Both for the DIOCADDSTATE ioctl and for states imported through pfsync packets.
Add a test case to exercise this code path.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit faacc0d968816cf8714c974b6d8df6191cfb0e0d)
Unterminated strings in the anchor or name could cause crashes.
Validate them, and add a test case.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 1da3c0ca5b1decaa9cf55859cd134bdcd1218116)
Approved by: so
(cherry picked from commit 1dd66c6ac2c146f540b2ff825fbee442354aeee5)
(cherry picked from commit 7272e2d029c20c3144d7aa49500dc86d70344030)
This adds a metadata variable, require.kmods, and corresponding functions
or methods in C, C++, and shell, which allow a test to specify that it
requires particular kernel modules to run. If the kernel modules are not
present, the test is skipped. One might want to consider a kyua option
which makes it attempt to load the modules instead.
Differential Revision: https://reviews.freebsd.org/D47470
(cherry picked from commit 83a1ee578c9d1ab7013e997289c7cd470c0e6902)
Add an optional "vlan <n>" argument to the bridge static and deladdr
commands to allow addresses to be added to / removed from a particular
vlan. No changes to if_bridge are required as the kernel API already
supports this, it just wasn't exposed in ifconfig.
Add tests for the new functionality, and improve the test for the
existing "static" command.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D51243
(cherry picked from commit 3650722abf2922893540361a1369b54abc5ff8d2)
Create a state with an rtableid (i.e. fib) that doesn't exist on the receiving
side. This used to not be handled, and could provoke panics. Create such a
situation to ensure we still don't panic.
PR: 287981
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit f651e87be28dd6c3f466dc865b1a036089b892ff)
For SCTP we create states for all combinations of endpoints, to allow multihoming to work.
Malicious users could abuse this to fill our state table more easily
than they otherwise could, because we create states between all
combinations of endpoints. Limit this to no more than 8 extra endpoints
for each side of the connection.
MFC after: 2 weeks
Sponsored by: Orange Business Services
(cherry picked from commit cd0169c9379c400ec75b77e87ca770e37f964276)
If an interface is a bridge member, and a vlan(4) is also created on
that interface, and net.link.bridge.member_ifaddrs=0, then vlan(4)
will never see any incoming frames because bridge doesn't pass them
to the host for processing.
Work around this by checking for locally-addressed frames using the
MAC address of the interface we received the frame on, but only if
the frame has a .1q tag and there's a vlan trunk on the interface.
This behaviour is almost certainly "wrong" and it's not clear if we
really want to support this, but it did work in the past and the
member_ifaddrs change was not supposed to break it, so this restores
the previous behaviour.
PR: 287150
MFC after: 1 week
Reviewed by: kevans, des
Approved by: kevans (mentor), des (mentor)
Differential Revision: https://reviews.freebsd.org/D50623
(cherry picked from commit a5fe142e08447c7116b89159c110d02e860ac6a1)
add a new sysctl, net.link.bridge.member_ifaddrs, which defaults to 1.
if it is set to 1, bridge behaviour is unchanged.
if it is set to 0:
- an interface which has AF_INET6 or AF_INET addresses assigned cannot
be added to a bridge.
- an interface in a bridge cannot have an AF_INET6 or AF_INET address
assigned to it.
- the bridge will no longer consider the lladdrs on bridge members to be
local addresses, i.e. frames sent to member lladdrs will not be
processed by the host.
update bridge.4 to document this behaviour, as well as the existing
recommendation that IP addresses should not be configured on bridge
members anyway, even if it currently partially works.
in testing, setting this to 0 on a bridge with 50 member interfaces
improved throughput by 22% (4.61Gb/s -> 5.67Gb/s) across two member
epairs due to eliding the bridge member list walk in GRAB_OUR_PACKETS.
Reviewed by: kp, des
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D49995
(cherry picked from commit 0a1294f6c610948d7447ae276df74a6d5269b62e)
These essentially test building a list/tailq of 100 elements with
_INSERT_HEAD(), iterating over them with _FOREACH(), splitting it with
_SPLIT_AFTER() and concatenating back the results with _CONCAT(),
checking that the lists/tailqs at each step have the right number of
elements and at the expected positions.
Reviewed by: markj
MFC after: 2 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D49975
(cherry picked from commit 4fa275a5f35742a5d662db7106d20819329dc8f2)
If the kernel rejects a response written by the server, print it. That
would most likely be due to an error in the test logic.
MFC after: 2 weeks
Sponsored by: ConnectWise
(cherry picked from commit 564c732b5c0221373d067c9a21da09b310e676ae)
fusefs: fix the 32-bit build after 564c732b5c0
It's a printf format specifier again.
MFC with: 564c732b5c0221373d067c9a21da09b310e676ae
Sponsored by: ConnectWise
(cherry picked from commit 52f7eb31ae84b0a02cd79c857c3201cb7b65c00f)
When set, this limits the amount of data that the kernel will request of
the server in any single read operation. The option has always been
available in our fusefs implementation, but never covered by the test
suite.
MFC after: 2 weeks
Sponsored by: ConnectWise
(cherry picked from commit 9f31c47460412ab6ccae36a70ca019b47423ccec)
Do more work in MockFS's constructor's member initializer list, instead
of the body of the constructor. It's easier to read this way.
Sponsored by: ConnectWise
(cherry picked from commit 3f83f32d7d07afbb2dbff63fc6ec520f3341eec7)
pfctl_show_nat() is called recursively to print nat anchors. This passes the
anchor path, but this path was modified by pfctl_show_nat(), leading to issues
printing the anchors.
Make a copy of the path ('npath') before we modify it. Ensure we do this
correctly by sprinking in 'const', and add a test case to verify that we do now
print things correctly.
Reported by: Thomas Pasqualini <thomas.pasqualini@orange.com>
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 58164dcb55d62ca73b5e550b8344bf61e2d8a47a)
m_unshare() can return a new mbuf pointer. We update the 'm' pointer in
ovpn_udp_input(), but if we decide to pass on the packet (e.g. because it's for
an unknown peer) the caller (udp_append()) continues with the old 'm' pointer,
eventually resulting in a use-after-free.
Re-order operations in ovpn_udp_input() so that we don't modify the 'm' pointer
until we're committed to keeping the packet.
PR: 283426
Test case by: takahiro.kurosawa@gmail.com
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 04a7134c1e92c7752ffdc665f99ae26db70866c0)
The tests previously expected the invoker to pass a list of FIBs to use.
However, they now run in separate VNET jails, so we can simply expand
the FIB array as needed in each test. Modify each test to simply set
net.fibs as needed and grab FIB numbers starting at 1.
A number of tests were also broken by commit 9206c7996198
("usr.bin/netstat: -n should not print symbolic names"), so fix those.
Reviewed by: asomers
Fixes: 9206c7996198 ("usr.bin/netstat: -n should not print symbolic names")
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D48585
(cherry picked from commit 81b076e43aa63ac255996093233ab3560a23977e)
Note, the netstat-related changes described above are not merged.
After ad874544d9f018bf8eef4053b5ca7b856c4674cb, interface name
validation has been removed, resulting in two unit tests failures.
Drop the failing tests since they no longer apply.
Reported by: markj
(cherry picked from commit ee5804da116f2107451c8b4376b69b3a64a630e8)
Even though the OSS manual [1] advises against using AFMT_FLOAT, there
are applications that expect the sound driver to support it, and might
not work properly without it.
This patch adds AFMT_F32_LE|BE (as well as AFMT_FLOAT for OSS
compatibility) in sys/soundcard.h and implements AFMT_F32_LE|BE <->
AFMT_S32_LE|BE conversion functions. As a result, applications can
write/read floats to/from sound(4), but internally, because sound(4)
works with integers, we convert floating point samples to integer ones,
before doing any processing.
The reason for encoding/decoding IEEE754s manually, instead of using
fpu_kern(9), is that fpu_kern(9) is not supported by all architectures,
and also introduces significant overhead.
The IEEE754 encoding/decoding implementation has been written by Ariff
Abdullah [2].
[1] http://manuals.opensound.com/developer/AFMT_FLOAT.html
[2] https://people.freebsd.org/~ariff/utils/ieee754.c
PR: 157050, 184380, 264973, 280612, 281390
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D47638
(cherry picked from commit e1bbaa71d62c8681a576f9f5bedf475c7541bd35)
After 04207850a9b9 it is required that key length is not zero.
Add some key to avoid error.
Reported by: markj
(cherry picked from commit b6708045590712930c533e916e3d6fdfe48ec5ba)
io.cc relies on `std::setw(..)`, which is exported by the iomanip C++
header. Newer versions of GoogleTest don't export this header, so add
the explicit include.
This unbreaks the build with GoogleTest 1.15.2.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D47194
(cherry picked from commit 0077477f215c851fe15c9ea12cfb005125c4238a)
Merge the PCM_READ|WRITE_* macros defined in pcm/pcm.h, as well as the
intpcm_read|write_* macros defined in pcm/feeder_format.c, into six
inline functions: pcm_sample_read|write[_norm|calc](). The absence of
macro magic makes the code significantly easier to read, use and modify.
Since these functions take the input/output format as a parameter, get
rid of the read() and write() function pointers defined in struct
feed_format_info, as well as the feeder_format_read|write_op()
functions, and use the new read/write functions directly.
Sponsored by: The FreeBSD Fondation
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D47932
(cherry picked from commit 433e270f341cf660b2fe125c2e0f733073829188)
IPv4 packets can be routed via an IPv6 nexthop, so the handling of the
parsed address family is more strict than it needs to be. If we have a
valid header that matches a known peer, then we have no reason to
decline the packet.
Convert it to an assertion that it matches the destination as viewed by
the stack below it, instead. `dst` may be the gateway instead of the
destination in the case of a nexthop, so the `af` assignment must be
switched to use the destination in all cases.
Add a test case that approximates a setup like in the PR and
demonstrates the issue.
PR: 284857
Reviewed by: markj (earlier version), zlei
(cherry picked from commit 2bef0d54f74dad6962ef7d1dfa407e95cb4fb4ad)
While here, add one additional IPv4 link-local address to test_46_nofilter
to cover the IPv4 RT_SCOPE_LINK case.
Reviewed by: melifaro, #network
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D49226
(cherry picked from commit 5d8b48487acc8375675f2b7c4507c98ac5d0bf75)
Scapy is not needed to run this test. Remove it from the required
programs list.
Reviewed by: kp
Approved by: emaste (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D49006
(cherry picked from commit 1f1963bd32d669f89ea3b044636de0cb7a33134b)
The ra.py script requires Scapy. Invoke it using the python3 symlink.
While technically, at the moment, python points to python3, and python3
points to the current version of python, it is recommended to use
python3. No functional change intended.
Add the Scapy requirement in the header of each test that makes use of
it.
Reviewed by: kp
Approved by: emaste (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D49005
(cherry picked from commit ec60176e7d29d1e9f11121146603ce5b6b5f40b8)
In some situations the feeders in the sound module lower the pcm sample
resolution through a downshift of the sample value. The pcm_read_write
test implements this operation with an arithmetic division to avoid
implementation defined or architecture specific behavior. Due to
different rounding, the test produced marginally different sample
values, which made the test fail on 32 bit architectures. Correct this.
Reported by: CI
Fixes: 27ef5d48c729 ("sound: Unit test the pcm sample read and write macros")
MFC after: 1 week
Reviewed by: christos, markj
Differential revision: https://reviews.freebsd.org/D48926
(cherry picked from commit 6672831bda883756d7f4598bb4b119f99eb1e7d2)
In the current test case unicast_v4, host one acts as a router, but it
uses if_bridge(4) to verify the reachability to CARP master.
Unfortunately, if_bridge(4) brings the two CARP hosts into the same
broadcast domain, thus with an unusual (undocumented) setup, one host
is in unicast mode but another one in multicast, or two hosts are both
in multicast mode, the test case can falsely report success.
Fix that by propagating route via routed(8).
PR 284872 shows that CARP(4) happens to send packets with multicast
destination when the unicast peer address is in the range x.x.x.224 ~
x.x.x.239. Update the peer address in test case to catch that bug.
PR: 284872
Reviewed by: kp
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D49076
(cherry picked from commit 93fbdef51a13b8facac3633f55804a59ca27f635)
Otherwise gcc warns about the (intentionall) truncated value and raises
an error.
Fixes: 7034563f8ef3 ("tests: Add some FIB multibind test cases")
(cherry picked from commit 400ce6248be986d52b3944c1ed01db3b26243454)
Add more test cases for pf fragment hole counter. Also look into
final fragment of echo reply and check total length of IP packet.
MFC after: 1 week
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 640736615b
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit db100bd93036855c7688dc088b811dc7b660f51d)
The reassembly state will be dropped after timeout, all related
fragments are dropped until that. This is conforming to RFC 5722.
- Sort pf_fragment fields while there.
- If the fr_queue is empty, we had overlapping fragments, don't add
new ones.
- If we detect overlapping IPv6 fragments, flush the fr_queue and
drop all fragments immediately.
- Rearrange debug output, to make clear what happens.
- An IPv4 fragment that is totaly overlapped does not inclease the
bad fragment counter.
- Put an KASSERT into pf_isfull_fragment() to make sure that the
fr_queue is never emtpy there.
discussed with Fernando Gont; ok henning@
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 8b45f36762
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 6a3266f72e437aecf3edcfb8aa919466b270d548)
There is an undocumented limit on the length of a GELI passphrase, and
the test exceeded that. Most of the time it worked because a nul
terminator would appear early enough in the string.
Reported by: Jenkins
Fixes: 2b7b09ac9675 ("geli tests: Add a regression test for geli setkey -J")
(cherry picked from commit c4b927c341e23eea17f75d139aafcf58545c5b0e)
Allow users to choose to allow permitted SCTP connections to set up additional
multihomed connections regardless of the ruleset. That is, allow an already
established connection to set up flows that would otherwise be disallowed.
In case of if-bound connections we initially set the extra associations to
be floating, because we don't know what path they'll be taking when they're
created. Once we see the first traffic we can bind them.
MFC after: 2 weeks
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D48453
(cherry picked from commit e4f2733df8c9d2fd0c5e8fdc8bec002bf39811f3)
Fix a mistake in the pcm_read_write test that would result in not
properly detecting 32bit calculation on 32bit architectures like i386.
As a consequence, the wrong values would be checked, thus failing the
test.
Reported by: CI
Fixes: 27ef5d48c729 ("sound: Unit test the pcm sample read and write macros")
MFC after: 1 week
Reviewed by: christos
Differential Revision: https://reviews.freebsd.org/D48617
(cherry picked from commit e02b579b537998495b06d02be6aa07f03db3a42a)
/workspace/src/tests/sys/sound/pcm_read_write.c:36:1: error: 'static' is not
at beginning of declaration [-Werror=old-style-declaration]
36 | } static const afmt_tests[] = {
| ^
Reported by: CI
Fixes: 27ef5d48c729 ("sound: Unit test the pcm sample read and write macros")
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
(cherry picked from commit f6631da0b581b28c2bfeea1199b52013bb46aa41)
Main goal is to have a unit test, with sample test data that is verified
against the current macro implementation of pcm sample read and write
functions. With a test in place, we can proceed on a planned refactoring
of the sample read and write code, and confidently check the new code
for regressions.
Implementation of the unit test itself has to avoid any cast or
conversion affected by endianness, to make the tests compatible with all
machine architectures.
MFC after: 1 week
Reviewed by: christos, markj
Differential Revision: https://reviews.freebsd.org/D48330
(cherry picked from commit 27ef5d48c729defb83a8822143dc71ab17f9d68b)
See commit 4f02a7d739b3 for more background.
I cannot see a good reason to continue ignoring mismatching UIDs when
binding to INADDR_ANY. Looking at the sdr.V2.4a7n sources (mentioned in
bugzilla PR 7713), there is a CANT_MCAST_BIND hack wherein the
application binds to INADDR_ANY instead of a multicast address, but
CANT_MCAST_BIND isn't defined for FreeBSD builds.
It seems unlikely that we still have a use-case for allowing sockets
from different UIDs to bind to the same port when binding to the
unspecified address. And, as noted in D47832, applications like sdr
would have been broken by the inverted SO_REUSEPORT check removed in
that revision, apparently without any bug reports. Let's break
compatibility and simply disallow this case outright.
Also, add some comments, remove a hack in a regression test which tests
this funtionality, and add a new regression test to exercise the
remaining checks that were added in commit 4658dc8325.
MFC after: 1 month
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D47870
(cherry picked from commit c9756953bded0d8428027fa3e812c9bdac069252)
Fix a leak of a fuse_ticket structure. The leak mostly affected
NFS-exported fuse file systems, and was triggered by a failure during
FUSE_LOOKUP.
Sponsored by: ConnectWise
(cherry picked from commit 969d1aa4dbfcbccd8de965f7761203208bf04e46)
The FUSE_NO_OPEN_SUPPORT and FUSE_NO_OPENDIR_SUPPORT flags
are only meant to indicate kernel features, and should be ignored
if they appear in the FUSE_INIT reply flags.
Also fix the corresponding test cases.
Reviewed by: Alan Somers <asomers@FreeBSD.org>
Signed-off-by: CismonX <admin@cismon.net>
Pull Request: https://github.com/freebsd/freebsd-src/pull/1509
(cherry picked from commit f0f596bd955e5b48c55db502e79fc652ac8970d3)
Even on a riscv embedded system, the fusefs tests run fast enough that
10 seconds is a reasonable timeout.
[skip ci]
Sponsored by: ConnectWise
(cherry picked from commit 53f73aaffddaedff019555679d686ec401330d39)
Every fuse ticket has a "unique" token. As the name implies, they're
supposed to be unique. Previously the fusefs test suite verified their
uniqueness by relying on the fact that they are also sequential. But
they aren't guaranteed to be sequential. Enhance the tests by removing
that convenient assumption.
Sponsored by: Axcient
(cherry picked from commit b1879975794772ee51f0b4865753364c7d7626c3)
