git: dc7eb96ba945 - stable/15 - pf tests: verify blocked count on log interface

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Thu, 19 Feb 2026 16:00:45 UTC
The branch stable/15 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=dc7eb96ba94580548937632d3a035574fc4feedf

commit dc7eb96ba94580548937632d3a035574fc4feedf
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2026-02-12 13:06:34 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2026-02-19 16:00:19 +0000

    pf tests: verify blocked count on log interface
    
    Also check the IPv6 pass/block numbers.
    
    PR:             291763
    MFC after:      1 week
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    
    (cherry picked from commit d03b6bb766f8c816547f9c39e05af8238242251e)
---
 tests/sys/netpfil/pf/loginterface.sh | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/tests/sys/netpfil/pf/loginterface.sh b/tests/sys/netpfil/pf/loginterface.sh
index 6decb69fe63d..c192d8e4e4a4 100644
--- a/tests/sys/netpfil/pf/loginterface.sh
+++ b/tests/sys/netpfil/pf/loginterface.sh
@@ -41,9 +41,11 @@ basic_body()
 	epair=$(vnet_mkepair)
 
 	ifconfig ${epair}a 192.0.2.2/24 up
+	ifconfig ${epair}a inet6 2001:db8::2/64 no_dad
 
 	vnet_mkjail alcatraz ${epair}b
 	jexec alcatraz ifconfig ${epair}b 192.0.2.1/24 up
+	jexec alcatraz ifconfig ${epair}b inet6 2001:db8::1/64 no_dad
 
 	# Sanity check
 	atf_check -s exit:0 -o ignore ping -c 1 192.0.2.1
@@ -63,10 +65,11 @@ basic_body()
 
 	# And after we've sent traffic there's non-zero counters
 	atf_check -s exit:0 -o ignore ping -c 1 192.0.2.1
+	atf_check -s exit:0 -o ignore ping -c 1 2001:db8::1
 
 	atf_check -o match:"Interface Stats for ${epair}b" \
 		jexec alcatraz pfctl -s info
-	atf_check -o match:"Passed                               1" \
+	atf_check -o match:"Passed                               1                [1-9]" \
 		jexec alcatraz pfctl -s info
 
 	# And no interface stats once we remove the loginterface
@@ -74,6 +77,15 @@ basic_body()
 		"pass"
 	atf_check -o not-match:"Interface Stats for ${epair}b" \
 		jexec alcatraz pfctl -s info
+
+	# Check blocked count
+	pft_set_rules alcatraz \
+		"set loginterface ${epair}b" \
+		"block"
+	atf_check -s exit:2 -o ignore ping -c 1 2001:db8::1
+	atf_check -s exit:2 -o ignore ping -c 1 192.0.2.1
+	atf_check -o match:"Blocked                              1                [1-9]" \
+		jexec alcatraz pfctl -s info
 }
 
 basic_cleanup()