Diffusion FreeBSD src repository 1279c260c053

pf tests: test fast port re-use with syncookies
1279c260c053
Actions

Description

pf tests: test fast port re-use with syncookies

When a src/dst ip/port tuple is re-used before the pf state fully
expires we clean up the state and create a new one, unless syncookies
are enabled.

Test this, by running two back-to-back nc sessions, with a fixed source
port. Move the interface and IP to a different (vnet) jail, to trick the
network stack into letting us do this.

MFC after: 2 weeks
Event: Aberdeen hackathon 2022
Differential Revision: https://reviews.freebsd.org/D36886

(cherry picked from commit dc698b2cd59ebc08b05a261dbba8ee5707450d28)

Details

Provenance

kp	Authored on Dec 31 2022, 6:23 PM

Differential Revision

D36886: pf tests: test fast port re-use with syncookies

Parents

rG8f22dbcf0f0a: pf: fix syncookies in conjunction with tcp fast port reuse

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rG1279c260c053: pf tests: test fast port re-use with syncookies (authored by kp).Jan 27 2023, 9:50 AM

kp added an edge: D36886: pf tests: test fast port re-use with syncookies.Jan 28 2023, 1:40 AM

Changes (1)

Path

Size

tests/

sys/

netpfil/

pf/

syncookie.sh

rG1279c260c053

View Options

tests/sys/netpfil/pf/syncookie.sh