diff options
author | Kristof Provost <kp@FreeBSD.org> | 2023-06-12 13:12:37 +0000 |
---|---|---|
committer | Kristof Provost <kp@FreeBSD.org> | 2023-06-13 13:51:48 +0000 |
commit | 1e1bb5780c31d28ae041769b611b70b4f35c7ede (patch) | |
tree | ce71a2a0c4d4ef0d5cd13408427a9a347d824e35 | |
parent | 0ba9cb5e710f42fcbc5d710a606bfae5a7f90984 (diff) | |
download | src-1e1bb5780c31d28ae041769b611b70b4f35c7ede.tar.gz src-1e1bb5780c31d28ae041769b611b70b4f35c7ede.zip |
dummynet tests: attempt to provoke wf2q+ use-after-free
Attempt to provoke known use-after-free issues with WF2Q+.
Sponsored by: Rubicon Communications, LLC ("Netgate")
-rw-r--r-- | tests/sys/netpfil/common/dummynet.sh | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/tests/sys/netpfil/common/dummynet.sh b/tests/sys/netpfil/common/dummynet.sh index 6f7981a043a8..9b8a93cba365 100644 --- a/tests/sys/netpfil/common/dummynet.sh +++ b/tests/sys/netpfil/common/dummynet.sh @@ -203,6 +203,59 @@ codel_cleanup() firewall_cleanup $1 } +wf2q_heap_head() +{ + atf_set descr 'Test WF2Q+, attempting to provoke use-after-free' + atf_set require.user root +} + +wf2q_heap_body() +{ + fw=$1 + firewall_init $fw + dummynet_init $fw + + j=dummynet_wf2q_heap_${fw}_ + + epair=$(vnet_mkepair) + epair_other=$(vnet_mkepair) + vnet_mkjail ${j}a ${epair}a + vnet_mkjail ${j}b ${epair}b ${epair_other}b + + jexec ${j}a ifconfig ${epair}a up mtu 9000 + va=$(jexec ${j}a ifconfig vlan create vlan 42 vlandev ${epair}a) + jexec ${j}a ifconfig ${va} 192.0.2.1/24 up #mtu 8000 + + jexec ${j}b ifconfig ${epair}b up mtu 9000 + vb=$(jexec ${j}b ifconfig vlan create vlan 42 vlandev ${epair}b) + jexec ${j}b ifconfig ${vb} 192.0.2.2/24 up #mtu 8000 + jexec ${j}b ifconfig ${epair_other}b up + + # Sanity check + atf_check -s exit:0 -o ignore \ + jexec ${j}b ping -c 1 192.0.2.1 + + jexec ${j}b dnctl pipe 1 config bw 10Mb queue 100 delay 500 droptail + jexec ${j}b dnctl sched 1 config pipe 1 type wf2q+ + jexec ${j}b dnctl queue 1 config pipe 1 droptail + + firewall_config ${j}b ${fw} \ + "pf" \ + "pass dnqueue 1" + + jexec ${j}a ping -f 192.0.2.2 & + sleep 1 + + jexec ${j}b ifconfig ${vb} destroy + + sleep 2 +} + +wf2q_heap_cleanup() +{ + firewall_cleanup $1 +} + queue_head() { atf_set descr 'Basic queue test' @@ -478,6 +531,8 @@ setup_tests \ codel \ ipfw \ pf \ + wf2q_heap \ + pf \ queue \ ipfw \ pf \ |