git: 248da7940aa2 - main - if_ovpn tests: Test using a TCP socket for DCO
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 11 Aug 2022 09:38:32 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=248da7940aa20177218dddb28d90a570d6eddf2d
commit 248da7940aa20177218dddb28d90a570d6eddf2d
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-08-11 08:34:01 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-08-11 08:40:03 +0000
if_ovpn tests: Test using a TCP socket for DCO
This used to trigger panics, so try to reproduce it.
Create an if_ovpn interface, set a new peer on it with a TCP fd (as
opposed to the expected UDP) and ensure that this is rejected.
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
tests/sys/net/if_ovpn/Makefile | 3 +
tests/sys/net/if_ovpn/if_ovpn_c.c | 134 ++++++++++++++++++++++++++++++++++++++
2 files changed, 137 insertions(+)
diff --git a/tests/sys/net/if_ovpn/Makefile b/tests/sys/net/if_ovpn/Makefile
index 6c9d61965dfb..a221e25b7e92 100644
--- a/tests/sys/net/if_ovpn/Makefile
+++ b/tests/sys/net/if_ovpn/Makefile
@@ -3,6 +3,9 @@ PACKAGE= tests
TESTSDIR= ${TESTSBASE}/sys/net/if_ovpn
ATF_TESTS_SH+= if_ovpn
+ATF_TESTS_C+= if_ovpn_c
+
+LIBADD+= nv
TESTS_SUBDIRS+= ccd
diff --git a/tests/sys/net/if_ovpn/if_ovpn_c.c b/tests/sys/net/if_ovpn/if_ovpn_c.c
new file mode 100644
index 000000000000..44363620d277
--- /dev/null
+++ b/tests/sys/net/if_ovpn/if_ovpn_c.c
@@ -0,0 +1,134 @@
+//#include <sys/param.h>
+#include <stdio.h>
+
+#include <net/if.h>
+#include <netinet/in.h>
+#include <sys/param.h>
+#include <sys/errno.h>
+#include <sys/linker.h>
+#include <sys/ioctl.h>
+#include <sys/nv.h>
+#include <sys/socket.h>
+#include <sys/sockio.h>
+
+#include <atf-c.h>
+
+#define OVPN_NEW_PEER _IO ('D', 1)
+
+static nvlist_t *
+fake_sockaddr()
+{
+ uint32_t addr = htonl(INADDR_LOOPBACK);
+ nvlist_t *nvl;
+
+ nvl = nvlist_create(0);
+
+ nvlist_add_number(nvl, "af", AF_INET);
+ nvlist_add_binary(nvl, "address", &addr, 4);
+ nvlist_add_number(nvl, "port", 1024);
+
+ return (nvl);
+}
+
+static char ovpn_ifname[IFNAMSIZ];
+static int ovpn_fd;
+
+static int
+create_interface(int fd)
+{
+ int ret;
+ struct ifreq ifr;
+
+ bzero(&ifr, sizeof(ifr));
+
+ /* Create ovpnx first, then rename it. */
+ snprintf(ifr.ifr_name, IFNAMSIZ, "ovpn");
+ ret = ioctl(fd, SIOCIFCREATE2, &ifr);
+ if (ret)
+ return (ret);
+
+ snprintf(ovpn_ifname, IFNAMSIZ, "%s", ifr.ifr_name);
+ printf("Created %s\n", ovpn_ifname);
+
+ return (0);
+}
+
+static void
+destroy_interface(int fd)
+{
+ int ret;
+ struct ifreq ifr;
+
+ if (ovpn_ifname[0] == 0)
+ return;
+
+ printf("Destroy %s\n", ovpn_ifname);
+
+ bzero(&ifr, sizeof(ifr));
+ snprintf(ifr.ifr_name, IFNAMSIZ, "%s", ovpn_ifname);
+
+ ret = ioctl(fd, SIOCIFDESTROY, &ifr);
+ if (ret)
+ atf_tc_fail("Failed to destroy interface");
+
+ ovpn_ifname[0] = 0;
+}
+
+ATF_TC_WITH_CLEANUP(tcp);
+ATF_TC_HEAD(tcp, tc)
+{
+ atf_tc_set_md_var(tc, "require.user", "root");
+}
+
+ATF_TC_BODY(tcp, tc)
+{
+ struct ifdrv drv;
+ struct sockaddr_in sock_in;
+ int ret;
+ nvlist_t *nvl;
+
+ /* Ensure the module is loaded. */
+ (void)kldload("if_ovpn");
+
+ ovpn_fd = socket(AF_INET, SOCK_STREAM | SOCK_NONBLOCK, 0);
+
+ /* Kick off a connect so there's a local address set, which we need for
+ * ovpn_new_peer() to get to the critical point. */
+ bzero(&sock_in, sizeof(sock_in));
+ sock_in.sin_family = AF_INET;
+ sock_in.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ sock_in.sin_port = htons(1024);
+ connect(ovpn_fd, (struct sockaddr *)&sock_in, sizeof(sock_in));
+
+ ret = create_interface(ovpn_fd);
+ if (ret)
+ atf_tc_fail("Failed to create interface");
+
+ nvl = nvlist_create(0);
+
+ nvlist_add_number(nvl, "peerid", 0);
+ nvlist_add_number(nvl, "fd", ovpn_fd);
+ nvlist_add_nvlist(nvl, "remote", fake_sockaddr());
+
+ bzero(&drv, sizeof(drv));
+ snprintf(drv.ifd_name, IFNAMSIZ, "%s", ovpn_ifname);
+ drv.ifd_cmd = OVPN_NEW_PEER;
+ drv.ifd_data = nvlist_pack(nvl, &drv.ifd_len);
+
+ ret = ioctl(ovpn_fd, SIOCSDRVSPEC, &drv);
+ ATF_CHECK_EQ(ret, -1);
+ ATF_CHECK_EQ(errno, EPROTOTYPE);
+}
+
+ATF_TC_CLEANUP(tcp, tc)
+{
+ destroy_interface(ovpn_fd);
+ close(ovpn_fd);
+}
+
+ATF_TP_ADD_TCS(tp)
+{
+ ATF_TP_ADD_TC(tp, tcp);
+
+ return (atf_no_error());
+}