From: bluhm <bluhm@openbsd.org>
Date: Wed, 24 May 2023 11:52:30 +0000 (+0000)
Subject: Default pf rule "block return; pass" interferes with test.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=d662361922b6ec0282d0a2f41b307aa63c4e41e9;p=openbsd

Default pf rule "block return; pass" interferes with test.
Use "block; pass" instead.
---

diff --git a/regress/sys/netinet/pmtu/Makefile b/regress/sys/netinet/pmtu/Makefile
index 484c722cb27..74dbd5d691a 100644
--- a/regress/sys/netinet/pmtu/Makefile
+++ b/regress/sys/netinet/pmtu/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.15 2020/12/30 21:40:33 kn Exp $
+#	$OpenBSD: Makefile,v 1.16 2023/05/24 11:52:30 bluhm Exp $
 
 # The following ports must be installed:
 #
@@ -70,6 +70,15 @@ addr.py: Makefile
 	echo 'FAKE_NET6 = "${FAKE_NET6}"' >>$@.tmp
 	mv $@.tmp $@
 
+REGRESS_SETUP_ONCE +=	pfctl
+stamp-pfctl: addr.py pf.conf
+pfctl:
+	# default "block return; pass" interferes with test, use "block; pass"
+	cat addr.py ${.CURDIR}/pf.conf | /sbin/pfctl -n -f -
+	cat addr.py ${.CURDIR}/pf.conf | ${SUDO} /sbin/pfctl -a regress -f -
+	cat addr.py ${.CURDIR}/pf.conf | \
+	    ssh ${REMOTE_SSH} ${SUDO} pfctl -a regress -f -
+
 # Set variables so that make runs with and without obj directory.
 # Only do that if necessary to keep visible output short.
 .if ${.CURDIR} == ${.OBJDIR}
@@ -163,6 +172,8 @@ check-setup-local:
 	! ping -n -c 1 -w 1 ${FAKE_NET_ADDR6}  # FAKE_NET_ADDR6
 	route -n get -inet6 ${FAKE_NET_ADDR6} | grep -q 'flags: .*BLACKHOLE'  # FAKE_NET_ADDR6
 	route -n get -inet6 -net ${FAKE_NET6} | grep -q 'flags: .*BLACKHOLE'  # FAKE_NET6
+	${SUDO} pfctl -sr | grep '^anchor "regress" all$$'
+	${SUDO} pfctl -si | grep '^Status: Enabled '
 
 check-setup-remote:
 	@echo '\n======== $@ ========'
diff --git a/regress/sys/netinet/pmtu/pf.conf b/regress/sys/netinet/pmtu/pf.conf
new file mode 100644
index 00000000000..bb3256ef7f0
--- /dev/null
+++ b/regress/sys/netinet/pmtu/pf.conf
@@ -0,0 +1,2 @@
+block
+pass