feat(os_fingerprint): Phase 2 — add icmp_ratelimit + icmp_ratemask sysctls

Windows: both 0 (no ICMP rate limiting — matches real Windows behavior) Linux: 1000ms / mask 6168 (kernel defaults) BSD: 250ms / mask 6168 (FreeBSD default is faster than Linux) Embedded/Cisco: both 0 (most firmware doesn't rate-limit ICMP) These affect nmap's IE and U1 probe groups which measure ICMP error response timing to closed UDP ports. Windows responds to all probes instantly while Linux throttles to ~1/sec. Tests: 10 new cases (5 per sysctl). Suite: 822 passed.
2026-04-10 16:41:23 -04:00
parent 62a67f3d1d
commit 1196363d0b
2 changed files with 63 additions and 2 deletions
--- a/tests/test_os_fingerprint.py
+++ b/tests/test_os_fingerprint.py
@@ -164,6 +164,53 @@ def test_embedded_tcp_fin_timeout_is_15():
 def test_cisco_tcp_fin_timeout_is_15():
    assert get_os_sysctls("cisco")["net.ipv4.tcp_fin_timeout"] == "15"

+# ---------------------------------------------------------------------------
+# os_fingerprint module — icmp_ratelimit
+# ---------------------------------------------------------------------------
+
+def test_linux_icmp_ratelimit_is_1000():
+    assert get_os_sysctls("linux")["net.ipv4.icmp_ratelimit"] == "1000"
+
+
+def test_windows_icmp_ratelimit_is_0():
+    assert get_os_sysctls("windows")["net.ipv4.icmp_ratelimit"] == "0"
+
+
+def test_bsd_icmp_ratelimit_is_250():
+    assert get_os_sysctls("bsd")["net.ipv4.icmp_ratelimit"] == "250"
+
+
+def test_embedded_icmp_ratelimit_is_0():
+    assert get_os_sysctls("embedded")["net.ipv4.icmp_ratelimit"] == "0"
+
+
+def test_cisco_icmp_ratelimit_is_0():
+    assert get_os_sysctls("cisco")["net.ipv4.icmp_ratelimit"] == "0"
+
+
+# ---------------------------------------------------------------------------
+# os_fingerprint module — icmp_ratemask
+# ---------------------------------------------------------------------------
+
+def test_linux_icmp_ratemask_is_6168():
+    assert get_os_sysctls("linux")["net.ipv4.icmp_ratemask"] == "6168"
+
+
+def test_windows_icmp_ratemask_is_0():
+    assert get_os_sysctls("windows")["net.ipv4.icmp_ratemask"] == "0"
+
+
+def test_bsd_icmp_ratemask_is_6168():
+    assert get_os_sysctls("bsd")["net.ipv4.icmp_ratemask"] == "6168"
+
+
+def test_embedded_icmp_ratemask_is_0():
+    assert get_os_sysctls("embedded")["net.ipv4.icmp_ratemask"] == "0"
+
+
+def test_cisco_icmp_ratemask_is_0():
+    assert get_os_sysctls("cisco")["net.ipv4.icmp_ratemask"] == "0"
+

 # ---------------------------------------------------------------------------
 # os_fingerprint module — structural / completeness