From nobody Mon Mar 20 09:47:41 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Pg8zd548Zz40VNT; Mon, 20 Mar 2023 09:47:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Pg8zd4Vvmz4HgW; Mon, 20 Mar 2023 09:47:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1679305661; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fI3R4kqUQFrFzeJFthufTPq7INmnU63tS7UdDxB3kYM=; b=uLh9nvwPOJOu42Q6rrY6eUI91LfKErLnYE2ZRZya/B6rl+dscdp25um6fBqU/J/QelVfSZ 275W8yB6gZCPL8mflc66NJAi4ILmBurUaPBXCgsOGnh+8XOzVa//sHy2JiUSnE37WS9wW/ +m+0XDrksDnfewzw7n73QI5JCsGmpX4suUM1TAMYnRZr9tfCCUQNzCP8EynExU2rT5mBkT bKqK3YHI1QfZECJkqfVO4RCyQKDgxMC+q4D0rs4n6HGR1hy5d2hlSDjFvOGdf85i8wS9NP quGNKr0sW6LsFFHh99OKnHjwGP65f9Dr8ZHd8kdO2wTKq+h1IsQR4AGC5prwgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1679305661; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fI3R4kqUQFrFzeJFthufTPq7INmnU63tS7UdDxB3kYM=; b=cIJSP4CnN5/DaWmhnZEc8+hCaf5EfUfOrDBr38QF7Py7UBc1OWFhKArD9kMhTTaAGISsMX JJZ43yp7J3kekvFNR4aMLnDdtAslXl3MtSPBqidsxuI3Pq0OEfCrUPs87tunk9IeyDu+Jq DZuL3AVvSc4WOkDofKWkl4yQFJiy1hIhmBsx5cSCltlB0zSbqMhGUFUn1J4swCNPzcJQEV x7v70GaxMQ7A4vrGzqjZ1jqKe8gjjZiFRwyBvI61A6zqGe5xIhrp/vHGmt8O855+jpHvRl 9h9MbFB5vMkj05LdaN4cwSTtdlxmOFjRi1FV9jgKx+icheRCrhilKgWrPfDxZA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1679305661; a=rsa-sha256; cv=none; b=SWcckTXJy0ysmAnKsgfSEoQ4aD54NQ4MSji3psLil2nsgCDMUym4cBNGOEN/mDXIxsRbzl wSysGfcV9JvBkXfvjJr1OzFO4kpMDRhChKzzCwURPEojUrhyFjEZCb5SAHedm7myLK6z7f qdc93UPxw/0PTD/+q8Ouc+3sn7MRHACOfxT0krOdeDxBA50bHpGPrhJEP2BGBq8H+oc1IH Y52LXUbe5TfqZo9cFnGf6J6oHKRWPI6+KxnQYJH7YahS3bBhO1h55bnCEbGZPMTTx2nF3I fVBtYt6291LmUXyMzaS5s6/bg7ShEsd16o6/f6IXxVMFeAmE67l/rVMoPoVgwQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Pg8zd3XFhzQWx; Mon, 20 Mar 2023 09:47:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 32K9lfiZ096576; Mon, 20 Mar 2023 09:47:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 32K9lfcH096575; Mon, 20 Mar 2023 09:47:41 GMT (envelope-from git) Date: Mon, 20 Mar 2023 09:47:41 GMT Message-Id: <202303200947.32K9lfcH096575@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 5e7bbde17d53 - stable/13 - pf tests: test IPv6 fragmentation with link-local addresses List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 5e7bbde17d532024dca7b96a24e4188b65b1ed00 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=5e7bbde17d532024dca7b96a24e4188b65b1ed00 commit 5e7bbde17d532024dca7b96a24e4188b65b1ed00 Author: Kristof Provost AuthorDate: 2023-03-12 15:08:31 +0000 Commit: Kristof Provost CommitDate: 2023-03-20 09:47:31 +0000 pf tests: test IPv6 fragmentation with link-local addresses We've observed a panic after pf_refragment6() with link-local addresses, because pf_refragment6() calls ip6_forward() even for a simple output case. That results in us entering ip6_forward() with an mbuf with a NULL m->m_pkthdr.rcvif, which can cause a NULL deref (but seemingly not for GUAs. Test sending fragmented link-local packets to pf. MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D39063 (cherry picked from commit 225e85513fd7a5e31f649e35f0b99454bb725776) --- tests/sys/netpfil/pf/fragmentation.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/sys/netpfil/pf/fragmentation.sh b/tests/sys/netpfil/pf/fragmentation.sh index 8b16c9655d08..ae394324cddc 100644 --- a/tests/sys/netpfil/pf/fragmentation.sh +++ b/tests/sys/netpfil/pf/fragmentation.sh @@ -103,6 +103,10 @@ v6_body() jexec singsing ifconfig ${epair_link}b inet6 -ifdisabled ifconfig ${epair_send}a inet6 -ifdisabled + ifconfig ${epair_send}a + jexec alcatraz ifconfig ${epair_send}b + lladdr=$(jexec alcatraz ifconfig ${epair_send}b | awk '/ scopeid / { print($2); }' | cut -f 1 -d %) + jexec alcatraz pfctl -e pft_set_rules alcatraz \ "scrub fragment reassemble" \ @@ -120,6 +124,12 @@ v6_body() atf_check -s exit:0 -o ignore\ ping -6 -c 1 -b 70000 -s 65000 2001:db8:42::2 + # Force an NDP lookup + ping -6 -c 1 ${lladdr}%${epair_send}a + + atf_check -s exit:0 -o ignore\ + ping -6 -c 1 -b 70000 -s 65000 ${lladdr}%${epair_send}a + # Forwarding test atf_check -s exit:0 -o ignore \ ping -6 -c 1 2001:db8:43::3