[pve-devel] [PATCH v1 pve-firewall] simulator: ignore CONNMARK --set-mark targets to fix broken tests
Stefan Hanreich
s.hanreich at proxmox.com
Thu Jan 15 17:12:54 CET 2026
LGTM
Tested-by: Stefan Hanreich <s.hanreich at proxmox.com>
Reviewed-by: Stefan Hanreich <s.hanreich at proxmox.com>
On 12/11/25 3:13 PM, Robert Obkircher wrote:
> These targets mark connections with the VMID. The value can just be
> ignored because the simulator doesn't support restoring it later.
>
> Signed-off-by: Robert Obkircher <r.obkircher at proxmox.com>
> ---
> src/PVE/FirewallSimulator.pm | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/src/PVE/FirewallSimulator.pm b/src/PVE/FirewallSimulator.pm
> index 0a3100b..cc84d0b 100644
> --- a/src/PVE/FirewallSimulator.pm
> +++ b/src/PVE/FirewallSimulator.pm
> @@ -253,6 +253,10 @@ sub rule_match {
> return undef;
> }
>
> + if ($rule =~ s@^-j CONNMARK --set-mark ($NUMBER_RE)(?:/($NUMBER_RE))?\s*$@@) {
> + return undef;
> + }
> +
> if ($rule =~ s/^-j (\S+)\s*$//) {
> return (0, $1);
> }
More information about the pve-devel
mailing list