From e3319f91900b7184c0f9f33a24e3fb4440324fce Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Thu, 8 Jan 2026 18:37:27 +0100 Subject: [PATCH] pf tests: extend the source limiter test Also enumerate and kill individual source addresses. Sponsored by: Rubicon Communications, LLC ("Netgate") --- tests/sys/netpfil/pf/limiters.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/sys/netpfil/pf/limiters.sh b/tests/sys/netpfil/pf/limiters.sh index 3f70c8e79ca..ee58d3974f9 100644 --- a/tests/sys/netpfil/pf/limiters.sh +++ b/tests/sys/netpfil/pf/limiters.sh @@ -180,6 +180,20 @@ source_basic_body() # However, a different source will succeed atf_check -s exit:0 -o ignore \ ping -S 192.0.2.3 -c 2 192.0.2.1 + + atf_check -o match:"192.0.2.2/32 .*hardlim 2 ratelim 0" \ + -e ignore \ + jexec alcatraz pfctl -sLimiterSrcs -v + atf_check -o match:"192.0.2.3/32 .*hardlim 0 ratelim 0" \ + -e ignore \ + jexec alcatraz pfctl -sLimiterSrcs -v + + # Kill the source entry + atf_check -s exit:0 -e ignore \ + jexec alcatraz pfctl -I 1 -k source -k 192.0.2.2 + # Now we can ping again from it + atf_check -s exit:0 -o ignore \ + ping -S 192.0.2.2 -c 2 192.0.2.1 } source_basic_cleanup()