Date: Thu, 11 Aug 2022 09:38:32 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 248da7940aa2 - main - if_ovpn tests: Test using a TCP socket for DCO Message-ID: <202208110938.27B9cWVd097930@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=248da7940aa20177218dddb28d90a570d6eddf2d commit 248da7940aa20177218dddb28d90a570d6eddf2d Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2022-08-11 08:34:01 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2022-08-11 08:40:03 +0000 if_ovpn tests: Test using a TCP socket for DCO This used to trigger panics, so try to reproduce it. Create an if_ovpn interface, set a new peer on it with a TCP fd (as opposed to the expected UDP) and ensure that this is rejected. Sponsored by: Rubicon Communications, LLC ("Netgate") --- tests/sys/net/if_ovpn/Makefile | 3 + tests/sys/net/if_ovpn/if_ovpn_c.c | 134 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 137 insertions(+) diff --git a/tests/sys/net/if_ovpn/Makefile b/tests/sys/net/if_ovpn/Makefile index 6c9d61965dfb..a221e25b7e92 100644 --- a/tests/sys/net/if_ovpn/Makefile +++ b/tests/sys/net/if_ovpn/Makefile @@ -3,6 +3,9 @@ PACKAGE= tests TESTSDIR= ${TESTSBASE}/sys/net/if_ovpn ATF_TESTS_SH+= if_ovpn +ATF_TESTS_C+= if_ovpn_c + +LIBADD+= nv TESTS_SUBDIRS+= ccd diff --git a/tests/sys/net/if_ovpn/if_ovpn_c.c b/tests/sys/net/if_ovpn/if_ovpn_c.c new file mode 100644 index 000000000000..44363620d277 --- /dev/null +++ b/tests/sys/net/if_ovpn/if_ovpn_c.c @@ -0,0 +1,134 @@ +//#include <sys/param.h> +#include <stdio.h> + +#include <net/if.h> +#include <netinet/in.h> +#include <sys/param.h> +#include <sys/errno.h> +#include <sys/linker.h> +#include <sys/ioctl.h> +#include <sys/nv.h> +#include <sys/socket.h> +#include <sys/sockio.h> + +#include <atf-c.h> + +#define OVPN_NEW_PEER _IO ('D', 1) + +static nvlist_t * +fake_sockaddr() +{ + uint32_t addr = htonl(INADDR_LOOPBACK); + nvlist_t *nvl; + + nvl = nvlist_create(0); + + nvlist_add_number(nvl, "af", AF_INET); + nvlist_add_binary(nvl, "address", &addr, 4); + nvlist_add_number(nvl, "port", 1024); + + return (nvl); +} + +static char ovpn_ifname[IFNAMSIZ]; +static int ovpn_fd; + +static int +create_interface(int fd) +{ + int ret; + struct ifreq ifr; + + bzero(&ifr, sizeof(ifr)); + + /* Create ovpnx first, then rename it. */ + snprintf(ifr.ifr_name, IFNAMSIZ, "ovpn"); + ret = ioctl(fd, SIOCIFCREATE2, &ifr); + if (ret) + return (ret); + + snprintf(ovpn_ifname, IFNAMSIZ, "%s", ifr.ifr_name); + printf("Created %s\n", ovpn_ifname); + + return (0); +} + +static void +destroy_interface(int fd) +{ + int ret; + struct ifreq ifr; + + if (ovpn_ifname[0] == 0) + return; + + printf("Destroy %s\n", ovpn_ifname); + + bzero(&ifr, sizeof(ifr)); + snprintf(ifr.ifr_name, IFNAMSIZ, "%s", ovpn_ifname); + + ret = ioctl(fd, SIOCIFDESTROY, &ifr); + if (ret) + atf_tc_fail("Failed to destroy interface"); + + ovpn_ifname[0] = 0; +} + +ATF_TC_WITH_CLEANUP(tcp); +ATF_TC_HEAD(tcp, tc) +{ + atf_tc_set_md_var(tc, "require.user", "root"); +} + +ATF_TC_BODY(tcp, tc) +{ + struct ifdrv drv; + struct sockaddr_in sock_in; + int ret; + nvlist_t *nvl; + + /* Ensure the module is loaded. */ + (void)kldload("if_ovpn"); + + ovpn_fd = socket(AF_INET, SOCK_STREAM | SOCK_NONBLOCK, 0); + + /* Kick off a connect so there's a local address set, which we need for + * ovpn_new_peer() to get to the critical point. */ + bzero(&sock_in, sizeof(sock_in)); + sock_in.sin_family = AF_INET; + sock_in.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + sock_in.sin_port = htons(1024); + connect(ovpn_fd, (struct sockaddr *)&sock_in, sizeof(sock_in)); + + ret = create_interface(ovpn_fd); + if (ret) + atf_tc_fail("Failed to create interface"); + + nvl = nvlist_create(0); + + nvlist_add_number(nvl, "peerid", 0); + nvlist_add_number(nvl, "fd", ovpn_fd); + nvlist_add_nvlist(nvl, "remote", fake_sockaddr()); + + bzero(&drv, sizeof(drv)); + snprintf(drv.ifd_name, IFNAMSIZ, "%s", ovpn_ifname); + drv.ifd_cmd = OVPN_NEW_PEER; + drv.ifd_data = nvlist_pack(nvl, &drv.ifd_len); + + ret = ioctl(ovpn_fd, SIOCSDRVSPEC, &drv); + ATF_CHECK_EQ(ret, -1); + ATF_CHECK_EQ(errno, EPROTOTYPE); +} + +ATF_TC_CLEANUP(tcp, tc) +{ + destroy_interface(ovpn_fd); + close(ovpn_fd); +} + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, tcp); + + return (atf_no_error()); +}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202208110938.27B9cWVd097930>