git: a4bd4e4b5632 - main - pf tests: verify that we generate an ICMP6 packet too big error on route-to

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 09 Apr 2025 19:30:43 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=a4bd4e4b5632ef0102f805b4b99e7a2ceacbab26

commit a4bd4e4b5632ef0102f805b4b99e7a2ceacbab26
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-04-09 12:04:36 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-04-09 19:30:17 +0000

    pf tests: verify that we generate an ICMP6 packet too big error on route-to
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 tests/sys/netpfil/pf/frag6.py | 54 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/tests/sys/netpfil/pf/frag6.py b/tests/sys/netpfil/pf/frag6.py
index 108b53874d0b..c9a71f73c0cf 100644
--- a/tests/sys/netpfil/pf/frag6.py
+++ b/tests/sys/netpfil/pf/frag6.py
@@ -141,3 +141,57 @@ class TestFrag6_Overlap(VnetTestTemplate):
         for p in packets:
             p.show()
             assert not p.getlayer(sp.ICMPv6EchoReply)
+
+class TestFrag6_RouteTo(VnetTestTemplate):
+    REQUIRED_MODULES = ["pf"]
+    TOPOLOGY = {
+        "vnet1": {"ifaces": ["if1"]},
+        "vnet2": {"ifaces": ["if1", "if2"]},
+        "vnet3": {"ifaces": ["if2"]},
+        "if1": {"prefixes6": [("2001:db8::1/64", "2001:db8::2/64")]},
+        "if2": {"prefixes6": [("2001:db8:1::1/64", "2001:db8:1::2/64")]},
+    }
+
+    def vnet2_handler(self, vnet):
+        if2name = vnet.iface_alias_map["if2"].name
+        ToolsHelper.print_output("/sbin/pfctl -e")
+        ToolsHelper.print_output("/sbin/pfctl -x loud")
+        ToolsHelper.pf_rules([
+            "scrub fragment reassemble",
+            "pass in route-to (%s 2001:db8:1::2) from 2001:db8::1 to 2001:db8:666::1" % if2name,
+        ])
+
+        ToolsHelper.print_output("/sbin/ifconfig %s mtu 1300" % if2name)
+        ToolsHelper.print_output("/sbin/sysctl net.inet6.ip6.forwarding=1")
+
+    def vnet3_handler(self, vnet):
+        pass
+
+    def test_too_big(self):
+        ToolsHelper.print_output("/sbin/route add -6 default 2001:db8::2")
+
+        # Import in the correct vnet, so at to not confuse Scapy
+        import scapy.all as sp
+
+        pkt = sp.IPv6(dst="2001:db8:666::1") \
+            / sp.ICMPv6EchoRequest(data=sp.raw(bytes.fromhex('f0') * 3000))
+        frags = sp.fragment6(pkt, 1320)
+
+        reply = sp.sr1(frags, timeout=3)
+        if reply:
+            reply.show()
+
+        assert reply
+
+        ip6 = reply.getlayer(sp.IPv6)
+        icmp6 = reply.getlayer(sp.ICMPv6PacketTooBig)
+        err_ip6 = reply.getlayer(sp.IPerror6)
+
+        assert ip6
+        assert ip6.src == "2001:db8::2"
+        assert ip6.dst == "2001:db8::1"
+        assert icmp6
+        assert icmp6.mtu == 1300
+        assert err_ip6
+        assert err_ip6.src == "2001:db8::1"
+        assert err_ip6.dst == "2001:db8:666::1"