# kldload pf dummymbuf # kyua test -k /usr/tests/sys/netpfil/pf/Kyuafile mbuf
Details
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
The context:
- This is a followup of https://reviews.freebsd.org/D45780.
- As long as it's decided to improve if_enc and/or ipsec code to avoid suboptimal mbufS (https://reviews.freebsd.org/D45762), the existing pf test (the if_enc.sh one) is expected not to provide the expected coverage.
- The idea of this additional test is not to be based on (mis)behavior of other modules.
- But it requires a brand new module -- dummymbuf: https://reviews.freebsd.org/D45928
I still need to go through the preceding patch, but I'm becoming more enthusiastic about this.
tests/sys/netpfil/pf/mbuf.sh | ||
---|---|---|
56 | I'm not going to stop you doing this, but I wouldn't bother having separate tests for ipfw is or is not loaded. The other pf tests just test pf and ignore ipfw entirely. | |
78 | That's probably better done through pft_set_rules. | |
90 | That assumes we're always going to get epair0. Usually true, but not always, so that should use ${epair}b. | |
98 | It might be good to have a reset counters command so we don't need to manually keep track of the number of packets between different test packets. | |
100 | Is there a specific reason to use 19 here? If so it'd be nice to explain that in the comment. |
tests/sys/netpfil/pf/mbuf.sh | ||
---|---|---|
56 | Thanks for raising this and confirming the way. After that divert-to case someway I've made it like my personal burden. During work on this test case I had serious doubts, but it did not cost much for me to keep it. Now I think if there is a solid support of getting rid of it then it should simplify the test a lot for non-original-author maintainers. | |
78 | Definitely. It's better to stick to the same subr interface in case of future changes, which could be applied at a single location. | |
90 | Good catch. | |
98 |
Yes, sure, the sysctl is based on a usual counter handler with reset logic built-in. | |
100 |
That's simply a corner case black box based testing approach. At the same time, from a white box perspective, the idea is that a missing last byte should distort the destination field of the header. I've added a respective comment. It does not prolong much the testing to have such sub-case covered, but let me know if it feels better to remove it. |
A couple of improvements:
- Fix the ubiquitous language used in this scope, i.e. stick to the inet term. The upcoming test cases will use inet6 and ethernet pfil naming.
- Speed up the test (kind of x5 in my env) with a stricter timeout for the expected ping failure.