[Bug 291548] Multiple failing 'sys/netpfil/common' testcases in CI

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 291548] Multiple failing 'sys/netpfil/common' testcases in CI"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 15 Dec 2025 14:22:18 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291548

Siva Mahadevan <me@svmhdvn.name> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |me@svmhdvn.name

--- Comment #3 from Siva Mahadevan <me@svmhdvn.name> ---
Created attachment 266211
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=266211&action=edit
kyua test report

The patch doesn't immediately fix the test cases upon running it the first
time. I'm only able to get a pass when I boot bhyve with
net.inet.ipf.jail_allowed=1 in /etc/sysctl.conf, rather than inline with the
testcases like in the patch. In the example testcase 'pass_block:ipf_v4', the
failing line is here:


v4_body()
{   
        [...]

        # Block All
        firewall_config "iron" ${firewall} \
                "pf" \
                        "block in" \
                "ipfw" \
                        "ipfw -q add 100 deny all from any to any" \
                "ipf" \
                        "block in all"

Digging deeper, this call within firewall_config fails:


firewall_config()
{
        [...]
        elif [ ${fw} == "ipf" ]; then
                jexec ${jname} ipf -E

                # THIS LINE FAILS with "User/kernel version check failed"
                jexec ${jname} ipf -Fa -f $cwd/ipf.rule


Could you take a look? I'm able to repro with Bricoler, and I've attached a
test report in this bug.

-- 
You are receiving this mail because:
You are on the CC list for the bug.