pf: Fix tests broken by enabling inet-local filtering

Summary: Three of the pf dummynet tests were using filter rules which matched both the intended epair interface as well as lo0 which now receives PFIL_OUT events for messages delivered to the local network stack (if enabled). This commit changes the rules to match only for the expected epair interface. PR: 268717 Reviewed-by: kp MFC-after: 2 weeks Differential Revision: https://reviews.freebsd.org/D40393
2023-06-02 16:58:33 +01:00 · 2023-06-02 16:58:33 +01:00 · 4a6b92849e
commit 4a6b92849e
parent 8dad5ece49
1 changed files with 3 additions and 3 deletions
--- a/tests/sys/netpfil/common/dummynet.sh
+++ b/tests/sys/netpfil/common/dummynet.sh
@ -55,7 +55,7 @@ interface_removal_body()
 		"ipfw"	\
 			"ipfw add 1000 pipe 1 ip from any to any" \
 		"pf"	\
-			"pass dnpipe 1"
+			"pass on ${epair}b dnpipe 1"

 	# single ping succeeds just fine
 	atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
@ -102,7 +102,7 @@ pipe_body()
 		"ipfw"	\
 			"ipfw add 1000 pipe 1 ip from any to any" \
 		"pf"	\
-			"pass dnpipe 1"
+			"pass on ${epair}b dnpipe 1"

 	# single ping succeeds just fine
 	atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
@ -146,7 +146,7 @@ pipe_v6_body()
 		"ipfw"	\
 			"ipfw add 1000 pipe 1 ip6 from any to any" \
 		"pf"	\
-			"pass dnpipe 1"
+			"pass on ${epair}b dnpipe 1"

 	# Single ping succeeds
 	atf_check -s exit:0 -o ignore ping6 -c 1 2001:db8:42::2