* [pve-devel] [PATCH v1 pve-firewall] simulator: ignore CONNMARK --set-mark targets to fix broken tests
@ 2025-12-11 14:10 Robert Obkircher
0 siblings, 0 replies; only message in thread
From: Robert Obkircher @ 2025-12-11 14:10 UTC (permalink / raw)
To: pve-devel
These targets mark connections with the VMID. The value can just be
ignored because the simulator doesn't support restoring it later.
Signed-off-by: Robert Obkircher <r.obkircher@proxmox.com>
---
src/PVE/FirewallSimulator.pm | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/PVE/FirewallSimulator.pm b/src/PVE/FirewallSimulator.pm
index 0a3100b..cc84d0b 100644
--- a/src/PVE/FirewallSimulator.pm
+++ b/src/PVE/FirewallSimulator.pm
@@ -253,6 +253,10 @@ sub rule_match {
return undef;
}
+ if ($rule =~ s@^-j CONNMARK --set-mark ($NUMBER_RE)(?:/($NUMBER_RE))?\s*$@@) {
+ return undef;
+ }
+
if ($rule =~ s/^-j (\S+)\s*$//) {
return (0, $1);
}
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-12-11 14:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-12-11 14:10 [pve-devel] [PATCH v1 pve-firewall] simulator: ignore CONNMARK --set-mark targets to fix broken tests Robert Obkircher
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox