From 9317ba22260d45a8bf70b0490fa0191b51d858bb Mon Sep 17 00:00:00 2001
From: Kristof Provost <kp@FreeBSD.org>
Date: Sat, 11 Aug 2018 16:41:07 +0000
Subject: [PATCH] pf tests: Basic test for 'set skip in $groupname'

This tests for the problem reported in PR 229241, where using a group
name in 'set skip on' did not work as expected.

Sponsored by:	Essen Hackathon
---
 tests/sys/netpfil/pf/Makefile    |  3 ++-
 tests/sys/netpfil/pf/set_skip.sh | 36 ++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100755 tests/sys/netpfil/pf/set_skip.sh

diff --git a/tests/sys/netpfil/pf/Makefile b/tests/sys/netpfil/pf/Makefile
index f159ff351076..5477f2ed8bc4 100644
--- a/tests/sys/netpfil/pf/Makefile
+++ b/tests/sys/netpfil/pf/Makefile
@@ -10,7 +10,8 @@ ATF_TESTS_SH+=	pass_block \
 		fragmentation \
 		set_tos \
 		route_to \
-		synproxy
+		synproxy \
+		set_skip
 
 ${PACKAGE}FILES+=	utils.subr \
 			echo_inetd.conf \
diff --git a/tests/sys/netpfil/pf/set_skip.sh b/tests/sys/netpfil/pf/set_skip.sh
new file mode 100755
index 000000000000..b234a8043cc3
--- /dev/null
+++ b/tests/sys/netpfil/pf/set_skip.sh
@@ -0,0 +1,36 @@
+# $FreeBSD$
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "set_skip_group" "cleanup"
+set_skip_group_head()
+{
+	atf_set descr 'Basic set skip test'
+	atf_set require.user root
+}
+
+set_skip_group_body()
+{
+	# See PR 229241
+	pft_init
+
+	pft_mkjail alcatraz
+	jexec alcatraz ifconfig lo0 127.0.0.1/8 up
+	jexec alcatraz ifconfig lo0 group foo
+	jexec alcatraz pfctl -e
+	pft_set_rules alcatraz "set skip on foo" \
+		"block in proto icmp"
+
+	jexec alcatraz ifconfig
+	atf_check -s exit:0 -o ignore jexec alcatraz ping -c 1 127.0.0.1
+}
+
+set_skip_group_cleanup()
+{
+	pft_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "set_skip_group"
+}