* When fast-forwarding through a zstd frame, we incorrectly used the
min() inline function instead of the MIN() macro. The function
truncates the result to unsigned int, resulting in a decompression
error when trying to seek more than 4 GB into the frame.
* POSIX states that a size extended header record overrides the size
field in the header if present, and that one must be included if the
size of the file exceeds 8 GB (the size field maxes out at 64 GB).
* Reduce repetition in the exthdr parser by deduplicating the syntax
error handler.
MFC after: 1 week
Sponsored by: Klara, Inc.
Fixes: 69d94f4c76 ("Add tarfs, a filesystem backed by tarballs.")
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D53718
POSIX Issue 7 had allowed EINVAL for this case, but issue 8 moves it
to ENOTSUP instead. ZFS uses the latter and we have some software in
ports already that's wanting to use that to detect the filesystem not
supporting it, so let's standardize on it.
Reviewed by: imp (previous version), asomers, kib
Differential Revision: https://reviews.freebsd.org/D53535
FUSE protocol 7.33 extended the FUSE_SETXATTR request format. But the
extension is optional. The server must opt-in by setting the
FUSE_SETXATTR_IN flag during FUSE_INIT. We were wrongly using the
extended format for any server using protocol 7.33 or later.
PR: 290547
Co-authored-by: CismonX <admin@cismon.net>
Fixes: d5e3cf41e8 ("fusefs: Upgrade FUSE protocol to version 7.33")
MFC after: 3 days
Source nodes redirect (nat-to, rdr-to, route-to) all further connections
matching the rule which has created the source node. The source node is
valid as long as there are states resulting from the rule or until the
source node lifetime expires. When the rule's redirection pool is
modified (e.g. table contents are changed) the source node is still
valid and it will redirect new connections to invalid target (e.g. a
dead next-hop).
When performing source tracking after finding a source node check if the
redirection address still exists in pool of the rule which has created
this node. If not, delete the source node. This will result in finding a
new redirection address and creation of a new source node.
Reviewed by: kp
Obtained from: OpenBSD
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D53231
New-style address translation is done by nat-to and rdr-to actions on
normal match and pass rules. Those rules, when used without address
translation, can be specified without direction. But that allows users
to specify pre-routing nat and post-routing rdr. This case is not
handled properly and causes pre-routing nat to modify destination
address, as if it was a rdr rule, and post-routing rdr to modify source
address, as if it was a nat rule.
Ensure that nat-to action modifies source address and rdr-to destination
address no matter in which direction the rule is applied. The man page
for pf.conf already specifies that nat-to and rdr-to rules should be
limited to respective directions.
PR: 288577
Reviewed by: kp
MFC after: 3 days
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D53216
Both for the DIOCADDSTATE ioctl and for states imported through pfsync packets.
Add a test case to exercise this code path.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Unterminated strings in the anchor or name could cause crashes.
Validate them, and add a test case.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Avoid emitting a warning if there is no Ethernet anchor. If the anchor
--regardless of its type-- is nonexistent, should be caught earlier.
This can be misleading when there is a layer 3 anchor but not an
Ethernet anchor, giving the user the impression that there is no layer 3
anchor with that name.
PR: 280516
Approved by: kp
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D53360
Set the number of rulesets (i.e., anchors) directly attached to the
anchor and its path in pfctl_get_ruleset().
While here, add a test to document this behavior.
PR: 290478
Reviewed by: kp
Fixes: 041ce1d690 ("pfctl: recursively flush rules and tables")
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D53358
We were using the m_quit bit for two similar but distinct uses:
* To instruct the server to quit
* To cope with the kernel forcibly unmounting the fs
Fix the intermittent test failure by adding a separate bit,
m_expect_unmount, to handle cases like the latter.
Reported by: Siva Mahadevan <me@svmhdvn.name>
MFC after: 1 week
Revied by: Siva Mahadevan <me@svmhdvn.name>
Differential Revision: https://reviews.freebsd.org/D53357
A FUSE daemon can send asynchronous notification to the kernel in order
to, for example, invalidate an inode's cache. Fix a page fault that can
happen if the file system isn't yet mounted, or is already unmounted,
when that notification arrives.
PR: 290519
MFC after: 1 week
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D53356
The first test is supposed to close the new fd, but was instead not
closing anything.
Reviewed by: ngie, markj
Fixes: 3cedbec3ee ("Integrate tools/regression/fifo into ...")
Differential Revision: https://reviews.freebsd.org/D52799
VOP_BMAP is purely advisory. If VOP_BMAP returns an error during
readahead, cluster_read should still succeed, because the actual data
was still read just fine.
Add a regression test for PR 264196, wherein cluster_read would fail if
VOP_BMAP did.
PR: 264196
MFC with: 62aef3f73f
Reported by: danfe
Reviewed by: arrowd
Differential Revision: https://reviews.freebsd.org/D51316
This greatly speeds up skipping a test that can't be run.
MFC after: 2 weeks
Sponsored by: ConnectWise
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D53215
Ensure we always have a non-NULL rule pointer (ctx.rm).
It might have gotten set to NULL by pf_get_translation().
While here also restore the previous rdr behaviour be re-adding the incorrectly
removed 'break' in pf_match_translation_rule.
PR: 290177
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D53191
The code to do the route lookup was already there, but was used only for
the legacy IP_ADD_MEMBERSHIP when called without index. Do same lookup
for IP_ADD_MEMBERSHIP with index and what is more important for
MCAST_JOIN_GROUP, if the supplied index is 0. This is a neat feature and
Linux does that, so this should make a few applications easier portable to
FreeBSD.
Differential Revision: https://reviews.freebsd.org/D52918
The send operations are waiting on the peer's socket buffer, but we shall
use our timeout value. Provide a test for that.
Reported by: phk
Reviewed by: asomers
Differential Revision: https://reviews.freebsd.org/D53081
Fixes: d157927807
The receiver is run as a background job, so we need a wait loop to
make sure it has been fully functional before launching sender.
Reported by: Siva Mahadevan <me svmhdvn.name>
PR: 290210
This test implicitly depended on the order in which two threads
completed. If the test thread finished first, the test would pass. But
if the mock file system thread did, it would attempt to read from an
unmounted file system, and fail. As a result, the test would randomly
fail once out of every several thousand executions. Fix it by telling
the mock file system's event loop to exit without attempting to read any
more events.
Reported by: Siva Mahadevan <me@svmhdvn.name>
MFC after: 1 week
Reviewed by: Siva Mahadevan <me@svmhdvn.name>
Differential Revision: https://reviews.freebsd.org/D53080
Disable epair's checksum offload on one interface in a nat test, to ensure
that pf does the right thing in scenarios where one interface offloads checksum
handling and one does not.
We trust the TCP (or ICMP) checksum verification code to drop the packet if pf
does it wrong, which will cause the test case to fail.
Suggested by: tuexen
Sponsored by: Rubicon Communications, LLC ("Netgate")
The lack of these lines means we don't call the cleanup function.
That's not as bad as it could be, because these tests are nested in a jail by
Kyua, so most of the cleanup work (destroying jails and interfaces) is done when
the parent jail goes away, but it's still better to have these lines.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Give inetd time to start rather than immediately trying to connect to it.
Make the tests a little more robust.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Fix a test failure that occurs when max_buf_aio exceeds 31, as the
calculated buffer size exceeds the 16 KB memory disk device. Increase
the MD device size to 1 MB to prevent truncation.
Rename MD_LEN to DEVICE_IO_LEN for clarity and add a more
descriptive error message.
Reviewed by: asomers
Approved by: asomers
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D52914
Stop the threads before exiting test body. Otherwise there is a chance
threads would use the softc that is stored on the main thread stack after
it is destroyed and the test would fail. Stop the threads in the reverse
order, so that listener is stopped after all connectors are stopped.
Tested by: olivier
libopenbsd retains recallocarray() during bootstrapping for now
as it is needed for mandoc.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D52864
- Use the recently-added fsetfl_lock/unlock API to synchronize direct
FIONBIO and FIOASYNC ioctls with fcntl(F_SETFL).
- While here, skip calling the underlying ioctl if the flag's current
state matches the requested state.
- Also while here, only update the flag state if the underlying ioctl
succeeds. This fixes a bug where the flags represented the new
state even if the underlying ioctl failed. A test is added for this
last case that a failing FIOASYNC on /dev/null doesn't result in
setting O_ASYNC in the file flags.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D52721
If an rdr (or nat) rule specifies 'pass' we don't run the filter rules, we just
pass the traffic. Or at least, we did until that got unintentionally broken.
Restore that behaviour and add a test case.
While here also fix nat:dummynet_mask, which relied on the broken behaviour.
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D52838
Excercise the code introduced in 9e792f7ef7
("sys/netinet6: Fix SLAAC for interfaces with no /64 LL address").
Sponsored by: Rubicon Communications, LLC ("Netgate")