git: 23c17bd60904 - main - pf tests: verify max-pkt-rate on anchors

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Mon, 30 Jun 2025 09:54:32 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=23c17bd60904a4a6e02e935e11bc19301b41638d

commit 23c17bd60904a4a6e02e935e11bc19301b41638d
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-06-25 15:02:01 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-06-30 07:53:25 +0000

    pf tests: verify max-pkt-rate on anchors
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 tests/sys/netpfil/pf/max_pkt_rate.sh | 65 ++++++++++++++++++++++++++++--------
 1 file changed, 52 insertions(+), 13 deletions(-)

diff --git a/tests/sys/netpfil/pf/max_pkt_rate.sh b/tests/sys/netpfil/pf/max_pkt_rate.sh
index d1e92a64de1d..bdd140eb60dd 100644
--- a/tests/sys/netpfil/pf/max_pkt_rate.sh
+++ b/tests/sys/netpfil/pf/max_pkt_rate.sh
@@ -26,17 +26,8 @@
 
 . $(atf_get_srcdir)/utils.subr
 
-atf_test_case "basic" "cleanup"
-basic_head()
+common_setup()
 {
-	atf_set descr 'Basic maximum packet rate test'
-	atf_set require.user root
-}
-
-basic_body()
-{
-	pft_init
-
 	epair=$(vnet_mkepair)
 
 	ifconfig ${epair}a inet 192.0.2.2/24 up
@@ -49,10 +40,10 @@ basic_body()
 	    ping -c 1 192.0.2.1
 
 	jexec alcatraz pfctl -e
-	pft_set_rules alcatraz \
-	    "block" \
-	    "pass in proto icmp max-pkt-rate 2/2"
+}
 
+common_test()
+{
 	# One ping will pass
 	atf_check -s exit:0 -o ignore \
 	    ping -c 1 192.0.2.1
@@ -71,12 +62,60 @@ basic_body()
 	    ping -c 1 192.0.2.1
 }
 
+atf_test_case "basic" "cleanup"
+basic_head()
+{
+	atf_set descr 'Basic maximum packet rate test'
+	atf_set require.user root
+}
+
+basic_body()
+{
+	pft_init
+
+	common_setup
+
+	pft_set_rules alcatraz \
+	    "block" \
+	    "pass in proto icmp max-pkt-rate 2/2"
+
+	common_test
+}
+
 basic_cleanup()
 {
 	pft_cleanup
 }
 
+atf_test_case "anchor" "cleanup"
+anchor_head()
+{
+	atf_set descr 'maximum packet rate on anchor'
+	atf_set require.user root
+}
+
+anchor_body()
+{
+	pft_init
+
+	common_setup
+
+	pft_set_rules alcatraz \
+	    "block" \
+	    "anchor \"foo\" proto icmp max-pkt-rate 2/2 {\n \
+	    	pass \n \
+	    }"
+
+	common_test
+}
+
+anchor_cleanup()
+{
+	pft_cleanup
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case "basic"
+	atf_add_test_case "anchor"
 }