The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=13cd0f9c1ae6a50d616aeea923bc96f8e54176cc
commit 13cd0f9c1ae6a50d616aeea923bc96f8e54176cc
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-07-18 13:05:14 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-07-23 13:35:46 +0000
pf tests: test truncated IP options in ICMP payload
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
tests/sys/netpfil/pf/icmp.py | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/tests/sys/netpfil/pf/icmp.py b/tests/sys/netpfil/pf/icmp.py
index 2f40259f5665..c5e945d60e99 100644
--- a/tests/sys/netpfil/pf/icmp.py
+++ b/tests/sys/netpfil/pf/icmp.py
@@ -175,6 +175,22 @@ class TestICMP(VnetTestTemplate):
self.check_icmp_echo(sp, 1464)
self.check_icmp_echo(sp, 1468)
+ @pytest.mark.require_user("root")
+ @pytest.mark.require_progs(["scapy"])
+ def test_truncated_opts(self):
+ ToolsHelper.print_output("/sbin/route add default 192.0.2.1")
+
+ # Import in the correct vnet, so at to not confuse Scapy
+ import scapy.all as sp
+
+ packet = sp.IP(dst="198.51.100.2", flags="DF") \
+ / sp.ICMP(type='dest-unreach', length=108) \
+ / sp.IP(src="198.51.100.2", dst="192.0.2.2", len=1000, \
+ ihl=(120 >> 2), options=[ \
+ sp.IPOption_Security(length=100)])
+ packet.show()
+ sp.sr1(packet, timeout=3)
+
class TestICMP_NAT(VnetTestTemplate):
REQUIRED_MODULES = [ "pf" ]
TOPOLOGY = {
