Index: stable/12/tests/sys/netpfil/pf/set_skip.sh =================================================================== --- stable/12/tests/sys/netpfil/pf/set_skip.sh (revision 343229) +++ stable/12/tests/sys/netpfil/pf/set_skip.sh (revision 343230) @@ -1,36 +1,67 @@ # $FreeBSD$ . $(atf_get_srcdir)/utils.subr atf_test_case "set_skip_group" "cleanup" set_skip_group_head() { atf_set descr 'Basic set skip test' atf_set require.user root } set_skip_group_body() { # See PR 229241 pft_init pft_mkjail alcatraz jexec alcatraz ifconfig lo0 127.0.0.1/8 up jexec alcatraz ifconfig lo0 group foo jexec alcatraz pfctl -e pft_set_rules alcatraz "set skip on foo" \ "block in proto icmp" jexec alcatraz ifconfig atf_check -s exit:0 -o ignore jexec alcatraz ping -c 1 127.0.0.1 } set_skip_group_cleanup() { pft_cleanup } +atf_test_case "set_skip_group_lo" "cleanup" +set_skip_group_lo_head() +{ + atf_set descr 'Basic set skip test, lo' + atf_set require.user root +} + +set_skip_group_lo_body() +{ + # See PR 229241 + pft_init + + pft_mkjail alcatraz + jexec alcatraz ifconfig lo0 127.0.0.1/8 up + jexec alcatraz pfctl -e + pft_set_rules alcatraz "set skip on lo" \ + "block on lo0" + + atf_check -s exit:0 -o ignore jexec alcatraz ping -c 1 127.0.0.1 + pft_set_rules noflush alcatraz "set skip on lo" \ + "block on lo0" + atf_check -s exit:0 -o ignore jexec alcatraz ping -c 1 127.0.0.1 + jexec alcatraz pfctl -s rules +} + +set_skip_group_lo_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "set_skip_group" + atf_add_test_case "set_skip_group_lo" } Index: stable/12/tests/sys/netpfil/pf/utils.subr =================================================================== --- stable/12/tests/sys/netpfil/pf/utils.subr (revision 343229) +++ stable/12/tests/sys/netpfil/pf/utils.subr (revision 343230) @@ -1,83 +1,89 @@ # $FreeBSD$ # Utility functions ## pft_init() { if [ ! -c /dev/pf ]; then atf_skip "This test requires pf" fi if [ "`sysctl -i -n kern.features.vimage`" != 1 ]; then atf_skip "This test requires VIMAGE" fi } pfsynct_init() { pft_init if ! kldstat -q -m pfsync; then atf_skip "This test requires pfsync" fi } pft_mkepair() { ifname=$(ifconfig epair create) echo $ifname >> created_interfaces.lst echo ${ifname%a} } pft_mkjail() { jailname=$1 shift vnet_interfaces= for ifname in $@ do vnet_interfaces="${vnet_interfaces} vnet.interface=${ifname}" done jail -c name=${jailname} persist vnet ${vnet_interfaces} echo $jailname >> created_jails.lst } pft_set_rules() { jname=$1 shift - # Flush all states, rules, fragments, ... - jexec ${jname} pfctl -F all + if [ $jname == "noflush" ]; + then + jname=$1 + shift + else + # Flush all states, rules, fragments, ... + jexec ${jname} pfctl -F all + fi while [ $# -gt 0 ]; do printf "$1\n" shift done | jexec ${jname} pfctl -f - } pft_cleanup() { if [ -f created_jails.lst ]; then for jailname in `cat created_jails.lst` do jail -r ${jailname} done rm created_jails.lst fi if [ -f created_interfaces.lst ]; then for ifname in `cat created_interfaces.lst` do ifconfig ${ifname} destroy done rm created_interfaces.lst fi } pfsynct_cleanup() { pft_cleanup } Index: stable/12 =================================================================== --- stable/12 (revision 343229) +++ stable/12 (revision 343230) Property changes on: stable/12 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r342990