| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The reassembly state will be dropped after timeout, all related
fragments are dropped until that. This is conforming to RFC 5722.
- Sort pf_fragment fields while there.
- If the fr_queue is empty, we had overlapping fragments, don't add
new ones.
- If we detect overlapping IPv6 fragments, flush the fr_queue and
drop all fragments immediately.
- Rearrange debug output, to make clear what happens.
- An IPv4 fragment that is totaly overlapped does not inclease the
bad fragment counter.
- Put an KASSERT into pf_isfull_fragment() to make sure that the
fr_queue is never emtpy there.
discussed with Fernando Gont; ok henning@
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 8b45f36762
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 6a3266f72e437aecf3edcfb8aa919466b270d548)
|
| |
|
|
|
| |
(cherry picked from commit e53b83a849e3a34772d0a0ed26eb0cb4aeeec71d)
(cherry picked from commit e4e6423ef3d2a787583d88a87a11748217602759)
|
| |
|
|
|
|
|
|
|
|
| |
Fix a leak of a fuse_ticket structure. The leak mostly affected
NFS-exported fuse file systems, and was triggered by a failure during
FUSE_LOOKUP.
Sponsored by: ConnectWise
(cherry picked from commit 969d1aa4dbfcbccd8de965f7761203208bf04e46)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The FUSE_NO_OPEN_SUPPORT and FUSE_NO_OPENDIR_SUPPORT flags
are only meant to indicate kernel features, and should be ignored
if they appear in the FUSE_INIT reply flags.
Also fix the corresponding test cases.
Reviewed by: Alan Somers <asomers@FreeBSD.org>
Signed-off-by: CismonX <admin@cismon.net>
Pull Request: https://github.com/freebsd/freebsd-src/pull/1509
(cherry picked from commit f0f596bd955e5b48c55db502e79fc652ac8970d3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Verify that we reset the cleared time when we zero an address' counters in
a table.
PR: 282877, 282984
Reviewed by: kp
MFC after: 2 weeks
Signed-off-by: Leonid Evdokimov <leon@darkk.net.ru>
Differential Revision: https://reviews.freebsd.org/D48242
(cherry picked from commit 0749d8134300b8e3c956e161890ab496247d2542)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When processing an SCTP ASCONF we re-run the rules processing to check
if the new state should be allowed as well. We used to do so against the
'all' interface, to allow new connections to use any interface.
This is problematic for two reasons, the first being it may unexpectedly
bypass interface restrictions. The more important one is that it
can trigger panics. If the ruleset contains a rule which filters on
interface group we'd attempt to process the group list for the 'all'
interface. As this isn't a real interface it doesn't have an associated
struct ifnet, and we end up dereferencing a NULL pointer.
Solve this by not overriding the interface, instead leaving the physical
interface the SCTP ASCONF arrived on. This implies that we may end up
binding to that interface (if if-bound), and thus denying traffic on
other interfaces. Users can allow this anyway by setting 'state-policy
floating' on the relevant SCTP rules. This arguably better reflects user
intent as well. That is, we'll consider SCTP multihomed states to be
floating if we're in floating mode, and if-bound if we're if-bound.
Update the test cases to account for this, while adding a "pass on
lo" (i.e. pass on an interface group") rule to provoke this issue. Add
separate test cases for the floating and if-bound scenarios.
Reported by: Franco Fichtner <franco@opnsense.org>
MFC after: 3 weeks
Sponsored by: Orange Business Services
(cherry picked from commit c22c9879845653abb365e468daaa621e3f8f767a)
|
| |
|
|
|
|
|
|
|
|
| |
This will make it easier for scripts to detect idle hosts in tables.
PR: 282984
Reviewed by: kp
MFC after: 2 weeks
(cherry picked from commit 5b59b0c61e29f684a019afdd2848ffe2d5604e0c)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The ioctl DIOCRCLRASTATS provides the functionality of clearing stats
not only for the whole table for for addresses stored in that table. The
functionality was missing from pfctl, though. Add it now.
PR: 282877
Obtained from: OpenBSD, kirill <kirill@openbsd.org>, e496dff3a7
MFC after: 3 weeks
(cherry picked from commit 6463b6b59152fb1695bbe0de78f6e2675c5a765a)
|
| |
|
|
|
|
|
|
|
|
|
| |
The update to py-twisted 24.7.0 broke EPSV mode in twisted's ftp server.
Work around this by disabling EPSV (and thus using PASV).
PR: 282154
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 9cd6ab45a44607ea862c8bbb2ebaa8a7521178ff)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
From scapy 2.6.0 it now removes (sets to None) the IP checksum in its defrag
code. We typically ask for IPv4 or IPv6 defragmentation, which causes check
function failures.
Just skip the checksum verificiation here, because we're going to notice
incorrect checksums even if the tests don't directly verify it.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 6b8096fa5f6f81e2959cbb2ca857c4e134273da2)
|
| |
|
|
|
|
|
|
|
|
| |
These ones were unambiguous cases where the Foundation was the only
listed copyright holder.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 5c2bc3db201a4fe8d7911cf816bea104d5dc2138)
(cherry picked from commit f06d322e9d925ab56a4aa8210a67637d4d341ab6)
|
| |
|
|
|
|
|
|
|
|
| |
Reviewed by: Pierre Pronchery <pierre@freebsdfoundation.org>
Reviewed by: jhb
MFC after: 2 weeks
Sponsored by: Axcient
(cherry picked from commit 60d717baf2144cf344ec9b47d715ce837b5d46d4)
(cherry picked from commit e9329a869c8137b955b2b3487ac0dadabf540bda)
|
| |
|
|
|
|
|
|
|
| |
Also check repeated calls.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit d154dc21130b607d7903f276dd6d463b990f33f7)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some SCTP implementations will abort connections and then later re-use the same
port numbers (i.e. both src and dst) for a new connection, before pf has fully
purged the old connection.
Apply the same hack we already have for similarly misbehaving TCP
implementations and forcibly remove the old state so we can create a new one.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 82e021443a76b1f210cfb929a495185179606868)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many of the tests create temporary files. pid files, log files, tcpdump
captures, ... We should take care to ensure they're stored in the temporary
working directory Kyua creates rather than in the root directory.
This ensures there are no conflicts between simultaneously running tests, and
also keeps the root directory clean.
MFC after: 1 month
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit b0fcf4d5222bfdbbc0e2af2b14f0d73704706aa0)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(e.g. traceroute with icmp)
ok henning, jsing
Also extend the test case to cover this scenario.
PR: 280701
Obtained from: OpenBSD
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 89f6723288b0d27d3f14f93e6e83f672fa2b8aca)
|
| |
|
|
|
|
|
|
| |
PR: 280701
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 34063cb714602972b6d985ad747fc8f66a8daae1)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When creating a state for ICMP (v4 or v6) packets we only used the ID, which
means that we could confuse different ICMP types. For example, if we allowed
neighbour discovery but not ICMPv6 echo requests an ND packet could create a
state that the echo request would match.
Test that this is now fixed.
Reported by: Enrico Bassetti <e.bassetti@tudelft.nl>
MFC after: 1 day
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit b9f0dbc3d006e0b904ee4275d54459f4edd65bb8)
|
| |
|
|
|
|
|
|
|
| |
The test body somehow wound up in the cleanup function.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit fe0c82a603ce069786ee81604315f499fd965546)
|
| |
|
|
| |
(cherry picked from commit 8ed5170c66ec4914e90c2f3657227ceb9e35193f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Background:
If a user does pathconf(_, _PC_MIN_HOLE_SIZE) on a fusefs file system,
the kernel must actually issue a FUSE_LSEEK operation in order to
determine whether the server supports it. We cache that result, so we
only have to send FUSE_LSEEK the first time that _PC_MIN_HOLE_SIZE is
requested on any given mountpoint.
Problem 1:
Unlike fpathconf, pathconf operates on files that may not be open. But
FUSE_LSEEK requires the file to be open. As described in PR 278135,
FUSE_LSEEK cannot be sent for unopened files, causing _PC_MIN_HOLE_size
to wrongly report EINVAL. We never noticed that before because the
fusefs test suite only uses fpathconf, not pathconf. Fix this bug by
opening the file if necessary.
Problem 2:
On a completely sparse file, with no data blocks at all, FUSE_LSEEK with
SEEK_DATA would fail to ENXIO. That's correct behavior, but
fuse_vnop_pathconf wrongly interpreted that as "FUSE_LSEEK not
supported". Fix the interpretation.
PR: 278135
Sponsored by: Axcient
Differential Revision: https://reviews.freebsd.org/D44618
(cherry picked from commit 6efba04df3f8c77b9b12f1df3e5124a7249b82fc)
|
| |
|
|
|
|
|
|
|
| |
Remove assumptions in two test cases that maxphys won't be huge.
Reported by: kib
Sponsored by: Axcient
(cherry picked from commit b2792a300ddb8d8334b234fe7744f5141cc96103)
|
| |
|
|
|
|
|
|
|
|
|
| |
The tests try to read kern.maxphys sysctl into int value, while
unsigned long is required. Not sure when this was broken, seems like
since cd8537910406e.
Reviewed by: asomers
Differential Revision: https://reviews.freebsd.org/D45053
(cherry picked from commit e9b411d273336647e61704213964b995952a44fd)
|
| |
|
|
|
|
|
|
| |
PR: 279225
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 8b28ec3861d5b3e9fd8a60dbfda13059a5301281)
|
| |
|
|
| |
(cherry picked from commit 39f5d8dd1b2fea7cff0770efb0bc3d6e33e24279)
|
| |
|
|
|
|
|
| |
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D43464
(cherry picked from commit 8bae22bbbe6571da9259e0d43ffa8a56f4b3e171)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A number of tests create a bridge, but did not check if if_bridge.ko is loaded.
We usually get away with that, because `ifconfig bridge create` autoloads the
module, but if we run the tests in a jail (e.g. because of kyua's upcoming
execenv.jail.params feature) we can't load the module and these tests can fail.
Check if the module is loaded, skip the test if it is not.
Reviewed by: markj
MFC after: 1 week
Event: Kitchener-Waterloo Hackathon 202406
Differential Revision: https://reviews.freebsd.org/D45487
(cherry picked from commit 480ad4055314efbfff7eedbb34272031d836ba89)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Capability rights passed to cap_rights_* are not simple bitmaks and
cannot be ORed together in general (although it will work for certain
subsets of rights).
PR: 277057
Fixes: e5e1d9c7b781 ("path_test: Add a test case for...")
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 8d1348f55aed6873f34f54bc3b275b73ef0ff66d)
(cherry picked from commit ea3910c452cf44342e0b65d6283aebeb77a10863)
|
| |
|
|
| |
(cherry picked from commit 09dd7240acf1fc50061246013ce318404d70c4e0)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a file system's on-disk format does not support st_birthtime, it
isn't clear what value it should return in stat(2). Neither our man
page nor the OpenGroup specifies. But our convention for UFS and
msdosfs is to return { .tv_sec = -1, .tv_nsec = 0 }. fusefs is
different. It returns { .tv_sec = -1, .tv_nsec = -1 }. It's done that
ever since the initial import in SVN r241519.
Most software apparently handles this just fine. It must, because we've
had no complaints. But the Rust standard library will panic when
reading such a timestamp during std::fs::metadata, even if the caller
doesn't care about that particular value. That's a separate bug, and
should be fixed.
Change our invalid value to match msdosfs and ufs, pacifying the Rust
standard library.
PR: 276602
Sponsored by: Axcient
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D43590
|
| |
|
|
| |
(cherry picked from commit daf26f9350cf8fb3ae60d4528b60ddf65a56f5cc)
|
| |
|
|
|
|
|
|
|
|
| |
If a copy_file_range operation tries to read from a page that was
previously written via mmap, that page must be flushed first.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D43451
(cherry picked from commit 1c909c300b92601f7690610097ac98126caff835)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This would previously return 1 if the slave side of the pts was closed
to force an application to read() from it and observe the EOF, but it's
not clear why and this is inconsistent both with how we handle devices
with similar mechanics (like pipes) and also with other kernels, such as
OpenBSD/NetBSD and Linux.
PR: 239604
Reviewed by: kib
(cherry picked from commit 30189156d325fbcc9d1997d791daedc9fa3bed20)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The bug isn't fusefs-specific, but this is the easiest way to reproduce
it.
PR: 276191
MFC with: bdb46c21a3e68d4395d6e0b6a205187e655532b0
Differential Revision: https://reviews.freebsd.org/D43446
Reviewed by: kib
(cherry picked from commit 6b1c534927ad47e9b0dd8be1a39f56c3ea813d44)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If ZFS reports that a disk had at least 8 I/O operations over 60s that
were each delayed by at least 30s (implying a queue depth > 4 or I/O
aggregation, obviously), fault that disk. Disks that respond this
slowly can degrade the entire system's performance.
Sponsored by: Axcient
Reviewed by: delphij
Differential Revision: https://reviews.freebsd.org/D42825
(cherry picked from commit d565784a7ebaa59e26febdcfd4a60329786ea5f5)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When this functionality was moved to libifconfig in 3dfbda3401abea84da9,
the end of list calculation was modified for unknown reasons, practically
limiting the number of bridge member returned to (about) 102.
This patch changes the calculation back to what it was originally and
adds a unit test to verify it works as expected.
Reported by: Patrick M. Hausen (via ML)
Reviewed by: kp
Approved by: kp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43135
(cherry picked from commit 3d36053ca6d6a17d408c8f92c504e6135dc9d8df)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Building tests/sys/fs/fusefs with clang 18 results the following
warning:
tests/sys/fs/fusefs/cache.cc:145:14: error: variable length arrays in C++ are a Clang extension [-Werror,-Wvla-cxx-extension]
145 | uint8_t buf[bufsize];
| ^~~~~~~
Because we do not particularly care that this is a clang extension,
suppress the warning.
MFC after: 3 days
(cherry picked from commit dc0b4094abf6784bf1a9492c2fea3fb91116b014)
|
| |
|
|
|
|
| |
MFC after: 1 week
(cherry picked from commit 8fab83d2c5c5e801105dbf25c28252fc97935b00)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace int with either size_t or ssize_t (depending on context) in
order to support bit strings up to SSIZE_MAX bits in length. Since
some of the arguments that need to change type are pointers, we must
resort to light preprocessor trickery to avoid breaking existing code.
MFC after: 3 weeks
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D42698
(cherry picked from commit c56f45f2a9da7d989b79fd6c34b63100609ff9ae)
|
| |
|
|
|
|
|
| |
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 4c84c69ba308b7758d07dc8845b13922ed667e02)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the Mknod.parent_inode test case, the kernel sends an extra
FUSE_FORGET message. But because it gets sent asynchronously with the
failing syscall, it doesn't always get received before the test ends.
So we never setup an expectation for it. And 90+% of the time the test
would exit successfully.
Fix the intermittency by always waiting to receive the FUSE_FORGET
message.
Sponsored by: Axcient
(cherry picked from commit 86885b18689889e9b9142fd31d8c67f21334ba32)
Fix intermittency in the sys.fs.fusefs.symlink.main test
This change is identical to 86885b18689 but for symlink instead of
mknod. The kernel sends a FUSE_FORGET asynchronously with the final
syscall. The lack of an expectation caused this test to occasionally
fail.
Also, remove a sleep that accidentally snuck into a different test.
Sponsored by: Axcient
(cherry picked from commit 8399d764c929a4b2fa98dbfae0ca7359810e4668)
|
| |
|
|
|
|
|
|
| |
Inspired by PR 274268
Sponsored by: Axcient
(cherry picked from commit 6a773a0582ba936cc19734b21ee5a7bed49cfdec)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When we create a new state for multihomed sctp connections (i.e.
based on INIT/INIT_ACK or ASCONF parameters) we cannot know what
interfaces we'll be seeing that traffic on. Make those states floating,
irrespective of state policy.
MFC after: 1 week
Sponsored by: Orange Business Services
(cherry picked from commit 0fe663b2a815dcb41431543940ec51408f418392)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initial multihome implementation was a little simplistic, and failed
to create all of the required states. Given a client with IP 1 and 2 and
a server with IP 3 and 4 we end up creating states for 1 - 3 and 2 - 3,
as well as 3 - 1 and 4 - 1, but not for 2 - 4.
Check for this.
MFC after: 1 week
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D42362
(cherry picked from commit 483d5c4075e06e52d5daa23aef2b4f4a2eb64443)
|
| |
|
|
|
|
| |
This reverts commit f5a9a849e9034c597c2b0a9014673a44834b9516.
This test will require extra work to port to stable/13.
|
| |
|
|
|
|
| |
This reverts commit 1b07f630c11ccf899612a7d02777fe0855e3bb25.
This test will require extra work to port to stable/13.
|
| |
|
|
|
|
|
| |
Fixes: d8735eb7acc0 ("socket tests: Add a regression test for ktrace+recv(MSG_TRUNC)")
Reported by: Jenkins
(cherry picked from commit 4bd1e19684945aa1fd3397b58613f5210fda9091)
|
| |
|
|
|
|
| |
MFC after: 1 week
(cherry picked from commit d8735eb7acc0613fd19f74a49d3bdcb7ed0e9b0e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix style.
- Move test case-specific code out of the shared function and into the
individual test cases.
- Remove unneeded setting of SO_REUSEPORT.
- Avoid unnecessary copying.
- Use ATF_REQUIRE* instead of ATF_CHECK*. The former cause test
execution to stop after a failed assertion, which is what we want.
- Add a test case for AF_LOCAL/SOCK_SEQPACKET sockets.
MFC after: 1 week
(cherry picked from commit b5e7dbac756afb49c58315c7081737b34a1d2dfd)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If VOP_READLINK returns a path that contains a NUL, it will trigger an
assertion in vfs_lookup. Sanitize such paths in fusefs, rejecting any
and warning the user about the misbehaving server.
PR: 274268
Sponsored by: Axcient
Reviewed by: mjg, markj
Differential Revision: https://reviews.freebsd.org/D42081
(cherry picked from commit 662ec2f781521c36b76af748d74bb0a3c2e27a76)
|
