From nobody Mon Mar 20 09:47:41 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Pg8zf16YCz40VJ6; Mon, 20 Mar 2023 09:47:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Pg8zf0h2Fz4HgZ; Mon, 20 Mar 2023 09:47:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1679305662; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=miEsz5EhuV6VEwdvy+kM7CaIwfDVW5Fr3uE02/1giCA=; b=AxBmqL5+dN0sm7CF2cL8y7O0mRaKPI4C+jD1cv2fu9m5Yg+UElddVNdL/N8i6ejZ7mF3Wq g0yHpWbX+RH5zwFzoyBgX3zIKmPhB2AtvUmT7YtwnT5jXv6QqSYGTIJiL3ECw+nPAQkFIQ al63Fl/ttYLoFsvCb25goRf2i0yt7V53vcyh/v7rBbisk3kdCtC0wflYgpWxgKXhFXczPW 8mvh1Y8TM27n3aHuRUyF6pgbxOKxSnQMkH4yb/8FSwP8p7C5mFjMA/DND3rXJT9Mm1Sbk1 B1uUxIii2MU+eOaQEKtcqhWw+0iO3gTWJKGmtaa6kVlRcWjpseaEosKrYeW7Ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1679305662; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=miEsz5EhuV6VEwdvy+kM7CaIwfDVW5Fr3uE02/1giCA=; b=ueWuTZRpgiTLf49A+91jpJvOigAfZfWfdpAVVtocJkqnvirxp0OvS3oxAuVjuDjMfoQNPO P6/kOovTSauw9FaELf5lE3zgXXZG8pMu3nT5KQg/TPPXN/hZumSCWzgRsSvcv0tygciJ/m sjEZpyvpjlNioocRAbt/ej5y88tna6UQkTjXHJMYLW2VJigl+RfGVkvPPrLlgX1/U5Q5gu +fAozWEsCgwNVGWZhgC/3iIeOeaXHMCOzXsAJMfePkLbai61fLU69tIiXsyMiKKpTX0Bkc GLo+r/J6bXoLp9R+6MPU3DQb8rIAZjH90rKulmbyXjSMbTUiarm7brjcc2kODQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1679305662; a=rsa-sha256; cv=none; b=lBQLIzV41ca02Jss8mOH3UpYUTLAk0Pxi4tMJAq29LrM9XBUVg5E7jY3hkNDvj8LT5k/8r fyVTBdof3AsHL2l10Omqeyd5I1mP1I1SysXqBnXGUNoWADiqcsedojzT1gSoGfziVZlMZ4 AZTuOyHQibdOE2+4AXCi6HyE4EjUwHfUmL8M6+5VO+HwF64eeWxJhAZOjl+VqLxiUWrobV eA3pbyuA+ZNTWMHZ1adJWimz2B+XcXki4qnHpLGKIj8HbhMshmbyT+i3NyDr4DV5QwkLno VWJ1q7+xvDWKVOPWNREUpzJwGb3iOeBPJ07ETKGDHtmpeeSrHrQgUV91p2R1aA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Pg8zd6tl9zQWy; Mon, 20 Mar 2023 09:47:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 32K9lffS096649; Mon, 20 Mar 2023 09:47:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 32K9lfwX096648; Mon, 20 Mar 2023 09:47:41 GMT (envelope-from git) Date: Mon, 20 Mar 2023 09:47:41 GMT Message-Id: <202303200947.32K9lfwX096648@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 4b77c46dc29a - stable/12 - pf tests: test IPv6 fragmentation with link-local addresses List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 4b77c46dc29a84047c8c6e7d34b35882a54aaa69 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=4b77c46dc29a84047c8c6e7d34b35882a54aaa69 commit 4b77c46dc29a84047c8c6e7d34b35882a54aaa69 Author: Kristof Provost AuthorDate: 2023-03-12 15:08:31 +0000 Commit: Kristof Provost CommitDate: 2023-03-20 09:41:37 +0000 pf tests: test IPv6 fragmentation with link-local addresses We've observed a panic after pf_refragment6() with link-local addresses, because pf_refragment6() calls ip6_forward() even for a simple output case. That results in us entering ip6_forward() with an mbuf with a NULL m->m_pkthdr.rcvif, which can cause a NULL deref (but seemingly not for GUAs. Test sending fragmented link-local packets to pf. MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D39063 (cherry picked from commit 225e85513fd7a5e31f649e35f0b99454bb725776) --- tests/sys/netpfil/pf/fragmentation.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/sys/netpfil/pf/fragmentation.sh b/tests/sys/netpfil/pf/fragmentation.sh index de83f5d5c82b..f9dcd90b92af 100755 --- a/tests/sys/netpfil/pf/fragmentation.sh +++ b/tests/sys/netpfil/pf/fragmentation.sh @@ -103,6 +103,10 @@ v6_body() jexec singsing ifconfig ${epair_link}b inet6 -ifdisabled ifconfig ${epair_send}a inet6 -ifdisabled + ifconfig ${epair_send}a + jexec alcatraz ifconfig ${epair_send}b + lladdr=$(jexec alcatraz ifconfig ${epair_send}b | awk '/ scopeid / { print($2); }' | cut -f 1 -d %) + jexec alcatraz pfctl -e pft_set_rules alcatraz \ "scrub fragment reassemble" \ @@ -120,6 +124,12 @@ v6_body() atf_check -s exit:0 -o ignore\ ping6 -c 1 -b 70000 -s 65000 2001:db8:42::2 + # Force an NDP lookup + ping -6 -c 1 ${lladdr}%${epair_send}a + + atf_check -s exit:0 -o ignore\ + ping -6 -c 1 -b 70000 -s 65000 ${lladdr}%${epair_send}a + # Forwarding test atf_check -s exit:0 -o ignore \ ping6 -c 1 2001:db8:43::3