freebsd

mirror of https://git.FreeBSD.org/src.git synced 2024-12-17 10:26:15 +00:00

History

Kristof Provost c22c987984 pf: fix potential NULL dereference in SCTP multihome handling When processing an SCTP ASCONF we re-run the rules processing to check if the new state should be allowed as well. We used to do so against the 'all' interface, to allow new connections to use any interface. This is problematic for two reasons, the first being it may unexpectedly bypass interface restrictions. The more important one is that it can trigger panics. If the ruleset contains a rule which filters on interface group we'd attempt to process the group list for the 'all' interface. As this isn't a real interface it doesn't have an associated struct ifnet, and we end up dereferencing a NULL pointer. Solve this by not overriding the interface, instead leaving the physical interface the SCTP ASCONF arrived on. This implies that we may end up binding to that interface (if if-bound), and thus denying traffic on other interfaces. Users can allow this anyway by setting 'state-policy floating' on the relevant SCTP rules. This arguably better reflects user intent as well. That is, we'll consider SCTP multihomed states to be floating if we're in floating mode, and if-bound if we're if-bound. Update the test cases to account for this, while adding a "pass on lo" (i.e. pass on an interface group") rule to provoke this issue. Add separate test cases for the floating and if-bound scenarios. Reported by: Franco Fichtner <franco@opnsense.org> MFC after: 3 weeks Sponsored by: Orange Business Services		2024-12-03 19:27:49 +01:00
..
atf_python	vnet tests: verify that we can load if_epair and if_bridge	2024-07-23 15:57:25 +02:00
ci	ci: Redirect output for builds.	2024-05-23 11:59:40 -06:00
etc	Remove residual blank line at start of Makefile	2024-07-15 16:43:39 -06:00
examples	Remove residual blank line at start of Makefile	2024-07-15 16:43:39 -06:00
freebsd_test_suite	Remove $FreeBSD$: two-line .h pattern	2023-08-16 11:54:16 -06:00
include	tests: Test endian.h, byteswap.h, sys/endian.h and both endian.h and byteswap.h together	2024-10-15 17:14:42 -06:00
sys	pf: fix potential NULL dereference in SCTP multihome handling	2024-12-03 19:27:49 +01:00
__init__.py	testing: Add basic atf support to pytest.	2022-06-25 19:25:15 +00:00
conftest.py	Testing: add framework for the kernel unit tests.	2023-04-14 15:47:55 +00:00
Kyuafile	Remove $FreeBSD$: one-line lua tag	2023-08-16 11:55:34 -06:00
Makefile	Remove residual blank line at start of Makefile	2024-07-15 16:43:39 -06:00
Makefile.depend	Remove $FreeBSD$: one-line sh pattern	2023-08-16 11:55:03 -06:00
Makefile.inc0	Remove residual blank line at start of Makefile	2024-07-15 16:43:39 -06:00
README	Remove $FreeBSD$: one-line bare tag	2023-08-16 11:55:20 -06:00

README

src/tests: The FreeBSD test suite
=================================

Usage of the FreeBSD test suite:
(1)  Run the tests:
       kyua test -k /usr/tests/Kyuafile
(2)  See the test results:
       kyua report

For further information on using the test suite, read tests(7):
       man tests

Description of FreeBSD test suite
=================================
The build of the test suite is organized in the following manner:

* The build of all test artifacts is protected by the MK_TESTS knob.
  The user can disable these with the WITHOUT_TESTS setting in
  src.conf(5).

* The goal for /usr/tests/ (the installed test programs) is to follow
  the same hierarchy as /usr/src/ wherever possible, which in turn drives
  several of the design decisions described below.  This simplifies the
  discoverability of tests.  We want a mapping such as:

    /usr/src/bin/cp/      -> /usr/tests/bin/cp/
    /usr/src/lib/libc/    -> /usr/tests/lib/libc/
    /usr/src/usr.bin/cut/ -> /usr/tests/usr.bin/cut/
    ... and many more ...

* Test programs for specific utilities and libraries are located next
  to the source code of such programs.  For example, the tests for the
  src/lib/libcrypt/ library live in src/lib/libcrypt/tests/.  The tests/
  subdirectory is optional and should, in general, be avoided.

* The src/tests/ hierarchy (this directory) provides generic test
  infrastructure and glue code to join all test programs together into
  a single test suite definition.

* The src/tests/ hierarchy also includes cross-functional test programs:
  i.e. test programs that cover more than a single utility or library
  and thus don't fit anywhere else in the tree.  Consider this to follow
  the same rationale as src/share/man/: this directory contains generic
  manual pages while the manual pages that are specific to individual
  tools or libraries live next to the source code.

In order to keep the src/tests/ hierarchy decoupled from the actual test
programs being installed --which is a worthy goal because it simplifies
the addition of new test programs and simplifies the maintenance of the
tree-- the top-level Kyuafile does not know which subdirectories may
exist upfront.  Instead, such Kyuafile automatically detects, at
run-time, which */Kyuafile files exist and uses those directly.

Similarly, every directory in src/ that wants to install a Kyuafile to
just recurse into other subdirectories reuses this Kyuafile with
auto-discovery features.  As an example, take a look at src/lib/tests/
whose sole purpose is to install a Kyuafile into /usr/tests/lib/.
The goal in this specific case is for /usr/tests/lib/ to be generated
entirely from src/lib/.

--