Module Name: src
Committed By: riastradh
Date: Wed Oct 30 10:12:32 UTC 2024
Modified Files:
src/tests/net/npf: t_npf.sh
src/usr.sbin/npf/npftest: npftest.conf
src/usr.sbin/npf/npftest/libnpftest: npf_rule_test.c
Log Message:
npftest: Fix newly added test.
- Adapt new test to actually exercise new rules.
- Mark the right test xfail.
PR bin/55403: npfctl miscompiles IPv6 rules
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/tests/net/npf/t_npf.sh
cvs rdiff -u -r1.10 -r1.11 src/usr.sbin/npf/npftest/npftest.conf
cvs rdiff -u -r1.21 -r1.22 \
src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/net/npf/t_npf.sh
diff -u src/tests/net/npf/t_npf.sh:1.5 src/tests/net/npf/t_npf.sh:1.6
--- src/tests/net/npf/t_npf.sh:1.5 Tue Oct 29 22:24:30 2024
+++ src/tests/net/npf/t_npf.sh Wed Oct 30 10:12:31 2024
@@ -1,4 +1,4 @@
-# $NetBSD: t_npf.sh,v 1.5 2024/10/29 22:24:30 riastradh Exp $
+# $NetBSD: t_npf.sh,v 1.6 2024/10/30 10:12:31 riastradh Exp $
#
# Copyright (c) 2008, 2010 The NetBSD Foundation, Inc.
# All rights reserved.
@@ -30,7 +30,7 @@ run_test()
local name="${1}"
case $name in
- npf_rule)
+ rule)
atf_expect_fail "PR bin/55403: npfctl miscompiles IPv6 rules"
;;
esac
Index: src/usr.sbin/npf/npftest/npftest.conf
diff -u src/usr.sbin/npf/npftest/npftest.conf:1.10 src/usr.sbin/npf/npftest/npftest.conf:1.11
--- src/usr.sbin/npf/npftest/npftest.conf:1.10 Tue Oct 29 22:24:30 2024
+++ src/usr.sbin/npf/npftest/npftest.conf Wed Oct 30 10:12:32 2024
@@ -1,4 +1,4 @@
-# $NetBSD: npftest.conf,v 1.10 2024/10/29 22:24:30 riastradh Exp $
+# $NetBSD: npftest.conf,v 1.11 2024/10/30 10:12:32 riastradh Exp $
$ext_if = "npftest0"
$int_if = "npftest1"
@@ -56,8 +56,6 @@ group "ext" on $ext_if {
pass stateful in final to any port $ports
pass stateful in final proto icmp all
- pass in final family inet6 proto tcp from $net6_pr55403
-
block all
}
@@ -66,6 +64,9 @@ group "int" on $int_if {
pass stateful out final to $local_ip2
pass out final to $local_ip3
block final to $local_ip4
+
+ pass in final family inet6 proto udp from $net6_pr55403
+ pass in final family inet6 proto udp from ! $net6_pr55403 to $net6_pr55403
}
group default {
Index: src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.21 src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.22
--- src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.21 Tue Oct 29 22:24:30 2024
+++ src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c Wed Oct 30 10:12:32 2024
@@ -53,25 +53,47 @@ static const struct test_case {
},
/*
- * Pass any of the { fe80::1, fe80::2 } group but nothing else
- * in fe80::/112.
+ * Pass in any of the { fe80::1, fe80::2 } group.
*/
{
.af = AF_INET6,
.src = "fe80::1", .dst = "fe80::adec:c91c:d116:7592",
- .ifname = IFNAME_EXT, .di = PFIL_IN,
+ .ifname = IFNAME_INT, .di = PFIL_IN,
.stateful_ret = RESULT_PASS, .ret = RESULT_PASS
},
{
.af = AF_INET6,
.src = "fe80::2", .dst = "fe80::adec:c91c:d116:7592",
- .ifname = IFNAME_EXT, .di = PFIL_IN,
+ .ifname = IFNAME_INT, .di = PFIL_IN,
.stateful_ret = RESULT_PASS, .ret = RESULT_PASS
},
{
.af = AF_INET6,
.src = "fe80::3", .dst = "fe80::adec:c91c:d116:7592",
- .ifname = IFNAME_EXT, .di = PFIL_IN,
+ .ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_BLOCK, .ret = RESULT_BLOCK
+ },
+
+ /*
+ * Pass in anything _not_ in the group { fe80::1, fe80::2 }, as
+ * long as it is to that group.
+ */
+ {
+ .af = AF_INET6,
+ .src = "fe80::adec:c91c:d116:7592", .dst = "fe80::1",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_PASS, .ret = RESULT_PASS
+ },
+ {
+ .af = AF_INET6,
+ .src = "fe80::adec:c91c:d116:7592", .dst = "fe80::2",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_PASS, .ret = RESULT_PASS
+ },
+ {
+ .af = AF_INET6,
+ .src = "fe80::adec:c91c:d116:7592", .dst = "fe80::3",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
.stateful_ret = RESULT_BLOCK, .ret = RESULT_BLOCK
},
