2d3fda5fa1
It turns out pf incorrectly updates the TCP checksum if the TCP option we're modifying is not 2-byte algined with respect to the start of the packet. Create a TCP packet with such an option and throw it through a scrub rule, which will update timestamps and modify the packet. PR: 240416 MFC after: 1 week Differential revision: https://reviews.freebsd.org/D27688
34 lines
503 B
Makefile
34 lines
503 B
Makefile
# $FreeBSD$
|
|
|
|
PACKAGE= tests
|
|
|
|
TESTSDIR= ${TESTSBASE}/sys/netpfil/pf
|
|
TESTS_SUBDIRS+= ioctl
|
|
|
|
ATF_TESTS_SH+= anchor \
|
|
checksum \
|
|
forward \
|
|
fragmentation \
|
|
icmp \
|
|
names \
|
|
nat \
|
|
pass_block \
|
|
pfsync \
|
|
rdr \
|
|
route_to \
|
|
set_skip \
|
|
set_tos \
|
|
src_track \
|
|
synproxy \
|
|
table
|
|
|
|
${PACKAGE}FILES+= CVE-2019-5597.py \
|
|
CVE-2019-5598.py \
|
|
echo_inetd.conf \
|
|
utils.subr
|
|
|
|
${PACKAGE}FILESMODE_CVE-2019-5597.py= 0555
|
|
${PACKAGE}FILESMODE_CVE-2019-5598.py= 0555
|
|
|
|
.include <bsd.test.mk>
|