The previous code unsuccesfully attempted to report a precise error for
each option in the user list. Moreover, commit 253b2ec199 broke some
ctrl-api-test (see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260547).
With this patch we bail out as soon as an unrecoverable error is detected and
we properly check for copy boundaries. EOPNOTSUPP no longer immediately
returns an error, so that any other option in the list may be examined
by the caller code and a precise report of the (un)supported options can
be returned to the user.
With this patch, all ctrl-api-test unit tests pass again.
PR: 260547
Submitted by: giuseppe.lettieri@unipi.it
Reviewed by: vmaffione
MFC after: 14 days
The TCP_TXTLS_ENABLE and TCP_RXTLS_ENABLE socket option handlers check
whether the socket is listening socket and fail if so, but this check is
racy. Since we have to lock the socket buffer later anyway, defer the
check to that point.
ktls_enable_tx() locks the send buffer's I/O lock, which will fail if
the socket is a listening socket, so no explicit checks are needed. In
ktls_enable_rx(), which does not acquire the I/O lock (see the review
for some discussion on this), use an explicit SOLISTENING() check after
locking the recv socket buffer.
Otherwise, a concurrent solisten_proto() call can trigger crashes and
memory leaks by wiping out socket buffers as ktls_enable_*() is
modifying them.
Also make sure that a KTLS-enabled socket can't be converted to a
listening socket, and use SOCK_(SEND|RECV)BUF_LOCK macros instead of the
old ones while here.
Add some simple regression tests involving listen(2).
Reported by: syzkaller
MFC after: 2 weeks
Reviewed by: gallatin, glebius, jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38504
Test the new unicast carp mode for IPv6.
There's a routing hop between the peers, to ensure that the TTL check is
correctly disabled for unicast carp.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D38942
Test the new unicast carp mode for IPv4.
There's a routing hop between the peers, to ensure that the TTL check is
correctly disabled for unicast carp.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D38941
There's been at least one issue where we failed to correctly enter
NET_EPOCH that was triggered in this scenario.
Add a test case for it to make it easier to detect issues like this in
the future.
Reviewed by: zlei
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D39115
We've observed a panic after pf_refragment6() with link-local addresses,
because pf_refragment6() calls ip6_forward() even for a simple output
case.
That results in us entering ip6_forward() with an mbuf with a NULL
m->m_pkthdr.rcvif, which can cause a NULL deref (but seemingly not for
GUAs.
Test sending fragmented link-local packets to pf.
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D39063
Summary:
* add snl_send_message() as a convenient send wrapper
* add signed integer parsers
* add snl_read_reply_code() to simplify operation result checks
* add snl_read_reply_multi() to simplify reading multipart messages
* add snl_create_genl_msg_request()
* add snl_get_genl_family() to simplify family name->id resolution
* add tests for some of the functionality
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D39092
MFC after: 2 weeks
This change adds the "default" parsers of _all_ route/link attributes
exported by the kernel.
It removes the need to declare similar parsers in the userland applications,
simplifying their logic.
Differential Revision: https://reviews.freebsd.org/D38979
MFC after: 2 weeks
Many pf tests use identical setup where one jail is a router and
optionally another jail is a server. Add functions to create such jails
for IPv6 and IPv4 and functions to perform tests on such setup.
Add tests using those functions: scrub actions, routing table, tcp
sequence number modulation.
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D38126
Skip the test (rather than loading it) if if_ovpn.ko isn't loaded. Match
the behaviour of other tests.
Sponsored by: Rubicon Communications, LLC ("Netgate")
In CURRENT for some time an overflowed unix/dgram socket would
return EAGAIN if it has O_NONBLOCK set. This proved to be
undesired. See 71e70c25c0 for details. Update tests to match
the "new" behavior, which actually is the historical behavior.
The actual overflow occured in the ReadAhead.readahead test.
Surprisingly it has never segfaulted or resulted in any bad behavior.
MFC after: 1 week
Sponsored by: Axcient
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D38718
The previous fix was incorrect: we need to verify that the current node, if it exists, is not a directory, but we were checking the parent node instead. Address this, add more tests, and fix the test cleanup routines.
PR: 269519, 269561
Fixes: ae6cff8973
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D38645
The current code missed interface addition when reallocating
temporary buffer.
Tweak the code to perform the reallocation first and add
interface afterwards unconditionally.
Reported by: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
MFC after: 3 days
PR 254212 was resolved to avoid issues with not having IPv6 addresses
present in the jail, so we can safely drop this workaround now...
Reviewed by: jhb, markj
Differential Revision: https://reviews.freebsd.org/D37755
This adds a test for a semantic that we added to mirror a feature of
the Linux implementation w/ netns: if a wg interface is moved into a
jail, we still create the socket in the context of the home vnet. With
this added, one can actually create vnet jails that only have a wg
tunnel to the outside world providing network connectivity without any
epairs in the setup.
Reviewed by: jhb, markj (both earlier version)
Differential Revision: https://reviews.freebsd.org/D37755
* tarfs_alloc_mount(): Remove an unnecessary null check (CID 1504505) and an unused variable.
* tarfs_alloc_one(): Verify that the file size is not negative (CID 1504506). While there, also validate the mode, owner and group.
* tarfs_vget(), tarfs_zio_init(): Explicitly ignore return value from getnewvnode(), which cannot fail (CID 1504508)
* tarfs_lookup_path(): Fix a case where a specially-crafted tarball could trigger a null pointer dereference by first descending into, and then backing out of, a previously unknown directory. (CID 1504515)
* mktar: Construct a tarball that triggers the aforementioned null pointer dereference.
Reported by: Coverity
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Reviewed by: imp, kib
Differential Revision: https://reviews.freebsd.org/D38463
Some operations like interface creation may need to return metadata
- in this case, interface name - back to the caller if the operation
is successful.
This change implements attaching an `NLMSGERR_ATTR_COOKIE` nla to the
operation reply message via `nlmsg_report_cookie()`.
Additionally, on successful interface creation, interface index and
interface name are returned in the `IFLA_NEW_IFINDEX` and `IFLA_IFNAME
TLVs, encapsulated in the `NLMSGERR_ATTR_COOKIE`.
Reviewed By: pauamma
Differential Revision: https://reviews.freebsd.org/D38283
MFC after: 1 week
In e2650af157 was added "_S" macros for compatibility with glibc, but it's still
incompatible as under glibc the macros whose names end with "_S" operate on the
dynamically allocated CPU set(s) whose size is in bytes, not in bits.
While here remove limiting ifdef to non-kernel case.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D38110
MFC after: 1 week
