From nobody Tue Jun  9 11:38:19 2026
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gZRk8566Qz6hpMB
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Tue, 09 Jun 2026 11:38:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4gZRk84R97z3f1L
	for <dev-commits-src-all@FreeBSD.org>; Tue, 09 Jun 2026 11:38:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1781005104;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=txG0QpIHitHXNp9yOVxIXaMpBy9DfMc5beujetbGClE=;
	b=HqR6blC2lqE/zm+YGOGlClHZ7/6CRSj795fRH4atA2Kf/oZ2DprI9UoOVs/RPOj5YJNYj3
	ox0bnQZAmTXaI99W+/61aN/7fQjK2Cy6GeEesb8XK/YuF3URCIbwMM+p/2NZPqeWNxiEx6
	y0nfX+k8m6gbVLe9APU4MAIw7w/RjCfBTlphH18Lr+TcV5BOhPOWgmpweHPH82boGZUNr9
	wNgqjFIaspbACeLI4M8PcdmVCr0JM9VzMRrTKmFtQhLSkLQW9V/PazYg2GpJfry0lqKm2B
	2aFPApaawLBqDHJUW5MUIEw0pnbhz0dqTQvvLZgIJBPEiL4CshSCUrqQHAtvAg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781005104; a=rsa-sha256; cv=none;
	b=vJ7bpBps+7wgDIQqwSJL+erUIG8uW2kIeEdQAmg0i4YegytWg4okINwlwPGycr3DxYYzex
	/DQh5jvtHB+w7wER5MVXcXji+jAdo0zRvlJtiROQkezT6q9PZj+yXr3bzhBdcnCt5RpDd3
	8mVN2kFqS8DScN6MSFjKe2SCSCl81jtmDJf/J/WRbBu44zs0wXdgF8m+lY6gJuWqAi0ztz
	XtJTprjTDWfXMcBUId0rw6cI+xkLvB8l4vfII1f3aZbDzaLDTqF1CrLFsjphgnaB7eepNZ
	EO1kwvv2tz1cPg8AyvAnlBHSGwI9b0uwoawb2VtTV2QBRz7sTmGRRqY2dcHlQA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1781005104;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=txG0QpIHitHXNp9yOVxIXaMpBy9DfMc5beujetbGClE=;
	b=IlRYsPSdGGXNuKCOXNWrpMyXIB77gUO80MBFHwmz/faR222BXKGQZfBbsF4IjPitE9zMjv
	aljXxm7F6kgc/tR+cxbdgMWpEQGOpWlna9qsx7qISt0SQ0upSb/tXnmTHT0kns5s1RpDnz
	DtYtV6BUGTCquRir5Qmvx9CHMBVmDOYqDSoJuohcIE+Mzp0qzkaqgwyVnQdpE9thT8qmm7
	j+MgjTWTiXFAEVcMT54UzPdDOvQP4lxEdoFYMEp6qPmUp/J5Ql+JbgOam0hcaotNGwp+zU
	eUOlqtW/k2juJavnaQ4nCEZU0mLfcOu4QL1MEEmL3MM+mhgneXs5wzgZhN91nw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gZRk83sgYzZ6P
	for <dev-commits-src-all@FreeBSD.org>; Tue, 09 Jun 2026 11:38:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 3640b
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Tue, 09 Jun 2026 11:38:19 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
From: Mariusz Zaborski <oshogbo@FreeBSD.org>
Subject: git: 97edd37e6279 - main - cap_net: add tests for limits drop
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
List-Id: <dev-commits-src-all.FreeBSD.org>
List-Post: <mailto:dev-commits-src-all@FreeBSD.org>
List-Help: <mailto:dev-commits-src-all+help@FreeBSD.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@FreeBSD.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@FreeBSD.org>
List-Owner: <mailto:postmaster@FreeBSD.org>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: oshogbo
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 97edd37e6279d76efee89d466550587246161dc9
Auto-Submitted: auto-generated
Date: Tue, 09 Jun 2026 11:38:19 +0000
Message-Id: <6a27fb2b.3640b.67e68c0e@gitrepo.freebsd.org>

The branch main has been updated by oshogbo:

URL: https://cgit.FreeBSD.org/src/commit/?id=97edd37e6279d76efee89d466550587246161dc9

commit 97edd37e6279d76efee89d466550587246161dc9
Author:     Mariusz Zaborski <oshogbo@FreeBSD.org>
AuthorDate: 2026-06-09 11:34:13 +0000
Commit:     Mariusz Zaborski <oshogbo@FreeBSD.org>
CommitDate: 2026-06-09 11:34:13 +0000

    cap_net: add tests for limits drop
    
    Reviewed by:    markj
    Differential Revision:  https://reviews.freebsd.org/D56992
---
 lib/libcasper/services/cap_net/tests/net_test.c | 235 ++++++++++++++++++++++++
 1 file changed, 235 insertions(+)

diff --git a/lib/libcasper/services/cap_net/tests/net_test.c b/lib/libcasper/services/cap_net/tests/net_test.c
index 21d620e0f8d8..0fd20d9deae8 100644
--- a/lib/libcasper/services/cap_net/tests/net_test.c
+++ b/lib/libcasper/services/cap_net/tests/net_test.c
@@ -24,6 +24,7 @@
  */
 
 #include <sys/param.h>
+#include <sys/nv.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
@@ -1443,6 +1444,233 @@ ATF_TC_BODY(capnet__limits_deprecated_connecttodns, tc)
 	cap_close(capnet);
 }
 
+ATF_TC(capnet__limits_name2addr_partial_drops_family);
+ATF_TC_HEAD(capnet__limits_name2addr_partial_drops_family, tc)
+{
+	atf_tc_set_md_var(tc, "require.config", "allow_network_access");
+}
+ATF_TC_BODY(capnet__limits_name2addr_partial_drops_family, tc)
+{
+	cap_channel_t *capnet;
+	cap_net_limit_t *limit;
+	int family = AF_INET6;
+
+	capnet = create_network_service();
+
+	/* Tighten: only AF_INET6 allowed under name2addr. */
+	limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
+	ATF_REQUIRE(limit != NULL);
+	cap_net_limit_name2addr_family(limit, &family, 1);
+	ATF_REQUIRE(cap_net_limit(limit) == 0);
+
+	ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
+	    ENOTCAPABLE);
+
+	/* Replacement omits "family"; must be rejected. */
+	limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
+	ATF_REQUIRE(limit != NULL);
+	cap_net_limit_name2addr(limit, TEST_DOMAIN_0, NULL);
+	ATF_REQUIRE(cap_net_limit(limit) != 0);
+
+	ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_0, NULL) ==
+	    ENOTCAPABLE);
+
+	cap_close(capnet);
+}
+
+ATF_TC(capnet__limits_name2addr_partial_drops_hosts);
+ATF_TC_HEAD(capnet__limits_name2addr_partial_drops_hosts, tc)
+{
+	atf_tc_set_md_var(tc, "require.config", "allow_network_access");
+}
+ATF_TC_BODY(capnet__limits_name2addr_partial_drops_hosts, tc)
+{
+	cap_channel_t *capnet;
+	cap_net_limit_t *limit;
+	int family = AF_INET;
+
+	capnet = create_network_service();
+
+	/* Tighten: only TEST_DOMAIN_0 allowed. */
+	limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
+	ATF_REQUIRE(limit != NULL);
+	cap_net_limit_name2addr(limit, TEST_DOMAIN_0, NULL);
+	ATF_REQUIRE(cap_net_limit(limit) == 0);
+
+	ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_1, NULL) ==
+	    ENOTCAPABLE);
+
+	/* Replacement omits "hosts"; must be rejected. */
+	limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR);
+	ATF_REQUIRE(limit != NULL);
+	cap_net_limit_name2addr_family(limit, &family, 1);
+	ATF_REQUIRE(cap_net_limit(limit) != 0);
+
+	ATF_REQUIRE(test_getaddrinfo(capnet, AF_INET, TEST_DOMAIN_1, NULL) ==
+	    ENOTCAPABLE);
+
+	cap_close(capnet);
+}
+
+ATF_TC(capnet__limits_addr2name_partial_drops_family);
+ATF_TC_HEAD(capnet__limits_addr2name_partial_drops_family, tc)
+{
+	atf_tc_set_md_var(tc, "require.config", "allow_network_access");
+}
+ATF_TC_BODY(capnet__limits_addr2name_partial_drops_family, tc)
+{
+	cap_channel_t *capnet;
+	cap_net_limit_t *limit;
+	struct sockaddr_in ipaddrv4;
+	int family = AF_INET6;
+
+	capnet = create_network_service();
+
+	memset(&ipaddrv4, 0, sizeof(ipaddrv4));
+	ipaddrv4.sin_family = AF_INET;
+	inet_pton(AF_INET, TEST_IPV4, &ipaddrv4.sin_addr);
+
+	/* Tighten: only AF_INET6 allowed under addr2name. */
+	limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME);
+	ATF_REQUIRE(limit != NULL);
+	cap_net_limit_addr2name_family(limit, &family, 1);
+	ATF_REQUIRE(cap_net_limit(limit) == 0);
+
+	ATF_REQUIRE(test_getnameinfo(capnet, AF_INET, TEST_IPV4) ==
+	    ENOTCAPABLE);
+
+	/* Replacement omits "family". Must be rejected. */
+	limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME);
+	ATF_REQUIRE(limit != NULL);
+	cap_net_limit_addr2name(limit, (struct sockaddr *)&ipaddrv4,
+	    sizeof(ipaddrv4));
+	ATF_REQUIRE(cap_net_limit(limit) != 0);
+
+	ATF_REQUIRE(test_getnameinfo(capnet, AF_INET, TEST_IPV4) ==
+	    ENOTCAPABLE);
+
+	cap_close(capnet);
+}
+
+ATF_TC(capnet__limits_addr2name_partial_drops_sockaddr);
+ATF_TC_HEAD(capnet__limits_addr2name_partial_drops_sockaddr, tc)
+{
+	atf_tc_set_md_var(tc, "require.config", "allow_network_access");
+}
+ATF_TC_BODY(capnet__limits_addr2name_partial_drops_sockaddr, tc)
+{
+	cap_channel_t *capnet;
+	cap_net_limit_t *limit;
+	struct sockaddr_in6 ipaddrv6;
+	int family = AF_INET6;
+
+	capnet = create_network_service();
+
+	memset(&ipaddrv6, 0, sizeof(ipaddrv6));
+	ipaddrv6.sin6_family = AF_INET6;
+	inet_pton(AF_INET6, TEST_IPV6, &ipaddrv6.sin6_addr);
+
+	/* Tighten: only TEST_IPV6 allowed under addr2name. */
+	limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME);
+	ATF_REQUIRE(limit != NULL);
+	cap_net_limit_addr2name(limit, (struct sockaddr *)&ipaddrv6,
+	    sizeof(ipaddrv6));
+	ATF_REQUIRE(cap_net_limit(limit) == 0);
+
+	/* Replacement omits "sockaddr". Must be rejected. */
+	limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME);
+	ATF_REQUIRE(limit != NULL);
+	cap_net_limit_addr2name_family(limit, &family, 1);
+	ATF_REQUIRE(cap_net_limit(limit) != 0);
+
+	cap_close(capnet);
+}
+
+/*
+ * The public helpers drop empty sublimits during pack, so the empty-{}
+ * variant is only reachable via libnv + cap_limit_set() directly.
+ */
+ATF_TC(capnet__limits_connect_partial_drops_sockaddr);
+ATF_TC_HEAD(capnet__limits_connect_partial_drops_sockaddr, tc)
+{
+	atf_tc_set_md_var(tc, "require.config", "allow_network_access");
+}
+ATF_TC_BODY(capnet__limits_connect_partial_drops_sockaddr, tc)
+{
+	cap_channel_t *capnet;
+	cap_net_limit_t *limit;
+	struct sockaddr_in ipv4;
+	nvlist_t *lnvl;
+
+	capnet = create_network_service();
+
+	memset(&ipv4, 0, sizeof(ipv4));
+	ipv4.sin_family = AF_INET;
+	ipv4.sin_port = htons(TEST_PORT);
+	inet_pton(AF_INET, TEST_IPV4, &ipv4.sin_addr);
+
+	/* Tighten: only TEST_IPV4:TEST_PORT allowed under connect. */
+	limit = cap_net_limit_init(capnet, CAPNET_CONNECT);
+	ATF_REQUIRE(limit != NULL);
+	cap_net_limit_connect(limit, (struct sockaddr *)&ipv4, sizeof(ipv4));
+	ATF_REQUIRE(cap_net_limit(limit) == 0);
+
+	ATF_REQUIRE(test_connect(capnet, TEST_IPV4, TEST_PORT) == 0);
+	ATF_REQUIRE(test_connect(capnet, "8.8.8.8", TEST_PORT) == ENOTCAPABLE);
+
+	/* Build connect={} (no sockaddr subkey) directly. Must be rejected. */
+	lnvl = nvlist_create(0);
+	nvlist_add_number(lnvl, "mode", CAPNET_CONNECT);
+	nvlist_add_nvlist(lnvl, "connect", nvlist_create(0));
+	ATF_REQUIRE(cap_limit_set(capnet, lnvl) != 0);
+
+	ATF_REQUIRE(test_connect(capnet, "8.8.8.8", TEST_PORT) == ENOTCAPABLE);
+
+	cap_close(capnet);
+}
+
+/*
+ * The public helpers drop empty sublimits during pack, so the empty-{}
+ * variant is only reachable via libnv + cap_limit_set() directly.
+ */
+ATF_TC(capnet__limits_bind_partial_drops_sockaddr);
+ATF_TC_HEAD(capnet__limits_bind_partial_drops_sockaddr, tc)
+{
+	atf_tc_set_md_var(tc, "require.config", "allow_network_access");
+}
+ATF_TC_BODY(capnet__limits_bind_partial_drops_sockaddr, tc)
+{
+	cap_channel_t *capnet;
+	cap_net_limit_t *limit;
+	struct sockaddr_in ipv4;
+	nvlist_t *lnvl;
+
+	capnet = create_network_service();
+
+	memset(&ipv4, 0, sizeof(ipv4));
+	ipv4.sin_family = AF_INET;
+	inet_pton(AF_INET, TEST_BIND_IPV4, &ipv4.sin_addr);
+
+	/* Tighten: only TEST_BIND_IPV4 allowed under bind. */
+	limit = cap_net_limit_init(capnet, CAPNET_BIND);
+	ATF_REQUIRE(limit != NULL);
+	cap_net_limit_bind(limit, (struct sockaddr *)&ipv4, sizeof(ipv4));
+	ATF_REQUIRE(cap_net_limit(limit) == 0);
+
+	ATF_REQUIRE(test_bind(capnet, TEST_BIND_IPV4) == 0);
+	ATF_REQUIRE(test_bind(capnet, "127.0.0.2") == ENOTCAPABLE);
+
+	/* Build bind={} (no sockaddr subkey) directly. Must be rejected. */
+	lnvl = nvlist_create(0);
+	nvlist_add_number(lnvl, "mode", CAPNET_BIND);
+	nvlist_add_nvlist(lnvl, "bind", nvlist_create(0));
+	ATF_REQUIRE(cap_limit_set(capnet, lnvl) != 0);
+
+	ATF_REQUIRE(test_bind(capnet, "127.0.0.2") == ENOTCAPABLE);
+
+	cap_close(capnet);
+}
+
 ATF_TP_ADD_TCS(tp)
 {
 
@@ -1483,5 +1711,12 @@ ATF_TP_ADD_TCS(tp)
 	ATF_TP_ADD_TC(tp, capnet__limits_connecttodns);
 	ATF_TP_ADD_TC(tp, capnet__limits_deprecated_connecttodns);
 
+	ATF_TP_ADD_TC(tp, capnet__limits_name2addr_partial_drops_family);
+	ATF_TP_ADD_TC(tp, capnet__limits_name2addr_partial_drops_hosts);
+	ATF_TP_ADD_TC(tp, capnet__limits_addr2name_partial_drops_family);
+	ATF_TP_ADD_TC(tp, capnet__limits_addr2name_partial_drops_sockaddr);
+	ATF_TP_ADD_TC(tp, capnet__limits_connect_partial_drops_sockaddr);
+	ATF_TP_ADD_TC(tp, capnet__limits_bind_partial_drops_sockaddr);
+
 	return (atf_no_error());
 }