pf: improve add state validation
Both for the DIOCADDSTATE ioctl and for states imported through pfsync packets. Add a test case to exercise this code path. Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com> MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate")
This commit is contained in:
@@ -981,6 +981,30 @@ ATF_TC_CLEANUP(natlook, tc)
|
||||
COMMON_CLEANUP();
|
||||
}
|
||||
|
||||
ATF_TC_WITH_CLEANUP(addstate);
|
||||
ATF_TC_HEAD(addstate, tc)
|
||||
{
|
||||
atf_tc_set_md_var(tc, "require.user", "root");
|
||||
atf_tc_set_md_var(tc, "require.kmods", "pfsync");
|
||||
}
|
||||
|
||||
ATF_TC_BODY(addstate, tc)
|
||||
{
|
||||
struct pfioc_state st;
|
||||
|
||||
COMMON_HEAD();
|
||||
|
||||
memset(&st, 'a', sizeof(st));
|
||||
st.state.timeout = PFTM_TCP_FIRST_PACKET;
|
||||
|
||||
ATF_CHECK_ERRNO(EINVAL, ioctl(dev, DIOCADDSTATE, &st) == -1);
|
||||
}
|
||||
|
||||
ATF_TC_CLEANUP(addstate, tc)
|
||||
{
|
||||
COMMON_CLEANUP();
|
||||
}
|
||||
|
||||
ATF_TP_ADD_TCS(tp)
|
||||
{
|
||||
ATF_TP_ADD_TC(tp, addtables);
|
||||
@@ -1007,6 +1031,7 @@ ATF_TP_ADD_TCS(tp)
|
||||
ATF_TP_ADD_TC(tp, rpool_mtx);
|
||||
ATF_TP_ADD_TC(tp, rpool_mtx2);
|
||||
ATF_TP_ADD_TC(tp, natlook);
|
||||
ATF_TP_ADD_TC(tp, addstate);
|
||||
|
||||
return (atf_no_error());
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user