git: 1735d66a9c5b - main - pf tests: verify checksum offload handling
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 11 Oct 2025 12:03:58 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=1735d66a9c5b08b59a0323d3825d2e7dacd13064
commit 1735d66a9c5b08b59a0323d3825d2e7dacd13064
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-10-10 15:43:28 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-10-11 11:24:25 +0000
pf tests: verify checksum offload handling
Disable epair's checksum offload on one interface in a nat test, to ensure
that pf does the right thing in scenarios where one interface offloads checksum
handling and one does not.
We trust the TCP (or ICMP) checksum verification code to drop the packet if pf
does it wrong, which will cause the test case to fail.
Suggested by: tuexen
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
tests/sys/netpfil/pf/nat.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tests/sys/netpfil/pf/nat.sh b/tests/sys/netpfil/pf/nat.sh
index 63658164c1fe..1ef87cee3598 100644
--- a/tests/sys/netpfil/pf/nat.sh
+++ b/tests/sys/netpfil/pf/nat.sh
@@ -55,6 +55,9 @@ exhaust_body()
jexec echo ifconfig ${epair_echo}b 198.51.100.2/24 up
jexec echo /usr/sbin/inetd -p ${PWD}/inetd-echo.pid $(atf_get_srcdir)/echo_inetd.conf
+ # Disable checksum offload on one of the interfaces to ensure pf handles that
+ jexec nat ifconfig ${epair_nat}a -txcsum
+
# Enable pf!
jexec nat pfctl -e
pft_set_rules nat \