diff options
-rw-r--r-- | sys/net/if.c | 28 | ||||
-rw-r--r-- | sys/net/if_var.h | 2 | ||||
-rw-r--r-- | sys/net/route.c | 10 | ||||
-rw-r--r-- | sys/netinet/in.c | 11 | ||||
-rwxr-xr-x | tests/sys/netinet/fibs_test.sh | 39 | ||||
-rw-r--r-- | tests/sys/netinet/udp_dontroute.c | 41 |
6 files changed, 101 insertions, 30 deletions
diff --git a/sys/net/if.c b/sys/net/if.c index ea2aa85..908804d 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -1607,7 +1607,7 @@ done: */ /*ARGSUSED*/ struct ifaddr * -ifa_ifwithdstaddr(struct sockaddr *addr) +ifa_ifwithdstaddr_fib(struct sockaddr *addr, int fibnum) { struct ifnet *ifp; struct ifaddr *ifa; @@ -1616,6 +1616,8 @@ ifa_ifwithdstaddr(struct sockaddr *addr) TAILQ_FOREACH(ifp, &V_ifnet, if_link) { if ((ifp->if_flags & IFF_POINTOPOINT) == 0) continue; + if ((fibnum != RT_ALL_FIBS) && (ifp->if_fib != fibnum)) + continue; IF_ADDR_RLOCK(ifp); TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { if (ifa->ifa_addr->sa_family != addr->sa_family) @@ -1635,12 +1637,19 @@ done: return (ifa); } +struct ifaddr * +ifa_ifwithdstaddr(struct sockaddr *addr) +{ + + return (ifa_ifwithdstaddr_fib(addr, RT_ALL_FIBS)); +} + /* * Find an interface on a specific network. If many, choice * is most specific found. */ struct ifaddr * -ifa_ifwithnet(struct sockaddr *addr, int ignore_ptp) +ifa_ifwithnet_fib(struct sockaddr *addr, int ignore_ptp, int fibnum) { struct ifnet *ifp; struct ifaddr *ifa; @@ -1660,12 +1669,14 @@ ifa_ifwithnet(struct sockaddr *addr, int ignore_ptp) /* * Scan though each interface, looking for ones that have addresses - * in this address family. Maintain a reference on ifa_maybe once - * we find one, as we release the IF_ADDR_RLOCK() that kept it stable - * when we move onto the next interface. + * in this address family and the requested fib. Maintain a reference + * on ifa_maybe once we find one, as we release the IF_ADDR_RLOCK() that + * kept it stable when we move onto the next interface. */ IFNET_RLOCK_NOSLEEP(); TAILQ_FOREACH(ifp, &V_ifnet, if_link) { + if ((fibnum != RT_ALL_FIBS) && (ifp->if_fib != fibnum)) + continue; IF_ADDR_RLOCK(ifp); TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { char *cp, *cp2, *cp3; @@ -1749,6 +1760,13 @@ done: return (ifa); } +struct ifaddr * +ifa_ifwithnet(struct sockaddr *addr, int ignore_ptp) +{ + + return (ifa_ifwithnet_fib(addr, ignore_ptp, RT_ALL_FIBS)); +} + /* * Find an interface address specific to an interface best matching * a given address. diff --git a/sys/net/if_var.h b/sys/net/if_var.h index 3288a4f..677a688 100644 --- a/sys/net/if_var.h +++ b/sys/net/if_var.h @@ -941,7 +941,9 @@ struct ifaddr *ifa_ifwithaddr(struct sockaddr *); int ifa_ifwithaddr_check(struct sockaddr *); struct ifaddr *ifa_ifwithbroadaddr(struct sockaddr *); struct ifaddr *ifa_ifwithdstaddr(struct sockaddr *); +struct ifaddr *ifa_ifwithdstaddr_fib(struct sockaddr *, int); struct ifaddr *ifa_ifwithnet(struct sockaddr *, int); +struct ifaddr *ifa_ifwithnet_fib(struct sockaddr *, int, int); struct ifaddr *ifa_ifwithroute(int, struct sockaddr *, struct sockaddr *); struct ifaddr *ifa_ifwithroute_fib(int, struct sockaddr *, struct sockaddr *, u_int); struct ifaddr *ifaof_ifpforaddr(struct sockaddr *, struct ifnet *); diff --git a/sys/net/route.c b/sys/net/route.c index 47d8978..dfad778 100644 --- a/sys/net/route.c +++ b/sys/net/route.c @@ -589,7 +589,7 @@ rtredirect_fib(struct sockaddr *dst, } /* verify the gateway is directly reachable */ - if ((ifa = ifa_ifwithnet(gateway, 0)) == NULL) { + if ((ifa = ifa_ifwithnet_fib(gateway, 0, fibnum)) == NULL) { error = ENETUNREACH; goto out; } @@ -746,7 +746,7 @@ ifa_ifwithroute_fib(int flags, struct sockaddr *dst, struct sockaddr *gateway, */ ifa = NULL; if (flags & RTF_HOST) - ifa = ifa_ifwithdstaddr(dst); + ifa = ifa_ifwithdstaddr_fib(dst, fibnum); if (ifa == NULL) ifa = ifa_ifwithaddr(gateway); } else { @@ -755,10 +755,10 @@ ifa_ifwithroute_fib(int flags, struct sockaddr *dst, struct sockaddr *gateway, * or host, the gateway may still be on the * other end of a pt to pt link. */ - ifa = ifa_ifwithdstaddr(gateway); + ifa = ifa_ifwithdstaddr_fib(gateway, fibnum); } if (ifa == NULL) - ifa = ifa_ifwithnet(gateway, 0); + ifa = ifa_ifwithnet_fib(gateway, 0, fibnum); if (ifa == NULL) { struct rtentry *rt = rtalloc1_fib(gateway, 0, RTF_RNH_LOCKED, fibnum); if (rt == NULL) @@ -872,7 +872,7 @@ rt_getifa_fib(struct rt_addrinfo *info, u_int fibnum) */ if (info->rti_ifp == NULL && ifpaddr != NULL && ifpaddr->sa_family == AF_LINK && - (ifa = ifa_ifwithnet(ifpaddr, 0)) != NULL) { + (ifa = ifa_ifwithnet_fib(ifpaddr, 0, fibnum)) != NULL) { info->rti_ifp = ifa->ifa_ifp; ifa_free(ifa); } diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 68751c3..1f07542 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -908,7 +908,7 @@ in_addprefix(struct in_ifaddr *target, int flags) { struct in_ifaddr *ia; struct in_addr prefix, mask, p, m; - int error, fibnum; + int error; if ((flags & RTF_HOST) != 0) { prefix = target->ia_dstaddr.sin_addr; @@ -919,9 +919,8 @@ in_addprefix(struct in_ifaddr *target, int flags) prefix.s_addr &= mask.s_addr; } - fibnum = rt_add_addr_allfibs ? RT_ALL_FIBS : target->ia_ifp->if_fib; - IN_IFADDR_RLOCK(); + /* Look for an existing address with the same prefix, mask, and fib */ TAILQ_FOREACH(ia, &V_in_ifaddrhead, ia_link) { if (rtinitflags(ia)) { p = ia->ia_dstaddr.sin_addr; @@ -937,6 +936,8 @@ in_addprefix(struct in_ifaddr *target, int flags) mask.s_addr != m.s_addr) continue; } + if (target->ia_ifp->if_fib != ia->ia_ifp->if_fib) + continue; /* * If we got a matching prefix route inserted by other @@ -955,6 +956,10 @@ in_addprefix(struct in_ifaddr *target, int flags) IN_IFADDR_RUNLOCK(); return (EEXIST); } else { + int fibnum; + + fibnum = rt_add_addr_allfibs ? RT_ALL_FIBS : + target->ia_ifp->if_fib; rt_addrmsg(RTM_ADD, &target->ia_ifa, fibnum); IN_IFADDR_RUNLOCK(); return (0); diff --git a/tests/sys/netinet/fibs_test.sh b/tests/sys/netinet/fibs_test.sh index 104154b..a6dbe42 100755 --- a/tests/sys/netinet/fibs_test.sh +++ b/tests/sys/netinet/fibs_test.sh @@ -176,7 +176,6 @@ default_route_with_multiple_fibs_on_same_subnet_head() default_route_with_multiple_fibs_on_same_subnet_body() { - atf_expect_fail "kern/187552 default route uses the wrong interface when multiple interfaces have the same subnet but different fibs" # Configure the TAP interfaces to use a RFC5737 nonrouteable addresses # and a non-default fib ADDR0="192.0.2.2" @@ -226,7 +225,6 @@ subnet_route_with_multiple_fibs_on_same_subnet_head() subnet_route_with_multiple_fibs_on_same_subnet_body() { - atf_expect_fail "kern/187550 Multiple interfaces on different FIBs but the same subnet don't all have a subnet route" # Configure the TAP interfaces to use a RFC5737 nonrouteable addresses # and a non-default fib ADDR0="192.0.2.2" @@ -258,6 +256,15 @@ subnet_route_with_multiple_fibs_on_same_subnet_cleanup() # SO_DONTROUTE set that are sent on non-default FIBs. # This bug was discovered with "setfib 1 netperf -t UDP_STREAM -H some_host" # Regression test for kern/187553 +# +# The root cause was that ifa_ifwithnet() did not have a fib argument. It +# would return an address from an interface on any FIB that had a subnet route +# for the destination. If more than one were available, it would choose the +# most specific. This is most easily tested by creating a FIB without a +# default route, then trying to send a UDP packet with SO_DONTROUTE set to an +# address which is not routable on that FIB. Absent the fix for this bug, +# in_pcbladdr would choose an interface on any FIB with a default route. With +# the fix, you will get EUNREACH or ENETUNREACH. atf_test_case udp_dontroute cleanup udp_dontroute_head() { @@ -271,25 +278,38 @@ udp_dontroute_body() atf_expect_fail "kern/187553 Source address selection for UDP packets with SO_DONTROUTE uses the default FIB" # Configure the TAP interface to use an RFC5737 nonrouteable address # and a non-default fib - ADDR="192.0.2.2" + ADDR0="192.0.2.2" + ADDR1="192.0.2.3" SUBNET="192.0.2.0" MASK="24" # Use a different IP on the same subnet as the target TARGET="192.0.2.100" + SRCDIR=`atf_get_srcdir` # Check system configuration if [ 0 != `sysctl -n net.add_addr_allfibs` ]; then atf_skip "This test requires net.add_addr_allfibs=0" fi - get_fibs 1 + get_fibs 2 - # Configure a TAP interface - setup_tap ${FIB0} ${ADDR} ${MASK} + # Configure the TAP interfaces + setup_tap ${FIB0} ${ADDR0} ${MASK} + TARGET_TAP=${TAP} + setup_tap ${FIB1} ${ADDR1} ${MASK} # Send a UDP packet with SO_DONTROUTE. In the failure case, it will - # return ENETUNREACH - SRCDIR=`atf_get_srcdir` - atf_check -o ignore setfib ${FIB0} ${SRCDIR}/udp_dontroute ${TARGET} + # return ENETUNREACH, or send the packet to the wrong tap + atf_check -o ignore setfib ${FIB0} \ + ${SRCDIR}/udp_dontroute ${TARGET} /dev/${TARGET_TAP} + cleanup_tap + + # Repeat, but this time target the other tap + setup_tap ${FIB0} ${ADDR0} ${MASK} + setup_tap ${FIB1} ${ADDR1} ${MASK} + TARGET_TAP=${TAP} + + atf_check -o ignore setfib ${FIB1} \ + ${SRCDIR}/udp_dontroute ${TARGET} /dev/${TARGET_TAP} } udp_dontroute_cleanup() @@ -367,4 +387,5 @@ cleanup_tap() for TAPD in `cat "tap_devices_to_cleanup"`; do ifconfig ${TAPD} destroy done + rm "tap_devices_to_cleanup" } diff --git a/tests/sys/netinet/udp_dontroute.c b/tests/sys/netinet/udp_dontroute.c index 1e162a1..79421fd 100644 --- a/tests/sys/netinet/udp_dontroute.c +++ b/tests/sys/netinet/udp_dontroute.c @@ -39,9 +39,11 @@ #include <err.h> #include <errno.h> +#include <fcntl.h> #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <unistd.h> /* * Sends a single UDP packet to the provided address, with SO_DONTROUTE set @@ -51,23 +53,31 @@ int main(int argc, char **argv) { struct sockaddr_in dst; - int s; + int s, t; int opt; int ret; - const char* buf = "Hello, World!"; + ssize_t len; + const char* sendbuf = "Hello, World!"; + const size_t buflen = 80; + char recvbuf[buflen]; - if (argc != 2) { - fprintf(stderr, "Usage: %s ip_address\n", argv[0]); + if (argc != 3) { + fprintf(stderr, "Usage: %s ip_address tapdev\n", argv[0]); exit(2); } + + t = open(argv[2], O_RDWR | O_NONBLOCK); + if (t < 0) + err(EXIT_FAILURE, "open"); + s = socket(PF_INET, SOCK_DGRAM, 0); if (s < 0) - err(errno, "socket"); + err(EXIT_FAILURE, "socket"); opt = 1; ret = setsockopt(s, SOL_SOCKET, SO_DONTROUTE, &opt, sizeof(opt)); if (ret == -1) - err(errno, "setsockopt(SO_DONTROUTE)"); + err(EXIT_FAILURE, "setsockopt(SO_DONTROUTE)"); dst.sin_len = sizeof(dst); dst.sin_family = AF_INET; @@ -77,10 +87,25 @@ main(int argc, char **argv) fprintf(stderr, "Invalid address: %s\n", argv[1]); exit(2); } - ret = sendto(s, buf, strlen(buf), 0, (struct sockaddr*)&dst, + ret = sendto(s, sendbuf, strlen(sendbuf), 0, (struct sockaddr*)&dst, dst.sin_len); if (ret == -1) - err(errno, "sendto"); + err(EXIT_FAILURE, "sendto"); + + /* Verify that the packet went to the desired tap device */ + + len = read(t, recvbuf, buflen); + if (len == 0) + errx(EXIT_FAILURE, "read returned EOF"); + else if (len < 0 && errno == EAGAIN) + errx(EXIT_FAILURE, "Did not receive any packets"); + else if (len < 0) + err(EXIT_FAILURE, "read"); + /* + * If read returned anything at all, consider it a success. The packet + * should be an Ethernet frame containing an ARP request for + * ip_address. We won't bother to decode it + */ return (0); } |