pf tests: test dummynet for ether traffic

Test that we can set dummynet information on L2, which is processed by L3 later (assuming it's not overruled by L3 rules, of course). Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D32223
2026-06-11 01:30:30 -04:00 · 2021-09-28 18:21:26 +02:00 · 2021-09-28 18:21:26 +02:00 · 0faafc2185
commit 0faafc2185
parent fb330f3931
1 changed files with 45 additions and 0 deletions
--- a/tests/sys/netpfil/pf/ether.sh
+++ b/tests/sys/netpfil/pf/ether.sh
@ -280,10 +280,55 @@ captive_cleanup()
 	pft_cleanup
 }

+atf_test_case "dummynet" "cleanup"
+dummynet_head()
+{
+	atf_set descr 'Test dummynet for L2 traffic'
+	atf_set require.user root
+}
+
+dummynet_body()
+{
+	pft_init
+
+	if ! kldstat -q -m dummynet; then
+		atf_skip "This test requires dummynet"
+	fi
+
+	epair=$(vnet_mkepair)
+	vnet_mkjail alcatraz ${epair}b
+
+	ifconfig ${epair}a 192.0.2.1/24 up
+	jexec alcatraz ifconfig ${epair}b 192.0.2.2/24 up
+
+	# Sanity check
+	atf_check -s exit:0 -o ignore ping -i .1 -c 3 -s 1200 192.0.2.2
+
+	jexec alcatraz dnctl pipe 1 config bw 30Byte/s
+	jexec alcatraz pfctl -e
+	pft_set_rules alcatraz \
+		"ether pass in dnpipe 1"
+
+	# single ping succeeds just fine
+	atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
+
+	# Saturate the link
+	ping -i .1 -c 5 -s 1200 192.0.2.2
+
+	# We should now be hitting the limits and get this packet dropped.
+	atf_check -s exit:2 -o ignore ping -c 1 -s 1200 192.0.2.2
+}
+
+dummynet_cleanup()
+{
+	pft_cleanup
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case "mac"
 	atf_add_test_case "proto"
 	atf_add_test_case "direction"
 	atf_add_test_case "captive"
+	atf_add_test_case "dummynet"
 }