git: 95d1b98db164 - main - pf tests: verify the new reset functionality

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Mon, 07 Jul 2025 15:08:02 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=95d1b98db164f1e99622b2425cf39d96ddab44bc

commit 95d1b98db164f1e99622b2425cf39d96ddab44bc
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-07-02 15:00:16 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-07-07 15:06:51 +0000

    pf tests: verify the new reset functionality
    
    We can now reset state limit, debug level and others.
    Verify reset for at least some of these.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 tests/sys/netpfil/pf/debug.sh | 50 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/tests/sys/netpfil/pf/debug.sh b/tests/sys/netpfil/pf/debug.sh
index 18a7febfbb5b..404d37ab8932 100644
--- a/tests/sys/netpfil/pf/debug.sh
+++ b/tests/sys/netpfil/pf/debug.sh
@@ -50,7 +50,57 @@ basic_cleanup()
 	pft_cleanup
 }
 
+atf_test_case "reset" "cleanup"
+reset_head()
+{
+	atf_set descr 'Test resetting debug level'
+	atf_set require.user root
+}
+
+reset_body()
+{
+	pft_init
+
+	vnet_mkjail debug
+
+	# Default is Urgent
+	atf_check -s exit:0 -o match:'Debug: Urgent' \
+	    jexec debug pfctl -sa
+	state_limit=$(jexec debug pfctl -sa | grep 'states.*hard limit' | awk '{ print $4; }')
+
+	# Change defaults
+	pft_set_rules debug \
+	    "set limit states 42"
+	atf_check -s exit:0 -e ignore \
+	    jexec debug pfctl -x loud
+
+	atf_check -s exit:0 -o match:'Debug: Loud' \
+	    jexec debug pfctl -sa
+	new_state_limit=$(jexec debug pfctl -sa | grep 'states.*hard limit' | awk '{ print $4; }')
+	if [ $state_limit -eq $new_state_limit ]; then
+		jexec debug pfctl -sa
+		atf_fail "Failed to change state limit"
+	fi
+
+	# Reset
+	atf_check -s exit:0 -o ignore -e ignore \
+	    jexec debug pfctl -FR
+	atf_check -s exit:0 -o match:'Debug: Urgent' \
+	    jexec debug pfctl -sa
+	new_state_limit=$(jexec debug pfctl -sa | grep 'states.*hard limit' | awk '{ print $4; }')
+	if [ $state_limit -ne $new_state_limit ]; then
+		jexec debug pfctl -sa
+		atf_fail "Failed to reset state limit"
+	fi
+}
+
+reset_cleanup()
+{
+	pft_cleanup
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case "basic"
+	atf_add_test_case "reset"
 }