* [pve-devel] [PATCH v1 pve-firewall] simulator: ignore CONNMARK --set-mark targets to fix broken tests
@ 2025-12-11 14:10 Robert Obkircher
2026-01-15 16:12 ` Stefan Hanreich
0 siblings, 1 reply; 2+ messages in thread
From: Robert Obkircher @ 2025-12-11 14:10 UTC (permalink / raw)
To: pve-devel
These targets mark connections with the VMID. The value can just be
ignored because the simulator doesn't support restoring it later.
Signed-off-by: Robert Obkircher <r.obkircher@proxmox.com>
---
src/PVE/FirewallSimulator.pm | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/PVE/FirewallSimulator.pm b/src/PVE/FirewallSimulator.pm
index 0a3100b..cc84d0b 100644
--- a/src/PVE/FirewallSimulator.pm
+++ b/src/PVE/FirewallSimulator.pm
@@ -253,6 +253,10 @@ sub rule_match {
return undef;
}
+ if ($rule =~ s@^-j CONNMARK --set-mark ($NUMBER_RE)(?:/($NUMBER_RE))?\s*$@@) {
+ return undef;
+ }
+
if ($rule =~ s/^-j (\S+)\s*$//) {
return (0, $1);
}
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [pve-devel] [PATCH v1 pve-firewall] simulator: ignore CONNMARK --set-mark targets to fix broken tests
2025-12-11 14:10 [pve-devel] [PATCH v1 pve-firewall] simulator: ignore CONNMARK --set-mark targets to fix broken tests Robert Obkircher
@ 2026-01-15 16:12 ` Stefan Hanreich
0 siblings, 0 replies; 2+ messages in thread
From: Stefan Hanreich @ 2026-01-15 16:12 UTC (permalink / raw)
To: Proxmox VE development discussion, Robert Obkircher
LGTM
Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
Reviewed-by: Stefan Hanreich <s.hanreich@proxmox.com>
On 12/11/25 3:13 PM, Robert Obkircher wrote:
> These targets mark connections with the VMID. The value can just be
> ignored because the simulator doesn't support restoring it later.
>
> Signed-off-by: Robert Obkircher <r.obkircher@proxmox.com>
> ---
> src/PVE/FirewallSimulator.pm | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/src/PVE/FirewallSimulator.pm b/src/PVE/FirewallSimulator.pm
> index 0a3100b..cc84d0b 100644
> --- a/src/PVE/FirewallSimulator.pm
> +++ b/src/PVE/FirewallSimulator.pm
> @@ -253,6 +253,10 @@ sub rule_match {
> return undef;
> }
>
> + if ($rule =~ s@^-j CONNMARK --set-mark ($NUMBER_RE)(?:/($NUMBER_RE))?\s*$@@) {
> + return undef;
> + }
> +
> if ($rule =~ s/^-j (\S+)\s*$//) {
> return (0, $1);
> }
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-01-15 16:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-12-11 14:10 [pve-devel] [PATCH v1 pve-firewall] simulator: ignore CONNMARK --set-mark targets to fix broken tests Robert Obkircher
2026-01-15 16:12 ` Stefan Hanreich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.