From owner-svn-src-head@freebsd.org Thu Oct 24 22:07:46 2019 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9B92915B84C; Thu, 24 Oct 2019 22:07:46 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46zhFG4NbQz3C0y; Thu, 24 Oct 2019 22:07:46 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7A47F1CBE7; Thu, 24 Oct 2019 22:07:46 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x9OM7kP9008744; Thu, 24 Oct 2019 22:07:46 GMT (envelope-from bz@FreeBSD.org) Received: (from bz@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x9OM7jf7008740; Thu, 24 Oct 2019 22:07:45 GMT (envelope-from bz@FreeBSD.org) Message-Id: <201910242207.x9OM7jf7008740@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bz set sender to bz@FreeBSD.org using -f From: "Bjoern A. Zeeb" Date: Thu, 24 Oct 2019 22:07:45 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r354053 - in head: sys/netinet6 tests/sys/netinet6/frag6 X-SVN-Group: head X-SVN-Commit-Author: bz X-SVN-Commit-Paths: in head: sys/netinet6 tests/sys/netinet6/frag6 X-SVN-Commit-Revision: 354053 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Oct 2019 22:07:46 -0000 Author: bz Date: Thu Oct 24 22:07:45 2019 New Revision: 354053 URL: https://svnweb.freebsd.org/changeset/base/354053 Log: frag6: prevent overwriting initial fragoff=0 packet meta-data. When we receive the packet with the first fragmented part (fragoff=0) we remember the length of the unfragmentable part and the next header (and should probably also remember ECN) as meta-data on the reassembly queue. Someone replying this packet so far could change these 2 (3) values. While changing the next header seems more severe, for a full size fragmented UDP packet, for example, adding an extension header to the unfragmentable part would go unnoticed (as the framented part would be considered an exact duplicate) but make reassembly fail. So do not allow updating the meta-data after we have seen the first fragmented part anymore. The frag6_20 test case is added which failed before triggering an ICMPv6 "param prob" due to the check for each queued fragment for a max-size violation if a fragoff=0 packet was received. MFC after: 3 weeks Sponsored by: Netflix Added: head/tests/sys/netinet6/frag6/frag6_20.py (contents, props changed) head/tests/sys/netinet6/frag6/frag6_20.sh (contents, props changed) Modified: head/sys/netinet6/frag6.c head/tests/sys/netinet6/frag6/Makefile Modified: head/sys/netinet6/frag6.c ============================================================================== --- head/sys/netinet6/frag6.c Thu Oct 24 21:55:19 2019 (r354052) +++ head/sys/netinet6/frag6.c Thu Oct 24 22:07:45 2019 (r354053) @@ -561,11 +561,16 @@ frag6_input(struct mbuf **mp, int *offp, int proto) /* * If it is the 1st fragment, record the length of the * unfragmentable part and the next header of the fragment header. + * Assume the first 1st fragement to arrive will be correct. + * We do not have any duplicate checks here yet so another packet + * with fragoff == 0 could come and overwrite the ip6q_unfrglen + * and worse, the next header, at any time. */ - if (fragoff == 0) { + if (fragoff == 0 && q6->ip6q_unfrglen == -1) { q6->ip6q_unfrglen = offset - sizeof(struct ip6_hdr) - sizeof(struct ip6_frag); q6->ip6q_nxt = ip6f->ip6f_nxt; + /* XXX ECN? */ } /* Modified: head/tests/sys/netinet6/frag6/Makefile ============================================================================== --- head/tests/sys/netinet6/frag6/Makefile Thu Oct 24 21:55:19 2019 (r354052) +++ head/tests/sys/netinet6/frag6/Makefile Thu Oct 24 22:07:45 2019 (r354053) @@ -27,7 +27,8 @@ ATF_TESTS_SH= \ frag6_16 \ frag6_17 \ frag6_18 \ - frag6_19 + frag6_19 \ + frag6_20 ${PACKAGE}FILES+= frag6.subr ${PACKAGE}FILES+= sniffer.py @@ -50,6 +51,7 @@ ${PACKAGE}FILES+= frag6_16.py ${PACKAGE}FILES+= frag6_17.py ${PACKAGE}FILES+= frag6_18.py ${PACKAGE}FILES+= frag6_19.py +${PACKAGE}FILES+= frag6_20.py ${PACKAGE}FILESMODE_frag6.subr= 0444 ${PACKAGE}FILESMODE_sniffer.py= 0555 @@ -72,5 +74,6 @@ ${PACKAGE}FILESMODE_frag6_16.py= 0555 ${PACKAGE}FILESMODE_frag6_17.py= 0555 ${PACKAGE}FILESMODE_frag6_18.py= 0555 ${PACKAGE}FILESMODE_frag6_19.py= 0555 +${PACKAGE}FILESMODE_frag6_20.py= 0555 .include Added: head/tests/sys/netinet6/frag6/frag6_20.py ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tests/sys/netinet6/frag6/frag6_20.py Thu Oct 24 22:07:45 2019 (r354053) @@ -0,0 +1,137 @@ +#!/usr/bin/env python +#- +# SPDX-License-Identifier: BSD-2-Clause +# +# Copyright (c) 2019 Netflix, Inc. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +import argparse +import scapy.all as sp +import socket +import sys +from sniffer import Sniffer +from time import sleep + +def check_icmp6_error(args, packet): + ip6 = packet.getlayer(sp.IPv6) + if not ip6: + return False + oip6 = sp.IPv6(src=args.src[0], dst=args.to[0]) + if ip6.dst != oip6.src: + return False + icmp6 = packet.getlayer(sp.ICMPv6TimeExceeded) + if not icmp6: + return False + # ICMP6_TIME_EXCEED_REASSEMBLY 1 + if icmp6.code != 1: + return False + # Should we check the payload as well? + # We are running in a very isolated environment and nothing else + # should trigger an ICMPv6 Time Exceeded / Frag reassembly so leave it. + #icmp6.display() + return True + + +def main(): + parser = argparse.ArgumentParser("frag6.py", + description="IPv6 fragementation test tool") + parser.add_argument('--sendif', nargs=1, + required=True, + help='The interface through which the packet will be sent') + parser.add_argument('--recvif', nargs=1, + required=True, + help='The interface on which to check for the packet') + parser.add_argument('--src', nargs=1, + required=True, + help='The source IP address') + parser.add_argument('--to', nargs=1, + required=True, + help='The destination IP address') + parser.add_argument('--debug', + required=False, action='store_true', + help='Enable test debugging') + + args = parser.parse_args() + + + # Start sniffing on recvif + sniffer = Sniffer(args, check_icmp6_error) + + + ######################################################################## + # + # Send a proper first fragment (off=0) and a second fragment which + # just fits the 64k. The re-send the first fragment with an extra + # unfragmentable part making the 64k to exceed the limit. + # This is to make sure we don't allow to update meta-data for a + # 1st fragmented packet should a second arrive but given the + # fragmentable part is an exact duplicate only that fragment + # will be silently discarded. + # + # A: Reassembly failure, timeout after + # R: ICMPv6 time exceeded / statistics for the duplicate + # + data = "6" * 8 + ip6f00 = \ + sp.Ether() / \ + sp.IPv6(src=args.src[0], dst=args.to[0]) / \ + sp.IPv6ExtHdrFragment(offset=0, m=1, id=20) / \ + sp.UDP(dport=3456, sport=6543) / \ + data + data = "6" * 15 + ip6f01 = \ + sp.Ether() / \ + sp.IPv6(src=args.src[0], dst=args.to[0]) / \ + sp.IPv6ExtHdrFragment(offset=0x1ffc, m=0, id=20) / \ + sp.UDP(dport=3456, sport=6543) / \ + data + data = "6" * 8 + ip6f02 = \ + sp.Ether() / \ + sp.IPv6(src=args.src[0], dst=args.to[0]) / \ + sp.IPv6ExtHdrDestOpt(options = \ + sp.PadN(optdata="\x00\x00\x00\x00\x00\x00")) / \ + sp.IPv6ExtHdrFragment(offset=0, m=1, id=20) / \ + sp.UDP(dport=3456, sport=6543) / \ + data + if args.debug : + ip6f00.display() + ip6f01.display() + ip6f02.display() + sp.sendp(ip6f00, iface=args.sendif[0], verbose=False) + sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) + sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) + + sleep(75) + sniffer.setEnd() + sniffer.join() + if not sniffer.foundCorrectPacket: + sys.exit(1) + + sys.exit(0) + +if __name__ == '__main__': + main() Added: head/tests/sys/netinet6/frag6/frag6_20.sh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tests/sys/netinet6/frag6/frag6_20.sh Thu Oct 24 22:07:45 2019 (r354053) @@ -0,0 +1,231 @@ +# $FreeBSD$ +#- +# SPDX-License-Identifier: BSD-2-Clause +# +# Copyright (c) 2019 Netflix, Inc. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# + +. $(atf_get_srcdir)/frag6.subr + +frag6_20_check_stats() { + + local jname ifname + jname=$1 + ifname=$2 + + case "${jname}" in + "") echo "ERROR: jname is empty"; return ;; + esac + case "${ifname}" in + "") echo "ERROR: ifname is empty"; return ;; + esac + + # Defaults are: IPV6_FRAGTTL 120 slowtimo ticks. + # pfslowtimo() is run at hz/2. So this takes 60s. + # This is awefully long for a test case. + # The Python script has to wait for this already to get the ICMPv6 + # hence we do not sleep here anymore. + + nf=`jexec ${jname} sysctl -n net.inet6.ip6.frag6_nfragpackets` + case ${nf} in + 0) break ;; + *) atf_fail "VNET frag6_nfragpackets not 0 but: ${nf}" ;; + esac + nf=`sysctl -n net.inet6.ip6.frag6_nfrags` + case ${nf} in + 0) break ;; + *) atf_fail "Global frag6_nfrags not 0 but: ${nf}" ;; + esac + + # + # Check selection of global UDP stats. + # + cat < ${HOME}/filter-${jname}.txt + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 +EOF + count=`jexec ${jname} netstat -s -p udp --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` + rm -f ${HOME}/filter-${jname}.txt + case ${count} in + 9) ;; + *) jexec ${jname} netstat -s -p udp --libxo xml,pretty + atf_fail "Global UDP statistics do not match: ${count} != 9" ;; + esac + + + # + # Check selection of global IPv6 stats. + # + cat < ${HOME}/filter-${jname}.txt + 0 + 0 + 0 + 0 + 3 + 1 + 2 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 +EOF + count=`jexec ${jname} netstat -s -p ip6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` + rm -f ${HOME}/filter-${jname}.txt + case ${count} in + 20) ;; + *) jexec ${jname} netstat -s -p ip6 --libxo xml,pretty + atf_fail "Global IPv6 statistics do not match: ${count} != 20" ;; + esac + + # + # Check selection of global ICMPv6 stats. + # XXX-TODO check output histogram (just too hard to parse [no multi-line-grep]) + # + cat < ${HOME}/filter-${jname}.txt + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 +EOF + count=`jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` + rm -f ${HOME}/filter-${jname}.txt + case ${count} in + 22) ;; + *) jexec ${jname} netstat -s -p icmp6 --libxo xml,pretty + atf_fail "Global ICMPv6 statistics do not match: ${count} != 22" ;; + esac + + # + # Check selection of interface IPv6 stats. + # + cat < ${HOME}/filter-${jname}.txt + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 3 + 0 + 1 +EOF + count=`jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` + rm -f ${HOME}/filter-${jname}.txt + case ${count} in + 14) ;; + *) jexec ${jname} netstat -s -p ip6 -I ${ifname} --libxo xml,pretty + atf_fail "Interface IPv6 statistics do not match: ${count} != 14" ;; + esac + + # + # Check selection of interface ICMPv6 stats. + # + cat < ${HOME}/filter-${jname}.txt + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 0 + 0 + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 +EOF + count=`jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty | grep -E -x -c -f ${HOME}/filter-${jname}.txt` + rm -f ${HOME}/filter-${jname}.txt + case ${count} in + 21) ;; + *) jexec ${jname} netstat -s -p icmp6 -I ${ifname} --libxo xml,pretty + atf_fail "Interface ICMPv6 statistics do not match: ${count} != 21" ;; + esac +} + +atf_test_case "frag6_20" "cleanup" +frag6_20_head() { + frag6_head 20 +} + +frag6_20_body() { + frag6_body 20 frag6_20_check_stats +} + +frag6_20_cleanup() { + frag6_cleanup 20 +} + +atf_init_test_cases() +{ + atf_add_test_case "frag6_20" +}