From nobody Wed Apr 9 19:30:43 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZXtMl5mvHz5sGLl; Wed, 09 Apr 2025 19:30:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZXtMl48ZZz45Sq; Wed, 09 Apr 2025 19:30:43 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1744227043; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3tsXdHr3Vhpzg9Y+sZU4q2VfClaHCFvPEVjJPzbmLkk=; b=OnVwZzJg4+7aBwrc71X2Ww4af8vOhhtVrqkdhBOU8p5+XSRHjqawnqKWsFSZ7KUSsC1rGq fPhzqxjkUWuYBoycQcQJT/5ApT0tEN8gtiK76hGh91KF5gwX1UR7hnv/uZCaoKsTb6QT9O pQ6vKdvqqZmEE/LoVuabrkHhWv29492/EPRCMiTQMLcvLHxtdkszTpauNJKR02GRNJHPlH ehAr93TjKaw9mIaepPpmD0EKDwV3ggCgxvCvIByMa+BzT1U5T7PDF+5jSUHsCFwT0olGOJ LzPU994imjvH8QkMQUb+AdpZvHY87XuTsUstAlZ460TvHHC8yxTw6tcPhAp2Yw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1744227043; a=rsa-sha256; cv=none; b=FEpt0Z0xj6vEz9wevoVYoYnC34Bek3h8+x5Iar38/T9k1RUH8QT1XR9UeKB5+SU0dJlx12 rRMsM3GcgRYuA5XkfUHdn6vNoom4X9ImDlA3Dm4PCm03OwjTJBIcVdqdFNrNyLzBCwwKjL PUeeLt9ohsUr3grVtksYz01bMOKLHlHOLyR2C2kXFS6g6SQy15L98jnky+jqSlmIxobtPU yGtXbfhu8HZ9+Vhyal9KMRGubpJg3BCpt4GE8KKfVbJ8Jftfxaw1WYls/USwXN4r4jIZAT +mWJX0HkhksKE97gtiaZ0mHI7AfklCdACtP2Yf2W+KWcuA1vWgJ4YgZ/tJnOrw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1744227043; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3tsXdHr3Vhpzg9Y+sZU4q2VfClaHCFvPEVjJPzbmLkk=; b=bSw2fPt+SvtGHfhxTPr67liktvHIQrp54KjRztPAGdAubCZwAGbrrsQrD4GhfjdDyFU6Ow t13UcknuoqYvm9iBWYgr9s621cgInqXDO6h5w9tmuBNwks2cZdlUC5a6DijJIIrxjI7hkj gRWnw60ob9F55Mk67D2LuF+1OIGCH1UbyEXrvZmzEdpaT4zcaui6FG5UrTzMFXN8fAFbns wvSdQAfRES/E2S7V6FM5ji9KAPoxetzMuK6tV1WipIClr4OLVL1L0Nt1fRKhoSz8IBWJfo ZMT7tFsmuJ5e1RciKFTNJsH/MiNbg3vLcAmHZMkEFmpPc6ekz2VeSWjuTmE9NQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZXtMl3lYFzTwp; Wed, 09 Apr 2025 19:30:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 539JUhxO080036; Wed, 9 Apr 2025 19:30:43 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 539JUhH2080033; Wed, 9 Apr 2025 19:30:43 GMT (envelope-from git) Date: Wed, 9 Apr 2025 19:30:43 GMT Message-Id: <202504091930.539JUhH2080033@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: a4bd4e4b5632 - main - pf tests: verify that we generate an ICMP6 packet too big error on route-to List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a4bd4e4b5632ef0102f805b4b99e7a2ceacbab26 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=a4bd4e4b5632ef0102f805b4b99e7a2ceacbab26 commit a4bd4e4b5632ef0102f805b4b99e7a2ceacbab26 Author: Kristof Provost AuthorDate: 2025-04-09 12:04:36 +0000 Commit: Kristof Provost CommitDate: 2025-04-09 19:30:17 +0000 pf tests: verify that we generate an ICMP6 packet too big error on route-to Sponsored by: Rubicon Communications, LLC ("Netgate") --- tests/sys/netpfil/pf/frag6.py | 54 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/tests/sys/netpfil/pf/frag6.py b/tests/sys/netpfil/pf/frag6.py index 108b53874d0b..c9a71f73c0cf 100644 --- a/tests/sys/netpfil/pf/frag6.py +++ b/tests/sys/netpfil/pf/frag6.py @@ -141,3 +141,57 @@ class TestFrag6_Overlap(VnetTestTemplate): for p in packets: p.show() assert not p.getlayer(sp.ICMPv6EchoReply) + +class TestFrag6_RouteTo(VnetTestTemplate): + REQUIRED_MODULES = ["pf"] + TOPOLOGY = { + "vnet1": {"ifaces": ["if1"]}, + "vnet2": {"ifaces": ["if1", "if2"]}, + "vnet3": {"ifaces": ["if2"]}, + "if1": {"prefixes6": [("2001:db8::1/64", "2001:db8::2/64")]}, + "if2": {"prefixes6": [("2001:db8:1::1/64", "2001:db8:1::2/64")]}, + } + + def vnet2_handler(self, vnet): + if2name = vnet.iface_alias_map["if2"].name + ToolsHelper.print_output("/sbin/pfctl -e") + ToolsHelper.print_output("/sbin/pfctl -x loud") + ToolsHelper.pf_rules([ + "scrub fragment reassemble", + "pass in route-to (%s 2001:db8:1::2) from 2001:db8::1 to 2001:db8:666::1" % if2name, + ]) + + ToolsHelper.print_output("/sbin/ifconfig %s mtu 1300" % if2name) + ToolsHelper.print_output("/sbin/sysctl net.inet6.ip6.forwarding=1") + + def vnet3_handler(self, vnet): + pass + + def test_too_big(self): + ToolsHelper.print_output("/sbin/route add -6 default 2001:db8::2") + + # Import in the correct vnet, so at to not confuse Scapy + import scapy.all as sp + + pkt = sp.IPv6(dst="2001:db8:666::1") \ + / sp.ICMPv6EchoRequest(data=sp.raw(bytes.fromhex('f0') * 3000)) + frags = sp.fragment6(pkt, 1320) + + reply = sp.sr1(frags, timeout=3) + if reply: + reply.show() + + assert reply + + ip6 = reply.getlayer(sp.IPv6) + icmp6 = reply.getlayer(sp.ICMPv6PacketTooBig) + err_ip6 = reply.getlayer(sp.IPerror6) + + assert ip6 + assert ip6.src == "2001:db8::2" + assert ip6.dst == "2001:db8::1" + assert icmp6 + assert icmp6.mtu == 1300 + assert err_ip6 + assert err_ip6.src == "2001:db8::1" + assert err_ip6.dst == "2001:db8:666::1"