diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2025-10-10 15:43:28 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2025-10-11 11:24:25 +0000 |
| commit | 1735d66a9c5b08b59a0323d3825d2e7dacd13064 (patch) | |
| tree | 880cfff7ff9e6573e882925906f488bca5350414 | |
| parent | 8a6bfa0455bfd4b77cb71d229b9dfca031b6703f (diff) | |
pf tests: verify checksum offload handling
Disable epair's checksum offload on one interface in a nat test, to ensure
that pf does the right thing in scenarios where one interface offloads checksum
handling and one does not.
We trust the TCP (or ICMP) checksum verification code to drop the packet if pf
does it wrong, which will cause the test case to fail.
Suggested by: tuexen
Sponsored by: Rubicon Communications, LLC ("Netgate")
| -rw-r--r-- | tests/sys/netpfil/pf/nat.sh | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/tests/sys/netpfil/pf/nat.sh b/tests/sys/netpfil/pf/nat.sh index 63658164c1fe..1ef87cee3598 100644 --- a/tests/sys/netpfil/pf/nat.sh +++ b/tests/sys/netpfil/pf/nat.sh @@ -55,6 +55,9 @@ exhaust_body() jexec echo ifconfig ${epair_echo}b 198.51.100.2/24 up jexec echo /usr/sbin/inetd -p ${PWD}/inetd-echo.pid $(atf_get_srcdir)/echo_inetd.conf + # Disable checksum offload on one of the interfaces to ensure pf handles that + jexec nat ifconfig ${epair_nat}a -txcsum + # Enable pf! jexec nat pfctl -e pft_set_rules nat \ |