From f25ceb05af666f22ac3bf14332a6a3ec679a3332 Mon Sep 17 00:00:00 2001
From: Kristof Provost <kp@FreeBSD.org>
Date: Mon, 19 Jun 2023 16:41:13 +0200
Subject: [PATCH] pf tests: make pfsync:defer test more robust

Set the defer timeout to 2.5 seconds, and only make sure that there's at
least a second of delay between the pfsync packet and the ping packet.
The intent is to allow the test to pass even when there's considerable
jitter on the timing measurement (e.g. when the test runs in a VM, such
as during the CI tests).

Allow the test to run in CI.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
---
 tests/sys/netpfil/pf/pfsync.sh       |  7 +++----
 tests/sys/netpfil/pf/pfsync_defer.py | 11 +++++------
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/tests/sys/netpfil/pf/pfsync.sh b/tests/sys/netpfil/pf/pfsync.sh
index 8028ba9790ba..75788eed4bbe 100644
--- a/tests/sys/netpfil/pf/pfsync.sh
+++ b/tests/sys/netpfil/pf/pfsync.sh
@@ -125,10 +125,6 @@ defer_body()
 {
 	pfsynct_init
 
-	if [ "$(atf_config_get ci false)" = "true" ]; then
-		atf_skip "Skip know failing test (likely related to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260460)"
-	fi
-
 	epair_sync=$(vnet_mkepair)
 	epair_in=$(vnet_mkepair)
 	epair_out=$(vnet_mkepair)
@@ -141,6 +137,9 @@ defer_body()
 	jexec alcatraz arp -s 203.0.113.2 00:01:02:03:04:05
 	jexec alcatraz sysctl net.inet.ip.forwarding=1
 
+	# Set a long defer delay
+	jexec alcatraz sysctl net.pfsync.defer_delay=2500
+
 	jexec alcatraz ifconfig pfsync0 \
 		syncdev ${epair_sync}a \
 		maxupd 1 \
diff --git a/tests/sys/netpfil/pf/pfsync_defer.py b/tests/sys/netpfil/pf/pfsync_defer.py
index c1d90d4483c4..0a258c8f27b3 100644
--- a/tests/sys/netpfil/pf/pfsync_defer.py
+++ b/tests/sys/netpfil/pf/pfsync_defer.py
@@ -119,13 +119,12 @@ def main():
     if not got_ping:
         sys.exit(2)
 
-    if got_pfsync > got_ping:
+    # Deferred packets are delayed around 2.5s (unless the pfsync peer, which
+    # we don't have here, acks their state update earlier)
+    # Expect at least a second of delay, to be somewhat robust against
+    # scheduling-induced jitter.
+    if (sent_ping + 1) > got_ping:
         sys.exit(3)
 
-    # Deferred packets are delayed up to 20ms (unless the pfsync peer, which we
-    # don't have here, acks their state update earlier)
-    if (sent_ping + 0.020) > got_ping:
-        sys.exit(4)
-
 if __name__ == '__main__':
     main()