pf tests: Test scrub fragment reassemble on interfaces with different MTU

There's a problem with pf's reassembly code where it produces incorrect checksums when reassembling across interfaces with different MTUs. Test this. PR: 255432 Reviewed by: donner MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30013
2021-04-27 18:46:03 +02:00 · 2021-04-27 18:46:03 +02:00 · 388c0cde10
commit 388c0cde10
parent 055c55abef
1 changed files with 49 additions and 0 deletions
--- a/tests/sys/netpfil/pf/fragmentation.sh
+++ b/tests/sys/netpfil/pf/fragmentation.sh
@ -141,8 +141,57 @@ v6_cleanup()
 	pft_cleanup
 }

+atf_test_case "mtu_diff" "cleanup"
+mtu_diff_head()
+{
+	atf_set descr 'Test reassembly across different MTUs, PR #255432'
+	atf_set require.user root
+}
+
+mtu_diff_body()
+{
+	pft_init
+
+	epair_small=$(vnet_mkepair)
+	epair_large=$(vnet_mkepair)
+
+	vnet_mkjail first ${epair_small}b ${epair_large}a
+	vnet_mkjail second ${epair_large}b
+
+	ifconfig ${epair_small}a 192.0.2.1/25 up
+	jexec first ifconfig ${epair_small}b 192.0.2.2/25 up
+
+	jexec first sysctl net.inet.ip.forwarding=1
+	jexec first ifconfig ${epair_large}a 192.0.2.130/25 up
+	jexec first ifconfig ${epair_large}a mtu 9000
+	jexec second ifconfig ${epair_large}b 192.0.2.131/25 up
+	jexec second ifconfig ${epair_large}b mtu 9000
+	jexec second route add default 192.0.2.130
+
+	route add 192.0.2.128/25 192.0.2.2
+
+	jexec first pfctl -e
+	pft_set_rules first \
+		"scrub all fragment reassemble"
+
+	# Sanity checks
+	atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
+	atf_check -s exit:0 -o ignore ping -c 1 192.0.2.130
+	atf_check -s exit:0 -o ignore ping -c 1 192.0.2.131
+
+	# Large packet that'll get reassembled and sent out in one on the large
+	# epair
+	atf_check -s exit:0 -o ignore ping -c 1 -s 8000 192.0.2.131
+}
+
+mtu_diff_cleanup()
+{
+	pft_cleanup
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case "too_many_fragments"
 	atf_add_test_case "v6"
+	atf_add_test_case "mtu_diff"
 }