ "block in proto icmp"
	+
	+ echo "set skip"
	+ jexec alcatraz pfctl -v -sI
	+
	+ jexec alcatraz ifconfig
	+ atf_check -s exit:0 -o ignore jexec alcatraz ping -c 1 127.0.0.1
	+
	+ # Unset the skip on the group
	+ pft_set_rules noflush alcatraz \
	+ "block in proto icmp"
	+
	+ echo "No setskip"
	+ jexec alcatraz pfctl -v -sI
	+
	+ # Do flush states
	+ jexec alcatraz pfctl -Fs
	+
	+ # And now our ping is blocked
	+ atf_check -s exit:2 -o ignore jexec alcatraz ping -c 1 127.0.0.1
	+
	+ jexec alcatraz pfctl -v -sI
	+}
	+
	+unset_cleanup()
	+{
	+ pft_cleanup
	+}
	+
	atf_test_case "set_skip_group" "cleanup"
	set_skip_group_head()
	{
	@@ -45,8 +89,24 @@
	pft_set_rules alcatraz "set skip on foo" \
	"block in proto icmp"

	+ echo "set skip"
	+ jexec alcatraz pfctl -v -sI
	+
	jexec alcatraz ifconfig
	atf_check -s exit:0 -o ignore jexec alcatraz ping -c 1 127.0.0.1
	+
	+ # Unset the skip on the group
	+ pft_set_rules noflush alcatraz \
	+ "block in proto icmp"
	+
	+ # Do flush states
	+ jexec alcatraz pfctl -Fs
	+
	+ # And now our ping is blocked
	+ atf_check -s exit:2 -o ignore jexec alcatraz ping -c 1 127.0.0.1
	+
	+ echo "No setskip"
	+ jexec alcatraz pfctl -v -sI
	}

	set_skip_group_cleanup()
	@@ -163,6 +223,7 @@

	atf_init_test_cases()
	{
	+ atf_add_test_case "unset"
	atf_add_test_case "set_skip_group"
	atf_add_test_case "set_skip_group_lo"
	atf_add_test_case "set_skip_dynamic"

File Metadata

Mime Type: text/plain
Expires: Thu, Mar 12, 12:38 PM (11 h, 53 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 29582624
Default Alt Text: D46311.diff (2 KB)

D46311.diffNo OneTemporaryActions

D46311.diffView Options

File Metadata

Event Timeline

D46311.diff
No OneTemporary
Actions

D46311.diff
View Options